RE: vlan urgent [7:74955]
An interesting suggestion, but we can't assume that all three routers take full tables, they could take partial tables or just default routes, or there could be no bgp at all depending on how the network is configured. I am not stating that it is set up this way, but I have seen all of these situations before on production networks with multiple ISPs. The other issues are: 1. Manipulating the attributes on every route received so that every route on all the routers make it to the maximum path bgp selection rule. Like you said, this is doable, but I would not advise anyone to do this without understanding exactly what they are doing. 2. Having 3 routes for every prefix on the Internet, this would equate to approximately 336,000 active routes in the table, just not a possibility unless you have very expensive hardware. -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 11:58 AM To: Lupi, Guy; [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] Theoretically, you don't even need a switch in the middle. If these are ISP-connected routers, and the firewall is doing the NAT, then the three routers must be doing BGP to the ISPs by definition. They would each have full routing tables. On the "inside" (external to PIX) segment, the three routers can run HSRP and the PIX can point to that one address. Between the three routers you can redistribute the routes so that all three routers have equal cost routes to all the Internet routes. It may take some fancy work, but it should be doable. So if Router 1 was the HSRP active on FastEthernet0/0, it would send a third of the traffic over its Serial0/0 interface, a third over the "backend" network between the routers on FastEthernet0/1 to router 2, and a third on the backend network on FastEthernet0/1 to router 3. If router 2 or 3 lost their connection, they would dynamically update router 1. If router 1 went down, then router 2 or 3 would take over as the HSRP active on FastEthernet0/0. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 9:56 AM To: [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -Original Message- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point
RE: vlan urgent [7:74955]
Theoretically, you don't even need a switch in the middle. If these are ISP-connected routers, and the firewall is doing the NAT, then the three routers must be doing BGP to the ISPs by definition. They would each have full routing tables. On the "inside" (external to PIX) segment, the three routers can run HSRP and the PIX can point to that one address. Between the three routers you can redistribute the routes so that all three routers have equal cost routes to all the Internet routes. It may take some fancy work, but it should be doable. So if Router 1 was the HSRP active on FastEthernet0/0, it would send a third of the traffic over its Serial0/0 interface, a third over the "backend" network between the routers on FastEthernet0/1 to router 2, and a third on the backend network on FastEthernet0/1 to router 3. If router 2 or 3 lost their connection, they would dynamically update router 1. If router 1 went down, then router 2 or 3 would take over as the HSRP active on FastEthernet0/0. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 9:56 AM To: [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -Original Message- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help Regards Kaushalender **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74974&t=74955 -- **Please support GroupStudy by purchasing from the
RE: vlan urgent [7:74955]
The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -Original Message- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help Regards Kaushalender **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74965&t=74955 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: VLAN Access maps and bridge ACLs [7:73844]
Dennis, Tried IpExpert 3550 studydoc? Some base material. (their online study site, wahat was it again) Do you have partner e-learning access? I have, but cannot search it from this customer site... Maybe some nice docs there. I'll continue looking around. Martijn Jansen [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: Dennis Laganiere [mailto:[EMAIL PROTECTED] Verzonden: zondag 10 augustus 2003 22:19 Aan: [EMAIL PROTECTED] Onderwerp: VLAN Access maps and bridge ACLs [7:73844] Does anybody have any good links for VLAN Access maps and bridge ACLs? I've gone through my Cisco library and the CCO, and haven't found much... Thanks in advance for any help... --- Dennis **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73866&t=73844 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: VLAN Tagging on Cat 3550 Another question [7:71703]
""simon watson"" wrote in message news:[EMAIL PROTECTED] > Hi > > Some how I was thinking VLAN tagging was something more than just "Trunking" > in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I > have another question.Look at the example below. > > > REMOTE SITE > MAIN SITE > > PC's-CISCO 3550CISCO 2600~~CISCO 3600ALCATEL L3 > SWITCH..PIX...INTERNET ROUTER---INTERNET. >(VLAN3) (802.1q TRUNK) (256K LINK) (802.1q > TRUNK)(VLAN3) > > > A client wants to allow a group of PC's on a remote site, access to the > internet via the main site's ISP.But wants these group of Pc's on their own > VLAN so they have no connection to the rest of the network (except for the > internet router which the whole network uses to access the internet) they > have been advised by a third party to do it as above.They have a Cisco > 3550EMI switch at the remote site & a Alcatel Omnicore L3 switch at the Main > site.The WAN link is a 256k lease line.They want to configure the PC's on > the remote site with the same VLAN as a dedicated PIX on the Main site (also > on the same subnet). > > The Cat 3550 is not using it's L3 capabilities and is trunked to the remote > site's router > > Can this be done ? sure. not sure you need to worry about switching. use the inbound ( from the branch office ) router to route to the default gateway for internet access. put in policy routing and access lists denying access from the branch net to anything on the host site net. where is all this vlan trunking coming from? looks to me like a red herring. > > > I'm sure thinking of the basic laws of routing it won't be possible to have > devices being on the same subnet but across different WAN links, as routing > loops can occur.Also would it be best to enable the layer 3 capabilities of > the switches, or to let the routers do the work. > > I'm looking forward to your answers > > > Thanks in advance > > Simon. > > > > > > > > > > > > - Original Message - > From: "Henrique Issamu Terada" > To: "simon watson" > Cc: > Sent: Tuesday, July 01, 2003 2:09 PM > Subject: RES: VLAN Tagging on Cat 3550 [7:71703] > > > Vlan tagging is commonly called by Cisco as trunks. > Have you ever configured trunks as ISL ou 802.1q ? > Actually the name vlan tagging makes more sense on non Cisco equipment, > where only exists 802.1q . > ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new > header . > > My 0,02 > > > _ > > Henrique Issamu Terada, CCIE # 7460 > > IT Support - Open Network > > CPM S.A. - Tecnologia criando valor > > Tel.: 55 11 4196-0710 > > Fax: 55 11 4196-0900 > > [EMAIL PROTECTED] > > www.cpm.com.br > > -- > > --- > > Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se > > vocj nco for o destinatario ou a pessoa autorizada a receber esta > > mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas > > ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta > > mensagem por engano, por favor avise imediatamente o remetente, > > respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. > > > > This message may contain confidential and/or privileged information. If > > you are not the addressee or authorized to receive this for the addressee, > > you must not use, copy, disclose or take any action based on this message > > or any information herein. If you have received this message in error, > > please advise the sender immediately by reply e-mail and delete this > > message. Thank you for your cooperation. > > > > > > -Mensagem original- > > De: simon watson [SMTP:[EMAIL PROTECTED] > > Enviada em: terga-feira, 1 de julho de 2003 05:02 > > Para: [EMAIL PROTECTED] > > Assunto: VLAN Tagging on Cat 3550 [7:71703] > > > > Hi Guys > > > > A client wants a Cat 3550 configured for VLAN tagging, I have not done one > > of these before so how do I configure the switch, also there is a Cisco > > 2600 > > router also connected to the switch.Do I need to configure the router to > > accomodate VLAN tagging (and any router that packets of the VLAN goes > > through ?) > > > > Thanks > > > > Simon. > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71951&t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report mi
Re: VLAN Tagging on Cat 3550 Another question [7:71703]
""simon watson"" wrote in message news:[EMAIL PROTECTED] > Hi > > Some how I was thinking VLAN tagging was something more than just "Trunking" > in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I > have another question.Look at the example below. > > > REMOTE SITE > MAIN SITE > > PC's-CISCO 3550CISCO 2600~~CISCO 3600ALCATEL L3 > SWITCH..PIX...INTERNET ROUTER---INTERNET. >(VLAN3) (802.1q TRUNK) (256K LINK) (802.1q > TRUNK)(VLAN3) > > > A client wants to allow a group of PC's on a remote site, access to the > internet via the main site's ISP.But wants these group of Pc's on their own > VLAN so they have no connection to the rest of the network (except for the > internet router which the whole network uses to access the internet) they > have been advised by a third party to do it as above.They have a Cisco > 3550EMI switch at the remote site & a Alcatel Omnicore L3 switch at the Main > site.The WAN link is a 256k lease line.They want to configure the PC's on > the remote site with the same VLAN as a dedicated PIX on the Main site (also > on the same subnet). > > The Cat 3550 is not using it's L3 capabilities and is trunked to the remote > site's router > > Can this be done ? sure. not sure you need to worry about switching. use the inbound ( from the branch office ) router to route to the default gateway for internet access. put in policy routing and access lists denying access from the branch net to anything on the host site net. where is all this vlan trunking coming from? looks to me like a red herring. > > > I'm sure thinking of the basic laws of routing it won't be possible to have > devices being on the same subnet but across different WAN links, as routing > loops can occur.Also would it be best to enable the layer 3 capabilities of > the switches, or to let the routers do the work. > > I'm looking forward to your answers > > > Thanks in advance > > Simon. > > > > > > > > > > > > - Original Message - > From: "Henrique Issamu Terada" > To: "simon watson" > Cc: > Sent: Tuesday, July 01, 2003 2:09 PM > Subject: RES: VLAN Tagging on Cat 3550 [7:71703] > > > Vlan tagging is commonly called by Cisco as trunks. > Have you ever configured trunks as ISL ou 802.1q ? > Actually the name vlan tagging makes more sense on non Cisco equipment, > where only exists 802.1q . > ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new > header . > > My 0,02 > > > _ > > Henrique Issamu Terada, CCIE # 7460 > > IT Support - Open Network > > CPM S.A. - Tecnologia criando valor > > Tel.: 55 11 4196-0710 > > Fax: 55 11 4196-0900 > > [EMAIL PROTECTED] > > www.cpm.com.br > > -- > > --- > > Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se > > vocj nco for o destinatario ou a pessoa autorizada a receber esta > > mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas > > ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta > > mensagem por engano, por favor avise imediatamente o remetente, > > respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. > > > > This message may contain confidential and/or privileged information. If > > you are not the addressee or authorized to receive this for the addressee, > > you must not use, copy, disclose or take any action based on this message > > or any information herein. If you have received this message in error, > > please advise the sender immediately by reply e-mail and delete this > > message. Thank you for your cooperation. > > > > > > -Mensagem original- > > De: simon watson [SMTP:[EMAIL PROTECTED] > > Enviada em: terga-feira, 1 de julho de 2003 05:02 > > Para: [EMAIL PROTECTED] > > Assunto: VLAN Tagging on Cat 3550 [7:71703] > > > > Hi Guys > > > > A client wants a Cat 3550 configured for VLAN tagging, I have not done one > > of these before so how do I configure the switch, also there is a Cisco > > 2600 > > router also connected to the switch.Do I need to configure the router to > > accomodate VLAN tagging (and any router that packets of the VLAN goes > > through ?) > > > > Thanks > > > > Simon. > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71854&t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report mi
RE: VLAN Tagging on Cat 3550 [7:71703]
Hi, Concerning your question if you need to configure trunking on the router also - the answer is that it depends on your network topology and configuration. If your router needs to do the routing between the VLANs you will probably need the tagging. By the way this kind of configuration is called router-on-a-stick. Another option is to use one router ethernet interface per VLAN although this option doesn't scale well, so trunking is recommended. Regards, Janó Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71726&t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Tagging on Cat 3550 [7:71703]
