VLAN problem with Cisco SG200-50 switch

[waldronm2000]

I'm probably missing something obvious here, but am on the point of giving up and buying another switch...

We've got a brand new school with 2 comms rooms, one serving most of the school, and another smaller one covering a couple of classrooms and various offices. The network has 2 separate subnets, one for admin and one for curriculum. Routing is handled by a layer 3 Cisco switch in the main comms room, which then links to two separate layer 2 Cisco switches, one for each subnet. All that part works fine.

The two comms rooms are linked by two fibre links, so rather than do any VLAN trunking I figured I'd keep it simple and use one link for admin and the other for curriculum. As the smaller part of the school has 40-something network points total, we put a layer 2 50-port Cisco switch in, and VLAN'd it down the middle so it should function as two separate switches. Ports 1-12, 25-36 and 49 are all left in the default admin VLAN, and the fibre from the admin switch in the main comms room feeds in to port 49. Again, all that works fine.

Ports 13-24, 37-48 and 50 are moved to a newly created VLAN 228 (to match subnet octet) and port 50 picks up the fibre link from the curriculum switch in the main comms room, all configured exactly as with the admin VLAN, just a different VLAN ID. The strange thing is, when I plug a laptop into a curriculum port, I can't pick up a DHCP address from the server in the main comms room.

To troubleshoot, I've taken one copper port (21) and the fibre link (50) and moved them to a separate VLAN 2, just to isolate everything else from the problem. I've cleared and monitored the port stats, and I can see broadcasts being received from the laptop on port 21 and also lots of broadcasts and multicasts from the fibre, but nothing other than occasional multicasts are being sent out to the laptop.

I've tried every sensible variation of trunk, access and general on both ports, ensured that all ports are untagged, and tried variations of SmartPort (including disabling it). Nothing I do seems to be able to convert the incoming broadcasts on port 50 to outgoing broadcasts on port 21, which seems to me should be default behaviour for a layer 2 switch.

I've temporarily patched the problem by moving the curriculum onto an old Netgear 10/100 switch, which was the only spare one I had with a mini-GBIC slot, but that's not a long-term solution as there are 4 APs feeding into this switch, so it really needs to be a gigabit.

Anyone come across this before, or have any idea what I might have missed...?

Thanks in advance.

[twin--turbo]

If there is no trunk then there is only one vlan that is connected. You need a trunk.

or two links from the core L3 switch back to the L2 switch.

Rob

[twin--turbo]

A diagram would be helpful too.. and an output of the interface runing config on both switches.

Is VTP set up on the L3, if so it would eb best practice to make the L2 a client for VTP.

Rob

[waldronm2000]

There are two separate fibre pairs, one coming in from the layer 2 admin switch and going to VLAN 1, the other coming from the layer 2 curriculum switch and going to VLAN 2. Layer 2 switches are as factory default. Diagram to follow...

[waldronm2000]

Network diagram - rough sketch, hope it makes sense...

Network.PNG

[twin--turbo]

Do the vlan ID's match at both ends?

CDP may be reporting mismatches if they are not and they may not work correctly.

In the configuration you have, without trunking you need all 4 ports set as access ports, and the "switchport access vlan" set on each port in the vlan

Rob

[waldronm2000]

Both main switches are straight out of the box, so will have all ports in VLAN1. I figured this wouldn't matter as all frames were untagged and I wasn't planning on using VTP, so the VLAN IDs were only intended to be local to the bottom switch.

However, the layer 3 switch is set up with VLAN 1 as admin, VLAN2 as curriculum, and that communicates fine with both layer 2 switches it's connected to.

I reckon you're right though, but don't fancy having to reconfigure all 4 switches now the network's live!

Can I disable CDP instead?

[twin--turbo]

So you have 4 new switches?

Rob

[waldronm2000]

Yes, all new and all Cisco - figured it'd be best to keep them all compatible. 3 x SG200-50 and 1 x SG300-10.

[twin--turbo]

Start as you intend to continue.

Set up VTP on the core.
Setup new vlans for Curric and Admin
Setup trunk Ports
Setup VTP client on the edge switches.
setup the ports into the new vlans.

Rob

[waldronm2000]

So I may be able to remote into the curriculum switch and move all ports to VLAN 2. Of course I may then lose contact with it...

[waldronm2000]

Ah yes, now I look in the logs, lots of

%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi50.

Guess I'll have to go down there and rebuild it. Thanks for the advice.