vlan urgent [7:74955]
Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help Regards Kaushalender Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74955t=74955 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
vlan urgent [7:74957]
Sorry I forgoth the diagram I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help R1 is having 10.1.0.0/22 Network R2 is having 10.9.0.0/22 Network R3 is having 10.20.0.0/22 Network Plz help Regards Kaushalender [demime removed a uuencoded section named clip_image002.jpg which was 137 lines] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74957t=74957 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: vlan urgent [7:74955]
The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -Original Message- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help Regards Kaushalender **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74965t=74955 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: vlan urgent [7:74955]
Theoretically, you don't even need a switch in the middle. If these are ISP-connected routers, and the firewall is doing the NAT, then the three routers must be doing BGP to the ISPs by definition. They would each have full routing tables. On the inside (external to PIX) segment, the three routers can run HSRP and the PIX can point to that one address. Between the three routers you can redistribute the routes so that all three routers have equal cost routes to all the Internet routes. It may take some fancy work, but it should be doable. So if Router 1 was the HSRP active on FastEthernet0/0, it would send a third of the traffic over its Serial0/0 interface, a third over the backend network between the routers on FastEthernet0/1 to router 2, and a third on the backend network on FastEthernet0/1 to router 3. If router 2 or 3 lost their connection, they would dynamically update router 1. If router 1 went down, then router 2 or 3 would take over as the HSRP active on FastEthernet0/0. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 9:56 AM To: [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -Original Message- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help Regards Kaushalender **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74974t=74955 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list
RE: vlan urgent [7:74955]
An interesting suggestion, but we can't assume that all three routers take full tables, they could take partial tables or just default routes, or there could be no bgp at all depending on how the network is configured. I am not stating that it is set up this way, but I have seen all of these situations before on production networks with multiple ISPs. The other issues are: 1. Manipulating the attributes on every route received so that every route on all the routers make it to the maximum path bgp selection rule. Like you said, this is doable, but I would not advise anyone to do this without understanding exactly what they are doing. 2. Having 3 routes for every prefix on the Internet, this would equate to approximately 336,000 active routes in the table, just not a possibility unless you have very expensive hardware. -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 11:58 AM To: Lupi, Guy; [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] Theoretically, you don't even need a switch in the middle. If these are ISP-connected routers, and the firewall is doing the NAT, then the three routers must be doing BGP to the ISPs by definition. They would each have full routing tables. On the inside (external to PIX) segment, the three routers can run HSRP and the PIX can point to that one address. Between the three routers you can redistribute the routes so that all three routers have equal cost routes to all the Internet routes. It may take some fancy work, but it should be doable. So if Router 1 was the HSRP active on FastEthernet0/0, it would send a third of the traffic over its Serial0/0 interface, a third over the backend network between the routers on FastEthernet0/1 to router 2, and a third on the backend network on FastEthernet0/1 to router 3. If router 2 or 3 lost their connection, they would dynamically update router 1. If router 1 went down, then router 2 or 3 would take over as the HSRP active on FastEthernet0/0. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 9:56 AM To: [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -Original Message- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways
VLAN Access maps and bridge ACLs [7:73844]
Does anybody have any good links for VLAN Access maps and bridge ACLs? I've gone through my Cisco library and the CCO, and haven't found much... Thanks in advance for any help... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73844t=73844 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: VLAN Access maps and bridge ACLs [7:73844]
Dennis, Tried IpExpert 3550 studydoc? Some base material. (their online study site, wahat was it again) Do you have partner e-learning access? I have, but cannot search it from this customer site... Maybe some nice docs there. I'll continue looking around. Martijn Jansen [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: Dennis Laganiere [mailto:[EMAIL PROTECTED] Verzonden: zondag 10 augustus 2003 22:19 Aan: [EMAIL PROTECTED] Onderwerp: VLAN Access maps and bridge ACLs [7:73844] Does anybody have any good links for VLAN Access maps and bridge ACLs? I've gone through my Cisco library and the CCO, and haven't found much... Thanks in advance for any help... --- Dennis **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73866t=73844 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Interface Vlan 'x' is up, line protocol is down [7:73428]
If there are no active ports using vlan 2, the vlan will not show line up.. That's the way most of our devices work, if you don't connect a router interface To something live, you normally get an up/down status as well... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Saturday, August 02, 2003 4:54 PM To: [EMAIL PROTECTED] Subject: Interface Vlan 'x' is up, line protocol is down [7:73428] If I enable any vlan interface other than vlan 1 it will not enter an protocol up state unless a physical interface that has vlan 'x' assigned to it. Why is that? vlan database vlan 2 ! interface FastEthernet0/1 switchport access vlan 2 no shutdown ! interface Vlan2 ip address 2.2.2.2 255.0.0.0 no shutdown If I were to plug a device into interface f0/1, interface vlan 2 will come up/protocol up. I change the access vlan to another vlan, interface vlan 2 will go down. I would appreciate any comments. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73433t=73428 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Interface Vlan 'x' is up, line protocol is down [7:73428]
If I enable any vlan interface other than vlan 1 it will not enter an protocol up state unless a physical interface that has vlan 'x' assigned to it. Why is that? vlan database vlan 2 ! interface FastEthernet0/1 switchport access vlan 2 no shutdown ! interface Vlan2 ip address 2.2.2.2 255.0.0.0 no shutdown If I were to plug a device into interface f0/1, interface vlan 2 will come up/protocol up. I change the access vlan to another vlan, interface vlan 2 will go down. I would appreciate any comments. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73428t=73428 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: VLAN Tagging on Cat 3550 Another question [7:71703]
simon watson wrote in message news:[EMAIL PROTECTED] Hi Some how I was thinking VLAN tagging was something more than just Trunking in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I have another question.Look at the example below. REMOTE SITE MAIN SITE PC's-CISCO 3550CISCO 2600~~CISCO 3600ALCATEL L3 SWITCH..PIX...INTERNET ROUTER---INTERNET. (VLAN3) (802.1q TRUNK) (256K LINK) (802.1q TRUNK)(VLAN3) A client wants to allow a group of PC's on a remote site, access to the internet via the main site's ISP.But wants these group of Pc's on their own VLAN so they have no connection to the rest of the network (except for the internet router which the whole network uses to access the internet) they have been advised by a third party to do it as above.They have a Cisco 3550EMI switch at the remote site a Alcatel Omnicore L3 switch at the Main site.The WAN link is a 256k lease line.They want to configure the PC's on the remote site with the same VLAN as a dedicated PIX on the Main site (also on the same subnet). The Cat 3550 is not using it's L3 capabilities and is trunked to the remote site's router Can this be done ? sure. not sure you need to worry about switching. use the inbound ( from the branch office ) router to route to the default gateway for internet access. put in policy routing and access lists denying access from the branch net to anything on the host site net. where is all this vlan trunking coming from? looks to me like a red herring. I'm sure thinking of the basic laws of routing it won't be possible to have devices being on the same subnet but across different WAN links, as routing loops can occur.Also would it be best to enable the layer 3 capabilities of the switches, or to let the routers do the work. I'm looking forward to your answers Thanks in advance Simon. - Original Message - From: Henrique Issamu Terada To: simon watson Cc: Sent: Tuesday, July 01, 2003 2:09 PM Subject: RES: VLAN Tagging on Cat 3550 [7:71703] Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71951t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Tagging on Cat 3550 Another question [7:71703]
- Original Message - From: simon watson To: ; Henrique Issamu Terada Sent: Wednesday, July 02, 2003 11:08 PM Subject: VLAN Tagging on Cat 3550 Another question [7:71703] Hi Some how I was thinking VLAN tagging was something more than just Trunking in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I have another question.Look at the example below. REMOTE SITE PC's-CISCO 3550--CISCO 2600~~(256K LEASE LINE) (VLAN3) (802.1q TRUNK) MAIN SITE ~~CISCO 3600ALCATEL SWITCHPIX...INTERNET ROUTER/INTERNET. (256K LINK) (802.1qTRUNK) (VLAN3) A client wants to allow a group of PC's on a remote site, access to the internet via the main site's ISP.But wants these group of Pc's on their own VLAN so they have no connection to the rest of the network (except for the internet router which the whole network uses to access the internet) they have been advised by a third party to do it as above.They have a Cisco 3550EMI switch at the remote site a Alcatel Omnicore L3 switch at the Main site.The WAN link is a 256k lease line.They want to configure the PC's on the remote site with the same VLAN as a dedicated PIX on the Main site (also on the same subnet). The Cat 3550 is not using it's L3 capabilities and is trunked to the remote site's router Can this be done ? I'm sure thinking of the basic laws of routing it won't be possible to have devices being on the same subnet but across different WAN links, as routing loops can occur.Also would it be best to enable the layer 3 capabilities of the switches, or to let the routers do the work. I'm looking forward to your answers Thanks in advance Simon. - Original Message - From: Henrique Issamu Terada To: simon watson Cc: Sent: Tuesday, July 01, 2003 2:09 PM Subject: RES: VLAN Tagging on Cat 3550 [7:71703] Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71902t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Tagging on Cat 3550 Another question [7:71703]