""simon watson"" wrote in message news:[EMAIL PROTECTED] > Hi Guys > > A client wants a Cat 3550 configured for VLAN tagging, I have not done one > of these before so how do I configure the switch, also there is a Cisco 2600 > router also connected to the switch.Do I need to configure the router to > accomodate VLAN tagging (and any router that packets of the VLAN goes > through ?) to quote a sage, what is the problem you ( or rather your customer ) is trying to solve? to be quite frank, if the customer is sufficiently educated so as to understand vlan tagging, the configuration is easy enough to do. other responses have given you some configurations, and some narrative. but I gotta say, if you don't understand the requirement, how will you know if what you do is correct, and accomplishes the desired goal? is this a 3550 SMI or EMI? if it is SMI, is the routed network a RIP network? are you leting the switch do the L3 stuff, leaving the 26xx as a gateway to the internet, for example? depending on your topology, you may not need to do anything to the 26xx. someone mentioned doing vlan trunking on the 26xx. while you can now do that on all models of the 26xx, if you have a 2610 or 2611, you still need a current IOS image to do so. does the switch in question connect ot other switches? is this the reason for the vlan trunking? users in the same vlan but on different switches? the "why" is more important than the "how" along with the good advice others have offered, I hope you will take siome time, read up, and ask your customer some questions so that you understand the desired result, thus making the configuration support that result. best wishes Hemingway > > Thanks > > Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71725&t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Tagging on Cat 3550 [7:71703]
I'll take a stab since I just finished reading that in the CCNP switching manual and it'll be a good test :) It depends on the setup eg, whether or not there's to be multiple vlans and, if so, whether or not the two vlans are to communicate etc. On the router you need to configure a subinterface on the physical ethernet port for each of the vlans and for that subint connection to trunk then specify the encapsulation there (either isl or dot1q) and the vlan number that will be assigned on the switch. Then configure the port on the switch that the router is connected to for the same trunking protocol. Then configure the vlan domain, and the vtp mode (server, client or transparent) on the switch. Then configure the vlans. eg... on the router interface FastEthernet2/0 no ip address ip helper-address x.x.x.x speed 100 full-duplex end interface FastEthernet2/0.1 encapsulation dot1q 5 ip address 192.168.5.1 255.255.255.0 ip helper-address x.x.x.x no ip redirects end Note the encapsulation dot1q 5. 5 is the number of the vlan as will be configured on the switch. In this case it's also the number of the subnet (a tip from Mr. Letterman). Dont use vlan number 1 or 1-1005. Im shaky on the command syntax and I don't have an IOS switch (i just ordered my 3550's last week) but on a CLI switch it would be set vtp domain mydomain (sets vtp domain name to mydomain) set vtp mode server (sets the switch in server mode - will transmit vlan info out all trunk ports to client mode machines) set trunk 1/1 nonegotiate dot1q 1-1005 (set the trunking protocol to dot1q for all vlans. Note: vlan 1 should be reserved for administration, 1001 is reserved by Cisco and 1002-1005 are reserved for tokenring bridging) set vlan 5 name subnet5 (define vlan number 5 with name of subnet 5) set vlan 5 2/1 (put port 2/1 on vlan 5. 802.1q (dot1q) is recommended as it only adds 4 bytes to the frame after the destination address in the IP header (2 bytes are the trunking protocol id, 3 bits for priority, 1 bit for CFI (whether or not the mac address is listed in canonical format), 12 bits for the vlan id). ISL encapsulates the frame with a 24 byte header and a 4 byte crc. Way more overhead... Any input on the IOS commands would be appreciated and Im still foggy on the trunking negotiation! Is it that one side is hard set to the protocol and the other is set noneogtiate so that it won't try and change it? (Any other input would be appreciated as well. Especially if I missed something obvious!) -Original Message- From: simon watson [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 1:02 AM To: [EMAIL PROTECTED] Subject: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71717&t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Tagging on Cat 3550 [7:71703]
Here is a plain sample of a 3550 trunk config on one side... interface FastEthernet 0/24 switchport trunk encapsulation isl switchport trunk allowed vlan 1-158,160-4094 switchport mode trunk no ip address ! -Sal simon watson wrote: > > Hi Guys > > A client wants a Cat 3550 configured for VLAN tagging, I have > not done one > of these before so how do I configure the switch, also there is > a Cisco 2600 > router also connected to the switch.Do I need to configure the > router to > accomodate VLAN tagging (and any router that packets of the > VLAN goes > through ?) > > Thanks > > Simon. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71720&t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Trunk Question and spanning tree [7:66730]
John, This is from one my 6509's with an MSFC router module, which is similar to your 4006...we do use the trunk allow to put our trunks in the native vlan and the vlans for data/voice...we also use portfast bpdu-guard on the access ports in the floor switches..it stops the potential of loops in the floor/main switches... I am not sure about the flap error, since its between two uplinks going to two different places.. interface GigabitEthernet3/1 description to sjc5-fxs-sw1 no ip address udld enable mls qos trust cos switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,159,1002-1005 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet3/2 description to sjc5-11-sw1 no ip address udld enable mls qos trust cos switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,151,154,200,1002-1005 switchport mode trunk switchport nonegotiate Larry Letterman Network Engineer Cisco Systems > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > John Brandis > Sent: Wednesday, April 02, 2003 7:05 PM > To: [EMAIL PROTECTED] > Subject: VLAN Trunk Question and spanning tree [7:66730] > > > hi All, > > Please tell me if I am wrong and best practices > > A trunk link, by default, is a member of all VLANS > > Would it be best practice, to place your trunk ports in a particualr VLAN, > then define what you want pruned/not pruned ? > > Reason I ask is that I am getting the hostflapping error every > now and then, > which first made me believe I had a developer plugging in hubs around the > place. However, now I think its a question of my design/config. Here is an > example of the error on my cat-4006 gig ports which trunk to my floor > switchs. > > Host 00:06:29:F9:75:A2 in vlan 23 is flapping between port Gi2/12 and port > Gi2/11 > > NOTE: 2/12 go's to sw2 and 2/11 go's to sw1, which are connected to one > another as you can see below > > I checked it out, there are no hubs any where that could do this, > and I have > spanning tree in place to stop the redundant links on my floor switch;s > coming back into the core. Here is the config of my trunk ports > on the floor > switch > > SW1 > interface GigabitEthernet0/1 > description link to core > switchport mode trunk > no ip address > ! > interface GigabitEthernet0/2 > description link to sw2 floor switch > switchport mode trunk > no ip address > > SW2 > interface GigabitEthernet0/1 > description link to core > switchport mode trunk > no ip address > ! > interface GigabitEthernet0/2 > description link to sw1 floor switch > switchport mode trunk > no ip address > > If any one can suggest anything, I would appreciate it > (I am interested in the use of the bpdu-port guard, would this > help here ?) > > Thanks > John > Sydney Australia > > > ** > > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient > you cannot > use, distribute or copy the message or attachments. In such a > case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official > business of > Solution 6 are neither given nor endorsed by it. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66735&t=66730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
I'll check it out tomorrow. Thanks much Larry! Thomas ""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > Yes, > it prevents loops in spanning tree on layer 2 switches from causing a loop > by disabling the port on a cisco switch... > > > Larry Letterman > Network Engineer > Cisco Systems > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > Thomas N. > > Sent: Wednesday, April 02, 2003 12:18 PM > > To: [EMAIL PROTECTED] > > Subject: Re: VLAN loop problem [7:66656] > > > > > > What does "portfast bpdu-guard" do? Does it prevent interfaces with > > portfast enabled from causing the loop in my scenario? > > > > > > ""Larry Letterman"" wrote in message > > news:[EMAIL PROTECTED] > > > > > port mac address security might work, altho its a lot of admin > > > overhead..are you running portfast bpdu-guard on the access ports? > > > > > > > > > Larry Letterman > > > Network Engineer > > > Cisco Systems > > > > > > > > > - Original Message - > > > From: Thomas N. > > > To: [EMAIL PROTECTED] > > > Sent: Tuesday, April 01, 2003 8:14 PM > > > Subject: VLAN loop problem [7:66656] > > > > > > > > > Hi All, > > > > > > I got a problem in the production campus LAN here between > > VLANs. Please > > > help me out! Below is the scenario: > > > > > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. > > Routing is > > > enable/allowed between the two subnets using MSFC of the 6500. Each > > subnet > > > has a DHCP server to assign IP address to devices on its subnet. > > > Spanning-tree is enable; however, portfast is turned on on all > > > non-trunking/uplink ports. Recently, devices on VLAN 10 got > > assigned an > > IP > > > address of 10.20.x.x , which is from the DHCP on the other scope and > > also > > > from 10.10.x.x scope, and vice versa. It seems that we a > > loop somewhere > > > between the 2 subnets but we don't know where. I noticed lots of end > > users > > > have a little unmanged hub/switch hang off the network jacks in their > > > cubicals and potentially cause loop. > > > > > > Is there any way that we can block the loop on the Cisco switches > > without > > > visiting cubicals taking those little umanaged hubs/switches? Thanks! > > > > > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66724&t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN loop problem [7:66656]
Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Thomas N. > Sent: Wednesday, April 02, 2003 12:18 PM > To: [EMAIL PROTECTED] > Subject: Re: VLAN loop problem [7:66656] > > > What does "portfast bpdu-guard" do? Does it prevent interfaces with > portfast enabled from causing the loop in my scenario? > > > ""Larry Letterman"" wrote in message > news:[EMAIL PROTECTED] > > > port mac address security might work, altho its a lot of admin > > overhead..are you running portfast bpdu-guard on the access ports? > > > > > > Larry Letterman > > Network Engineer > > Cisco Systems > > > > > > - Original Message - > > From: Thomas N. > > To: [EMAIL PROTECTED] > > Sent: Tuesday, April 01, 2003 8:14 PM > > Subject: VLAN loop problem [7:66656] > > > > > > Hi All, > > > > I got a problem in the production campus LAN here between > VLANs. Please > > help me out! Below is the scenario: > > > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. > Routing is > > enable/allowed between the two subnets using MSFC of the 6500. Each > subnet > > has a DHCP server to assign IP address to devices on its subnet. > > Spanning-tree is enable; however, portfast is turned on on all > > non-trunking/uplink ports. Recently, devices on VLAN 10 got > assigned an > IP > > address of 10.20.x.x , which is from the DHCP on the other scope and > also > > from 10.10.x.x scope, and vice versa. It seems that we a > loop somewhere > > between the 2 subnets but we don't know where. I noticed lots of end > users > > have a little unmanged hub/switch hang off the network jacks in their > > cubicals and potentially cause loop. > > > > Is there any way that we can block the loop on the Cisco switches > without > > visiting cubicals taking those little umanaged hubs/switches? Thanks! > > > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66714&t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
What does "portfast bpdu-guard" do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? ""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > port mac address security might work, altho its a lot of admin > overhead..are you running portfast bpdu-guard on the access ports? > > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: Thomas N. > To: [EMAIL PROTECTED] > Sent: Tuesday, April 01, 2003 8:14 PM > Subject: VLAN loop problem [7:66656] > > > Hi All, > > I got a problem in the production campus LAN here between VLANs. Please > help me out! Below is the scenario: > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is > enable/allowed between the two subnets using MSFC of the 6500. Each subnet > has a DHCP server to assign IP address to devices on its subnet. > Spanning-tree is enable; however, portfast is turned on on all > non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP > address of 10.20.x.x , which is from the DHCP on the other scope and also > from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere > between the 2 subnets but we don't know where. I noticed lots of end users > have a little unmanged hub/switch hang off the network jacks in their > cubicals and potentially cause loop. > > Is there any way that we can block the loop on the Cisco switches without > visiting cubicals taking those little umanaged hubs/switches? Thanks! > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66711&t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
