Re: [AFMUG] Cisco config?
Butch, What you are trying to do is called q-in-q vlans or dot1q-tunnel Depending on the version of IOS, it may or may not be supported. Quick google will get you more info... or you can try to find more info in these docs http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/interfaces/configuration/guide/if_cli/if_qinq_tunnel.pdf FYI, if your switch does not support it, then you can always do it manually... ... define them as trunk ports remove / disable the vlans you don't want to pass change the pvid to some other vlan (than 1) Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net - Original Message - > From: "Butch Evans" > To: af@afmug.com > Sent: Saturday, December 10, 2016 1:57:45 PM > Subject: [AFMUG] Cisco config? > I have a scenario where I need some "special" handling for vlans and am > not sure how to configure this switch to handle it. Software is: > > IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(9)EA1c > > Switch model is WS-C3550-24. Here is the scenario I need to configure: > > Most ports are configured as trunk mode, so any vlans I add to gear outside > the > switch just pass through as I configure them. > I have 4 ports (13-16) that need to be separate. Currently, these are set up > as > "switchport access vlan20". This configuration > effectively creates a separate "switch", which is what I need. What I would > LIKE to do, is have the ability to have those 4 ports allow > me to create vlan configuration on gear plugged into these ports as well. In > other words, I want to create "2 switches" and have > any port that is part of "switch 1" pass vlans unhindered between those ports > and "switch 2" do the same. > > I hope this is clear. I only need a quick example, as I am somewhat familiar > with the configs, just not sure how to overcome the > single vlan limit on the access port. The problem I have is that SOME gear on > some of these ports are vlan unaware (and it needs to > stay that way). Here is a portion of the config showing the 3 port > configuration types: > > > ! > interface FastEthernet0/9 > description Kelly Office > switchport trunk encapsulation dot1q > switchport mode trunk > no ip address > ! > interface FastEthernet0/10 > no ip address > > > ! > interface FastEthernet0/13 > description Accounting switch > switchport access vlan 20 > switchport mode access > no ip address > ! > > > In practice, port 13 (14-16 are exactly like 13) cannot see traffic on either > port 9 or 10. Ports 9 and 10 can see each other (which is what I need) Any > vlan that > I configure on gear plugged into ports 9 or 10 are simply passed through. > Ports > 13-16 do not permit the vlan on the gear to pass. > > -- > Butch Evans > Training and Support for WISPs > 702-537-0979 > http://store.wispgear.net/ > http://www.butchevans.com/
Re: [AFMUG] Cisco config?
On Sat, 2016-12-10 at 19:03 +, Paul Stewart wrote: > Really old switch ….. not sure if I follow what you’re trying to do > … if you had other switches in place, I’d start to suggest q-in-q > but really what you’re looking for is logical switches inside the > physical switch to keep the separation you are referring to. So next > obvious question, why not add a second physical switch maybe? > It is, as you said, logical switches that I am needing (the vlan20). I can add a second switch, but that is what I am wanting to avoid if possible. I am growing more convinced that this is what I will have to do. Maybe an easier way to say what I need is that I need 2 logical switches, each having the ability to pass vlan tags created OUTSIDE the switch. I'm just not sure that is possible in a cisco switch. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Cisco config?
Really old switch ….. not sure if I follow what you’re trying to do … if you had other switches in place, I’d start to suggest q-in-q but really what you’re looking for is logical switches inside the physical switch to keep the separation you are referring to. So next obvious question, why not add a second physical switch maybe? Paul > On Dec 10, 2016, at 1:57 PM, Butch Evans wrote: > > I have a scenario where I need some "special" handling for vlans and am > not sure how to configure this switch to handle it. Software is: > > IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(9)EA1c > > Switch model is WS-C3550-24. Here is the scenario I need to configure: > > Most ports are configured as trunk mode, so any vlans I add to gear outside > the switch just pass through as I configure them. > I have 4 ports (13-16) that need to be separate. Currently, these are set up > as "switchport access vlan20". This configuration > effectively creates a separate "switch", which is what I need. What I would > LIKE to do, is have the ability to have those 4 ports allow > me to create vlan configuration on gear plugged into these ports as well. In > other words, I want to create "2 switches" and have > any port that is part of "switch 1" pass vlans unhindered between those ports > and "switch 2" do the same. > > I hope this is clear. I only need a quick example, as I am somewhat familiar > with the configs, just not sure how to overcome the > single vlan limit on the access port. The problem I have is that SOME gear > on some of these ports are vlan unaware (and it needs to > stay that way). Here is a portion of the config showing the 3 port > configuration types: > > > ! > interface FastEthernet0/9 > description Kelly Office > switchport trunk encapsulation dot1q > switchport mode trunk > no ip address > ! > interface FastEthernet0/10 > no ip address > > > ! > interface FastEthernet0/13 > description Accounting switch > switchport access vlan 20 > switchport mode access > no ip address > ! > > > In practice, port 13 (14-16 are exactly like 13) cannot see traffic on either > port 9 or 10. Ports 9 and 10 can see each other (which is what I need) Any > vlan that > I configure on gear plugged into ports 9 or 10 are simply passed through. > Ports 13-16 do not permit the vlan on the gear to pass. > > -- > Butch Evans > Training and Support for WISPs > 702-537-0979 > http://store.wispgear.net/ > http://www.butchevans.com/
[AFMUG] Cisco config?
I have a scenario where I need some "special" handling for vlans and am not sure how to configure this switch to handle it. Software is: IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(9)EA1c Switch model is WS-C3550-24. Here is the scenario I need to configure: Most ports are configured as trunk mode, so any vlans I add to gear outside the switch just pass through as I configure them. I have 4 ports (13-16) that need to be separate. Currently, these are set up as "switchport access vlan20". This configuration effectively creates a separate "switch", which is what I need. What I would LIKE to do, is have the ability to have those 4 ports allow me to create vlan configuration on gear plugged into these ports as well. In other words, I want to create "2 switches" and have any port that is part of "switch 1" pass vlans unhindered between those ports and "switch 2" do the same. I hope this is clear. I only need a quick example, as I am somewhat familiar with the configs, just not sure how to overcome the single vlan limit on the access port. The problem I have is that SOME gear on some of these ports are vlan unaware (and it needs to stay that way). Here is a portion of the config showing the 3 port configuration types: ! interface FastEthernet0/9 description Kelly Office switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/13 description Accounting switch switchport access vlan 20 switchport mode access no ip address ! In practice, port 13 (14-16 are exactly like 13) cannot see traffic on either port 9 or 10. Ports 9 and 10 can see each other (which is what I need) Any vlan that I configure on gear plugged into ports 9 or 10 are simply passed through. Ports 13-16 do not permit the vlan on the gear to pass. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
