[CentOS] VLAN issue

Mon Jan 26 00:20:38 UTC 2015
Boris Epstein <borepstein at gmail.com>

OK, thanks again for all your help.

I have resolved this, finally. The problem was that I configured VLAN 48 as
the native VLAN on the trunk port.That was a mistake as apparently the
native VLAN is the one where Cisco does not bother to tag packets.

For now I set the native VLAN to VLAN 1 and that works.

Cheers,

Boris.


On Sun, Jan 25, 2015 at 7:13 PM, Boris Epstein <borepstein at gmail.com> wrote:

> And additionally here are the detailed port configs on the switch end:
>
> hq>show interface Gi1/0/3 switchport
> Name: Gi1/0/3
> Switchport: Enabled
> Administrative Mode: trunk
> Operational Mode: trunk
> Administrative Trunking Encapsulation: dot1q
> Operational Trunking Encapsulation: dot1q
> Negotiation of Trunking: On
> Access Mode VLAN: 48 (VLAN0048)
> Trunking Native Mode VLAN: 48 (VLAN0048)
> Administrative Native VLAN tagging: enabled
> Voice VLAN: none
> Administrative private-vlan host-association: none
> Administrative private-vlan mapping: none
> Administrative private-vlan trunk native VLAN: none
> Administrative private-vlan trunk Native VLAN tagging: enabled
> Administrative private-vlan trunk encapsulation: dot1q
> Administrative private-vlan trunk normal VLANs: none
> Administrative private-vlan trunk associations: none
> Administrative private-vlan trunk mappings: none
> Operational private-vlan: none
> Trunking VLANs Enabled: ALL
> Pruning VLANs Enabled: 2-1001
> Capture Mode Disabled
> Capture VLANs Allowed: ALL
>
> Protected: false
> Unknown unicast blocked: disabled
> Unknown multicast blocked: disabled
> Appliance trust: none
> hq>show interface Gi1/0/3 trunk
>
> Port        Mode             Encapsulation  Status        Native vlan
> Gi1/0/3     on               802.1q         trunking      48
>
> Port        Vlans allowed on trunk
> Gi1/0/3     1-4094
>
> Port        Vlans allowed and active in management domain
> Gi1/0/3     1-3,7,48-50
>
> Port        Vlans in spanning tree forwarding state and not pruned
> Gi1/0/3     1-3,7,48-50
> hq>
>
> Boris.
>
> On Sun, Jan 25, 2015 at 7:05 PM, Boris Epstein <borepstein at gmail.com>
> wrote:
>
>> Thank you everyone.
>>
>> OK, the mystery deepens, I guess. The machine does need to support
>> several VLAN's, it is currently on a trunkport (8021q encapsulated), it
>> made it into the ARP table - which I specifically tested for by physically
>> unplugging the table, clearing the ARP table and plugging it back in.
>>
>> The ARP table currently looks like this:
>>
>> hq#show arp
>> Protocol  Address          Age (min)  Hardware Addr   Type   Interface
>> Internet  192.168.48.100          0   0025.6440.0301  ARPA   Vlan48
>> Internet  192.168.48.101          -   001b.906a.bcc4  ARPA   Vlan48
>> Internet  192.168.48.1            0   0025.6440.063f  ARPA   Vlan48
>> Internet  192.168.2.52            0   0025.6440.0547  ARPA   Vlan2
>> Internet  192.168.3.1             -   001b.906a.bcc2  ARPA   Vlan3
>> Internet  192.168.2.1             -   001b.906a.bcc1  ARPA   Vlan2
>> Internet  192.168.7.1             -   001b.906a.bcc3  ARPA   Vlan7
>> hq#
>>
>> The network config on the machine currently looks like this: it has
>> nothing assigned to eth0, eth0.48 = 192.168.48.100/24, eth0.49 =
>> 192.168.49.100/24, eth0.50 = 192.168.50.100/24.
>>
>> And - even though the ARP table seems to be OK - there is no connectivity!
>>
>> Boris.
>>
>>
>>
>> On Sun, Jan 25, 2015 at 11:42 AM, Les Mikesell <lesmikesell at gmail.com>
>> wrote:
>>
>>> On Sun, Jan 25, 2015 at 8:38 AM, Andrew Holway <andrew.holway at gmail.com>
>>> wrote:
>>> > On 25 January 2015 at 15:12, Boris Epstein <borepstein at gmail.com>
>>> wrote:
>>> >
>>> >> OK... but why does it need to be a trunk port?
>>> >>
>>> >
>>> > Because a trunk port will "trunk" the vlan.
>>> >
>>> > A VLAN is basically a 4 byte "tag" that gets injected into the packet
>>> > header when the packet enters the VLAN network. When we trunk a VLAN
>>> we say
>>> > to the switch "pass packets on VLAN x but do not strip the tag out".
>>> >
>>> > You can either terminate the VLAN at the switch port (untagged) which
>>> will
>>> > strip out the VLAN tag or you can pass the packet containing the VLAN
>>> tag
>>> > to the computer or other device(tagged/trunk). This device can then
>>> pull
>>> > out the tag. On linux this mechanism is done by an 8021q VLAN
>>> interface.
>>> >
>>> > Hope this is useful.
>>> >
>>>
>>> Just to add to that - normally if a host only needs to be on one
>>> subnet you would use an access port on the switch to select a single
>>> vlan and deliver those packets untagged so the host does not need to
>>> care about tags or vlan numbers.   And to that end, switches default
>>> to treating everything as access ports on native/untagged vlan 0
>>> unless configured otherwise.   However, if the host needs interfaces
>>> on multiple subnets, you can do it on a single network connection by
>>> giving it a trunk connection from the switch and letting it split out
>>> the vlan interfaces internally.
>>>
>>> --
>>>    Les Mikesell
>>>       lesmikesell at gmail.com
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>
>>
>