No, we don't have portfast bpdu-guard enabled. What does it do? Thanks Larry! Thomas ""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > port mac address security might work, altho its a lot of admin > overhead..are you running portfast bpdu-guard on the access ports? > > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: Thomas N. > To: [EMAIL PROTECTED] > Sent: Tuesday, April 01, 2003 8:14 PM > Subject: VLAN loop problem [7:66656] > > > Hi All, > > I got a problem in the production campus LAN here between VLANs. Please > help me out! Below is the scenario: > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is > enable/allowed between the two subnets using MSFC of the 6500. Each subnet > has a DHCP server to assign IP address to devices on its subnet. > Spanning-tree is enable; however, portfast is turned on on all > non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP > address of 10.20.x.x , which is from the DHCP on the other scope and also > from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere > between the 2 subnets but we don't know where. I noticed lots of end users > have a little unmanged hub/switch hang off the network jacks in their > cubicals and potentially cause loop. > > Is there any way that we can block the loop on the Cisco switches without > visiting cubicals taking those little umanaged hubs/switches? Thanks! > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66699&t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=0&t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN as Firewall zones [7:65938]
Whie I agree that by compriming the switch, the intruder can bypass the firewall, I dont feel that it is of siginificant concern to warrant the purchase of an addiitianal switch to seperate the two. The big drive here is that you must secure your switch at L2, and if you do so, I feel that is is perfectly adequate. In the last Cisco Packet maganize there was an article addressing exactly this issue. And listed some of the common exploits and how to circumvent then. Obvious ones are, by default all ports are left on autop (with regard to runks),.so a user could jack in, request to form a trunk port and then captures all the VLAN etc details, and in effect be able to vlan hop. Enabling port security and restricting the nunber of ACL's seen on one port ia another way to do it. Look at using 802.11x for MAC based port sauthentication, especially on server vlans! You can even go as far as private vlans and ACL's to stipulate which ports and MAC's are allowed to speak to each other .. very usefull when using your switch for a simple connection point (eg /30 between firewall and router or something). http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac222/about_cisco_packet_feature09186a0080142deb.html and make your own mind up. GO and check out the article # Andrew Dorsett wrote: > > On Fri, 21 Mar 2003, Paulo Roque wrote: > > > I usually separate firewall zone with different physical LAN > in different > > switches. > > What do you think of separating firewall zone with VLANs in > the same > > switch/chassis? > > Generally a very bad idea! I fully agree with physical > seperation. > Because if it's based on VLANs then they only have to > compromise the > switch to compromise the entire network. Also because there > are new layer > 2 techniques that can allow a packet to hop across VLANs. > These are the > only things that worry me about the FW module for the 6500 > chassis. It's > based on VLANs. So if I can hop VLANs somewhere then I can > bypass the > firewall. > > Andrew > --- > > http://www.andrewsworld.net/ > ICQ: 2895251 > Cisco Certified Network Associate > > "Learn from the mistakes of others. You won't live long enough > to make all of them yourself." > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66064&t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN as Firewall zones [7:65938]
We deploy 2620/2621 in our microwave network with Catalyst 1912/1924 to 'fan out' via VLANs, but we just use the aux port on the 26xx to reverse telnet to the 19xx, rather than assigning an IP address to the switch. I have seen several situations where ARP requests leak across VLANs on 29xx/35xx series equipment, never really had the chance to observe enough on the other platforms (4xxx/5xxx/6xxx) to know if they're involved - the 19xx seem to be very stable and I've never detected anything like leaking information on them. The big benefit for us, besides cheaper port density, is that we 'twin' each port - an on site tech wanting to work on the thing plugged in to port 1 on the cat 1924 knows he can just hook his laptop to port 11 and he is on the same segment. Andrew Dorsett wrote: > On Fri, 21 Mar 2003, Paulo Roque wrote: > > > I usually separate firewall zone with different physical LAN in different > > switches. > > What do you think of separating firewall zone with VLANs in the same > > switch/chassis? > > Generally a very bad idea! I fully agree with physical seperation. > Because if it's based on VLANs then they only have to compromise the > switch to compromise the entire network. Also because there are new layer > 2 techniques that can allow a packet to hop across VLANs. These are the > only things that worry me about the FW module for the 6500 chassis. It's > based on VLANs. So if I can hop VLANs somewhere then I can bypass the > firewall. > > Andrew > --- > > http://www.andrewsworld.net/ > ICQ: 2895251 > Cisco Certified Network Associate > > "Learn from the mistakes of others. You won't live long enough to make all > of them yourself." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65952&t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN as Firewall zones [7:65938]
On Fri, 21 Mar 2003, Paulo Roque wrote: > I usually separate firewall zone with different physical LAN in different > switches. > What do you think of separating firewall zone with VLANs in the same > switch/chassis? Generally a very bad idea! I fully agree with physical seperation. Because if it's based on VLANs then they only have to compromise the switch to compromise the entire network. Also because there are new layer 2 techniques that can allow a packet to hop across VLANs. These are the only things that worry me about the FW module for the 6500 chassis. It's based on VLANs. So if I can hop VLANs somewhere then I can bypass the firewall. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65944&t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Trunking + Access lista [7:63739]
ACL's should still work on the router. It will treat a vlan interface similarly just like a regular L3 interface. Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Skarphedinsson Arni V." To: Sent: Tuesday, February 25, 2003 8:47 AM Subject: VLAN Trunking + Access lista [7:63739] > Hi > > When using vlan trunking from a router, for example in a router on a stick > enviroment, I would create subinterfaces on the ethernet interface on the > router, does that in some way limit the use of access-lista to controle > traffic, like traffic between the vlans and out of the router through > another interface ? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63811&t=63739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Trunking + Access lista [7:63739]
No, subinterfaces on a trunked port fully support acl's in the same manner as physical interfaces. Same for other services such as NAT, CBAC, policy routing, etc. HTH, Kent On Tue, 2003-02-25 at 11:47, Skarphedinsson Arni V. wrote: > Hi > > When using vlan trunking from a router, for example in a router on a stick > enviroment, I would create subinterfaces on the ethernet interface on the > router, does that in some way limit the use of access-lista to controle > traffic, like traffic between the vlans and out of the router through > another interface ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63771&t=63739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN routing [7:63412]
By default a trunk port will carry all VLANs, which it will need to do in the setup you have illustrated. If you prune the other VLANs at the second switch, the users in VLANs 3 and 4 on the third switch will be cut off. ""Happy World"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All, > > I am new newbie in VLAN routing and don't have enough equipments to test > myself. If I have the following setup. The tagged port 1 need include vlan > 1,2,3,4 or simply include vlan 1,2 to make all 4 VLANs routable? Similiar in > tagged port2, include 1,2,3,4 or 3,4 only? > > > Layer3 switch > /\ > / \ > tagged port1 tagged port2 >/\ > / \ > Layer2 switchLayer2 switch > /\ / \ >vlan1 vlan2 vlan3vlan4 > > Thanks in advance. > > rgds, > Happy World Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63422&t=63412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan help [7:62888]
M.C. van den Bovenkamp wrote: > switchport mode trunk > switchport trunk native vlan > > That will 802.1Q tag all frames except those in vlan . > > You can't have more than one untagged VLAN. OK, groupstudy doesn't like angle brackets; forgot about that. That would be 'switchport trunk native vlan X' and '...in vlan X.' Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62903&t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan help [7:62888]
CiscoNewbie wrote: > hi. on a cisco2950, how can I configure a port to be tagged for one vlan > and untagged for another? Please give me sample. thanks. switchport mode trunk switchport trunk native vlan That will 802.1Q tag all frames except those in vlan . You can't have more than one untagged VLAN. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62899&t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan on a 3548 catalyst [7:61398]
Thanks all but it does not support the interface range command so I had to do it thru the gui! -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED]] Sent: Monday, January 20, 2003 5:45 PM To: [EMAIL PROTECTED] Subject: Re: vlan on a 3548 catalyst [7:61398] Its not available on this version of software on the 3548 I use for my lab... the version is listed below Cisco Internetwork Operating System Software IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE Larry Letterman Network Engineer Cisco Systems - Original Message - From: "MADMAN" To: Sent: Monday, January 20, 2003 1:31 PM Subject: Re: vlan on a 3548 catalyst [7:61398] > I don't have a 3548 to look at but does it supoort the "interface > range" command? if so yes you do have the "one swoop" capability. > >Dave > > Robert Perez wrote: > > "Bob Perez" wrote in message news:... > > > >>Can I assign multiple ports to a vlan in one swoop rather than each > >>one individually? > >> > >>IOS on a 3548XL > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61455&t=61398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan on a 3548 catalyst [7:61393]
If you use the web interface you can. -Original Message- From: Bob Perez [mailto:[EMAIL PROTECTED]] Sent: 20 January 2003 20:05 To: [EMAIL PROTECTED] Subject: vlan on a 3548 catalyst [7:61393] Can I assign multiple ports to a vlan in one swoop rather than each one individually? IOS on a 3548XL Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61442&t=61393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan on a 3548 catalyst [7:61398]
Its not available on this version of software on the 3548 I use for my lab... the version is listed below Cisco Internetwork Operating System Software IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE Larry Letterman Network Engineer Cisco Systems - Original Message - From: "MADMAN" To: Sent: Monday, January 20, 2003 1:31 PM Subject: Re: vlan on a 3548 catalyst [7:61398] > I don't have a 3548 to look at but does it supoort the "interface > range" command? if so yes you do have the "one swoop" capability. > >Dave > > Robert Perez wrote: > > "Bob Perez" wrote in message news:... > > > >>Can I assign multiple ports to a vlan in one swoop rather than each > >>one individually? > >> > >>IOS on a 3548XL > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61417&t=61398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan on a 3548 catalyst [7:61398]
Bob I think the command you want is int range first -last in global config mode. eg switch# config term switch(config)# interface range fastethernet0/1 -fastethernet0/12 (or something similar as I dont have an IOS switch to hand right now) Then just configure the appropriate interface commands. Regards Peter On Mon, 20 Jan 2003 20:09:51 GMT, Robert Perez wrote: > "Bob Perez" wrote in message news:... >> Can I assign multiple ports to a vlan in one swoop rather than each one >> individually? >> >> IOS on a 3548XL -- Peter Walker Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61410&t=61398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan on a 3548 catalyst [7:61398]
I don't have a 3548 to look at but does it supoort the "interface range" command? if so yes you do have the "one swoop" capability. Dave Robert Perez wrote: > "Bob Perez" wrote in message news:... > >>Can I assign multiple ports to a vlan in one swoop rather than each >>one individually? >> >>IOS on a 3548XL -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61408&t=61398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan on a 3548 catalyst [7:61393]
Only if your IOS version supports the "interface range" command. I know it's on our 2950's and 3550's. Not sure about the 3500XL. Ken >>> "Bob Perez" 01/20/03 12:04PM >>> Can I assign multiple ports to a vlan in one swoop rather than each one individually? IOS on a 3548XL Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61404&t=61393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN identity [7:58559]
Correct, The 2 lans across the wan are nothing more than 2 networks with layer 3 router connections connecting them together. The vlan's are only significant at the local lan level to the host in the switch. Larry Thomas N. wrote: >Hi Larry, > >I am using trunking on the LAN side of the routers to route between VLANs. >However, WAN interfaces of these routers are not configured as trunk. The >WAN link is just connected using a different subnet. And no, I don't use >bridging. So if VLAN is just local significant, should it not be a problem? >Thanks! > >Thomas > > >""Larry Letterman"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>I would think that you can bridge them with IRB/CRB but the vlan id >>would not be >>an issue since the connections are not using isl/dot1q trunking. You >>would basically >>be making a flat network across the wan links. The vlan information >>will only propagate >>across trunk links that pass the vlan id in the layer 2 frame. >> >>-Larry >> >>s vermill wrote: >> >>>Larry Letterman wrote: >>> Not unless the routers were using trunking and it does not sound like they are... The L3 links to each lan switch dont know anything about the vlan . Larry >>>Larry, >>> >>>Just curious... Can VLANs be bridged over a bridge group that includes >>>serial WAN connectivity or is a FE or GE trunk the only possibility? >>> >>>Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58646&t=58559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN identity [7:58559]
