access vlan vs $native Vlan

SG300-28.  If I have config int IG20 to be switchport access mode and then vlan access on 100 but I and position the smartport office role, she set the vlan 1 If $native incoming unmarked headers are identified as being 100 or 1?  I tell myself that I need to change the params smartport or just leave it in auto smartport.

interface gigabitethernet20

activate the storm control

Storm-control broadcast level 10

Storm-control include multicast

maximum port security by 10 points

port security mode max-addresses

port security throw trap 60

spanning tree portfast

switchport mode access

switchport access vlan 100

Office macro description

switchport forbidden by default - vlan

macro auto smartport type desktop $max_hosts 10 $native_vlan 1

      

Hello Vini, out of the port was written by the macro for everything that you connected there. Your macro vlan native default is the vlan 1 so the port change as switchport mode access switchport access vlan 100 is essentially non-valid since your connection triggers a macro.

If you need 100 unidentified port, you will need to disable the smart port or change the macro that is assigned the role of being vlan 100 native.

-Tom
Please mark replied messages useful

Tags: Cisco Support

Similar Questions

  • No works Web interface access vlan but ping

    I have an ISA570 and SG300 in L3 mode setup with 3 vlan

    Vlan1 is default (192.168.1.x/255.255.255.0)

    VLAN2 is invited (192.168.25.x/255.255.255.0)

    VLAN10 is workstations (192.168.10.x/255.255.255.0)

    When I connect to the VLAN1 network I can access the Web interface of the router at 192.168.1.1 very well and also to 192.168.10.1

    Soon I connect to VLAN10 I ping the router 192.168.1.1 and 192.168.10.1 but I can't access the Web interface?

    In the ISA570 ACL rules

    VLAN10 is allowed access to all other VLANs or WAN

    VLAN2 is allowed access to WAN

    The SG300 switch is 192.168.1.2 VLAN1 or 192.168.10.2 in VLAN10 and can also ping the router 192.168.1.1 and 192.168.10.1

    Thank you...

    192.168.10.X is allowed for Remote Administration?

    Michael

    Please note all useful posts

  • AnyConnect access Vlan

    I have an asa 5505 that we set up a VPN to recently. All about our vlan internal (120) works fine when using the VPN. Even if the VPN clients cannot access the vlan voice (200). I added the voice network to the ACL and mapped it to the anyconnect connection profile. Still a no go. Any ideas? Config below

    !
    interface Vlan2
    nameif outside
    security-level 0
    255.255.255.252 IP address
    !
    connection of the WARNING banner! It is a private network device. Authorized access only. Unauthorized access is not allowed and will be connected, appropriate measures will be taken.
    Banner motd access this router without proper authorization.
    boot system Disk0: / asa914 - k8.bin
    passive FTP mode
    DNS domain-lookup outside
    DNS server-group DefaultDNS
    75.75.75.75 server name
    75.75.76.76 server name
    domain valleyview.local
    network object obj - 10.193.5.248
    subnet 10.193.5.248 255.255.255.248
    network object obj - 10.193.5.0
    10.193.5.0 subnet 255.255.255.0
    network object obj - 10.193.5.230
    Home 10.193.5.230
    network object obj - 10.193.5.230 - 02
    Home 10.193.5.230
    network object obj - 10.193.5.230 - 03
    Home 10.193.5.230
    network object obj - 10.193.5.77
    Home 10.193.5.77
    network object obj - 10.193.5.77 - 01
    Home 10.193.5.77
    network object obj - 10.193.5.230 - 04
    Home 10.193.5.230
    network object obj - 10.193.5.230 - 05
    Home 10.193.5.230
    network obj_any object
    subnet 0.0.0.0 0.0.0.0
    network of the Exchange object
    Home 10.193.5.230
    network of the VPN_NETWORK object
    subnet 192.168.22.0 255.255.255.248
    network of the Voice_Network object
    10.200.1.0 subnet 255.255.255.0
    Network voice description
    network of the VPN_CLIENTS object
    subnet 192.168.22.0 255.255.255.248
    network of the NETWORK_OBJ_192.168.22.0_29 object
    subnet 192.168.22.0 255.255.255.248
    the DM_INLINE_NETWORK_1 object-group network
    network-object 0.0.0.0 0.0.0.0
    network-object, object Voice_Network
    access-list extended inside_out allow ip host 10.193.5.230 any4
    access-list extended inside_out deny tcp 10.193.5.0 255.255.255.0 any4 eq smtp debug log
    access-list extended inside_out allow ip 10.193.5.0 255.255.255.0 any4
    inside_out to the list of allowed extensive access ip object Voice_Network all
    access-list extended inside_out allow object ip VPN_CLIENTS all idle state
    access-list extended allowed extended gre any4 host 173.163.35.105
    oustside_in list extended access allow accord any4 host 173.163.35.105 inactive
    Standard access list VPNUsers_splitTunnelAcl allow 10.193.5.0 255.255.255.0
    inside_nat0_outbound extended access list permit ip 10.193.5.248 any4 255.255.255.248
    access extensive list ip 10.193.5.0 inside_nat0_outbound allow 255.255.255.0 10.193.5.248 255.255.255.248
    DefaultRAGroup_splitTunnelAcl list standard access allowed any4
    VPN_splitTunnelAcl list standard access allowed any4
    vvn-vpn_splitTunnelAcl-list of allowed access standard 10.193.5.0 255.255.255.0
    access-list extended outside_in permitted tcp any4 host 10.193.5.230 eq www inactive