Hi Some how I was thinking VLAN tagging was something more than just Trunking in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I have another question.Look at the example below. REMOTE SITE MAIN SITE PC's-CISCO 3550CISCO 2600~~CISCO 3600ALCATEL L3 SWITCH..PIX...INTERNET ROUTER---INTERNET. (VLAN3) (802.1q TRUNK) (256K LINK)(802.1q TRUNK)(VLAN3) A client wants to allow a group of PC's on a remote site, access to the internet via the main site's ISP.But wants these group of Pc's on their own VLAN so they have no connection to the rest of the network (except for the internet router which the whole network uses to access the internet) they have been advised by a third party to do it as above.They have a Cisco 3550EMI switch at the remote site a Alcatel Omnicore L3 switch at the Main site.The WAN link is a 256k lease line.They want to configure the PC's on the remote site with the same VLAN as a dedicated PIX on the Main site (also on the same subnet). The Cat 3550 is not using it's L3 capabilities and is trunked to the remote site's router Can this be done ? I'm sure thinking of the basic laws of routing it won't be possible to have devices being on the same subnet but across different WAN links, as routing loops can occur.Also would it be best to enable the layer 3 capabilities of the switches, or to let the routers do the work. I'm looking forward to your answers Thanks in advance Simon. - Original Message - From: Henrique Issamu Terada To: simon watson Cc: Sent: Tuesday, July 01, 2003 2:09 PM Subject: RES: VLAN Tagging on Cat 3550 [7:71703] Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71916t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Tagging on Cat 3550 Another question [7:71703]
- Original Message - From: simon watson To: ; Henrique Issamu Terada Sent: Wednesday, July 02, 2003 11:08 PM Subject: VLAN Tagging on Cat 3550 Another question [7:71703] Hi Some how I was thinking VLAN tagging was something more than just Trunking in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I have another question.Look at the example below. REMOTE SITE PC's-CISCO 3550--CISCO 2600~~(256K LEASE LINE) (VLAN3) (802.1q TRUNK) MAIN SITE ~~CISCO 3600ALCATEL SWITCHPIX...INTERNET ROUTER/INTERNET. (256K LINK) (802.1qTRUNK) (VLAN3) A client wants to allow a group of PC's on a remote site, access to the internet via the main site's ISP.But wants these group of Pc's on their own VLAN so they have no connection to the rest of the network (except for the internet router which the whole network uses to access the internet) they have been advised by a third party to do it as above.They have a Cisco 3550EMI switch at the remote site a Alcatel Omnicore L3 switch at the Main site.The WAN link is a 256k lease line.They want to configure the PC's on the remote site with the same VLAN as a dedicated PIX on the Main site (also on the same subnet). The Cat 3550 is not using it's L3 capabilities and is trunked to the remote site's router Can this be done ? I'm sure thinking of the basic laws of routing it won't be possible to have devices being on the same subnet but across different WAN links, as routing loops can occur.Also would it be best to enable the layer 3 capabilities of the switches, or to let the routers do the work. I'm looking forward to your answers Thanks in advance Simon. - Original Message - From: Henrique Issamu Terada To: simon watson Cc: Sent: Tuesday, July 01, 2003 2:09 PM Subject: RES: VLAN Tagging on Cat 3550 [7:71703] Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71821t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Tagging on Cat 3550 Another question [7:71703]
simon watson wrote in message news:[EMAIL PROTECTED] Hi Some how I was thinking VLAN tagging was something more than just Trunking in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I have another question.Look at the example below. REMOTE SITE MAIN SITE PC's-CISCO 3550CISCO 2600~~CISCO 3600ALCATEL L3 SWITCH..PIX...INTERNET ROUTER---INTERNET. (VLAN3) (802.1q TRUNK) (256K LINK) (802.1q TRUNK)(VLAN3) A client wants to allow a group of PC's on a remote site, access to the internet via the main site's ISP.But wants these group of Pc's on their own VLAN so they have no connection to the rest of the network (except for the internet router which the whole network uses to access the internet) they have been advised by a third party to do it as above.They have a Cisco 3550EMI switch at the remote site a Alcatel Omnicore L3 switch at the Main site.The WAN link is a 256k lease line.They want to configure the PC's on the remote site with the same VLAN as a dedicated PIX on the Main site (also on the same subnet). The Cat 3550 is not using it's L3 capabilities and is trunked to the remote site's router Can this be done ? sure. not sure you need to worry about switching. use the inbound ( from the branch office ) router to route to the default gateway for internet access. put in policy routing and access lists denying access from the branch net to anything on the host site net. where is all this vlan trunking coming from? looks to me like a red herring. I'm sure thinking of the basic laws of routing it won't be possible to have devices being on the same subnet but across different WAN links, as routing loops can occur.Also would it be best to enable the layer 3 capabilities of the switches, or to let the routers do the work. I'm looking forward to your answers Thanks in advance Simon. - Original Message - From: Henrique Issamu Terada To: simon watson Cc: Sent: Tuesday, July 01, 2003 2:09 PM Subject: RES: VLAN Tagging on Cat 3550 [7:71703] Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71854t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Tagging on Cat 3550 Another question [7:71703]
Hi Some how I was thinking VLAN tagging was something more than just Trunking in Cisco talk,as you can guess I'm pretty rusty when it comes to switching.I have another question.Look at the example below. REMOTE SITE MAIN SITE PC's-CISCO 3550CISCO 2600~~CISCO 3600ALCATEL L3 SWITCH..PIX...INTERNET ROUTER---INTERNET. (VLAN3) (802.1q TRUNK) (256K LINK)(802.1q TRUNK)(VLAN3) A client wants to allow a group of PC's on a remote site, access to the internet via the main site's ISP.But wants these group of Pc's on their own VLAN so they have no connection to the rest of the network (except for the internet router which the whole network uses to access the internet) they have been advised by a third party to do it as above.They have a Cisco 3550EMI switch at the remote site a Alcatel Omnicore L3 switch at the Main site.The WAN link is a 256k lease line.They want to configure the PC's on the remote site with the same VLAN as a dedicated PIX on the Main site (also on the same subnet). The Cat 3550 is not using it's L3 capabilities and is trunked to the remote site's router Can this be done ? I'm sure thinking of the basic laws of routing it won't be possible to have devices being on the same subnet but across different WAN links, as routing loops can occur.Also would it be best to enable the layer 3 capabilities of the switches, or to let the routers do the work. I'm looking forward to your answers Thanks in advance Simon. - Original Message - From: Henrique Issamu Terada To: simon watson Cc: Sent: Tuesday, July 01, 2003 2:09 PM Subject: RES: VLAN Tagging on Cat 3550 [7:71703] Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71799t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN TAGGING ON Cat 3550 [7:71678]
Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71678t=71678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Tagging on Cat 3550 [7:71703]
Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71703t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RES: VLAN Tagging on Cat 3550 [7:71703]
Vlan tagging is commonly called by Cisco as trunks. Have you ever configured trunks as ISL ou 802.1q ? Actually the name vlan tagging makes more sense on non Cisco equipment, where only exists 802.1q . ISL doesn't do tag as 802.1q , but reencapsulates the packet with a new header . My 0,02 _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: simon watson [SMTP:[EMAIL PROTECTED] Enviada em: terga-feira, 1 de julho de 2003 05:02 Para: [EMAIL PROTECTED] Assunto: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71710t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Tagging on Cat 3550 [7:71703]
Here is a plain sample of a 3550 trunk config on one side... interface FastEthernet 0/24 switchport trunk encapsulation isl switchport trunk allowed vlan 1-158,160-4094 switchport mode trunk no ip address ! -Sal simon watson wrote: Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71720t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Tagging on Cat 3550 [7:71703]
I'll take a stab since I just finished reading that in the CCNP switching manual and it'll be a good test :) It depends on the setup eg, whether or not there's to be multiple vlans and, if so, whether or not the two vlans are to communicate etc. On the router you need to configure a subinterface on the physical ethernet port for each of the vlans and for that subint connection to trunk then specify the encapsulation there (either isl or dot1q) and the vlan number that will be assigned on the switch. Then configure the port on the switch that the router is connected to for the same trunking protocol. Then configure the vlan domain, and the vtp mode (server, client or transparent) on the switch. Then configure the vlans. eg... on the router interface FastEthernet2/0 no ip address ip helper-address x.x.x.x speed 100 full-duplex end interface FastEthernet2/0.1 encapsulation dot1q 5 ip address 192.168.5.1 255.255.255.0 ip helper-address x.x.x.x no ip redirects end Note the encapsulation dot1q 5. 5 is the number of the vlan as will be configured on the switch. In this case it's also the number of the subnet (a tip from Mr. Letterman). Dont use vlan number 1 or 1-1005. Im shaky on the command syntax and I don't have an IOS switch (i just ordered my 3550's last week) but on a CLI switch it would be set vtp domain mydomain (sets vtp domain name to mydomain) set vtp mode server (sets the switch in server mode - will transmit vlan info out all trunk ports to client mode machines) set trunk 1/1 nonegotiate dot1q 1-1005 (set the trunking protocol to dot1q for all vlans. Note: vlan 1 should be reserved for administration, 1001 is reserved by Cisco and 1002-1005 are reserved for tokenring bridging) set vlan 5 name subnet5 (define vlan number 5 with name of subnet 5) set vlan 5 2/1 (put port 2/1 on vlan 5. 802.1q (dot1q) is recommended as it only adds 4 bytes to the frame after the destination address in the IP header (2 bytes are the trunking protocol id, 3 bits for priority, 1 bit for CFI (whether or not the mac address is listed in canonical format), 12 bits for the vlan id). ISL encapsulates the frame with a 24 byte header and a 4 byte crc. Way more overhead... Any input on the IOS commands would be appreciated and Im still foggy on the trunking negotiation! Is it that one side is hard set to the protocol and the other is set noneogtiate so that it won't try and change it? (Any other input would be appreciated as well. Especially if I missed something obvious!) -Original Message- From: simon watson [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 1:02 AM To: [EMAIL PROTECTED] Subject: VLAN Tagging on Cat 3550 [7:71703] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71717t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Tagging on Cat 3550 [7:71703]