Hi Larry, I am using trunking on the LAN side of the routers to route between VLANs. However, WAN interfaces of these routers are not configured as trunk. The WAN link is just connected using a different subnet. And no, I don't use bridging. So if VLAN is just local significant, should it not be a problem? Thanks! Thomas ""Larry Letterman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I would think that you can bridge them with IRB/CRB but the vlan id > would not be > an issue since the connections are not using isl/dot1q trunking. You > would basically > be making a flat network across the wan links. The vlan information > will only propagate > across trunk links that pass the vlan id in the layer 2 frame. > > -Larry > > s vermill wrote: > > >Larry Letterman wrote: > > > >>Not unless the routers were using trunking and it does not > >>sound like > >>they are... > >>The L3 links to each lan switch dont know anything about the > >>vlan . > >> > >>Larry > >> > > > >Larry, > > > >Just curious... Can VLANs be bridged over a bridge group that includes > >serial WAN connectivity or is a FE or GE trunk the only possibility? > > > >Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58634&t=58559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN identity [7:58559]
I would think that you can bridge them with IRB/CRB but the vlan id would not be an issue since the connections are not using isl/dot1q trunking. You would basically be making a flat network across the wan links. The vlan information will only propagate across trunk links that pass the vlan id in the layer 2 frame. -Larry s vermill wrote: >Larry Letterman wrote: > >>Not unless the routers were using trunking and it does not >>sound like >>they are... >>The L3 links to each lan switch dont know anything about the >>vlan . >> >>Larry >> > >Larry, > >Just curious... Can VLANs be bridged over a bridge group that includes >serial WAN connectivity or is a FE or GE trunk the only possibility? > >Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58575&t=58559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN identity [7:58559]
Larry Letterman wrote: > > Not unless the routers were using trunking and it does not > sound like > they are... > The L3 links to each lan switch dont know anything about the > vlan . > > Larry > Larry, Just curious... Can VLANs be bridged over a bridge group that includes serial WAN connectivity or is a FE or GE trunk the only possibility? Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58571&t=58559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN identity [7:58559]
Not unless the routers were using trunking and it does not sound like they are... The L3 links to each lan switch dont know anything about the vlan . Larry Thomas N. wrote: >Hi All, > >I am wondering if the VLAN number is valid locally on a LAN only or it goes >across the WAN link? In my scenario, I have two LANs separated with 2 WAN >routers. On the LAN # 1, I assign a VLAN 100 with IP address (gateway) of >10.100.1.1. On LAN # 2, I assign another VLAN 100 but with an IP address of >10.200.1.1. The WAN link is using a 172.16.10.0 subnet, and does routing >between 10.0.0.0 and 172.16.10.0 networks. > >My question is that will VLAN 100 on LAN # 1 distinguishes from VLAN 100 on >the LAN # 2? Can I have 2 different subnets with the same VLAN ID number >but sitting on 2 separate LANs? Hosts in the first VLAN 100 should not talk >to others in the second VLAN 100 without using the routers? Thanks All! > >Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58566&t=58559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN identity [7:58559]
Unless you're doing some kind of bridging or IRB, this won't be a problem. Even then, I'm not sure it would necessarily be a problem. In a "normal" topology, VLANs are locally significant. Thomas N. wrote: > > Hi All, > > I am wondering if the VLAN number is valid locally on a LAN > only or it goes > across the WAN link? In my scenario, I have two LANs separated > with 2 WAN > routers. On the LAN # 1, I assign a VLAN 100 with IP address > (gateway) of > 10.100.1.1. On LAN # 2, I assign another VLAN 100 but with an > IP address of > 10.200.1.1. The WAN link is using a 172.16.10.0 subnet, and > does routing > between 10.0.0.0 and 172.16.10.0 networks. > > My question is that will VLAN 100 on LAN # 1 distinguishes from > VLAN 100 on > the LAN # 2? Can I have 2 different subnets with the same VLAN > ID number > but sitting on 2 separate LANs? Hosts in the first VLAN 100 > should not talk > to others in the second VLAN 100 without using the routers? > Thanks All! > > Thomas > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58563&t=58559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan name vs vlan number [7:57985]
""pauldongso"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > thanks for your response. > If ISL and 802.1q frame header has no space for vlan name, it means > doesn't matter if Switch A and B are within the same VTP domain or not, > whatever vtp modes they are on, as long as the vlan number is the same, > vlan name does not matter. CL: well, one of the switches would have to be in transparent mode. I'd double check, but it is such a pain to reconfigure everything, and I'm under a time crunch right now. > > > The Long and Winding Road wrote: > > ""pauldongso"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > >>Hi All, > >> > >>come across this scenario: > >> > >>Switch A - switch B > >>(vtp wally) trunk (vtp world) > >> | | > >> | | > >>PC 1 PC 2 > >>(vlan 2,name access) (vlan 2, name access) > >> ip 10.0.0.1 ip 10.0.0.2 > >> > >>1. pc 1 is able to ping pc2. > >>2. when vlan 2 in switch A change name to be access-new, > >>will PC 1 still be able to ping PC2? will the vlan name > >>take any effect? > > > > > > > > CL: assuming all switches are vtp server, the answer is that the name > change > > becomes universal, so there is no effect. > > > > CL: sorry, but I am unable to provide an empirical answer regarding vtp > > transparent. the theoretical answer is there would be no effect if the same > > vlan number were to have two different names on two different switches. > > there is no place in the 802.1 header for a vlan name. all that matters is > > the number. > > > > > > > > > > > > > >>Thanks in advance. > >> > >>Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58002&t=57985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan name vs vlan number [7:57985]
thanks for your response. If ISL and 802.1q frame header has no space for vlan name, it means doesn't matter if Switch A and B are within the same VTP domain or not, whatever vtp modes they are on, as long as the vlan number is the same, vlan name does not matter. The Long and Winding Road wrote: > ""pauldongso"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>Hi All, >> >>come across this scenario: >> >>Switch A - switch B >>(vtp wally) trunk (vtp world) >> | | >> | | >>PC 1 PC 2 >>(vlan 2,name access) (vlan 2, name access) >> ip 10.0.0.1 ip 10.0.0.2 >> >>1. pc 1 is able to ping pc2. >>2. when vlan 2 in switch A change name to be access-new, >>will PC 1 still be able to ping PC2? will the vlan name >>take any effect? > > > > CL: assuming all switches are vtp server, the answer is that the name change > becomes universal, so there is no effect. > > CL: sorry, but I am unable to provide an empirical answer regarding vtp > transparent. the theoretical answer is there would be no effect if the same > vlan number were to have two different names on two different switches. > there is no place in the 802.1 header for a vlan name. all that matters is > the number. > > > > > > >>Thanks in advance. >> >>Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58001&t=57985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan name vs vlan number [7:57985]
""pauldongso"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All, > > come across this scenario: > > Switch A - switch B > (vtp wally) trunk (vtp world) > | | > | | > PC 1 PC 2 > (vlan 2,name access) (vlan 2, name access) > ip 10.0.0.1 ip 10.0.0.2 > > 1. pc 1 is able to ping pc2. > 2. when vlan 2 in switch A change name to be access-new, > will PC 1 still be able to ping PC2? will the vlan name > take any effect? CL: assuming all switches are vtp server, the answer is that the name change becomes universal, so there is no effect. CL: sorry, but I am unable to provide an empirical answer regarding vtp transparent. the theoretical answer is there would be no effect if the same vlan number were to have two different names on two different switches. there is no place in the 802.1 header for a vlan name. all that matters is the number. > > Thanks in advance. > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57986&t=57985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load Balancing [7:55411]
issue the command ..set spantree root vlan x,x,x set spantree root sec vlan x,x,x you dont need to adjust the priorities.. I had that in my data center until recently when I went to layer 3 design only...I got tired of spantree issues taking down servers... Good luck with it.. Larry Letterman Network Engineer Cisco Systems Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of Azhar Teza Sent: Friday, October 11, 2002 12:53 PM To: [EMAIL PROTECTED] Subject: VLAN Load Balancing [7:55411] If I have multiple VLANS for example 10,20,30 on 1st, 2nd, and 3rd floors respectivley and VLANS 11,21,31 on 4th, 5th, 6th floors. All of the floor switches are connected to (2) 6509 switches. The server farms have vlans 40 and 50 and hanging off on two seperate switches 3548. Each has its own VLANS. They are also connected to (2) 6509 swithes. 6509s are doing all the routing. Each Vlan is tied to a unique subnet. In order for me to do VLAN Load balancing: I could make (1) 6509 as root bridge for vlans 10, 20, and 30 and secondary root bridge for VLANS 11,21,31 and vice versa for(2) 6509 as a root bridge for vlans 11,21,31 and secondary root bridge for vlans 10,20, and 30. When I do the set commands, for example on (1) 6509, I would do "SET SPANTREE PRIORITY 100 10 20 30""SET SPANTREE PRIORITY 200 11,21, 31" On (2) 6509, "SET SPANTREE PRIORITY 100 11,21, 31""SET SPANTREE PRIORITY 200 10,20,30" The question was do I also need to include VLANS 40 and 50 (The server farm VLANS) in those above commands. Regards, Teza Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55415&t=55411 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan encap. over WAN [7:52613]
Yes routing will solve the problem. Also the Cisco, or formerly Cisco 8110 supports a larger enet packet size. The problem with the tagged frames is that they look like giants, >1518 bytes. Dave "Arni V. Skarphedinsson" wrote: > > I have the following problem, > > I have two locations connected bya ATM from a service provide, and I get > ethernet at each end, now I would like to send Vlan tagged frames 802.1q > over the link, as I need to have two IP networks span both sites. > > But when I turn tagging on, It does not work, and the Provider says that his > equipment can4t handle the tagged frames > > Is there any way to work around this, with routing or switching ?? > > please let me know > > Best regards > Arni -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52619&t=52613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan encap. over WAN [7:52613]
How about two PVCs in the ATM? > -Original Message- > From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 03, 2002 10:25 AM > To: [EMAIL PROTECTED] > Subject: VLan encap. over WAN [7:52613] > > > I have the following problem, > > I have two locations connected bya ATM from a service > provide, and I get > ethernet at each end, now I would like to send Vlan tagged > frames 802.1q > over the link, as I need to have two IP networks span both sites. > > But when I turn tagging on, It does not work, and the > Provider says that his > equipment can4t handle the tagged frames > > Is there any way to work around this, with routing or switching ?? > > please let me know > > Best regards > Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52618&t=52613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan encap. over WAN [7:52613]
Create a 'bridge-group' by issuing the command on the interfaces you want to span. -Original Message- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 11:25 AM To: [EMAIL PROTECTED] Subject: VLan encap. over WAN [7:52613] I have the following problem, I have two locations connected bya ATM from a service provide, and I get ethernet at each end, now I would like to send Vlan tagged frames 802.1q over the link, as I need to have two IP networks span both sites. But when I turn tagging on, It does not work, and the Provider says that his equipment can4t handle the tagged frames Is there any way to work around this, with routing or switching ?? please let me know Best regards Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52615&t=52613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Encapsulation for Fibre [7:51680]