    OK for the vvn-vpn_splitTunnelAcl access list you need to remove the access list standard you already use and add their return to access-list extended.

    NO standard of vvn-vpn_splitTunnelAcl-list of access not allowed 10.193.5.0 255.255.255.0

    !

    IP 10.193.5.0 allow Access-list extended vvn-vpn_splitTunnelAcl 255.255.255.0 192.168.22.0 255.255.255.248

    !

    IP 10.200.1.0 allow Access-list extended vvn-vpn_splitTunnelAcl 255.255.255.0 192.168.22.0 255.255.255.248

    !

    The command I posted above has the word static at first it doesn't look like you have copied the full command in your

    NAT (inside, outside) static static source to destination Voice_Network Voice_Network VPN_NETWORK VPN_NETWORK

    Try again and made me know

    Thank you

    !

  • 6500 QinQ vlan native risks

    I have two questions:

    (1) 6500 (regardless of the SUP) do not support the standard 802.1ad correct?  "QinQ" features are not standard?

    (2) can someone help me understand why tagging vlan native is listed as a required step when configuring switchport dot1-tunnel mode?

    (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2S...)

    I understand VLANs jump... etc but I do not understand how this relates to the creation of a tunnel port.  For me, a tunnel port puts all the data in the provider / S-VLAN defined on the port tunnel with "switchport mode access vlan x" This includes labeled and not marked traffic coming from the CE marking on the port tunnel.   I understand best practices for tagging vlan native on the base in general... switches but why the tunnel ports invites and it's necessary?

    I'm missing something basic here :)

    Thank you!

    Hello

    AD 2) here is an explanation, I think:

    http://www.Cisco.com/c/en/us/TD/docs/switches/Datacenter/SW/5_x/NX-OS/in...

    Best regards

    Milan

  • How to access the management of VLANs with a different virtual LAN (Dell powerconnect 6224)

    Hello

    DELL powerconnect 6224 reference.

    I want to access the management of a different VIRTUAL LAN VLAN.

    The management of VLANS is 100 of VLAN. not the routing

    My computer is vlan 60 (192.168.60.10) and I want to connect via ssh or http (192.168.100.1) to manage my switch.

    Thank you for your help on the command line

    The management of VLANS on the 6224 is not routable. So, you will not be able to access VLAN 100 from any other VLAN. However, you can manage the switch from other VLAN IP addresses. So if VLAN 60 has an IP of 192.168.60.1 you can http and ssh to it. And if the VLAN routing is enabled you have access to 192.168.60.1 on the other VLAN.

    See you soon

  • How to assign a vlan per port cisco all point of access by wlc 702w 5508

    My environment have WLC 5508 and ap 702w 250 units in my site. I need on port port config example all the ap 702w 2 > Vlan 20 port 3 > vlan 30

    Now I canfig one by one.

    Please everyone tell me best way to config a time 250 units.

    Thank you very much...

    Here is the config CLI involved. If you have a list of your AP names you can config CLI of training for all your AP on Notepad & then configure this CLI

    config ap lan port-id  enable config ap lan enable access vlan
    See this post for more details https://mrncciew.com/2014/09/26/702w-with-wlc-8-0/ HTH Rasika * Pls note all useful responses *.

  • Allow VPN users access a VLAN different

    I have an ASA 5505.  I have configured remote access VPN so that users can connect to the VPN and access my main VIRTUAL local network (inside).  I want to set so that when a user s in VPN, they are permitted access only to the CCV vlan (Vlan 2) as seen in my configuration.  Please note that there is also a VPN LAN LAN 2, which has been set up as well.

