Unsolved
This post is more than 5 years old
6 Posts
0
121130
set native vlan on pc 3548p port
I am trying to configure a port on a 3548p to be untagged on vlan 20. I have a voip gateway that is not vlan aware and i am using vlan 20 for my voice services. i currently have the vlan defined and the port set to general mode with a pvid of 20. but the device is not accessing vlan 20. if i change the pvid to 1 with vlan 20 port membership set to tagged and then put a vlan aware device and test, it works as expected and i have access to the vlan. but remove the tagging and set the pvid to 20 and it doesnt work. If i try to alter the vlan membership to port assigned to vlan 20 untagged, i get an error 'cannot assign port e44 to unauthenticated vlan 20. Can someone please tell me what i am doing wrong? if
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 28th, 2014 11:00
From the CLI have you tried entering this command?
Console(config)# interface ethernet 1/e16 (change to whichever interface is needed)
Console(config-if)# switchport mode access
Console(config-if)# switchport access vlan 20
Then attempt the connection again.
If you plug in a device with a static IP address in the VLAN 20 subnet, is it able to ping the DHCP server?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 28th, 2014 12:00
When you set the port to general mode with a pvid of 20, any untagged frames being received on that port will be sent to VLAN 20. So with a PVID of 20 there is no need to add VLAN 20 untagged.
Since it will let you set the port to general mode with PVID of 20, lets set the port to that mode. Then connect a workstation with a static IP address and see if you can ping devices on VLAN 20.
Are you able to set the port to access mode for another VLAN? Just a random test VLAN.
razzle69
6 Posts
0
August 28th, 2014 12:00
So if the port is in access mode, i cant assign vlan 20 to it as the default. If it is in general mode, and i set the PVID to 20, i cant add the port as an untagged member of vlan 20. If i leave the PVID as 1, then i can add the port as a tagged member of vlan 20, but not an untagged member.
razzle69
6 Posts
0
August 28th, 2014 12:00
When i first tried these commands, i got a 'Port 1/e44: Port does not belong to PVID VLAN as untagged' error. I then tried changing the port membership to vlan 20 to untagged and got 'Port 1/e44 belongs to wrong number of vlans'. I then removed the membership to vlan 20. Then ran again and got 'Untagged port 1/e44 can not be added to Unauthenticated Vlan 20'.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 28th, 2014 13:00
10.10.70.x is your VLAN 20 subnet?
Is port based authentication enabled on the switch? If so lets try disabling it.
Can you post up the running config from the switch. we can look through it for any suggested changes.
razzle69
6 Posts
0
August 28th, 2014 13:00
Ok, i set port 1/e44 tp general mode with pvid of 20. I set the nic on my laptop to static ip of 10.10.70.25, subnet mask 255.255.255.0, default gateway of 10.10.70.1 (which is the firewall). I connected to port 44 on the switch. tried to ping the gateway, the dhcp server. Nada. No response.
I then created a new vlan 200. ran config, interface ethernet 1/e30 (port not in use). then switchport mode access, switchport access vlan 200. Got the same error 'Port 1/e30 cannot be added to unauthenticated vlan 200.
But if i plug in the 5 port dlink managed switch that i have configured with ports 1,2,3 with PVID of 20, when i uplink that to an open port (configured as general with vlan 1 untagged, and vlan 20 tagged) on the same 3548p switch everything behaves as expected. pc plugged into that switch gets dhcp from vlan 20, can ping the default gateway and dhcp server, and can browse the internet.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 28th, 2014 14:00
Thanks for posting that up. Did some more reading on the unauthenticated VLAN.
This would explain the behavior and messages being seen. Lets try reverting the authentication using this command.
# no dot1x auth-not-req
Then on port 44 place the port into force-authorized mode.