simon watson wrote in message news:[EMAIL PROTECTED] Hi Guys A client wants a Cat 3550 configured for VLAN tagging, I have not done one of these before so how do I configure the switch, also there is a Cisco 2600 router also connected to the switch.Do I need to configure the router to accomodate VLAN tagging (and any router that packets of the VLAN goes through ?) to quote a sage, what is the problem you ( or rather your customer ) is trying to solve? to be quite frank, if the customer is sufficiently educated so as to understand vlan tagging, the configuration is easy enough to do. other responses have given you some configurations, and some narrative. but I gotta say, if you don't understand the requirement, how will you know if what you do is correct, and accomplishes the desired goal? is this a 3550 SMI or EMI? if it is SMI, is the routed network a RIP network? are you leting the switch do the L3 stuff, leaving the 26xx as a gateway to the internet, for example? depending on your topology, you may not need to do anything to the 26xx. someone mentioned doing vlan trunking on the 26xx. while you can now do that on all models of the 26xx, if you have a 2610 or 2611, you still need a current IOS image to do so. does the switch in question connect ot other switches? is this the reason for the vlan trunking? users in the same vlan but on different switches? the why is more important than the how along with the good advice others have offered, I hope you will take siome time, read up, and ask your customer some questions so that you understand the desired result, thus making the configuration support that result. best wishes Hemingway Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71725t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Tagging on Cat 3550 [7:71703]
Hi, Concerning your question if you need to configure trunking on the router also - the answer is that it depends on your network topology and configuration. If your router needs to do the routing between the VLANs you will probably need the tagging. By the way this kind of configuration is called router-on-a-stick. Another option is to use one router ethernet interface per VLAN although this option doesn't scale well, so trunking is recommended. Regards, Janó Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71726t=71703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dynamic VLAN classification [7:71023]
I would like to know what methods are available for classifying dynamic VLANs on Cisco switches? I know VMPS support dynamic VLANs based on MAC address. But what about protocol or network address? Other manufacturors have dynamic VLANs based on combinations of protocol, address etc. I know there is also the User Registration Tool (URT) that do classification on a lot of fancy things but I want to know what classifications the SWITCH inherently supports. If it is not clear yet take for example a PC transmitting its first packet with IP address 10.0.0.2. If the rule is configured the port the PC is attached to should be assigned to VLAN 2. If another PC transmits an IPX packet it should be assigned to VLAN 8. Get the idea? Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71023t=71023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic VLAN [7:70445]
Dear Tom, Thanks your information. So any workaround in this case? Thanks again. Rgds, Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70774t=70445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic VLAN [7:70445]
Lo, Dynamic VLANs are based on MAC address, so a PC with one NIC will have one MAC even if you have two IP addresses configured on it. The switch will put the PC in the correct VLAN based on its database. The PC will end up in one VLAN, and as such will only be able to communicate with one of the servers. - Tom Lo Ching wrote: Dear All, Suppose there is a PC have 2 IP address configured in single NIC (10.x, 20.x) and connect catalyst 35xx switch that configured with dynamic vlan. (NOT tagged) And there are 2 servers with IP 10.x and 20.x connected to the same switch as well. The server belongs to VLAN 10 and VLAN 20 based on the IP address. Can the client PC connect to both server in the same time? In other words, can the switch port allow both VLAN 10 and VLAN 20? Thanks. rgds, LoChing Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70579t=70445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dynamic VLAN [7:70445]
Dear All, Suppose there is a PC have 2 IP address configured in single NIC (10.x, 20.x) and connect catalyst 35xx switch that configured with dynamic vlan. (NOT tagged) And there are 2 servers with IP 10.x and 20.x connected to the same switch as well. The server belongs to VLAN 10 and VLAN 20 based on the IP address. Can the client PC connect to both server in the same time? In other words, can the switch port allow both VLAN 10 and VLAN 20? Thanks. rgds, LoChing Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70445t=70445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2924XL VLAN issue [7:70148]
VLANs are a layer two construct. The ip address assigned to a switch is used for management purposes only. So, configure one VLAN as the management VLAN - default is 1 - give it an ip address, configure an ip default-gateway and you are set. You can never have more than one Interface VLAN active on a 2924XL switch. VLAN = Virtual LAN - think of the switch being segmented into several virtual switches. Usually we associate an ip subnet with each VLAN. To communicate between the virtual switches (VLAN/ layer two device) you need a routing function (layer three) to provide the ip addressing and routing. A simple way would be to use a router with multiple ethernet interfaces. Each has an ip address. One port from each of the switch's VLANs connects to one of the router's interfaces. Hosts on the VLANS use the subnet associated with the router interface and use the router interface's ip address as its default gateway. A more elegant method uses trunking between the switch and router. Subinterfaces on the router are used to provide the different ip subnets. The documentation on CCO is extensive. If you prefer books, may I suggest Cisco LAN Switching by Clark and Hamilton, Cisco Press, ISBN 1578700949 -Original Message- From: Simer Mayo [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 7:00 PM To: [EMAIL PROTECTED] Subject: RE: 2924XL VLAN issue [7:70148] Yep. It still shows as admin down. -Original Message- From: Brandon Vickers [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 4:38 PM To: Simer Mayo Cc: [EMAIL PROTECTED] Subject: Re: 2924XL VLAN issue [7:70148] Ok, This maybe a bit to simple and obvious but have you issued a No shutdown command on both interfaces? Simer Mayo wrote: I'm trying to configure 3 VLANS on a Catalyst 2924 XL. Scenario: Ports: 1- VLAN 1 (Management) 2-12 VLAN 2 (VLAN 2 IP: 192.168.42.254 /24) 13-24 VLAN 3 (VLAN 3 IP: 192.168.142.254 /24) --Users from VLAN 2 (192.168.42.0) be able to access servers in VLAN 3 (192.168.142.0) ISSUE: The VLAN 2 and 3 always appear to be administrative shutdown. PLEASE ADVICE Following is the config: version 12.0 service timestamps debug uptime service timestamps log uptime ! hostname 2924XL ! ip subnet-zero ! ! interface FastEthernet0/1 ! interface FastEthernet0/2-12 switchport access vlan 2 ! interface FastEthernet0/13-24 switchport access vlan 3 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache management ! interface VLAN2 ip address 192.168.142.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.42.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! sh ver: Cisco Internetwork Operating System Software IOS (tm) C2900xl Software (C2900xl-C3H2S-M), Version 12.0(5)WC5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 28-May-02 11:11 by devgoyal Image text-base: 0x3000, data-base: 0x0034A3C8 ROM: Bootstrap program is C2900xl boot loader CitPub2924XL uptime is 1 hour, 38 minutes System returned to ROM by power-on System image file is flash:c2900xl-c3h2s-mz.120-5.WC5.bin cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory. Processor board ID FAA0329M0Q7, with hardware revision 0x01 Last reset from power-on Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable 24 FastEthernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Model revision number: A0 Model number: WS-C2924-XL-EN Configuration register is 0xF -- Have a nice day! Brandon Vickers Mississippi Moon Internet Services http://mississippimoon.riverroads.com Take a trip down the River Roads!! http://www.riverroads.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70219t=70148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2924XL VLAN issue [7:70148]
I'm trying to configure 3 VLANS on a Catalyst 2924 XL. Scenario: Ports: 1- VLAN 1 (Management) 2-12 VLAN 2 (VLAN 2 IP: 192.168.42.254 /24) 13-24 VLAN 3 (VLAN 3 IP: 192.168.142.254 /24) --Users from VLAN 2 (192.168.42.0) be able to access servers in VLAN 3 (192.168.142.0) ISSUE: The VLAN 2 and 3 always appear to be administrative shutdown. PLEASE ADVICE Following is the config: version 12.0 service timestamps debug uptime service timestamps log uptime ! hostname 2924XL ! ip subnet-zero ! ! interface FastEthernet0/1 ! interface FastEthernet0/2-12 switchport access vlan 2 ! interface FastEthernet0/13-24 switchport access vlan 3 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache management ! interface VLAN2 ip address 192.168.142.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.42.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! sh ver: Cisco Internetwork Operating System Software IOS (tm) C2900xl Software (C2900xl-C3H2S-M), Version 12.0(5)WC5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 28-May-02 11:11 by devgoyal Image text-base: 0x3000, data-base: 0x0034A3C8 ROM: Bootstrap program is C2900xl boot loader CitPub2924XL uptime is 1 hour, 38 minutes System returned to ROM by power-on System image file is flash:c2900xl-c3h2s-mz.120-5.WC5.bin cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory. Processor board ID FAA0329M0Q7, with hardware revision 0x01 Last reset from power-on Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable 24 FastEthernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Model revision number: A0 Model number: WS-C2924-XL-EN Configuration register is 0xF Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70148t=70148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2924XL VLAN issue [7:70148]