    What Miss me?

    !
    interface Ethernet0/0
    switchport access vlan 4
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    switchport access vlan 2
    !
    interface Ethernet0/7
    switchport access vlan 2
    !
    interface Vlan1
    nameif inside
    security-level 100
    IP 10.240.0.1 255.255.0.0
    !
    interface Vlan2
    prior to interface Vlan1
    nameif HVAC
    security-level 100
    IP address 172.16.128.1 255.255.255.0
    !
    interface Vlan4
    nameif outside
    security-level 0
    IP address 12.x.x.x 255.255.255.0
    !
    passive FTP mode
    IP 10.240.0.0 allow Access - list extended CDEO 255.255.0.0 10.0.0.0 255.0.0.0
    IP 10.240.0.0 allow Access - list extended sheep 255.255.0.0 10.0.0.0 255.0.0.0
    IP 10.240.0.0 allow Access - list extended sheep 255.255.0.0 172.16.129.0 255.255
    . 255.0
    IP 10.102.229.0 allow Access - list extended sheep 255.255.255.0 172.16.129.0 255
    . 255.255.0
    IP 172.16.129.0 allow Access - list extended sheep 255.255.255.0 10.102.229.0 255
    . 255.255.0
    access-list sheep extended ip 172.16.128.0 allow 255.255.255.0 172.16.129.0 255
    . 255.255.0
    IP 172.16.129.0 allow Access - list extended sheep 255.255.255.0 172.16.128.0 255
    . 255.255.0
    list of inbound icmp permitted access extended throughout entire echo response
    list of extended inbound icmp permitted access any source-quench any
    list of extended all inbound icmp permitted access all inaccessible
    access list entering permit icmp any once extended beyond
    coming out to the one permitted all ip extended access list
    standard vpn access list allows 10.240.0.0 255.255.0.0
    standard vpn access list allows 10.102.229.0 255.255.255.0
    list of access allowed standard vpn 172.16.128.0 255.255.255.0
    pager lines 24
    asdm of logging of information
    Within 1500 MTU
    Outside 1500 MTU
    MTU 1500 HVAC
    IP local pool 172.16.129.1 - 172.16.129.5 mask 255.255.255.0 shhfvpnpool
    ICMP unreachable rate-limit 1 burst-size 1
    don't allow no asdm history
    ARP timeout 14400
    Global 1 interface (outside)
    NAT (inside) 0 access-list sheep
    NAT (inside) 1 0.0.0.0 0.0.0.0
    Access-group out on the interface inside
    Access-group interface incoming outside
    Route outside 0.0.0.0 0.0.0.0 12.x.x.x 1
    dynamic-access-policy-registration DfltAccessPolicy
    the ssh LOCAL console AAA authentication
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Crypto ipsec transform-set esp - esp-sha-hmac hand
    Crypto ipsec transform-set esp - esp-md5-hmac RIGHT
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    Crypto-map dynamic dynmap 10 transform-set RIGHT
    life together - the association of security crypto dynamic-map dynmap 10 28800 seconds
    Crypto-map dynamic dynmap 10 kilobytes of life together - the association of safety 4608000
    Crypto-map dynamic dynmap 10 the value reverse-road
    CDEOVPN 35 crypto card matches the address CDEO
    CDEOVPN 35 crypto map set peer 64.x.x.x
    card crypto CDEOVPN 35 the transform-set hand value
    map CDEOVPN 100-isakmp ipsec crypto dynamic dynmap
    CDEOVPN interface card crypto outside
    crypto isakmp identity address
    crypto ISAKMP allow outside
    crypto ISAKMP policy 20
    preshared authentication
    the Encryption
    sha hash
    Group 1
    life 86400
    crypto ISAKMP policy 30
    preshared authentication
    the Encryption
    md5 hash
    Group 2
    life 86400

    Console timeout 0
    management-access inside

    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    attributes of Group Policy DfltGrpPolicy
    VPN-idle-timeout no
    internal group shhf strategy
    attributes of shhf group policy
    VPN-idle-timeout 30
    VPN-session-timeout 1440
    VPN-filter no
    Protocol-tunnel-VPN IPSec
    Split-tunnel-policy tunnelspecified
    Split-tunnel-network-list value vpn

    tunnel-group 64.x.x.x type ipsec-l2l
    64.x.x.x group tunnel ipsec-attributes
    pre-shared key *.
    tunnel-group shhf type remote access
    tunnel-group shhf General attributes
    address shhfvpnpool pool
    strategy-group-by default shhf
    shhf group tunnel ipsec-attributes
    pre-shared key *.
    tunnel-group vpnclient type remote access
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    Review the ip options
    !
    global service-policy global_policy
    context of prompt hostname
    no remote anonymous reporting call
    Cryptochecksum:1cbd55e987f9b41cd2ebcb320fa2e3b2
    : end

    This route to be applied on the switch, if your port eth0/7 on SAA is connected to a switch of later3.

