[afnog] VLANs on Cisco Catalyst 2950

Geert Jan de Groot GeertJan.deGroot at xs4all.nl
Fri May 26 15:23:49 EAT 2006 

On Fri, 26 May 2006 13:46:24 +0200  "Bruce Zamaere" wrote:
> Finally is there a way to trick or to force the IOS to bring up more
> that one VLAN at once? I noted 2 or three other people had asked a
> similar question on posts on the net but the question wasn't
> satifactorily answered. I'm asking this cause on some cisco vlan
> configs I came across the "no shutdown" command was issued on the vlan
> interfaces. Is the problem I am facing just a Catalyst 2950 problem???

We went through this in Nairobi for the AfNOG meeting. There's
two things to consider:
1. VLAN transparency
   2950's, by default, don't pass VLAN-tagged traffic in trunk ports
   unless they "know" the VLAN (i.e. it's in their VLAN database).
   To make the vlan known, configure one port as access-port
   for vlan 1234. Once that's done once, the vlan is known in
   the database (even if you remove the access port),
   until you delete the vlan.dat file.

   This has no relationship with vlans being up or down.
   As long as the vlan is in the database, the switch will pass
   the traffic.

2. Management VLAN
   The 2950 apperently can have only one VLAN on which it's 
   management interface exists. By default this is vlan 1.
   You can create additional vlans, but if you bring them up,
   the switch will down vlan1 in return.

   This restriction only applies for the management vlan.

   As Mark suggested, you may want to consider setting up
   the management port on the VLAN on which you do management,
   and provide connectivity from other vlans to the management
   interface with a router. Just keep in mind that there can be
   only one management interface.

   This vlan up/down business only affects the management interface,
   not the ability to forward packets as mentioned in point 1 above;
   as long as the vlan is "known" the switch will forward the packets.

> I can't do "switchport trunk encapsulate dot1q" on my switch
> "switchport trunk ?" doesn't list encapsulate as an option.

I don't know enough about "feature sets" and other crippleware
to answer this. It's not likely that the 2950 only does ISL,
perhaps it only does 802.1Q and therefore doesn't give you
a choice. Have you looked at the packet format on the trunk port?

> If I am on the switch through a console cable. I have set up ip on
> each vlan interface why can I ping interfaces on the same switch? I
> thought this would be ideal for troubleshooting purposes. How does the
> IOS actually use the VLAN interfaces if they are shutdown? I find this
> a bit confusing to be honest.

I hope I answered this: only one management vlan at a time, so
if you ping you ping from the single management interface.

2950's are strange beasts, for sure.

GJ

More information about the afnog mailing list