Ok, This maybe a bit to simple and obvious but have you issued a No shutdown command on both interfaces? Simer Mayo wrote: I'm trying to configure 3 VLANS on a Catalyst 2924 XL. Scenario: Ports: 1- VLAN 1 (Management) 2-12 VLAN 2 (VLAN 2 IP: 192.168.42.254 /24) 13-24 VLAN 3 (VLAN 3 IP: 192.168.142.254 /24) --Users from VLAN 2 (192.168.42.0) be able to access servers in VLAN 3 (192.168.142.0) ISSUE: The VLAN 2 and 3 always appear to be administrative shutdown. PLEASE ADVICE Following is the config: version 12.0 service timestamps debug uptime service timestamps log uptime ! hostname 2924XL ! ip subnet-zero ! ! interface FastEthernet0/1 ! interface FastEthernet0/2-12 switchport access vlan 2 ! interface FastEthernet0/13-24 switchport access vlan 3 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache management ! interface VLAN2 ip address 192.168.142.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.42.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! sh ver: Cisco Internetwork Operating System Software IOS (tm) C2900xl Software (C2900xl-C3H2S-M), Version 12.0(5)WC5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 28-May-02 11:11 by devgoyal Image text-base: 0x3000, data-base: 0x0034A3C8 ROM: Bootstrap program is C2900xl boot loader CitPub2924XL uptime is 1 hour, 38 minutes System returned to ROM by power-on System image file is flash:c2900xl-c3h2s-mz.120-5.WC5.bin cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory. Processor board ID FAA0329M0Q7, with hardware revision 0x01 Last reset from power-on Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable 24 FastEthernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Model revision number: A0 Model number: WS-C2924-XL-EN Configuration register is 0xF -- Have a nice day! Brandon Vickers Mississippi Moon Internet Services http://mississippimoon.riverroads.com Take a trip down the River Roads!! http://www.riverroads.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70158t=70148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2924XL VLAN issue [7:70148]
Yep. It still shows as admin down. -Original Message- From: Brandon Vickers [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 4:38 PM To: Simer Mayo Cc: [EMAIL PROTECTED] Subject: Re: 2924XL VLAN issue [7:70148] Ok, This maybe a bit to simple and obvious but have you issued a No shutdown command on both interfaces? Simer Mayo wrote: I'm trying to configure 3 VLANS on a Catalyst 2924 XL. Scenario: Ports: 1- VLAN 1 (Management) 2-12 VLAN 2 (VLAN 2 IP: 192.168.42.254 /24) 13-24 VLAN 3 (VLAN 3 IP: 192.168.142.254 /24) --Users from VLAN 2 (192.168.42.0) be able to access servers in VLAN 3 (192.168.142.0) ISSUE: The VLAN 2 and 3 always appear to be administrative shutdown. PLEASE ADVICE Following is the config: version 12.0 service timestamps debug uptime service timestamps log uptime ! hostname 2924XL ! ip subnet-zero ! ! interface FastEthernet0/1 ! interface FastEthernet0/2-12 switchport access vlan 2 ! interface FastEthernet0/13-24 switchport access vlan 3 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache management ! interface VLAN2 ip address 192.168.142.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.42.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! sh ver: Cisco Internetwork Operating System Software IOS (tm) C2900xl Software (C2900xl-C3H2S-M), Version 12.0(5)WC5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 28-May-02 11:11 by devgoyal Image text-base: 0x3000, data-base: 0x0034A3C8 ROM: Bootstrap program is C2900xl boot loader CitPub2924XL uptime is 1 hour, 38 minutes System returned to ROM by power-on System image file is flash:c2900xl-c3h2s-mz.120-5.WC5.bin cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory. Processor board ID FAA0329M0Q7, with hardware revision 0x01 Last reset from power-on Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable 24 FastEthernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Model revision number: A0 Model number: WS-C2924-XL-EN Configuration register is 0xF -- Have a nice day! Brandon Vickers Mississippi Moon Internet Services http://mississippimoon.riverroads.com Take a trip down the River Roads!! http://www.riverroads.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70159t=70148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2924XL VLAN issue [7:70148]
Hi Simer, Check for the VLANs in VLAN Database and you need some layer 3 device to make them speak to each other. HTH Vikram Original Message- From: Simer Mayo [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 2:54 AM To: [EMAIL PROTECTED] Subject: 2924XL VLAN issue [7:70148] I'm trying to configure 3 VLANS on a Catalyst 2924 XL. Scenario: Ports: 1- VLAN 1 (Management) 2-12 VLAN 2 (VLAN 2 IP: 192.168.42.254 /24) 13-24 VLAN 3 (VLAN 3 IP: 192.168.142.254 /24) --Users from VLAN 2 (192.168.42.0) be able to access servers in VLAN 3 (192.168.142.0) ISSUE: The VLAN 2 and 3 always appear to be administrative shutdown. PLEASE ADVICE Following is the config: version 12.0 service timestamps debug uptime service timestamps log uptime ! hostname 2924XL ! ip subnet-zero ! ! interface FastEthernet0/1 ! interface FastEthernet0/2-12 switchport access vlan 2 ! interface FastEthernet0/13-24 switchport access vlan 3 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache management ! interface VLAN2 ip address 192.168.142.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.42.1 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown ! sh ver: Cisco Internetwork Operating System Software IOS (tm) C2900xl Software (C2900xl-C3H2S-M), Version 12.0(5)WC5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 28-May-02 11:11 by devgoyal Image text-base: 0x3000, data-base: 0x0034A3C8 ROM: Bootstrap program is C2900xl boot loader CitPub2924XL uptime is 1 hour, 38 minutes System returned to ROM by power-on System image file is flash:c2900xl-c3h2s-mz.120-5.WC5.bin cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory. Processor board ID FAA0329M0Q7, with hardware revision 0x01 Last reset from power-on Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable 24 FastEthernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Model revision number: A0 Model number: WS-C2924-XL-EN Configuration register is 0xF Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70171t=70148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Trunk Question and spanning tree [7:66730]
John, This is from one my 6509's with an MSFC router module, which is similar to your 4006...we do use the trunk allow to put our trunks in the native vlan and the vlans for data/voice...we also use portfast bpdu-guard on the access ports in the floor switches..it stops the potential of loops in the floor/main switches... I am not sure about the flap error, since its between two uplinks going to two different places.. interface GigabitEthernet3/1 description to sjc5-fxs-sw1 no ip address udld enable mls qos trust cos switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,159,1002-1005 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet3/2 description to sjc5-11-sw1 no ip address udld enable mls qos trust cos switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,151,154,200,1002-1005 switchport mode trunk switchport nonegotiate Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Brandis Sent: Wednesday, April 02, 2003 7:05 PM To: [EMAIL PROTECTED] Subject: VLAN Trunk Question and spanning tree [7:66730] hi All, Please tell me if I am wrong and best practices A trunk link, by default, is a member of all VLANS Would it be best practice, to place your trunk ports in a particualr VLAN, then define what you want pruned/not pruned ? Reason I ask is that I am getting the hostflapping error every now and then, which first made me believe I had a developer plugging in hubs around the place. However, now I think its a question of my design/config. Here is an example of the error on my cat-4006 gig ports which trunk to my floor switchs. Host 00:06:29:F9:75:A2 in vlan 23 is flapping between port Gi2/12 and port Gi2/11 NOTE: 2/12 go's to sw2 and 2/11 go's to sw1, which are connected to one another as you can see below I checked it out, there are no hubs any where that could do this, and I have spanning tree in place to stop the redundant links on my floor switch;s coming back into the core. Here is the config of my trunk ports on the floor switch SW1 interface GigabitEthernet0/1 description link to core switchport mode trunk no ip address ! interface GigabitEthernet0/2 description link to sw2 floor switch switchport mode trunk no ip address SW2 interface GigabitEthernet0/1 description link to core switchport mode trunk no ip address ! interface GigabitEthernet0/2 description link to sw1 floor switch switchport mode trunk no ip address If any one can suggest anything, I would appreciate it (I am interested in the use of the bpdu-port guard, would this help here ?) Thanks John Sydney Australia ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66735t=66730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
No, we don't have portfast bpdu-guard enabled. What does it do? Thanks Larry! Thomas Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66699t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66711t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN loop problem [7:66656]
Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66714t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
I'll check it out tomorrow. Thanks much Larry! Thomas Larry Letterman wrote in message news:[EMAIL PROTECTED] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66724t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Trunk Question and spanning tree [7:66730]
hi All, Please tell me if I am wrong and best practices A trunk link, by default, is a member of all VLANS Would it be best practice, to place your trunk ports in a particualr VLAN, then define what you want pruned/not pruned ? Reason I ask is that I am getting the hostflapping error every now and then, which first made me believe I had a developer plugging in hubs around the place. However, now I think its a question of my design/config. Here is an example of the error on my cat-4006 gig ports which trunk to my floor switchs. Host 00:06:29:F9:75:A2 in vlan 23 is flapping between port Gi2/12 and port Gi2/11 NOTE: 2/12 go's to sw2 and 2/11 go's to sw1, which are connected to one another as you can see below I checked it out, there are no hubs any where that could do this, and I have spanning tree in place to stop the redundant links on my floor switch;s coming back into the core. Here is the config of my trunk ports on the floor switch SW1 interface GigabitEthernet0/1 description link to core switchport mode trunk no ip address ! interface GigabitEthernet0/2 description link to sw2 floor switch switchport mode trunk no ip address SW2 interface GigabitEthernet0/1 description link to core switchport mode trunk no ip address ! interface GigabitEthernet0/2 description link to sw1 floor switch switchport mode trunk no ip address If any one can suggest anything, I would appreciate it (I am interested in the use of the bpdu-port guard, would this help here ?) Thanks John Sydney Australia ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66730t=66730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN loop problem [7:66656]
Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66656t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN loop problem [7:66656]
port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=0t=66656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Clearing removed VIP250 interfaces/vlan ISL troubleshooting [7:66278]
First the troubleshooting, which might be of interest to people who use vlans and ISL. Then my actual question. See below for commands pasted/etc. Taking place on a Cisco 7507 So, I noticed by chance that there was ~50% packet loss from host to router and no latency. However, the host could reach the outside world with no packet loss and no latency. After delving into it, it looked as if the host could ping another subnet that was bound to the same vlan ISL(6/0.1) interface with no packet loss, but again packet loss to the actual router was %50. Packet loss to other vlans connected via the same ISL interface(6/0.2) was ~50% as well. So, I looked at the routers vlan/ISL information via sh vlan. Turns out that it had a failed and removed VIP250(0/1/0) card that was the old interface for the vlan/isl subnets. I believe the router is trying to send half the packets to the non-existent VIP250(0/1/0) isl interface. Now read on for the question I don't want to do a reload on the router, so does anyone know of a way of removing this interface without reloading? It was removed successfully upon it's failure, that is, the cbus reported it as being gone and there is no way to 'configure int fast 0/1/0'. I made sure of this before plugging in the 6/0 VIP250 and configuring it. Any suggestions on how to get rid of that thing outside of reloading would be appreciated, if such a thing is possible. #sh vlan Virtual LAN ID: 1 (Inter Switch Link Encapsulation) vLAN Trunk Interfaces: FastEthernet0/1/0.1 FastEthernet6/0.1 Protocols Configured: Address: Received: Transmitted: IP 192.168.0.190 35459 27492 IP 192.168.0.190 35459 27492 Virtual LAN ID: 2 (Inter Switch Link Encapsulation) vLAN Trunk Interfaces: FastEthernet0/1/0.2 FastEthernet6/0.2 Protocols Configured: Address: Received: Transmitted: IP 192.168.0.198 199982 165171 IP 192.168.0.198 199982 165171 -- Nick alias life='cat /dev/urandom | grep 'born' | sed s/'born'/'die'/g /dev/null' --- 'What is a human being, then?' 'A seed.' 'A... seed?' 'An acorn that is unafraid to destroy itself in growing into a tree' --David Zindell (excerpts from _The Broken God_) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66278t=66278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to create VLAN [7:66165]
Hi all, Can anyone please tell me how to create a vlan for a network range for ex 192.168.5.1 to 192.168.5.50 and 192.168.5.51 to 192.168.5.100 and establish communication between the 2.I don't have a router and I have a cisco 3548 XL switch. Is it possible .. Please help its extremely urgent guruprasad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66165t=66165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to create VLAN [7:66165]
without a router its not possible..The 35XX-XL switches dont support routing. If you had a 3550 with EMI IOS on it you could accomplish the task..and if you decide on a router, you'll need a fast ethernet interface to set up a trunk port. Larry Letterman Network Engineer Cisco Systems Can anyone please tell me how to create a vlan for a network range for ex 192.168.5.1 to 192.168.5.50 and 192.168.5.51 to 192.168.5.100 and establish communication between the 2.I don't have a router and I have a cisco 3548 XL switch. Is it possible .. Please help its extremely urgent guruprasad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66180t=66165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to create VLAN [7:66165]
Your going to need a router to get between VLANs and addresses that fall onto bit boundries like 192.168.5.1 to 192.168.5.62 and 65-126 Guruprasad Sanjeevi wrote: Hi all, Can anyone please tell me how to create a vlan for a network range for ex 192.168.5.1 to 192.168.5.50 and 192.168.5.51 to 192.168.5.100 and establish communication between the 2.I don't have a router and I have a cisco 3548 XL switch. Is it possible .. Please help its extremely urgent guruprasad -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 I would rather have a German division in front of me than a French one behind me. --- General George S. Patton Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66188t=66165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN as Firewall zones [7:65938]
Whie I agree that by compriming the switch, the intruder can bypass the firewall, I dont feel that it is of siginificant concern to warrant the purchase of an addiitianal switch to seperate the two. The big drive here is that you must secure your switch at L2, and if you do so, I feel that is is perfectly adequate. In the last Cisco Packet maganize there was an article addressing exactly this issue. And listed some of the common exploits and how to circumvent then. Obvious ones are, by default all ports are left on autop (with regard to runks),.so a user could jack in, request to form a trunk port and then captures all the VLAN etc details, and in effect be able to vlan hop. Enabling port security and restricting the nunber of ACL's seen on one port ia another way to do it. Look at using 802.11x for MAC based port sauthentication, especially on server vlans! You can even go as far as private vlans and ACL's to stipulate which ports and MAC's are allowed to speak to each other .. very usefull when using your switch for a simple connection point (eg /30 between firewall and router or something). http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac222/about_cisco_packet_feature09186a0080142deb.html and make your own mind up. GO and check out the article # Andrew Dorsett wrote: On Fri, 21 Mar 2003, Paulo Roque wrote: I usually separate firewall zone with different physical LAN in different switches. What do you think of separating firewall zone with VLANs in the same switch/chassis? Generally a very bad idea! I fully agree with physical seperation. Because if it's based on VLANs then they only have to compromise the switch to compromise the entire network. Also because there are new layer 2 techniques that can allow a packet to hop across VLANs. These are the only things that worry me about the FW module for the 6500 chassis. It's based on VLANs. So if I can hop VLANs somewhere then I can bypass the firewall. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66064t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN as Firewall zones [7:65938]
Hi. I usually separate firewall zone with different physical LAN in different switches. What do you think of separating firewall zone with VLANs in the same switch/chassis? Paulo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65938t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN as Firewall zones [7:65938]
On Fri, 21 Mar 2003, Paulo Roque wrote: I usually separate firewall zone with different physical LAN in different switches. What do you think of separating firewall zone with VLANs in the same switch/chassis? Generally a very bad idea! I fully agree with physical seperation. Because if it's based on VLANs then they only have to compromise the switch to compromise the entire network. Also because there are new layer 2 techniques that can allow a packet to hop across VLANs. These are the only things that worry me about the FW module for the 6500 chassis. It's based on VLANs. So if I can hop VLANs somewhere then I can bypass the firewall. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65944t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN as Firewall zones [7:65938]
We deploy 2620/2621 in our microwave network with Catalyst 1912/1924 to 'fan out' via VLANs, but we just use the aux port on the 26xx to reverse telnet to the 19xx, rather than assigning an IP address to the switch. I have seen several situations where ARP requests leak across VLANs on 29xx/35xx series equipment, never really had the chance to observe enough on the other platforms (4xxx/5xxx/6xxx) to know if they're involved - the 19xx seem to be very stable and I've never detected anything like leaking information on them. The big benefit for us, besides cheaper port density, is that we 'twin' each port - an on site tech wanting to work on the thing plugged in to port 1 on the cat 1924 knows he can just hook his laptop to port 11 and he is on the same segment. Andrew Dorsett wrote: On Fri, 21 Mar 2003, Paulo Roque wrote: I usually separate firewall zone with different physical LAN in different switches. What do you think of separating firewall zone with VLANs in the same switch/chassis? Generally a very bad idea! I fully agree with physical seperation. Because if it's based on VLANs then they only have to compromise the switch to compromise the entire network. Also because there are new layer 2 techniques that can allow a packet to hop across VLANs. These are the only things that worry me about the FW module for the 6500 chassis. It's based on VLANs. So if I can hop VLANs somewhere then I can bypass the firewall. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65952t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Voice VLAN [7:65606]
I have this setup: 6509 switch connected to multiple 2950 switches. In each IDF I will have atleat (20) 2950 connected to 6500 switch. 6509 then will be connected to 3700 series router for WAN Connectivity. 6509 will also be connected to Nortel CSE1000 IP phone server. The question is: In each branch I will have atleast 5 or 6 IP phones connected to 2950 switch. I Like to put my 2950 switch ports for phones in a different vlan for voice traffic and will have a separate vlan for Data. Do I need any QOS for Voice port? The connection between 2950 switches to 6509 will be Gigabit. I believe I have enough bandwidth between the ports, and voice traffic should be okay w/o any QOS. Is there any specific good link for setup Voice VLAN in 6509 and 2950 switches along with QOS if needed? ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65606t=65606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Voice VLAN [7:65606]
I have this setup: 6509 switch connected to multiple 2950 switches. In each IDF I will have atleat (20) 2950 connected to 6500 switch. 6509 then will be connected to 3700 series router for WAN Connectivity. 6509 will also be connected to Nortel CSE1000 IP phone server. The question is: In each branch I will have atleast 5 or 6 IP phones connected to 2950 switch. I Like to put my 2950 switch ports for phones in a different vlan for voice traffic and will have a separate vlan for Data. Do I need any QOS for Voice port? The connection between 2950 switches to 6509 will be Gigabit. I believe I have enough bandwidth between the ports, and voice traffic should be okay w/o any QOS. Is there any specific good link for setup Voice VLAN in 6509 and 2950 switches along with QOS if needed? ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65613t=65606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice VLAN [7:65606]