    "Route ip 172.16.129.0 255.255.255.0 172.16.128.1.

    So, don't worry on this route, if you can not apply on the SAA.

    So are you saying that a PC is directly connected to eth0/7 on the SAA.

    What is the IP address, mask and gateway address on the PC connected on eth0/7?

    The trace package seems good.

  • SD205 (switch) and VLAN

    In addition to all my switches Cisco Catalyst (successful), I have a bunch of Linksys SD205 unmanaged switches on my local network.

    I want to configure my network for VLANs, which means I have all my managed Cisco switches will change to a "Routing" configuration   This configuration works well with Cisco Catalyst switches

    Question: the SD205 can operate in this environment?  I know I can't put one of the ports on the SD205 to be 'delivery', but I would like to connect the SD205 to a port of Cisco, which is "effective", so that the devices on the SD205 can communicate to the rest of the world.

    So far, I have not crowned success, then - maybe - they won't work in a shared resource environment.  Someone at - it a definitive answer?  If they simply can't do it, I will stop wasting my time!

    Thank you

    # A unmanaged switch is not compatible 802. 1 q. It will pass any frame ethernet that was 802. 1 q tagged. The only executives who pass through a switch are unmarked, frames that is the VLAN port on the catalyst native.

    If you want to use unmanaged switches, you have to connect to a port configured in mode access, Member of a single VLAN. For example, you can configure a port on the catalyst for access VLAN 10 mode and connect a switch to that port. All devices connected to the switch unmanaged will be VLAN 10. This as you can do.

    But several VLANS: alert the unmanaged switches is impossible because all frames ethernet on the switch must not be tagged.

  • Guest WLAN with VLAN (Dell PC 6248)

    Hello community,

    I want to set up a WLAN of comments using 2 VLANS.
    Setup: IPFire, Dell Power Connect 6248, Netgear WNAP 320 Access Point

    The blue Interface on the firewall tag all executives with ID 15.

    The switch nearly all Ports are unlabeled and the native VLAN 1.
    The "Guest-VLAN" is the VLAN ID 15.

    The port settings

    G36: trunk

    G22:

    All unmarked frames in the VLAN 1 native get the ID1 when they reached Port 22.

    Belonging to a VLAN

    In VLAN 1 native

    In "Guest VLAN" 15:

    Yes, on the 22 of Port that is connected to the AP, executives with the ID15 (guest) and executives who get ID 1 should forwarded to the AP.

    AP, I've implemented 2 SSID.

    The staff-WLAN has ID VLAN 1 and comments-WLAN the VLAN ID 15

    But only the WLAN staff works. I do not get an IP address when I connected with the WLAN Guest.
    Another program installation on the access point:

    I am a beginner in this topic and English is not my language preferred, so please excuse the mistakes :)
    You have any ideas?

    Thank you. :)

    One thing I did not to until that earlier. You said when you plugged your workstation directly on the blue link, he got an IP address and has worked well? By default, that a workstation will send unmarked frames, then maybe the firewall is set to be without a label on this interface. In this case, we can try the following config on the 36 port.

    switchport mode access #.
    # switchport access vlan 15

    The VLAN native will send and receive packets not marked. You said that everything in the VLAN 1 works, right?

  • Dell Powerconnect 5448 a reference on the vlan by default

    Hello

    Just a question.  A Dell Powerconnect 5448 switch will act as a home if its interfaces are configured with 1 interface connection to a primary switch that has the interface is 'access to the interface mode' by default with a vlan?  It will work with all its switches on vlan interface of uplink or would you need to configure both as the trunks to allow access vlan to work and this switch uplink?

    The 5448 is a layer 2 switch, which by default has a VLAN native of 1 with all interfaces in access mode for the native VLAN 1. On the VLAN native all frames are frames unmarked. So now that your uplink to the other switch port, all the info will be sent without label, which means the other switch will receive the unmarked data and then place it in the VLAN that is in access mode. Communication should work this way.

