Really old switch ….. not sure if I follow what you’re trying to do … if you had other switches in place, I’d start to suggest q-in-q but really what you’re looking for is logical switches inside the physical switch to keep the separation you are referring to. So next obvious question, why not add a second physical switch maybe?
Paul > On Dec 10, 2016, at 1:57 PM, Butch Evans <but...@butchevans.com> wrote: > > I have a scenario where I need some "special" handling for vlans and am > not sure how to configure this switch to handle it. Software is: > > IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(9)EA1c > > Switch model is WS-C3550-24. Here is the scenario I need to configure: > > Most ports are configured as trunk mode, so any vlans I add to gear outside > the switch just pass through as I configure them. > I have 4 ports (13-16) that need to be separate. Currently, these are set up > as "switchport access vlan20". This configuration > effectively creates a separate "switch", which is what I need. What I would > LIKE to do, is have the ability to have those 4 ports allow > me to create vlan configuration on gear plugged into these ports as well. In > other words, I want to create "2 switches" and have > any port that is part of "switch 1" pass vlans unhindered between those ports > and "switch 2" do the same. > > I hope this is clear. I only need a quick example, as I am somewhat familiar > with the configs, just not sure how to overcome the > single vlan limit on the access port. The problem I have is that SOME gear > on some of these ports are vlan unaware (and it needs to > stay that way). Here is a portion of the config showing the 3 port > configuration types: > > > ! > interface FastEthernet0/9 > description Kelly Office > switchport trunk encapsulation dot1q > switchport mode trunk > no ip address > ! > interface FastEthernet0/10 > no ip address > > > ! > interface FastEthernet0/13 > description Accounting switch > switchport access vlan 20 > switchport mode access > no ip address > ! > > > In practice, port 13 (14-16 are exactly like 13) cannot see traffic on either > port 9 or 10. Ports 9 and 10 can see each other (which is what I need) Any > vlan that > I configure on gear plugged into ports 9 or 10 are simply passed through. > Ports 13-16 do not permit the vlan on the gear to pass. > > -- > Butch Evans > Training and Support for WISPs > 702-537-0979 > http://store.wispgear.net/ > http://www.butchevans.com/