John Brandis wrote: > > Hi All, > > What type of frame tagging Protocol is best for Gigabit > Ethernet Fiber > Interfaces. I understand that ISL is fine for standard fast > ethernet , > however .10 is perhaps better for this situation. Do you mean 802.10?? That was used for VLAN tagging on FDDI. Don't think just because you have fiber-optic cabling you have to use 802.10, which was for FDDI (which is an entirely different data-link layer). I can't see why the solution would be any different for Gigabit Ethernet versus Fast Ethernet. Use either ISL or 802.1Q, probably 802.1Q since it's standards based, whereas ISL is Cisco-proprietary. Also, I don't think Cisco supports ISL on some Gigabit Ethernet interfaces. > > Thanks for advice on VOIP. Got it all sorted out, thanks to the > nice people > at NEC and your comments. That's good. And your haircut is working out well too I hope? ;-) Priscilla > > John > Sydney Australia > > > ** > > visit http://www.solution6.com > visit http://www.eccountancy.com - everything for accountants. > > UK Customers - http://www.solution6.co.uk > > * > This email message (and attachments) may contain information > that is confidential to Solution 6. If you are not the intended > recipient you cannot use, distribute or copy the message or > attachments. In such a case, please notify the sender by > return email immediately and erase all copies of the message > and attachments. Opinions, conclusions and other information > in this message and attachments that do not relate to the > official business of Solution 6 are neither given nor endorsed > by it. > * > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51683&t=51680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Leaking [7:50404]
I have no leakage issues with mgmt vlans being on vlans other than vlan 1 in most switches here... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Diliberto Sent: Thursday, August 01, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: RE: VLAN Leaking [7:50404] That would explain why I see traffic on my VLAN that should be on a different VLAN. >>> "Turpin, Mark" 08/01/02 08:55AM >>> Lore has it that changing the default vlan can result in leaking. Real life experiences? -Mark -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 10:30 AM To: [EMAIL PROTECTED] Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] What do they mean by management? for inband managment you could use any VLAN, large switched networks will often choose a VLAN that is used for inband management only. VLAN 1 also is used by the switches for management via VTP, spanning, DISL, PAGP etc. Dave "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50503&t=50404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Leaking [7:50404]
That would explain why I see traffic on my VLAN that should be on a different VLAN. >>> "Turpin, Mark" 08/01/02 08:55AM >>> Lore has it that changing the default vlan can result in leaking. Real life experiences? -Mark -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 10:30 AM To: [EMAIL PROTECTED] Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] What do they mean by management? for inband managment you could use any VLAN, large switched networks will often choose a VLAN that is used for inband management only. VLAN 1 also is used by the switches for management via VTP, spanning, DISL, PAGP etc. Dave "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50404&t=50404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Trunking [7:49976]
Well there's some information missing. I see you only have 8 gig ports, but where do VLANs come into play there? We need more information. Mike W. "John Brandis" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > G'day all. > > Got a question regarding VLAN trunking in a switched environment. Say for > example, I have a Catalyst 5509 in my network at the core, and then I have > lower end catalyst switch's with a gigabit port on each. In this example, > lets say I have 14 VLANS to connect, however I only have 8 gigabit ports on > my Catalyst 5509. In this case, the customer NEEDS gigabit access back to > the core from the distribution layer. > > My question is, would it be better to: > > a). Just buy another module of 8 gigabit ports and connect every VLAN's > distribution layer back to the Catalyst gigabit ports > > b). Something else ? > > Thanks for all your help and time. I appreciate it. > > John Brandis > Sydney, Australia > > > ** > > visit http://www.solution6.com > visit http://www.eccountancy.com - everything for accountants. > > UK Customers - http://www.solution6.co.uk > > * > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49978&t=49976 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Trunk Protocol [7:49647]
VTP - is only used to disseminate information among switches in the same VTP domain - or manage VLAN configurations. Setting a switch as a server allows you to add/delete/modify VLAN's from that switch for the entire VTP domain. If the VTP domain server dies :( no problem, your domain will be fine, however you will not be able to perform your add/deletes/modifys on that domain. This can be remedied by making another switch a SERVER. Hope that answers you question. Oleg Oz. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49657&t=49647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Configuration at access layer [7:48632]
On Thu, 11 Jul 2002, John Brandis wrote: > >From here, can I use as the access point of my network, other lower end > catalyst switchs, and just plug them into their distribution points for each > VLAN at my Distribution layer,,,or does each access layer switch need to be > fully configured as a VTP client of my-network, also configuring VLAN > membership and appropriate links ? It depends on how much your network is going to change. Do people change departments but sit at the same desk? Is there a VLAN for things other than PCs (IP Phones, security cameras, wireless access points) that are going to plug into the same switches? As a convienience thing, VTP on the distribution/access layers is very handy. I do it here - the switches in our patch panel room not only run desktop PCs, but also wireless APs and front desk demo machines, all in their own VLANs. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48641&t=48632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Configuration at access layer [7:48632]
John, where in Sydney are you? If you plug a switch or hub directly of a Distribution switch, there needs to be no configured VLAN information (such as VTP) configured on the end switch, provided you plug your switch/hub into a VLAN defined port on the distry switch, that will work fine, however you will not be segregating the bottom parts of your network. For instance: We have 2 x 6509's at our Core as VTP Servers, we have fibre dropped to around 10 3548s which run VTP and have full VTP/VLAN information, from there we directly connect access layer switches without VTP info into the distry switch and set the port on the disty switch to be a member of the VLAN we wish.. then its all fine.. Directly connected, you can however have your access layer switchs be VLAN aware, but I find its not really needed.. we split our floors in half, VLAN 200 and 202, we have 4 ports on the Disty switch 2 for VLAN 200 and 2 for VLAN 202, then its all go from there :) If you want some more examples, email me, [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48636&t=48632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN managment domain IP Addressing... [7:44255]
Yes you can do this but what you probably forgot to do was shutdown interface vlan 1. Until you shutdown vlan 1 the other vlan you created will not come up. Dave Jeff Harris wrote: > > Does anyone know if you can use a VLAN interface for management on an > IOS-based switch if said VLAN was learned via VTP? I was unable to set it up > that way awhile back. I have ran into this awhile back and never did get to > troubleshoot it. > > The switch in question was a 3524XL. The VTP server was a 2948G. All the > vlans showed up just fine. I could make ports members of them on the 3524. > > Jeff > > On Tue, May 14, 2002 at 02:59:23PM -0400, Darren S Crawford wrote: > > SC0 can be placed in any VLAN you specify. All ports default to VLAN 1 so > > putting it there may not be prudent depending on your specific security > > needs. For example, I have used VLAN 999 in DMZs before as the "managment > > rail" for the switches. > > > > HTH > > > > Darren > > > > At 02:13 PM 5/14/2002 -0400, Chris Charlebois wrote: > > >If you are using a set-based switch, I beleive the SC0 interface belongs > to > > >VLAN 1 by default. I'm not even sure you can change that. > > > > > >On IOS-based switches, use the VLAN virtual interface: > > >Switch1(conf)#interface vlan1 > > >Switch1(conf-if)#ip address w.x.y.z 255.255.255.0 > > > > > >You can create virtual interfaces for any and all vlans, so the switch can > > >be accessed from multiple ip addresses, but the switch will not route > > >between vlans (obviously). > > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: > > Lucent Technologies - Enhanced Services & Sales > > NetworkCare Professional Services > > http//www.lucent.com/netcare/ > > Darren S. Crawford - CCNP, CCDP, CISSP > > > > Distinguished Member of the Consulting Staff > > > > Northwest Region - Sacramento Office > > Voicemail (916) 859-5200 x310 > > Pager (800) 467-1467 > > mailto:[EMAIL PROTECTED] > > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: > > > > Every Job is a Self-Portrait of the person Who Did It > > Autograph Your Work With EXCELLENCE! -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44278&t=44255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN managment domain IP Addressing... [7:44255]
Does anyone know if you can use a VLAN interface for management on an IOS-based switch if said VLAN was learned via VTP? I was unable to set it up that way awhile back. I have ran into this awhile back and never did get to troubleshoot it. The switch in question was a 3524XL. The VTP server was a 2948G. All the vlans showed up just fine. I could make ports members of them on the 3524. Jeff On Tue, May 14, 2002 at 02:59:23PM -0400, Darren S Crawford wrote: > SC0 can be placed in any VLAN you specify. All ports default to VLAN 1 so > putting it there may not be prudent depending on your specific security > needs. For example, I have used VLAN 999 in DMZs before as the "managment > rail" for the switches. > > HTH > > Darren > > At 02:13 PM 5/14/2002 -0400, Chris Charlebois wrote: > >If you are using a set-based switch, I beleive the SC0 interface belongs to > >VLAN 1 by default. I'm not even sure you can change that. > > > >On IOS-based switches, use the VLAN virtual interface: > >Switch1(conf)#interface vlan1 > >Switch1(conf-if)#ip address w.x.y.z 255.255.255.0 > > > >You can create virtual interfaces for any and all vlans, so the switch can > >be accessed from multiple ip addresses, but the switch will not route > >between vlans (obviously). > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: > Lucent Technologies - Enhanced Services & Sales > NetworkCare Professional Services > http//www.lucent.com/netcare/ > Darren S. Crawford - CCNP, CCDP, CISSP > > Distinguished Member of the Consulting Staff > > Northwest Region - Sacramento Office > Voicemail (916) 859-5200 x310 > Pager (800) 467-1467 > mailto:[EMAIL PROTECTED] > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: > > Every Job is a Self-Portrait of the person Who Did It > Autograph Your Work With EXCELLENCE! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44272&t=44255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN managment domain IP Addressing... [7:44255]
It's not clear what your asking but the switch inband management ip address and the VTP domain have nothing to do with each other. Dave Edward Sohn wrote: > > hey all > > i've got a question, that seems logical enough, but I can't find any > explanation/answer for it anywhere on CCO or Cisco Press... > > Anyway, if I'm creating a VTP domain with multiple switches and VLANs > and stuff, what do I set the IP addresses to for the switches, > themselves? I mean, they have to all be on the same subnet to telnet to > (this is pre-router). But how do you solve this compatibility issue > with different IP subnets, while maintaining the accessibility of the > switches, themselves? > > Am I making sense? > > Thanks, > > Eddie -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44266&t=44255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN managment domain IP Addressing... [7:44255]
SC0 can be placed in any VLAN you specify. All ports default to VLAN 1 so putting it there may not be prudent depending on your specific security needs. For example, I have used VLAN 999 in DMZs before as the "managment rail" for the switches. HTH Darren At 02:13 PM 5/14/2002 -0400, Chris Charlebois wrote: >If you are using a set-based switch, I beleive the SC0 interface belongs to >VLAN 1 by default. I'm not even sure you can change that. > >On IOS-based switches, use the VLAN virtual interface: >Switch1(conf)#interface vlan1 >Switch1(conf-if)#ip address w.x.y.z 255.255.255.0 > >You can create virtual interfaces for any and all vlans, so the switch can >be accessed from multiple ip addresses, but the switch will not route >between vlans (obviously). x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: Lucent Technologies - Enhanced Services & Sales NetworkCare Professional Services http//www.lucent.com/netcare/ Darren S. Crawford - CCNP, CCDP, CISSP Distinguished Member of the Consulting Staff Northwest Region - Sacramento Office Voicemail (916) 859-5200 x310 Pager (800) 467-1467 mailto:[EMAIL PROTECTED] x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: Every Job is a Self-Portrait of the person Who Did It Autograph Your Work With EXCELLENCE! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44265&t=44255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load balancing [7:43265]
I second that.
Theo
"Sean Knox"
Sent by: [EMAIL PROTECTED]
05/04/2002 09:52 AM
Please respond to "Sean Knox"
To: [EMAIL PROTECTED]
cc:
Subject:RE: VLAN Load balancing [7:43265]
Correct me if I'm wrong, but VLAN priorization isn't really load
balancing-
you are just forcing VLANS over a preselected path. It does not take into
consideration that one VLAN may utilize more bandwidth than another.
Sean
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> MADMAN
> Sent: Friday, May 03, 2002 3:05 PM
> To: [EMAIL PROTECTED]
> Subject: Re: VLAN Load balancing [7:43265]
>
>
> Yes. An example would be two core 6500 trunked together. You have
> switches in the closets, one uplink to 6500A the other to 6500B. Set
> priority on even VLAN/s to A odd to B.
>
> Dave
>
> "Steven A. Ridder" wrote:
> >
> > Does anyone do any VLAN load balancing via STP in the real
> world? I've
> > never seen it yet, and am just curious if it's ever done.
> >
> > --
> >
> > RFC 1149 Compliant.