    However, I think using a network connection between the switches. The trunk port is used to connect the devices up-to-date with the switches / VLAN together and allow several VLAN tagged fell on it. Looks like you already have several VLANs on the network, and having a network connection will allow you to expand on it. At the same time everything that is on the VLAN native is always through the trunk to the other switch and will stay on the VLAN native.

  • QinQ - injection of VLAN

    Hello

    We need to inject a part of traffic in the tunnel QinQ routing the traffic of customers. I have not found any documents describing this situation, so I was thinking how do:

    -client a MS VLAN ID 100, encapsulation dot1q SP skeleton.

    -When I set up a port with VLAN 100 centimetres, it will be a member of the VLAN native clients

    -When I "loopback cable" between two interfaces of box SP like this, I will be able to inject VLAN 200 and 300 at tunnel QinQ customers:

    interface FastEthernet0/23

    switchport access vlan 100

    switchport mode dot1q tunnel

    switchport nonegotiate

    No cdp enable

    !

    interface FastEthernet0/24

    switchport trunk encapsulation dot1q

    switchport trunk allowed vlan 200 300

    switchport mode trunk

    switchport nonegotiate

    No cdp enable

    I have a lot on the correctness of the approach. Is there any other way how to?

    Thanks for the comment. Honza maybe

    I think this document explains the feature you're looking for.

    http://www.Cisco.com/en/us/products/HW/optical/ps2006/products_module_configuration_guide_chapter09186a00801f0305.html

  • Cannot connect the switch Cisco Cisco SG300 - 28 p spend and traffic through VLANS

    Try to connect the Cisco SG300 - 28 p switch to another switch and proceed 2 VLANS between them.  Not doing any circuit.  If I connect a computer to the port on the SG300 - 28 p I can access the VLAN 2 and take a DHCP address. However, when I connect to another switch on the port and connect it to a port on another switch secondary I am unable to access VLAN 2 and pull an IP address.  I checked that the works of secondary switch (WS-C3560G-48PS-S) connected to the other 3500 s, but not this latest SG300 - 28 p.  Here's the configuration for both, I'm leaving areas that shouldn't matter and add if necessary.  Try to connect the SG300 - 28 p Port 26-WS-C3560 Port 1 port.  Once again, if I connect a computer to port 26 on the SG300 - 28 p I access the VLAN 2 as expected, but not when I connect to channel 2 on the secondary switch.

    Cisco SG300 - 28 p

    !
    interface vlan 1
    Internet name
    !
    interface vlan 2
    LAN name
    IP 172.20.5.11 255.255.0.0
    no ip address dhcp (this is the VLAN I'm moving)
    !
    interface vlan 3
    private name
    !
    interface vlan 4
    name of Nortel
    !
    interface vlan 101
    name Video_Project
    !
    interface gigabitethernet26
    Description VLAN2-ACCESS-CISCO3500
    switchport mode access
    switchport access vlan 2 (this goes to port 1 on the other Cisco 3500 switch to provide access 2 VLAN)

    Cisco 3500

    !
    interface Vlan1
    NATCO Internet description
    no ip address
    no ip route cache
    no ip mroute-cache
    !
    interface Vlan2
    NATCO LAN description
    IP 172.20.5.13 255.255.0.0
    no ip route cache
    no ip mroute-cache (this is the VLAN I'm moving)

    !
    interface Vlan3
    Description LHPrivate
    no ip address
    no ip route cache
    no ip mroute-cache
    !
    interface GigabitEthernet0/1
    switchport access vlan 2 (this is the port that I connect to the SG300 - 28 p)

    !
    interface GigabitEthernet0/2
    switchport access vlan 2 (this is the port I hang my computer to and trying to access VLAN 2 other switch)

    Hello

    Yes, STP is the problem here. As you can see on your release of the Cisco 3500 switch, port Gi0/1 is BKN (The FEW is a shortened form of "Broken").

    This is caused by an incompatibility of versions PLEASE used between the two switches. Small businesses (including series SG300) switches are use legacy STP or Rapid STP (your case), but uses templates to business (such as catalyst 3500) PVST + (each VLAN spanning tree version of STP).

    Two versions between group of switches are compatible only under certain conditions. Important condition is that the two switchports needs to use a VLAN 1, vlan access/native and not any other number VLAN.