Yes you really should. Bandwidth is never an answer to realtime traffic consistency, it's really a question of queue management. You should still use QoS on the gig links. On this laptop I don't have the CCO links handy but there are plenty out there if you do a quick search. The 2950's are different animals than all other switches so you should read their qos configuration guide. I also authored a few a while back I will try and pull out after work tonight. Make sure the 2950's classify the traffic correctly and then just trust DSCP on the gig uplinks to the 6k, no other queuing means are necessary on the gig links. Also make sure you create the correct COS / DSCP maps on the 2950's they don't queue correctly by default for the CCM / Unity apps, but I cannot speak to the soft switch you are using, I only do Cisco Call Manager... Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Azhar Teza Sent: Monday, March 17, 2003 3:28 PM To: [EMAIL PROTECTED] Subject: Voice VLAN [7:65606] I have this setup: 6509 switch connected to multiple 2950 switches. In each IDF I will have atleat (20) 2950 connected to 6500 switch. 6509 then will be connected to 3700 series router for WAN Connectivity. 6509 will also be connected to Nortel CSE1000 IP phone server. The question is: In each branch I will have atleast 5 or 6 IP phones connected to 2950 switch. I Like to put my 2950 switch ports for phones in a different vlan for voice traffic and will have a separate vlan for Data. Do I need any QOS for Voice port? The connection between 2950 switches to 6509 will be Gigabit. I believe I have enough bandwidth between the ports, and voice traffic should be okay w/o any QOS. Is there any specific good link for setup Voice VLAN in 6509 and 2950 switches along with QOS if needed? ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65610t=65606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
voice vlan simulation lab [7:65022]
Folks, there are many discussions on voice vlan configuration. Since we don't have an IP phone, it's hard to test it. I did the following lab and it works very interestingly. Why not try the following in your lab: r1-1(e0/0)-(f0/1)sw(f0/2)-r1-2(f0/0) | (f0/3)--r1-3(e0) cat3550 f0/2 configured with one access vlan 20 and one voice vlan 50 f0/1 access vlan 50 f0/3 access vlan 20 r1-2 configured with a native vlan 20 and a dot1q trunk vlan 50 (simulating ip phone) And ping r1-1 and r1-3 works from r1-2! This means that cat3550 treats the voice vlan in a very special way! If you configure the voice vlan port as a dot1q trunk port, you may need to block all vlans other than the native vlan and voice vlan. Otherwise all other vlan packets will be sent to the ip phone... === cat3550 configuration: interface FastEthernet0/1 switchport access vlan 50 no ip address ! interface FastEthernet0/2 switchport access vlan 20 switchport voice vlan 50 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 20 no ip address ! = r1-1: interface Ethernet0/0 ip address 50.1.1.10 255.255.255.0 r1-2: interface FastEthernet0/0 no ip address speed 100 full-duplex ! interface FastEthernet0/0.20 encapsulation dot1Q 20 native ip address 20.1.1.1 255.255.255.0 ! interface FastEthernet0/0.50 encapsulation dot1Q 50 ip address 50.1.1.1 255.255.255.0 ! r1-3: interface Ethernet0 ip address 20.1.1.3 255.255.255.0 no ip directed-broadcast ! r1-2#p 20.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.1.1.3, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms r1-2#p 50.1.1.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 50.1.1.10, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms cat3550-11#sh int f0/2 swi Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 20 (VLAN0020) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: none Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Voice VLAN: 50 (VLAN0050) --- wow, voice vlan now is active!!! Appliance trust: none Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65022t=65022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dynamic VLAN [7:65101]
-Original Message- From: supernet [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 6:33 PM To: '[EMAIL PROTECTED]' Subject: dynamic VLAN Hi, we've got 40-50 Cisco switches in the campus and would like to set up dynamic VLAN. We have CiscoSecure 2.6 (may upgrade to 3.1) and CiscoWorks 2000. Where should we put the MAC database? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65101t=65101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Changing the Default VLAN on a 3550?? [7:64811]
Al you need to do is the following assumming that you want to change the vlan1 to vlan17: execute the command vlan database create vlan17 and give a name to it(optional) assign the ip address to vlan17 assign vlan17 to any port that you want to be use with it Hope the above helps... Juan Blanco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Viera Sent: Saturday, March 08, 2003 1:58 AM To: [EMAIL PROTECTED] Subject: Changing the Default VLAN on a 3550?? [7:64811] This may be a stupid question, but after searching Cisco's site and the groupstudy archives for an answer, and not finding anything, I figured I'd ask. What command will allow me to change the default management vlan from vlan 1 to any other vlan?? I also understand this will negatively affect other protocols being sourced from the management vlan, any comments, ideas? Thanks in advance, Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64824t=64811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Changing the Default VLAN on a 3550?? [7:64811]
This may be a stupid question, but after searching Cisco's site and the groupstudy archives for an answer, and not finding anything, I figured I'd ask. What command will allow me to change the default management vlan from vlan 1 to any other vlan?? I also understand this will negatively affect other protocols being sourced from the management vlan, any comments, ideas? Thanks in advance, Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64811t=64811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
Jim, When you encapsulate your router interface with dot1q you are turning it into a trunk port. All of the traffic coming out of that port will be tagged with a vlan id except for traffic generated on the native vlan. By default, any subinterface encapped with vlan 1 will be native and its traffic will be untagged. If you want a subinterface other than one encapped as vlan 1 to generate untagged frames, then you will need to add the native keyword to the end of the encap statement. BTW: 1. Encapping subifs to dot1q makes that interface a trunk port, but not a switch port (does not generate stp frames, e.g). 2. You need to connect this router port to a switch port that is a dot1q trunk, and the native vlans must match (if you want it to work). I have an Ethereal capture of traffic from such a port showing the native vlan traffic untagged if you are interested. HTH, -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: Jim Devane To: Sent: Tuesday, March 04, 2003 10:49 PM Subject: Native VLAN question [7:64431] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64477t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
shutting down VLAN 1 [7:64334]
Hi all, In the effort to avoid any Vlan spread in the entire campus (populated of more than 100 Cisco switches), I would like to shut down the Vlan 1 in every switch of my campus and create just small local management Vlans. Is there anything wrong in this operation? Does the CDP exchange messages on Vlan 1? and does the CiscoWorks2000 exchange messages on Vlan 1? Best regards, Luca Ciasca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64334t=64334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: shutting down VLAN 1 [7:64334]
Luca, You cannot delete VLAN 1 as far as I know. Just don't allocate any ports to VLAN 1. If you don't trunk between the switches, no VLANs will propagate between them. If you have to trunk, just use another VLAN as native and prune the allowed VLANs. CDP goes over whatever VLAN it has available, same for CiscoWorks. Aurelian Georgescu -Original Message- From: Luca Ciasca [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:03 AM To: [EMAIL PROTECTED] Subject: shutting down VLAN 1 [7:64334] Hi all, In the effort to avoid any Vlan spread in the entire campus (populated of more than 100 Cisco switches), I would like to shut down the Vlan 1 in every switch of my campus and create just small local management Vlans. Is there anything wrong in this operation? Does the CDP exchange messages on Vlan 1? and does the CiscoWorks2000 exchange messages on Vlan 1? Best regards, Luca Ciasca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64345t=64334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: shutting down VLAN 1 [7:64334]
Watch out for Vlan mismatch issues if your using 6500 platform switches. We had this issue in the past on our campus network. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Luca Ciasca To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 2:03 AM Subject: shutting down VLAN 1 [7:64334] Hi all, In the effort to avoid any Vlan spread in the entire campus (populated of more than 100 Cisco switches), I would like to shut down the Vlan 1 in every switch of my campus and create just small local management Vlans. Is there anything wrong in this operation? Does the CDP exchange messages on Vlan 1? and does the CiscoWorks2000 exchange messages on Vlan 1? Best regards, Luca Ciasca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64372t=64334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: shutting down VLAN 1 [7:64334]
Can you elaborate a bit on the issues encountered? Thanks! Samson Martinez Motive Communications, Inc. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: shutting down VLAN 1 [7:64334] Watch out for Vlan mismatch issues if your using 6500 platform switches. We had this issue in the past on our campus network. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Luca Ciasca To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 2:03 AM Subject: shutting down VLAN 1 [7:64334] Hi all, In the effort to avoid any Vlan spread in the entire campus (populated of more than 100 Cisco switches), I would like to shut down the Vlan 1 in every switch of my campus and create just small local management Vlans. Is there anything wrong in this operation? Does the CDP exchange messages on Vlan 1? and does the CiscoWorks2000 exchange messages on Vlan 1? Best regards, Luca Ciasca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64391t=64334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: shutting down VLAN 1 [7:64334]
No problem with this. TAC recommended. See here: http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml#basic_cfg Luca Ciasca wrote: Hi all, In the effort to avoid any Vlan spread in the entire campus (populated of more than 100 Cisco switches), I would like to shut down the Vlan 1 in every switch of my campus and create just small local management Vlans. Is there anything wrong in this operation? Does the CDP exchange messages on Vlan 1? and does the CiscoWorks2000 exchange messages on Vlan 1? Best regards, Luca Ciasca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64396t=64334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Native VLAN question [7:64431]