> > Get in my head:
> > http://sar.dynu.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"
> [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43454&t=43265
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load balancing [7:43265]
Do mean if I have 2 6509 with MSFC2/PFC2's, I configure STP for say odd vlans to go to the first MSFC and EVEN VLAN's to the SECOND MSFC ? This is done all the time.. read up on "MISTP" on cco. Basically you "map vlans to instances of spanning tree protocol" also you can use the older way of setting STP priority on a per vlan basis for each vlan with round-robin vlan staggering on msfc's like (vlan 1 bridge-priority can be 1, on msfc 1 and 65000 on vlan 2, and VICE VERSA for msfc 2) check this doc http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_1/conf_gd/spantree.htm#xtocid2339718 Joseph Brunner ASN 21572 MortgageIT MITLending New York, NY 10038 (212) 651 - 7695 Voice Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43271&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load balancing [7:43265]
At 8:52 PM -0400 5/3/02, Sean Knox wrote: >Correct me if I'm wrong, but VLAN priorization isn't really load balancing- >you are just forcing VLANS over a preselected path. It does not take into >consideration that one VLAN may utilize more bandwidth than another. > >Sean Remember that the network designer is going to force VLANs over paths. The design should reflect actual traffic measurements, or at least estimates. This isn't a one-time decision. There should be regular utilization measurement and adjustments as indicated by measurement. > > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >> MADMAN >> Sent: Friday, May 03, 2002 3:05 PM >> To: [EMAIL PROTECTED] >> Subject: Re: VLAN Load balancing [7:43265] >> >> >> Yes. An example would be two core 6500 trunked together. You have >> switches in the closets, one uplink to 6500A the other to 6500B. Set >> priority on even VLAN/s to A odd to B. >> >>Dave >> >> "Steven A. Ridder" wrote: >> > >> > Does anyone do any VLAN load balancing via STP in the real >> world? I've >> > never seen it yet, and am just curious if it's ever done. >> > >> > -- >> > >> > RFC 1149 Compliant. >> > Get in my head: >> > http://sar.dynu.com >> -- >> David Madland >> Sr. Network Engineer >> CCIE# 2016 >> Qwest Communications Int. Inc. >> [EMAIL PROTECTED] >> 612-664-3367 >> >> "Emotion should reflect reason not guide it" >> [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43283&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Load balancing [7:43265]
Yes... that's true it's not true load balancing but it let's call it load "sharing"... =) Actually, of the many things we consider load balancing, many aren't true load balancing but a load sharing that under certain circumstances could be equal like Etherchannel and EIGRP (and other routing protocols) load "balancing".. Even under the best configuration Etherchannel has to rely on the source and/or destination MAC or IP addresses to determine which "pipe" it takes, unless the statistics of IP and/or MAC addr distribution close to "random", Etherchannel isn't true balancing. For "equal-cost load balancing" with routing protocols, if you're using fast-switching, you only get per-destination load balancing, not per packet. To get per-packet load balancing, you must disable fast switching (i.e. use process switching... ewww) So if you have a router at a remote site with two T1s back to the home office where the server is, if most of your traffic is PCs talking to the server, then all of that traffic to that server will choose one of the two T1s (per-destination) and leave the other relatively unused unless you enable process-switching.. (see http://www.cisco.com/warp/public/105/46.html) It appears that CEF is an exception that can indeed do per-packet load-balancing without a hit in performance (process switching) by default it allows up to 4 paths (1 for BGP) but can be changed... (see http://www.cisco.com/warp/public/cc/pd/ifaa/pa/much/tech/althb_wp.htm) (watch for URL wrap) As for Multilink PPP, I can't find any documentation on Cisco's site or otherwise that specifically says that it does per-packet load balancing, however, one of the functions of MLPPP is that it can perform fragmentation and reassembly of packets over a given size, so if it can do that, I would assume that it can do per-packet load balancing... Anyway.. weren't looking for that long winded response, were ya? =) Mike W. "Sean Knox" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Correct me if I'm wrong, but VLAN priorization isn't really load balancing- > you are just forcing VLANS over a preselected path. It does not take into > consideration that one VLAN may utilize more bandwidth than another. > > Sean > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > MADMAN > > Sent: Friday, May 03, 2002 3:05 PM > > To: [EMAIL PROTECTED] > > Subject: Re: VLAN Load balancing [7:43265] > > > > > > Yes. An example would be two core 6500 trunked together. You have > > switches in the closets, one uplink to 6500A the other to 6500B. Set > > priority on even VLAN/s to A odd to B. > > > > Dave > > > > "Steven A. Ridder" wrote: > > > > > > Does anyone do any VLAN load balancing via STP in the real > > world? I've > > > never seen it yet, and am just curious if it's ever done. > > > > > > -- > > > > > > RFC 1149 Compliant. > > > Get in my head: > > > http://sar.dynu.com > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43280&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load balancing [7:43265]
Dave has described the "switch blocks" as given in the BCMSM course. Further details would be that the Distribution Layer 65xx switches would have routing capability. They would also use HSRP on the VLANs so that each trunk link to the Access Layer switches would be the primary for one set of VLANs and the secondary for the other set. In case of a link failure all traffic would failover to the remaining link. Each switch block is a unique VTP domain. Traffic between switch blocks is routed. HTH > -Original Message- > From: MADMAN [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 03, 2002 5:05 PM > To: [EMAIL PROTECTED] > Subject: Re: VLAN Load balancing [7:43265] > > > Yes. An example would be two core 6500 trunked together. You have > switches in the closets, one uplink to 6500A the other to 6500B. Set > priority on even VLAN/s to A odd to B. > > Dave > > "Steven A. Ridder" wrote: > > > > Does anyone do any VLAN load balancing via STP in the real > world? I've > > never seen it yet, and am just curious if it's ever done. > > > > -- > > > > RFC 1149 Compliant. > > Get in my head: > > http://sar.dynu.com > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43279&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load balancing [7:43265]
Correct me if I'm wrong, but VLAN priorization isn't really load balancing- you are just forcing VLANS over a preselected path. It does not take into consideration that one VLAN may utilize more bandwidth than another. Sean > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > MADMAN > Sent: Friday, May 03, 2002 3:05 PM > To: [EMAIL PROTECTED] > Subject: Re: VLAN Load balancing [7:43265] > > > Yes. An example would be two core 6500 trunked together. You have > switches in the closets, one uplink to 6500A the other to 6500B. Set > priority on even VLAN/s to A odd to B. > > Dave > > "Steven A. Ridder" wrote: > > > > Does anyone do any VLAN load balancing via STP in the real > world? I've > > never seen it yet, and am just curious if it's ever done. > > > > -- > > > > RFC 1149 Compliant. > > Get in my head: > > http://sar.dynu.com > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43278&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Load balancing [7:43265]
Care to share those configs? ""Larry Letterman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > yes..we use load balancing, if you call it that, in data centers.. > > Larry Letterman > Cisco Systems > [EMAIL PROTECTED] > - Original Message - > From: "Steven A. Ridder" > To: > Sent: Friday, May 03, 2002 2:04 PM > Subject: VLAN Load balancing [7:43265] > > > > Does anyone do any VLAN load balancing via STP in the real world? I've > > never seen it yet, and am just curious if it's ever done. > > > > -- > > > > RFC 1149 Compliant. > > Get in my head: > > http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43275&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Load balancing [7:43265]
-- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 5:04 PM -0400 5/3/02, Steven A. Ridder wrote: > >Does anyone do any VLAN load balancing via STP in the real world? I've > >never seen it yet, and am just curious if it's ever done. > > Could you clarify a bit more what you are trying to do? 802.1D > specifically picks a single path, which is the antithesis of load > balancing. Assigning multiple VLANs, each with their own STP, to > different facilities...sure. That's what I was talking about, I'm just curios to see how common it is. Sounds like it's pretty common. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43270&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Load balancing [7:43265]
Yes. An example would be two core 6500 trunked together. You have switches in the closets, one uplink to 6500A the other to 6500B. Set priority on even VLAN/s to A odd to B. Dave "Steven A. Ridder" wrote: > > Does anyone do any VLAN load balancing via STP in the real world? I've > never seen it yet, and am just curious if it's ever done. > > -- > > RFC 1149 Compliant. > Get in my head: > http://sar.dynu.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43268&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Load balancing [7:43265]
yes..we use load balancing, if you call it that, in data centers.. Larry Letterman Cisco Systems [EMAIL PROTECTED] - Original Message - From: "Steven A. Ridder" To: Sent: Friday, May 03, 2002 2:04 PM Subject: VLAN Load balancing [7:43265] > Does anyone do any VLAN load balancing via STP in the real world? I've > never seen it yet, and am just curious if it's ever done. > > -- > > RFC 1149 Compliant. > Get in my head: > http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43267&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Load balancing [7:43265]
At 5:04 PM -0400 5/3/02, Steven A. Ridder wrote: >Does anyone do any VLAN load balancing via STP in the real world? I've >never seen it yet, and am just curious if it's ever done. Could you clarify a bit more what you are trying to do? 802.1D specifically picks a single path, which is the antithesis of load balancing. Assigning multiple VLANs, each with their own STP, to different facilities...sure. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43269&t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN protocol b/w Cisco and non-Cisco switches? [7:39673]
So based on this does this mean that 802.1q is both the vlan protocol as well as the frame-tagging protocol compared to Cisco's VTP and ISL? Thanks >From: "J-B" >Reply-To: "J-B" >To: [EMAIL PROTECTED] >Subject: Re: VLAN protocol b/w Cisco and non-Cisco switches? [7:39673] >Date: Wed, 27 Mar 2002 15:48:25 -0500 > >Sr. > >802.1q is the way to go with a non cisco switchactually there is lot of >talking about cisco droping ISL. > >JB >""Cisco Nuts"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello,What is the VLAN protocol that can runs between a Cisco and a > > non-Cisco switch? I understand that VTP is the protocol if only running > > Cisco switches. Is it still IEEE 802.1q that propagates VLAN info. > > between these non-Cisco switches? If so, then can IEEE 802.1q be > > considered a frame-tagging protocol as well as a vlan protocol? I > > understand that Cisco has ISL and VTP.Thank you. > > > > > > > > MSN Photos is the easiest way to share and print your photos: misconduct and Nondisclosure violations to [EMAIL PROTECTED] Send and receive Hotmail on your mobile device: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39720&t=39673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN protocol b/w Cisco and non-Cisco switches? [7:39673]
GVRP is a "standards" way of adding/pruning VLANs between switches. I've used it in an all Cabletron environment, but never on a Cisco switch. Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Wednesday, March 27, 2002 3:00 PM To: [EMAIL PROTECTED] Subject: Re: VLAN protocol b/w Cisco and non-Cisco switches? [7:39673] 802.1q should be used between cisco amd noncisco devices. ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello,What is the VLAN protocol that can runs between a Cisco and a > non-Cisco switch? I understand that VTP is the protocol if only running > Cisco switches. Is it still IEEE 802.1q that propagates VLAN info. > between these non-Cisco switches? If so, then can IEEE 802.1q be > considered a frame-tagging protocol as well as a vlan protocol? I > understand that Cisco has ISL and VTP.Thank you. > > > > MSN Photos is the easiest way to share and print your photos: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39693&t=39673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN protocol b/w Cisco and non-Cisco switches? [7:39673]
You would want to use 802.1q. But I think you would need to manually make sure that each switch had the appropriate VLANs on them (i.e. manually do the job of VTP). Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39682&t=39673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN protocol b/w Cisco and non-Cisco switches? [7:39673]
802.1q should be used between cisco amd noncisco devices. ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello,What is the VLAN protocol that can runs between a Cisco and a > non-Cisco switch? I understand that VTP is the protocol if only running > Cisco switches. Is it still IEEE 802.1q that propagates VLAN info. > between these non-Cisco switches? If so, then can IEEE 802.1q be > considered a frame-tagging protocol as well as a vlan protocol? I > understand that Cisco has ISL and VTP.Thank you. > > > > MSN Photos is the easiest way to share and print your photos: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39674&t=39673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan line protocol down [7:39409]
Dear Mark, Thanks so much! Your solution works: >If not, try plugging a workstation, laptop, or whatever type of node that >suits your fancy, and then go back to your terminal program to see if you >get anything. The problem is that I need to plug-in a work station to a port with that vlan assigned. After plugin, I can ping myself from the console. I never think of such a design on 2950 since I have another band new 3548XL, without plug-in any workstation, it can ping itself. Thanks again for your help and quick respond~ Sammy. (Does it mentioned in CCNA? If so, I may need to re-exam my CCNA.) -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 5:53 PM To: [EMAIL PROTECTED] Subject: RE: vlan line protocol down [7:39409] Without any experience with this Switch, I can only guess at this possibility: Did you program the VLAN config from a console port?? If so, Do you have anything plugged into ANY of the FastEthernet ports?? If not, try plugging a workstation, laptop, or whatever type of node that suits your fancy, and then go back to your terminal program to see if you get anything. Better yet, if you're programming IP addresses on a VLAN specifically, perhaps you should first connect the switch to a router and configure trunking to support Sub-interface VLAN routing. I bet that this is actually what your issue is. If you want to assign an IP address to the switch to ping it or telnet to it, try assigning the IP address to one of the Ethernet Interfaces. that is... Switch_11#config terminal Switch_11#(config)int fa0/1 Switch_11#(config-if)ip address 172.28.32.107 255.255.255.128 Switch_11#(config-if)end Switch_11#ping 172.28.32.107 and see if you get: ! If all else fails, look up Basic Configuration of Cisco 2950 Switch on www.cisco.com , and I'll bet you'll find out the answers to your questions. Good luck. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sammy Kwong Sent: Monday, March 25, 2002 2:43 AM To: [EMAIL PROTECTED] Subject: vlan line protocol down [7:39409] Hi, I just got a 2950 switch yesterday and start to play with it. After sometime, I set the ip and going to ping it, but no respond. Check the ip interface, the line protocol is down: Vlan1 is up, line protocol is down Internet address is 172.28.32.107/25 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes . I checked the IOS: IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(6)EA2a, RELEASE SOFTWARE (fc1) The configuration is SIMPLE as below, can anyone give me some idea what's wrong and how can I fix it? Many thanks! Sammy. == Current configuration : 854 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Switch_11 ! enable secret 5 $1$33S1$CT6ICwPPc6f01xb27Elu30 ! no ip subnet-zero no ip finger no ip domain-lookup ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 interface FastEthernet0/12 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 172.28.32.107 255.255.255.128 no ip route-cache ! no ip http server ! line con 0 exec-timeout 0 0 transport input none line vty 0 4 no login line vty 5 15 no login ! end == Switch_11#sh vlan VLAN Name StatusPorts - --- 1default activeFa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Gi0/1, Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-defaultactive VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - -- - -- -- --- - 1enet 11 1500 - - ---1002 1003 1002 fddi 101002 1500 - - ---1 1003 1003 tr101003 1500 1005 0 --srb 1 1002 1004 fdnet 101004 1500 - - 1ibm -0 0 1005 trnet 101005 1500 - - 1ibm -0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39412&t=39409 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan line protocol down [7:39409]