    It is to make your communication work, you must:

    • disable the STP at least 3500 Cisco switch:

      • on overall global (Switch (config) # no vlan spanning tree 2)
      • or by the base interface (switch(config-if) # no vlan spanning tree 2)
    • change the configuration of your connection between two switches by following the path:
      • change the switchport trunk (trunk switchport mode) mode
      • do 1 VLAN as native vlan (vlan switchport trunk native 1)
      • Towing VLAN 2 as vlan tagged on that Stump (switchport trunk allow vlan add 2)

  • Need help to set up voice VLAN in SG300

    Hello

    I spent too much time on it now and need help. I'm trying to set up a voice switch VLAN on a SG300 - 28 p. I need to charge a phone Cisco 7965 connected to a port on SG300 - 28 p to use VLAN 100, and a workstation connected to the phone to use Cisco 7965 on VLAN 101 by SG300 - 28 p. In the common Cisco IOS switches, this task is configured as follows:

    interface gi25

    switchport mode access

    switchport access vlan 101

    switchport voice vlan 100

    Trying to achieve this scenario with a Cisco SG300 switch turns into a nightmare. You will have to deal with a Dynamic of VLAN voice Auto Voice VLAN mode. Then, you must have a configured trigger and activated Automatic Smartport . I tried to do this in CLI nothing helps. Cisco 7965 receives an IP address of the access VLAN on Gi15 interface, which is 101 VLAN. I need to receive an address IP of the VLAN 100.

    The current configuration under Gi15 interface is as follows:

    interface gigabitethernet15

    activate the storm control

    broadcast storm control level kbit/s 10

    Storm-control include multicast

    port security throw trap 60

    maximum port security by 10 points

    port security mode max-addresses

    spanning tree portfast

    LLDP-med disable

    switchport mode access

    switchport access vlan 101

    ! next order is internal

    macro auto smartport dynamic_type unknown $native_vlan 101 $voice_vlan 100

    Now, I don't know how the macro auto smartport dynamic_type unknown $native_vlan 101 $voice_vlan 100 command in the config, and I do not know how to remove it.

    When I try to enter the command macro auto smartport type ip_phone_desktop under Gi15 interface, I get the following error message:

    The $voice_vlan macro setting is not configurable by the user

    It seems that the auto attendant smartport macro ip_phone_desktop can not apply the setting $voice_vlan with a value of 100. In fact, I explicitly does not use this parameter to everything in the order of macro auto smartport type ip_phone_desktop ; However, the SG300 switch knows that the voice VLAN VLAN 100, and he's trying to use this VLAN ID as the value of the $voice_vlan parameter, the macro fails.

    I tried statically configure the voice VLAN on the switch SG300 using the command id of the vlan 100 voice , but I couldn't get the ip_phone_desktop macro to configure interface Gi15 correctly. Then, I removed the command id of the vlan 100 voice and obtained SG300 to learn his voice VLAN ID of UC560 connected to the SG300 through a trunk port based on the port configuration (connected to SG300) for the trunk of the next UC560:

    switchport trunk vlan 101 native

    switchport mode trunk

    switchport voice vlan 100

    Cisco-switch macro description

    This is the command switchport voice vlan 100 who announces to SG300 via CDP VLAN 100 is a voice VLAN. When I run the command show vlan local VoIP on the SG300, I get the following result:

    VLAN ID - VPT DSCP Source MAC address Interface

    1                    5          46       default           ----                    ---

    * 100 CDP e0:5f:b9:xx:yy:zz gi28

    Thus, it is clear that the SG300 receives information from UC560 via CDP in port Gi28 VLAN 100 is the voice VLAN. However, I can not always apply the ip_phone_desktop macro to SG300 Gi15 interface.

    Also, I tried to set up vState ofoithis vlan auto-déclenché as well as the commands in global configuration State vlan automatic voice activated mode. Or setting changes anything view voice VLAN announced at Cisco 7965 where Cisco 7965 continues to use VLAN101 (access the VLAN assigned to the interface Gi15).

    Hello telecastle,

    The Macro just get in the way most of the time. A default state on the switch a user will set the id of the vlan voice with orders

    (config) #voice vlan id 100

    * This will create the vlan 100

    VLAN, VoIP? * You can use to change your defaults for dscp and cos a long with all the other settings.

    State of vlan (config) enabled automatic #voice

    (config) #interface rank fa1-24

    (config-if-range) #switchport trunk vlan 101 native

    trunk (config-if-range) #switchport allowed vlan add 100

    * This function will define the vlan native on the trunk to 101 for the data port and vlan tagged will be 101 for the voice.