I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64431t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64434t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
Sam or Bill Ok, fair enough. But if I create an uplink to a router and specifically define VLANs e.g. 25, 26, 27 etc. I assume (yes, I realize the danger) that VLAN 1 will be included. However, I am concerned on how to create the router interface the switch is linking to. In the config I posted I created sub-interfaces and ties the VLANs to them and defined the subnet (albeit only /30's) that is in the VLAN. I am wondering how the VLAN 1 traffic will react to the interface. I would like to be able to route from the VLAN 1 interface on the 3550 to the router. I am not sure about the untagged comment. When the traffic leaves the 3550 on it's way to the router is there a VLAN ID of 1? I somehow doubt it. I believe the VLAN 1 is used in the switch itself. Perhaps I am wrong, but it seems to me with the scenario I am working that there would be traffic that has an explicit VLAN ID defined and other traffic that has no VLAN ID set (untagged) This is just what I assume and am not sure however. Is it the case that if the traffic leaves the switch on a trunk port it populates the VLAN ID with 1? Thank you for your response. I am still looking for answers/input as well. - Original Message - From: Bill To: Sent: Tuesday, March 04, 2003 8:19 PM Subject: Re: Native VLAN question [7:64431] Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64441t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: shutting down VLAN 1 [7:64334]
In the past we set th native vlan to something other than Vlan 1 on all our switches in our buildings. That worked fine as long as nothing gets replaced...when some one is oncall and has to replace a supervisor module, it sets itself to native vlan 1. This causes a native vlan mismatch between the uplink switches and causes a STP recalc situation that brings that building down...since then we leave the native vlan to 1 and set the data/voice vlan to whatever we like...the only thing now that uses vlan 1 is vtp. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Samson Martinez To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 1:01 PM Subject: RE: shutting down VLAN 1 [7:64334] Can you elaborate a bit on the issues encountered? Thanks! Samson Martinez Motive Communications, Inc. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: shutting down VLAN 1 [7:64334] Watch out for Vlan mismatch issues if your using 6500 platform switches. We had this issue in the past on our campus network. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Luca Ciasca To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 2:03 AM Subject: shutting down VLAN 1 [7:64334] Hi all, In the effort to avoid any Vlan spread in the entire campus (populated of more than 100 Cisco switches), I would like to shut down the Vlan 1 in every switch of my campus and create just small local management Vlans. Is there anything wrong in this operation? Does the CDP exchange messages on Vlan 1? and does the CiscoWorks2000 exchange messages on Vlan 1? Best regards, Luca Ciasca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64443t=64334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
I would tend to think that all frames will be switched since its a layer 2 bridge...Switches/bridges dont route traffic. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Bill To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 8:19 PM Subject: Re: Native VLAN question [7:64431] Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
The ethernet interface with its sub-interfaces is a vlan interface on each of the sub-interfaces...Tagging is only for switch ports that are set up as trunks I believe... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Jim Devane To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 7:49 PM Subject: Native VLAN question [7:64431] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64447t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Port level / VLAN level bandwidth limit [7:63910]
Does anybody got an idea to control bandwidth on Port level / on VLAN basis on Cat 2912 / Cat 2924 switches running 12.0 IOS. I would like to limit the bandwidth to each PCs in varying limits (Say 128K, 256K, 512K etc). Controlling on the basis of IP address will not solve my problem. If there is a way to set maximum bandwidth on the port / VLAN basis it would be good. Thanks RK __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63910t=63910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: two 1900 catalyst switches cannot exchange VLAN info even [7:63926]
not sure , you mean the code version do play a part? So if it does play a part what code version should I run ? regards, suaveguru --- Larry Letterman wrote: what version of 1900 code are they running.? Larry Letterman Network Engineer Cisco Systems - Original Message - From: suaveguru To: Sent: Sunday, February 23, 2003 11:37 PM Subject: two 1900 catalyst switches cannot exchange VLAN info even [7:63613] all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63926t=63926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: two 1900 catalyst switches cannot exchange VLAN info even [7:63937]
to get all the bells and whistles you need to run Enterprise version of 1900 operating cose. Larry Letterman Network Engineer Cisco Systems - Original Message - From: suaveguru To: Larry Letterman ; Sent: Wednesday, February 26, 2003 4:39 PM Subject: Re: two 1900 catalyst switches cannot exchange VLAN info even [7:63836] not sure , you mean the code version do play a part? So if it does play a part what code version should I run ? regards, suaveguru --- Larry Letterman wrote: what version of 1900 code are they running.? Larry Letterman Network Engineer Cisco Systems - Original Message - From: suaveguru To: Sent: Sunday, February 23, 2003 11:37 PM Subject: two 1900 catalyst switches cannot exchange VLAN info even [7:63613] all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63937t=63937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: two 1900 catalyst switches cannot exchange VLAN info even [7:63939]
ok I will try that out --- Larry Letterman wrote: to get all the bells and whistles you need to run Enterprise version of 1900 operating cose. Larry Letterman Network Engineer Cisco Systems - Original Message - From: suaveguru To: Larry Letterman ; Sent: Wednesday, February 26, 2003 4:39 PM Subject: Re: two 1900 catalyst switches cannot exchange VLAN info even [7:63836] not sure , you mean the code version do play a part? So if it does play a part what code version should I run ? regards, suaveguru --- Larry Letterman wrote: what version of 1900 code are they running.? Larry Letterman Network Engineer Cisco Systems - Original Message - From: suaveguru To: Sent: Sunday, February 23, 2003 11:37 PM Subject: two 1900 catalyst switches cannot exchange VLAN info even [7:63613] all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ [EMAIL PROTECTED] to [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63939t=63939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Trunking + Access lista [7:63739]
Hi When using vlan trunking from a router, for example in a router on a stick enviroment, I would create subinterfaces on the ethernet interface on the router, does that in some way limit the use of access-lista to controle traffic, like traffic between the vlans and out of the router through another interface ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63739t=63739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Trunking + Access lista [7:63739]
No, subinterfaces on a trunked port fully support acl's in the same manner as physical interfaces. Same for other services such as NAT, CBAC, policy routing, etc. HTH, Kent On Tue, 2003-02-25 at 11:47, Skarphedinsson Arni V. wrote: Hi When using vlan trunking from a router, for example in a router on a stick enviroment, I would create subinterfaces on the ethernet interface on the router, does that in some way limit the use of access-lista to controle traffic, like traffic between the vlans and out of the router through another interface ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63771t=63739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Trunking + Access lista [7:63739]
ACL's should still work on the router. It will treat a vlan interface similarly just like a regular L3 interface. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Skarphedinsson Arni V. To: Sent: Tuesday, February 25, 2003 8:47 AM Subject: VLAN Trunking + Access lista [7:63739] Hi When using vlan trunking from a router, for example in a router on a stick enviroment, I would create subinterfaces on the ethernet interface on the router, does that in some way limit the use of access-lista to controle traffic, like traffic between the vlans and out of the router through another interface ? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63811t=63739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: two 1900 catalyst switches cannot exchange VLAN info even [7:63836]
what version of 1900 code are they running.? Larry Letterman Network Engineer Cisco Systems - Original Message - From: suaveguru To: Sent: Sunday, February 23, 2003 11:37 PM Subject: two 1900 catalyst switches cannot exchange VLAN info even [7:63613] all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63836t=63836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
two 1900 catalyst switches cannot exchange VLAN info even [7:63613]
all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63613t=63613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: two 1900 catalyst switches cannot exchange VLAN in [7:63613]
suaveguru wrote: all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do Yes, I'll tell you what to do. :-) Check your configs. Also send us your configs. How can we help without your configs? It sounds like the two switches aren't in the same VTP domain maybe? They must be. Check the spelling and case for the domain name. It is case sensitive. Check for invisible spaces and other weird non-printable characters if there's no obvious typo. Tell us more about the VTP modes in use on the swithces. Are they VTP servers or clients or in transparent mode? Check the version of VTP. There are two versions. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63642t=63613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: two 1900 catalyst switches cannot exchange VLAN in [7:63683]
Don't you have to running the Enterprise version of the software for VTP to work?? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: 24 February 2003 21:35 To: [EMAIL PROTECTED] Subject: RE: two 1900 catalyst switches cannot exchange VLAN in [7:63613] suaveguru wrote: all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do Yes, I'll tell you what to do. :-) Check your configs. Also send us your configs. How can we help without your configs? It sounds like the two switches aren't in the same VTP domain maybe? They must be. Check the spelling and case for the domain name. It is case sensitive. Check for invisible spaces and other weird non-printable characters if there's no obvious typo. Tell us more about the VTP modes in use on the swithces. Are they VTP servers or clients or in transparent mode? Check the version of VTP. There are two versions. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63683t=63683 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN routing [7:63412]
