OK, thanks again for all your help. I have resolved this, finally. The problem was that I configured VLAN 48 as the native VLAN on the trunk port.That was a mistake as apparently the native VLAN is the one where Cisco does not bother to tag packets. For now I set the native VLAN to VLAN 1 and that works. Cheers, Boris. On Sun, Jan 25, 2015 at 7:13 PM, Boris Epstein <borepstein at gmail.com> wrote: > And additionally here are the detailed port configs on the switch end: > > hq>show interface Gi1/0/3 switchport > Name: Gi1/0/3 > Switchport: Enabled > Administrative Mode: trunk > Operational Mode: trunk > Administrative Trunking Encapsulation: dot1q > Operational Trunking Encapsulation: dot1q > Negotiation of Trunking: On > Access Mode VLAN: 48 (VLAN0048) > Trunking Native Mode VLAN: 48 (VLAN0048) > Administrative Native VLAN tagging: enabled > Voice VLAN: none > Administrative private-vlan host-association: none > Administrative private-vlan mapping: none > Administrative private-vlan trunk native VLAN: none > Administrative private-vlan trunk Native VLAN tagging: enabled > Administrative private-vlan trunk encapsulation: dot1q > Administrative private-vlan trunk normal VLANs: none > Administrative private-vlan trunk associations: none > Administrative private-vlan trunk mappings: none > Operational private-vlan: none > Trunking VLANs Enabled: ALL > Pruning VLANs Enabled: 2-1001 > Capture Mode Disabled > Capture VLANs Allowed: ALL > > Protected: false > Unknown unicast blocked: disabled > Unknown multicast blocked: disabled > Appliance trust: none > hq>show interface Gi1/0/3 trunk > > Port Mode Encapsulation Status Native vlan > Gi1/0/3 on 802.1q trunking 48 > > Port Vlans allowed on trunk > Gi1/0/3 1-4094 > > Port Vlans allowed and active in management domain > Gi1/0/3 1-3,7,48-50 > > Port Vlans in spanning tree forwarding state and not pruned > Gi1/0/3 1-3,7,48-50 > hq> > > Boris. > > On Sun, Jan 25, 2015 at 7:05 PM, Boris Epstein <borepstein at gmail.com> > wrote: > >> Thank you everyone. >> >> OK, the mystery deepens, I guess. The machine does need to support >> several VLAN's, it is currently on a trunkport (8021q encapsulated), it >> made it into the ARP table - which I specifically tested for by physically >> unplugging the table, clearing the ARP table and plugging it back in. >> >> The ARP table currently looks like this: >> >> hq#show arp >> Protocol Address Age (min) Hardware Addr Type Interface >> Internet 192.168.48.100 0 0025.6440.0301 ARPA Vlan48 >> Internet 192.168.48.101 - 001b.906a.bcc4 ARPA Vlan48 >> Internet 192.168.48.1 0 0025.6440.063f ARPA Vlan48 >> Internet 192.168.2.52 0 0025.6440.0547 ARPA Vlan2 >> Internet 192.168.3.1 - 001b.906a.bcc2 ARPA Vlan3 >> Internet 192.168.2.1 - 001b.906a.bcc1 ARPA Vlan2 >> Internet 192.168.7.1 - 001b.906a.bcc3 ARPA Vlan7 >> hq# >> >> The network config on the machine currently looks like this: it has >> nothing assigned to eth0, eth0.48 = 192.168.48.100/24, eth0.49 = >> 192.168.49.100/24, eth0.50 = 192.168.50.100/24. >> >> And - even though the ARP table seems to be OK - there is no connectivity! >> >> Boris. >> >> >> >> On Sun, Jan 25, 2015 at 11:42 AM, Les Mikesell <lesmikesell at gmail.com> >> wrote: >> >>> On Sun, Jan 25, 2015 at 8:38 AM, Andrew Holway <andrew.holway at gmail.com> >>> wrote: >>> > On 25 January 2015 at 15:12, Boris Epstein <borepstein at gmail.com> >>> wrote: >>> > >>> >> OK... but why does it need to be a trunk port? >>> >> >>> > >>> > Because a trunk port will "trunk" the vlan. >>> > >>> > A VLAN is basically a 4 byte "tag" that gets injected into the packet >>> > header when the packet enters the VLAN network. When we trunk a VLAN >>> we say >>> > to the switch "pass packets on VLAN x but do not strip the tag out". >>> > >>> > You can either terminate the VLAN at the switch port (untagged) which >>> will >>> > strip out the VLAN tag or you can pass the packet containing the VLAN >>> tag >>> > to the computer or other device(tagged/trunk). This device can then >>> pull >>> > out the tag. On linux this mechanism is done by an 8021q VLAN >>> interface. >>> > >>> > Hope this is useful. >>> > >>> >>> Just to add to that - normally if a host only needs to be on one >>> subnet you would use an access port on the switch to select a single >>> vlan and deliver those packets untagged so the host does not need to >>> care about tags or vlan numbers. And to that end, switches default >>> to treating everything as access ports on native/untagged vlan 0 >>> unless configured otherwise. However, if the host needs interfaces >>> on multiple subnets, you can do it on a single network connection by >>> giving it a trunk connection from the switch and letting it split out >>> the vlan interfaces internally. >>> >>> -- >>> Les Mikesell >>> lesmikesell at gmail.com >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> >> >