    CDP is enabled automatically and should learn the features of the phone and get on the phone to the vlan 101 on this port.

    CDP of the UC should automatically fill in the switch of the SG. You may need to upgrade the switch to the latest firmware however. Also make sure that the DHCP server for the voice if the CPU must be configured accordingly.

    Let me know if this helps.

    Cisco Small Business Support Center

    Randy Manthey

    CCNA, CCNA - security

  • Not getting ip address local vlan Reap H

    I have an AP [UK03AP21] in h-mode to harvest with local switching connected via a switch trunk.

    The H-reap AP is configured for vlan native 200 and connected to Fa0/3 on the button below.

    The relevant part of the configuration of the switch is:-

    .
    DHCP excluded-address IP 192.168.196.1 192.168.196.128
    !
    IP dhcp pool vlan200
    network 192.168.196.0 255.255.255.0
    192.168.196.1 DNS server
    router by default - 192.168.196.1
    .
    .
    interface FastEthernet0/3
    Description < uk03ap21=""> >
    switchport trunk encapsulation dot1q
    switchport mode trunk
    .
    .
    interface FastEthernet0/6
    switchport access vlan 200
    .
    .
    interface Vlan1
    IP 10.10.47.82 255.255.240.0
    !
    interface Vlan20
    IP 10.3.20.4 255.255.254.0
    !
    interface Vlan200
    IP 192.168.196.128 255.255.255.0
    !
    default IP gateway - 10.10.47.14
    IP classless
    IP route 0.0.0.0 0.0.0.0 10.10.47.4
    IP http server
    !
    .
    The client authenticates, okay, so instead of getting ip address of the 192.168.196.0 network, it obtains a dhcp server on the vlan 1 probably through the management interface.

    I had intended to get an IP 200 of vlan and then customers would talk through the firewall on Fa0/6.

    The configuration of the AP is attached.

    Any ideas on what is wrong with my config?

    Thanks in advance.

    Richard

    Hello

    > Step 1

    Please specify the VLAN native in the switchport config...

    interface FastEthernet0/3
    Description < uk03ap21=""> >
    switchport trunk encapsulation dot1q
    switchport mode trunk

    switchport trunk vlan 200 native

    end

    > Step 2

    In the WLC > WLAN > WLAN ID > advanced > check the LOCAL SWITCHING.

    > Step 3

    Change HREAP to the LOCAL AP mode. After the restart of the AP and re join back, u see the extra TAB called HREAP in the page editor of AP, here do mapping VLAN for wireless LANs...

    This will help and let me know if this naswered your question and please remember to note the useful messages!

    Concerning

    Surendra

  • ESXi 5 can't get VLAN ID to work

    Hi all

    I am very new to ESXi and this is the first time that I used it.  I'm having a problem with VLAN ID work in the ESXi host environment.  First of all, let me say my goal.  In the ESXi host, I want a VM for 64-bit Ubuntu Server 11 that has two VM cards, each with a different IP address and default gateway.  My plan is to use the VLAN ID to do this.  Here is the hardware configuration.  Right now it's just in my laboratory experimentation and learning so much at home I use a Comcast for my ISP.

    Modem: Motorola SB6120 Surfboard.

    Router: Cisco SA520 (safety device, a layer 3 routing)

    Switch: Cisco Catalyst 3560-X

    ESXi host box: Supermicro Storage Bridge Bay 6036ST - 6LR

    5.0 ESXi hypervisor running

    The Supermicro has two boards of physical server to both nodes.  I have just met with approximately 1 knot now.

    Here's my setup.

    Modem is connected to the WAN port on the SA520.

    SA520 under LAN > several subnets of VLAN, I to the networks.

    ID of the VLAN 1: 192.168.75.1 255.255.255.0 (default value for SA520)

    VLAN ID 100: 192.168.1.1 255.255.255.0

    VLAN ID 2: 10.10.10.1 255.255.255.0

    ID VLAN 3: 10.10.11.1 255.255.255.0

    All have disabled DHCP if I can do all the static routes on my devices.

    2 to 4 ports are turned off and port 1 is set to Trunk with accessions VLAN to all 4 networks.

    Port 1 on the SA520 is connected to Port 1 of the switch.

    Track 2 of the switch goes to port 1 on the server network card.

    3 switch port goes to port 2 on the map server.

    Switch 24 port goes to my laptop.