Without any experience with this Switch, I can only guess at this possibility: Did you program the VLAN config from a console port?? If so, Do you have anything plugged into ANY of the FastEthernet ports?? If not, try plugging a workstation, laptop, or whatever type of node that suits your fancy, and then go back to your terminal program to see if you get anything. Better yet, if you're programming IP addresses on a VLAN specifically, perhaps you should first connect the switch to a router and configure trunking to support Sub-interface VLAN routing. I bet that this is actually what your issue is. If you want to assign an IP address to the switch to ping it or telnet to it, try assigning the IP address to one of the Ethernet Interfaces. that is... Switch_11#config terminal Switch_11#(config)int fa0/1 Switch_11#(config-if)ip address 172.28.32.107 255.255.255.128 Switch_11#(config-if)end Switch_11#ping 172.28.32.107 and see if you get: ! If all else fails, look up Basic Configuration of Cisco 2950 Switch on www.cisco.com , and I'll bet you'll find out the answers to your questions. Good luck. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sammy Kwong Sent: Monday, March 25, 2002 2:43 AM To: [EMAIL PROTECTED] Subject: vlan line protocol down [7:39409] Hi, I just got a 2950 switch yesterday and start to play with it. After sometime, I set the ip and going to ping it, but no respond. Check the ip interface, the line protocol is down: Vlan1 is up, line protocol is down Internet address is 172.28.32.107/25 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes . I checked the IOS: IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(6)EA2a, RELEASE SOFTWARE (fc1) The configuration is SIMPLE as below, can anyone give me some idea what's wrong and how can I fix it? Many thanks! Sammy. == Current configuration : 854 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Switch_11 ! enable secret 5 $1$33S1$CT6ICwPPc6f01xb27Elu30 ! no ip subnet-zero no ip finger no ip domain-lookup ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 interface FastEthernet0/12 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 172.28.32.107 255.255.255.128 no ip route-cache ! no ip http server ! line con 0 exec-timeout 0 0 transport input none line vty 0 4 no login line vty 5 15 no login ! end == Switch_11#sh vlan VLAN Name StatusPorts - --- 1default activeFa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Gi0/1, Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-defaultactive VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - -- - -- -- --- - 1enet 11 1500 - - ---1002 1003 1002 fddi 101002 1500 - - ---1 1003 1003 tr101003 1500 1005 0 --srb 1 1002 1004 fdnet 101004 1500 - - 1ibm -0 0 1005 trnet 101005 1500 - - 1ibm -0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39411&t=39409 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN [7:35256]
On Wed, 13 Feb 2002, Prabhu K. wrote: > By default, broadcasts for a VLAN are sent to every switch that as a > trunk link that carries the VLAN, is it true? Correct. If you have three switches all trunked together, and vlan 12 has four ports on only one of the switches, broadcasts on vlan 12 will traverse all switch's trunk ports. The way to get around this is use VTP pruning. This removes unused VLANs from trunk ports. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35262&t=35256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN [7:35256]
Yep, this is true, which is why judicious pruning can be helpful from time to time. For instance, let's say you have a trunk link between to switches that is carrying VLAN1, VLAN2, and VLAN3. However, on the second switch you only have users in VLAN1 and VLAN2, none in VLAN3. You discover that some protocols in use on VLAN3 are highly broadcast and multicast intensive. It doesn't make sense to trunk VLAN3 to the second switch if there are no users in that VLAN. In a case like this, it simply wastes bandwidth. HTH, John Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Wed, 13 Feb 2002, Prabhu K. ([EMAIL PROTECTED]) wrote: > Dear all, > > By default, broadcasts for a VLAN are sent to every switch that as a > trunk link that carries the VLAN, is it true? > > Reagrds > Prabhu > India [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35259&t=35256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN - 2924C-XL [7:35150]
Will, I am trying to find the updated IOS on Cisco's web site. From the documentation on Cisco's web Site you should be able to upgrade the switch to the EN version by updating the IOS software. Also from my understanding and since the switch is for LAB and not business use, you should be able to use the updated IOS at no additional charge for testing and evaluation - read the EULA before downloading it and make sure of this. I just picked up a C2924-XL-EN and a C2912-XL-EN so I will probably be updating mine here in a few days. Good Luck, Les --- Will Francis wrote: > Hi Guys > > I got the above switch for my home lab, and I > currently trying to create 4 > VLAN on it but I cant seems to create them, I notice > from the documentation > that the vlan database command is only available > with the enterprise version > of IOS and I'm running 11.2(8)SA4. Is this true ? > > If not I would appreciate any help. > > cheers > > Will [EMAIL PROTECTED] = Leslie McIntosh Network Engineer CCNA, CNE, CNS, A+, Network+ Certified [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35162&t=35150 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan Ooops Part 2 [7:34687]
You will also need IP-Plus IOS for the trunking feature on the 2600. Rik -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 8:19 PM To: [EMAIL PROTECTED] Subject: Re: VLan Ooops Part 2 [7:34687] 802.1q (dot1q) works on 10meg interfaces. I'm doing it on a 2600 here... --- Nisus wrote: > Ok so I understand the trunk feature now after > talking to a good CCIE friend > of mine. > > (he runs http://www.IPexpert.net shameless plug) > > And he explained the trunking feature. > > Here is my dilemma. I am going into a 2610 router > which DOES NOT have a > fast Ethernet interface. > From what I have been told 10Mb Ethernet doesn't > support tunking. > > Ahhh Crap. > > Any one know a way around this? And if so where can > I learn how to do it > ??? > > Thanks again, you all are great, > Steven M Aiello __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34717&t=34687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan Ooops Part 2 [7:34687]
802.1q (dot1q) works on 10meg interfaces. I'm doing it on a 2600 here... --- Nisus wrote: > Ok so I understand the trunk feature now after > talking to a good CCIE friend > of mine. > > (he runs http://www.IPexpert.net shameless plug) > > And he explained the trunking feature. > > Here is my dilemma. I am going into a 2610 router > which DOES NOT have a > fast Ethernet interface. > From what I have been told 10Mb Ethernet doesn't > support tunking. > > Ahhh Crap. > > Any one know a way around this? And if so where can > I learn how to do it > ??? > > Thanks again, you all are great, > Steven M Aiello __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34708&t=34687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan Ooops [7:34680]
Yes with some work. You need to be able to create a trunk port on both the switch and the router's interface. The trunk on the switch needs to have encapsulation set (if required) and whatever VLANs included that you want to pass to the router. On the router side, you would need set the encapsulation and make some subinterfaces to match the vlans. http://www.packetattack.com/cisco_documents.html At the bottom on the left side I have some links to cisco for configuring vlans. MikeS Nisus wrote: > > Hello All, > > I have been posting questions about VLans and I think I > may have not > worded the question right. > > If I have multiple VLans can they all go out the uplink port on > my switch to > my router ? > > I am setting up VLans by port NOT IP or MAC address ??? > > Thanks a ton > Steven M Aiello > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34706&t=34680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan Ooops Part 2 [7:34687]
I believe it does do trunking still. ""Nisus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ok so I understand the trunk feature now after talking to a good CCIE friend > of mine. > > (he runs http://www.IPexpert.net shameless plug) > > And he explained the trunking feature. > > Here is my dilemma. I am going into a 2610 router which DOES NOT have a > fast Ethernet interface. > From what I have been told 10Mb Ethernet doesn't support tunking. > > Ahhh Crap. > > Any one know a way around this? And if so where can I learn how to do it > ??? > > Thanks again, you all are great, > Steven M Aiello Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34695&t=34687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan Ooops [7:34680]
check into making that port a trunkisl, 802.1q (isl=cisco proprietary, q=standard) -Original Message- From: Nisus [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 3:34 PM To: [EMAIL PROTECTED] Subject: VLan Ooops [7:34680] Hello All, I have been posting questions about VLans and I think I may have not worded the question right. If I have multiple VLans can they all go out the uplink port on my switch to my router ? I am setting up VLans by port NOT IP or MAC address ??? Thanks a ton Steven M Aiello Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34685&t=34680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan Ooops [7:34680]
if it's a trunk. ""Nisus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello All, > > I have been posting questions about VLans and I think I may have not > worded the question right. > > If I have multiple VLans can they all go out the uplink port on my switch to > my router ? > > I am setting up VLans by port NOT IP or MAC address ??? > > Thanks a ton > Steven M Aiello Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34681&t=34680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan accesability [7:34471]
The 261x series routers do not support trunking. 262x routers with the Plus feature-set do, but that won't help much here. - Tom On Tue, 05 Feb 2002 12:51:18 -0500, Don Nguyen wrote: > If I'm reading your question correctly, the link between your router and > switch would be a trunk line. You would have to set the 2610's eth0 up > with subinterfaces to route your VLAN, this is assuming you don't have a > VLAN routing capable device somewhere else in your network already. This > will allow your two VLAN's to access the router. > > HTH, > Don > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34487&t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan accesability [7:34471]
Doh, I assumed all of the 2600 series routers had ports capable of trunking, forgot you need ports capable of 100mb in order to trunk =P Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34486&t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan accesability [7:34471]
Steven, I am not 100% clear on the question that you have asked. To get two VLANs communicated to the 2610 router would require trunking both the port on the switch and the port on the router. Unfortunately the 261x routers do not support trunking. The 262x routers do (with the Plus feature set). If you are attempting to segment the traffic to the 2610 router (in one VLAN) from other traffic (in other VLANs), you would need an additional router to route between the VLANs configured on the switch. If this is the case, you might be able to put the 2610 router on the same VLAN as all of the other traffic, then filter who has access using an access list. - Tom On Tue, 05 Feb 2002 11:21:01 -0500, Nisus wrote: > First of all thanks again to you who have been replying to my questions. > You all rock !!! > > Ok if you have an uplink port from a 4000 series switch to a 2610 router > going out to a T1 included in a VLan along with port 27 (used for > example). Will ports not in this VLan be able to get out to the router? > If not is there any way I can include this uplink port in 2 VLans and > not give access to port 27? > > or ? > > Should I segment port 27 on its own with out the uplink port, and if so > will port 27 still be able to get out to the router? > > Any one know? > > Thanks you guys (and ladies) are great, Steven M Aiello > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34484&t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan accesability [7:34471]
If I'm reading your question correctly, the link between your router and switch would be a trunk line. You would have to set the 2610's eth0 up with subinterfaces to route your VLAN, this is assuming you don't have a VLAN routing capable device somewhere else in your network already. This will allow your two VLAN's to access the router. HTH, Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34482&t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan Switching [7:34298]
I have a page with 3 VLAN links from Cisco already listed. http://www.packetattack.com/cisco_documents.html The links are at the bottom on the left side. This should give you a good start. I also have a tutorial but it's for the 2900 series but it might be worth your while to bookmark it. MikeS -- Find me at www-dot-packetattack-dot-com ""Nisus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello All, > > This is my first post, I hope someone is able to help me out. I am > currently in the Cisco CCNA path at my local school, ( Much fun ). However > I have a client who needs a VLan set up in a commercial park. The switch in > question is a Cisco 4000 series. I need to separate one port (for security, > or so they say) away from the rest of the ports. The switch is connected to > a Cisco 2610 that feeds into a T-1. I need to maintain a connection to the > T-1 line for internet connectivity. > > Any one know how, or does any one know a good web site or book where I can > teach my self? > > Thank you in advance for all your assistance, > Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34344&t=34298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan Switching [7:34298]
Steve, I am not sure how much you know about VLAN configuration and inter-VLAN communication you know. In your case, you could create a management VLAN and a user VLAN and use the router for inter-VLAN routing. Maybe you can try this link: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_2/_config/vlans.htm#24171 It gives a detailed overview of the various commands involved in VLAN configuration. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34331&t=34298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN question [7:32626]
Unless you have a very specific need for it, I would not waste the time wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Greetings all, > > Just for clarification purposes, are there any advantages/disadvantages > or a specific purpose to change the mtu size for a vlan(Ethernet Vlans)? > I looked everywhere on Cisco's page, no luck. > > Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32643&t=32626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN question [7:32626]