Console(config)# interface ethernet 1/e44
Console(config-if)# dot1x port-control force-authorized
And see if we can get the traffic to flow. Here is a KB article on the a 6024 switch, that outlines some details about authenticated and unauthenticated.
http://www.dell.com/downloads/global/products/pwcnt/en/config_auth_unauth_vlan.pdf
Keep us posted,
razzle69
6 Posts
0
August 28th, 2014 14:00
I attached the running-config.txt file. I sanitized it but all of the relevant info should still be there. Any info at this point would be helpful.
1 Attachment
running-config.txt
razzle69
6 Posts
0
August 28th, 2014 14:00
Ok, i had tried to switch to rich text so i could put the config in as attachment. but that didnt seem to work. so i will have to look like a n00b and paste it into the body here.
SwitchRack4# show running-config
spanning-tree mode rstp
interface port-channel 1
description FromSwitch1
exit
bridge multicast filtering
interface port-channel 1
switchport mode general
exit
interface port-channel 2
switchport mode general
exit
interface port-channel 3
switchport mode general
exit
interface port-channel 4
switchport mode general
exit
interface port-channel 5
switchport mode general
exit
interface port-channel 6
switchport mode general
exit
interface port-channel 7
switchport mode general
exit
interface port-channel 8
switchport mode general
exit
interface range ethernet 1/e(1-29,31-48),1/g(1-2),2/e(1-48),2/g(1-2)
switchport mode general
exit
vlan database
vlan 20,30,200
exit
interface ethernet 1/e44
switchport general pvid 20
exit
interface range ethernet 1/e(1-29,31-35,37-43,45-46),1/g(1-2),2/e(47-48),2/g(
1-2)
switchport general allowed vlan add 20
exit
interface range port-channel (1-8)
switchport general allowed vlan add 20
exit
interface range ethernet 1/e(1-29,31-33,35,37-43),1/g(1-2),2/e(1-48),2/g(1-2)
switchport general allowed vlan add 30
exit
interface range port-channel (1-8)
switchport general allowed vlan add 30
exit
interface vlan 20
name XOPBX
exit
interface vlan 30
name "TX Guest Wireless"
exit
interface vlan 200
name test
exit
interface range vlan 20,30,200
dot1x auth-not-req
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface range ethernet 1/e(47-48)
channel-group 1 mode on
exit
interface ethernet 1/e44
gvrp vlan-creation-forbid
exit
ip igmp snooping
interface vlan 1
ip igmp snooping
ip igmp snooping mrouter learn-pim-dvmrp
ip igmp snooping host-time-out 260
ip igmp snooping mrouter-time-out 300
ip igmp snooping leave-time-out 10
exit
interface ethernet 1/e47
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy
exit
interface ethernet 1/e48
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy
exit
interface vlan 1
ipv6 enable no-autoconfig
ipv6 address fdf4:3532:29fc:ad09::a0a:ad6/64
exit
interface vlan 1
ip address 10.10.10.214 255.255.255.0
exit
ip default-gateway 10.10.10.1
qos trust dscp
qos map dscp-queue 46 to 4
interface range ethernet 1/e(1-9,11-46)
qos cos 6
exit
hostname SwitchRack4
interface ethernet 1/e19
rmon collection history 1 owner belwellphone
exit
logging 10.10.10.218 facility local4 severity warnings
aaa authentication dot1x default none
clock timezone -6
clock summer-time recurring usa
clock source sntp
sntp client poll timer 720
sntp unicast client enable
sntp unicast client poll
sntp anycast client enable
sntp broadcast client enable
sntp server 10.10.10.225 poll
ip domain-name idibri.com
ip name-server 10.10.10.225
interface range ethernet 1/e(47-48)
lldp management-address 10.10.10.214
exit
snmp-server set rlEventsDeleteEvents rlEventsDeleteEvents 1
Default settings:
SW version 2.0.0.53 (date 08-Oct-2013 time 10:47:12)
Fast Ethernet Ports
==========================
no shutdown
speed 100
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
Gigabit Ethernet Ports
=============================
no shutdown
speed 1000
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
interface vlan 1
interface port-channel 1 - 15
spanning-tree
spanning-tree mode STP
qos basic
qos trust cos