    The switch has the same VLAN ID created (1, 2, 3, 100)

    Change IP Default Gateway 192.168.75.1 192.168.75.100 subnet 255.255.255.0

    VLAN 1 IP: 192.168.75.100

    VLAN 2 IP: 10.10.10.100

    VLAN 3 IP: 10.10.11.100

    VLAN 100 IP: 192.168.1.100

    Port 1 is set to 802. 1 q, trunk, all THE VLAN ID, Native VLAN ID 1.

    Port 2 is set to 802. 1 q VLAN ID 1, trunk Native VLAN ID 1.

    Port 3 is set to 802. 1 q VLAN ID 2, 3, Native VLAN ID 2 trunk.

    24 port is set to 802. 1 q, trunk, VLAN ID ALL, Native VLAN ID 100.

    On the ESXi host, the management network is set at VMNIC 0

    VLAN not defined

    Static IP 192.168.75.10 255.255.255.0 DG 192.168.75.1

    DNS Pri 192.168.75.1

    Now, it works fine.  I can ping on the ESXi host and I can connect with VClinet.  However, if I put the ID VLAN 1 for management on the ESXi host network can't connect or ping so be it.  Can someone tell me why?  The switch Port is interconnection with VLAN ID 1.

    To config network of the ESXi host using VClinet, I have two VSwitches.

    Vswitch0 has 1 virtual machine port group and Port of VMKenrel 1.  The VM kernel Port is the Port of management network and a IP address of 192.168.75.10.

    Vswitch1 has 2 virtual machine port groups.  One has a VLAN ID 2 and other 3.

    I have a Ubuntu Server VM with two network adapters in VM.  One is defined on the port VLAN2 and the other on 3 group.

    I have Unbuntu under etc/network/interfaces

    Auto eth0

    iface eth0 inet static

    address 10.10.10.101

    netmask 255.255.255.0

    Network 10.10.10.0

    broadcast 10.10.10.255

    Gateway 10.10.10.1

    Auto eth1

    iface eth1 inet static

    address 10.10.11.101

    netmask 255.255.255.0

    Network 10.10.11.0

    broadcast 10.10.11.255

    Gateway 10.10.11.1

    Once more if I have the ID VLAN about 2 and 3 for groups of two ports on Vswitch1 nothing works at all.  If I put both groups of ports for no VLAN ID then eth0 10.10.10.101 works very well and can be ping and I have internet on ubuntu server.  But 10.10.11.101 eth1 does not work. Cannot ping it.

    Since my laptop I can ping (when no VLAN ID in ESXi)

    192.168.75.1 and 100.

    10.10.10.1, 10, 100, 101

    10.10.11.1 and 100 but NOT 101 (ubuntu server)

    192.168.1.1, 100, 113 (myself)

    So I need to know why I can set the VLAN ID in ESXi and I have them work and how do I get the two different IPs to my Ubuntu VM.

    Thank you

    Chris

    I think that the problem is as always the VLAN native does not match the settings of the vSwitch. Set it VLAN native to switchport 3-999 or something that you are not using, so all managers are supposed to be labeled the vSwitch, which they will be when you enter the id VLANS 2 and 3 on your groups of ports.

    EDIT: a.p. was right before.

Maybe you are looking for

  • Satellite A100: How do I enable SATA NATIVE mode

    Hello, my laptop Satellite A100 PSAA9 and the southbridge is an ICH7MI put an SSD in my laptop and the drive controller is locked-> Ultra DMA 6 IDE compatible mode.I would switch to the native SATA-1 to increase the bandwidth (from 110 MB/s-150), but

  • HP 15-r236ne (Enrgy Star): hp 15-r236ne

    Is it possible to upgrade the memory on the HP 15 - r236ne? 4 GB RAm atm, so, how much is the maximum GB I can add, what is? Should I add Ram or replace the current? Thank you very much for the support

  • replacing the hard drive and windows 8

    just yesterday bought a hp laptop model #20002b19wm. This laptop came preloaded with windows 8. I think with windows 8, microsoft puts more COST on the machines themselves. My question is this, say the hard drive breaks down and I need to replace it,

  • Problem on my laptop in hibernation. NEED HELP!

    model: Compaq Presario CQ42-177TX I have a problem, even when the first time I bought this laptop. Whenever I put my laptop into hibernation, the screen is black as say he was arrested. But the only thing that differs is the market button always ligh

  • MEMORY NOT DETECTED

    Hello world. On behalf of all those that forget to say 'Thank YOU FOR YOUR HELP' (including myself) THANKS for TRYING to HELP EVERYONE and registration we probably a good chunk of money. Follow the good aid flowing. Now my question is: How can I get