Nabil, in my opinion it would not be to any advantage. Seems like more administrative overhead to keep up with. [EMAIL PROTECTED] wrote: >Greetings all, > >Just for clarification purposes, are there any advantages/disadvantages >or a specific purpose to change the mtu size for a vlan(Ethernet Vlans)? >I looked everywhere on Cisco's page, no luck. > >Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32631&t=32626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN and IP Multicast [7:31994]
Have you checked to make sure all of the ports that your clients and servers are setting in are in both VLANs? Have you enabled Port Fast on the client ports? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32052&t=31994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN info [7:31816]
There's a huge difference between the two. In fact, they are unrelated. Every switch has its own IP address for management purposes, which obviously must reside in some VLAN. By default, the management VLAN is VLAN1. In your first example, you made VLAN4 the management VLAN, which is why VLAN1 shutdown. You can only have one active *management* VLAN interface. In your second example, you are simply creating a local VLAN. Big difference! HTH, John Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Sun, 13 Jan 2002, NKP ([EMAIL PROTECTED]) wrote: > Hi All , >I was just working around on my Cisco Catalyst 2512XL switch , I > was > going thru the VLAN commands , I wanted to know the difference between > creating the VLAN thru these two commands : > > Switch(config)#int vlan4 > Switch(config-subif)#management > Switch(config-subif)#^Z > > the second way is by going to the vlan database mode and giving the > command > > (vlan)#vlan 201 name cisco > > both of them create vlan on the switch , as I understand that the first > coammand makes vlan4 as the active vlan and vlan 1 shuts down , in the > second mode , we can assign the name to the vlan as well , is there any > other differnce betwen them , please guide me . > > thanks , > > Navin Parwal [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31818&t=31816 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan [7:30189]
A Native VLAN is used for sending and receiving untagged traffic on the trunk port. A Native VLAN Mismatch means that the trunk ports on each side are not configured to use the same native vlan. -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 10:47 AM To: [EMAIL PROTECTED] Subject: vlan [7:30189] Can any on tell me what a "Native VLan Mismatch" is Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30197&t=30189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan [7:30189]
on a trunk you have a native VLAN which is 1 by default. Evidently your native VLANs don't match. C6509> (enable) sh trunk * - indicates vtp domain mismatch Port Mode Encapsulation StatusNative vlan --- - --- 1/2 desirabledot1q trunking 1 3/5 desirabledot1q trunking 1 3/6 auto n-dot1qtrunking 1 3/7 on dot1q trunking 1 5/35 auto n-isl trunking 64 5/38 auto n-isl trunking 64 15/1 nonegotiate isltrunking 1 16/1 nonegotiate isltrunking 1 Dave James wrote: > > Can any on tell me what a "Native VLan Mismatch" is -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30195&t=30189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN and IPX [7:24641]
Every client VLAN will need its' own IPX network number and appropriate frame encapsulation type. int vlan 10 ip address 10.10.10.2 255.255.255.0 standby 10 ip 10.10.10.1 standby 10 prior 110 pre ipx network 10 encapsulation sap int vlan 11 ip address 10.10.11.2 255.255.255.0 standby 11 ip 10.10.11.1 standby 11 prior 110 pre ipx network 11 encapsulation sap In addition, you must enable IPX routing... (global mode, ipx routing ...) just use IPX RIP for now. ipx router rip network 10 network 11 Do yourself a favor and have the clients (and servers) hard-coded to the frame type and STP portfast enabled. -Brant - Original Message - From: "Cisco Breaker" To: Sent: Tuesday, October 30, 2001 7:09 AM Subject: VLAN and IPX [7:24641] > Hi all, > > I have a customer that uses both Novell and NT. We upgraded their LAN with > 6500 and 3500 switches. Now we will implement VLANs. I know how to configure > VLAN for IP but never done it with IPX. I red the docs on cisco but I have a > question on my mind. As I know the customer only give a network IPX number > to the server and clients get their Network numbers from the server. If I > put the server on a different VLAN will the router give a network number to > clients or will I have to show the way to clients to reach the server. > > My guess is this > > interface vlan 2 > ip address .. > ipx network 101 (this is the network where the server is) > interface vlan 3 > ip address > ipx network 102 (this is the network where clients will be) > > If I configure my router like this will clients able to find the server or > what should I do? > > Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24683&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN and IPX [7:24641]
I would agree. The clients can find the servers because they'll do a GNS (GetNearestServer) request, and the routers should be able to answer that request with the info the client needs. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24667&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN and IPX [7:24641]
The config is correct, although you need to find out what IPX encapsulation is. Probably 802.2. I would put the commands in this way; interface vlan 2 ip address .. ipx network 101 encapsulation sap interface vlan 3 ip address ipx network 102 encapsulation sap -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Breaker Sent: Tuesday, October 30, 2001 6:09 AM To: [EMAIL PROTECTED] Subject: VLAN and IPX [7:24641] Hi all, I have a customer that uses both Novell and NT. We upgraded their LAN with 6500 and 3500 switches. Now we will implement VLANs. I know how to configure VLAN for IP but never done it with IPX. I red the docs on cisco but I have a question on my mind. As I know the customer only give a network IPX number to the server and clients get their Network numbers from the server. If I put the server on a different VLAN will the router give a network number to clients or will I have to show the way to clients to reach the server. My guess is this interface vlan 2 ip address .. ipx network 101 (this is the network where the server is) interface vlan 3 ip address ipx network 102 (this is the network where clients will be) If I configure my router like this will clients able to find the server or what should I do? Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24653&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Vlan Design [7:23928]
As with most design issues, a lot of the answer will depend on individual circumstances. Including, but certainly not limited to: Cost Size of environment Traffic Flow Security Concerns Summed up as what is your "Overall Goal" If your primary concern is COST, then the size will obviously heavily influence your architecture ... you may get no VLANs, especially if you are talking about 10 users with one server, etc. etc. etc. etc. Also - Doug - Since you mention doing it this way - let me add: If your goal is 'simple' collision reduction, or ease of management, then yes - making each closet / floor / 'physical area' it's own VLAN is fine; and works VERY well. This is an elegant, scalable way to manage bandwidth and traffic flow. I worked with a client and that is how the whole building is done and the LAN infrastructure easily supports the 2000+ local users. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Design [7:23928]
I understand your "traffic flow" perspective, but I must state that it is not in alignment with modern data flow. That vast majority of traffic nowadays seems to be moving toward "Enterprise applications" i.e. "PeopleSoft", "LotusNotes", "Oracle Financials" located on hosts that serve multiple applications i.e. "application servers".Therefore, I belong to the school of thought that VLANs should be laid out with a security and accounting perspective. I divide my clients into VLANs based on functional business unit. The underlying assumption is that Finance people generally have a similar security profile and differ from the security profile of say, manufacturing staff. The security profile is based on what special application servers these groups access. For instance, the Finance people may use Oracle Financials. If the manufacturing people never access Oracle Financials, then a clever hacker on the manufacturing VLAN, should not be allowed to connect to a volume share, or the Check printer in the Finance department. By segmenting these two distinct groups into VLANs, they acquire different IP subnets and that allows you to either control their network resource access to other VLANs via "Access Control Lists" on the router, or at least log out the activity if you choose not to restrict their connections. Secondly, the datacenter hosts should be in their own VLAN. A better solution is to group the hosts into separate VLANs based on risk assessment. For instance, if you have three or more interfaces on your Firewall, you should create a Outside DMZ for your web servers, ftp servers, mail servers, Citrix Servers, etc., and a Inner DMZ for less risky servers, possibly servers that are accessed through the Internet via a VPN or Dial-up. Lastly, your financial servers, R&D, servers and Human Resources servers should be inside the Inside Interface of your Firewall on a separate Datacenter VLAN. These are just a few examples of how you can begin to leverage VLANs for the purpose of protecting your data. Segmentation into functional groups sometimes include an Executive VLAN so that your can enable priority queuing to the Internet or other network resources based on the Executives subnet range. Etc., Etc., Etc. Hope this helps.most of this is not in any Cisco textbook because they seem to not to want to impose design options on Network Engineers, however it is based on my experience with reviewing "Best Industry Practices". John Squeo Technical Specialist Papa John's Corporation (502) 261-4035 "Doug Korell" cc: Sent by: Subject: Vlan Design [7:23928] nobody@groupst udy.com 10/23/01 01:41 PM Please respond to "Doug Korell" I have worked with Vlans for another company that used a different Vlan for every department and then had a Vlan for the servers. This goes along with most design concepts except that at least 2 or more departments often shared a wiring closet. When tech support would plug in PCs, they often would not call and the PC would end up being put in Vlan 1 or a different department's Vlan. Obviously labeling the ports would be helpful but the way things changed it would never be accurate. Then everytime the PCs had to access a server, they had to hit the 5500 RSM. I have heard so many suggestions such as use a different Vlans for servers, printers, and PCs. I strongly disagree about putting printers in a different Vlan because there is no reason for a traffic to hit a router when the PC and printer are next to each other. What I am thinking about doing is putting groups of closets in Vlans, use Vlan capable NICs in shared servers, and put other servers that are dedicated to departments in their Vlan. For the most part, departments all go into the same closet. I am wondering is what logic are other people using for Vlans. I know traffic flow is a big consideration which I will break up by groups of closets. I average about 20-40 connections per closet. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23932&t=23928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROT
Re: VLAN Security [7:18203]
On Jan 22, 5:54pm, "Circusnuts" wrote: } } I don't believe your talking that much of a savings (between the 2900 & } 3500). The 3500 wills scale to Gig uplink , plus the 2900's EOL's in } October. The 3500's will also enforce QOS, although this in not a concern } in my application of the switch. Well, let's see (these are approx. CDN retail prices): WS-C2912-XL-EN - $1896.00 WS-C2950-12- $1971.60 WS-C2950T-24 - $3158.40 WS-C3512-XL-EN - $3164.40 So, there isn't much difference between the 2912, and 2950-12, which replaces it. There is a big difference between the 2912 and 2950T, which has Gig uplink ports. There is also a big difference between the 2912 and the 3512, but not much difference between the 2950T and the 3512. It all depends on what the person needs. If they don't need the QOS features of the 3500 series, then they might as well go with a 2950-12 (better to get a current product, then one that is about to EOS). }-- End of excerpt from "Circusnuts" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19101&t=18203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN configuration question [7:18696]
HEre is an example, not off of a router but if you want you can type it into one and it will work. int s0 ip add 1.1.1.1 255.255.255.0 frame-relay map-ip 1.1.1.2 16 encap frame ! inter ser 0.1 point-to-point ip address 2.2.2.1 255.255.255.0 frame-relay interface-dlci 17 This would work just fine. I don't recommend doing it but have seen it done and it "works" You simply have a multipoint config under the physical interfae and a p-to-p under the sub-interface. Dave "Michael L. Williams" wrote: > > Dave, how would this work then? (with Frame) you could assign a DLCI to the > interface as well as an IP, then assign a DLCI and IP to the subinterfaces? > What would this accomplish? > > FYI: I just read in the BCRAN book today that although you *can* have an IP > on the main interface and one on the subtinterface, that the subinterfaces > wouldn't receive their traffic. Can't always believe what you read tho =) > > Mike W. > > "MADMAN" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Don't know the orgin of this post but you certainly can have an > > address on the physical and subinterfaces when frame or ATM. Keep in > > mind though that when you address the physical interface you are by > > default a multipoint interface. > > > > Dave > > > > Sean Knox wrote: > > > > > > Yes, this is correct. Now I am curious what the actual reasoning is > behind > > > this. Anyone know? > > > > > > Sean > > > > > > ""Jeff Smith"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > If I remember correctly you cannot have an ip address on the actual > > > > interface if you have sub-int's with ip's. That true? > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18956&t=18696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN configuration question [7:18696]
My post we regarding using an IP on the interface and a subinterface for Frame Relay, as mentioned by MADMAN But thanks for the explanation =) Mike W. "John Neiberger" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can have an IP address on the main interface as well as the > subinterfaces when trunking. You wouldn't want to do this when using > ISL trunking, but it used to be necessary when using 802.1q. In dot1q, > the native VLAN is not tagged. If you were to create a subinterface for > the native VLAN, the router would not recognize it as such and the trunk > would never work. > > The solution is to assign the IP address of your native VLAN on the > main interface, and then use subinterfaces for any subsequent VLANs. > Supposedly, with recent IOS releases this is no longer necessary and > subinterfaces can be used for all VLANs. > > HTH, > John > > >>> "Michael L. Williams" 9/6/01 4:30:11 > PM >>> > Dave, how would this work then? (with Frame) you could assign a DLCI > to the > interface as well as an IP, then assign a DLCI and IP to the > subinterfaces? > What would this accomplish? > > FYI: I just read in the BCRAN book today that although you *can* have > an IP > on the main interface and one on the subtinterface, that the > subinterfaces > wouldn't receive their traffic. Can't always believe what you read > tho =) > > Mike W. > > "MADMAN" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Don't know the orgin of this post but you certainly can have an > > address on the physical and subinterfaces when frame or ATM. Keep > in > > mind though that when you address the physical interface you are by > > default a multipoint interface. > > > > Dave > > > > Sean Knox wrote: > > > > > > Yes, this is correct. Now I am curious what the actual reasoning > is > behind > > > this. Anyone know? > > > > > > Sean > > > > > > ""Jeff Smith"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > If I remember correctly you cannot have an ip address on the > actual > > > > interface if you have sub-int's with ip's. That true? > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18879&t=18696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