Dear All, I am new newbie in VLAN routing and don't have enough equipments to test myself. If I have the following setup. The tagged port 1 need include vlan 1,2,3,4 or simply include vlan 1,2 to make all 4 VLANs routable? Similiar in tagged port2, include 1,2,3,4 or 3,4 only? Layer3 switch /\ / \ tagged port1 tagged port2 /\ / \ Layer2 switchLayer2 switch /\ / \ vlan1 vlan2 vlan3vlan4 Thanks in advance. rgds, Happy World Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63412t=63412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN routing [7:63412]
By default a trunk port will carry all VLANs, which it will need to do in the setup you have illustrated. If you prune the other VLANs at the second switch, the users in VLANs 3 and 4 on the third switch will be cut off. Happy World wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I am new newbie in VLAN routing and don't have enough equipments to test myself. If I have the following setup. The tagged port 1 need include vlan 1,2,3,4 or simply include vlan 1,2 to make all 4 VLANs routable? Similiar in tagged port2, include 1,2,3,4 or 3,4 only? Layer3 switch /\ / \ tagged port1 tagged port2 /\ / \ Layer2 switchLayer2 switch /\ / \ vlan1 vlan2 vlan3vlan4 Thanks in advance. rgds, Happy World Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63422t=63412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: native vlan, trunking question [7:63309]
Native VLAN is the vlan which is is untagged with VLAN information or tags. IE, by default, VLAN 1 is untagged, meaning other devices which do not understand vlan's, can understand traffic from a vlan 1 port (for example). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63354t=63309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: native vlan, trunking question [7:63309]
A native VLAN is the VLAN that that port uses when trunking breaks down. Thats it. If you don't set it to a specific VLAN in the config, then the native VLAN will be the default vlan. On cisco, this is VLAN 1. Normally, the trunk is up and running and the native vlan doesn't come into play. However, if the trunking goes down for any reason, the port reverts to the native vlan. At that point, only traffic on that vlan/subnet will get through the port. Typicxally, I will set the native vlan of trunking ports to the vlan that I'm using for network management so that I can get to the switch remotely if something goes wrong. Hope this helps, Karen *** REPLY SEPARATOR *** On 2/19/2003 at 2:38 AM supernet wrote: I'm confused on native vlan and trunking. Can I assign a port to a trunk (for all the vlans), then assign that port to a vlan100? Does that port belong to native vlan100? What means native vlan? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63400t=63309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
native vlan, trunking question [7:63309]
I'm confused on native vlan and trunking. Can I assign a port to a trunk (for all the vlans), then assign that port to a vlan100? Does that port belong to native vlan100? What means native vlan? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63309t=63309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
My posts on Layer 3 switching and VLAN [7:63224]
For some reason my responses are taking a REALLY long time to get to the list in relation to other people's responses, so the conversation is losing continuity. I sent an email at 8:55PM CST and I am writing this at 10:19PM CST and my 8:55 post still has not made it to the list. This is adding to the confusion. I think I had it all straight at Priscilla's posting with this history of LANs. Thanks! Stephen Hoover Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63224t=63224 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vlan help [7:62888]
hi. on a cisco2950, how can I configure a port to be tagged for one vlan and untagged for another? Please give me sample. thanks. - Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62888t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan help [7:62888]
CiscoNewbie wrote: hi. on a cisco2950, how can I configure a port to be tagged for one vlan and untagged for another? Please give me sample. thanks. switchport mode trunk switchport trunk native vlan That will 802.1Q tag all frames except those in vlan . You can't have more than one untagged VLAN. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62899t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan help [7:62888]
M.C. van den Bovenkamp wrote: switchport mode trunk switchport trunk native vlan That will 802.1Q tag all frames except those in vlan . You can't have more than one untagged VLAN. OK, groupstudy doesn't like angle brackets; forgot about that. That would be 'switchport trunk native vlan X' and '...in vlan X.' Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62903t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question on wireless Vlan Trunking BOOTPC issues -Please [7:62628]
I am setting up a wireless bridge and Access point to trunk 2 vlans - One is Vlan 11 ( Voice ), and One is default Vlan 1. Here is the issue. If on vlan 11, (by associated SSID mapped to vlan 11)wireless client (ip phone) gets a ip assigned by dhcp no problem in vlan 11. (dhcp server for the voice vlan subnet sits across the WAN, and AP pipes in through a dot1q trunk port into a 3524 that has a switchport access vlan 11 port piped directly to a 3660 router that only runs the vlan 11 Subnet (10.46.3.0/24). The data vlan 1, and voice vlan 11 ( voice ) were, before this wireless addition 2 flat networks with no intervlan routing, and no trunking involved anywhere in the network. All people in the data vlan 1, pipe into regular switch ports with uplink to a cat 6006, connected to a 3640 that only has main interface routing the vlan 1 layer 3 subnet across the WAN. The dhcp server for data vlan 1 sits on vlan 1 locally(10.44.185.0/21) Issue at hand - If I put my laptop on Vlan 1 using wireless (by associated SSID)and give myself a static ip, I have full connectivity on VLAN 1. (trunking is fine, and both vlans flow through the switch fabric). If I set my laptop to DHCP on SSID VLAN 1, DHCP does not work? Protocol analyzer produces nothing but shows me issuing bootpc requests with no responses. If I pipe directly into the 3524 switch (using switchport access vlan 1) that the Access Point trunks directly into, and use DHCP, I pick up an ip right away, so I have pinned it down to a issue with BOOTPC broadcast going across the Proper broadcast domain (vlan1) when connecting wireless? I think the issue, is because the access point has first associated with the DHCP server reachable Via vlan 11, which existed prior to adding data vlan to the picture of the wireless setup (through helper address on vlan 11's subnet's router), and read that the Cisco 350 access point's do associate with the last DHCP server they contacted, so I increased the timeout on the AP to search for multiple DHCP servers, but to no avail? I realize this is a weird setup, and I did not design, and am only there to make the 2 vlans work and utilize dhcp functionality either from a IP phone, or A pc on the data VLAN using wireless( BY associated SSID ) All criteria has been met, minus DHCP functionality from VLAN 1 ? Has anyone run into this, or something similar? Is there an issue when trunking vlans using wireless using multiple DHCP servers on different VLANS? Any comments or help would be appreciated Note- The customer does not want to intervlan route,and use a single DHCP server with multiple scopes? I discussed this possibility. Thanks! Brett Michael Spunt CCNP,CIPT,MCSE Computer Network Innovations [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62628t=62628 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vlan map in Cat.3550 switch [7:62493]
Hi all, I would like to configure ip access control within a same VLAN at a Cat.3550 switch, so that unauthorized users cannot access the critical servers even they are at same vlan. I found that vlan map can do this. Does anyone use vlan map before? Is it stable? Is it difficult in troubleshooting? Regards, Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62493t=62493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VLAN Help-Group Study [7:62293]
Emile, Since a trunk link carries multiple VLANs, each packet needs to be tagged with the VLAN it originates from. You need to tell the switch which form of encapsulation you're using so that it can tag the packets before sending them to the router over the trunk link. Also, when the router sends the packets back to the switch it will tag them with their destination VLAN so that the switch knows which VLAN they should go to. Since both ends of the link need to understand which form of encapsulation is being used, both ends need to be configured with that info. The native VLAN of a trunk port is the VLAN that it reverts to when trunking goes down. Its usually a good idea to set this to whatever VLAN you need to use to get to the switch remotely if that happens (generally the management VLAN). Otherwise you have to hook up to the console port to troubleshoot the switch. Basically, that that means you should be able to connect to the switch's IP address via telnet without having to go through a router since the trunk link can't pass traffic from any other VLAN except the native one if trunking is down. One last thing, its not a good idea to enable Portfast on any port that you KNOW connects to a router, another switch, or a hub. Enable it only on a port that connects to an end node. Portfast bypasses the usual spanning tree stuff to speed up the initial connection. Normally, any link to a router, switch, or hub will be up all the time so spanning tree isn't a problem. Portfast is designed to overcome the problem that computers have with connecting when the port is blocked due to spanning tree going through its paces. I hope that this helps. Let me know if there's anything else I can help with. Karen *** REPLY SEPARATOR *** On 2/3/2003 at 12:04 AM Emile Harding wrote: Ok Karen,Let me make sure I understand you correctly.thank you for your help in advanced This config is what I have on the switch,I have no VLAN attached to it. I understand all your point except your second one.I thought ISL was programmed on the router end and not in the switch.I do have trunking enabled on the switch.Could you please correct any configs I may have in the switch and the router and let me know what they are I am assuming the following command lets me know I am using VLAN 3.correct switchport trunk native 3 interface FastEthernet0/16 switchport mode trunk spanning-tree portfast From: Karen E Young Reply-To: [EMAIL PROTECTED] To: Emile Harding CC: [EMAIL PROTECTED] Subject: Re: Cisco VLAN Help-Group Study [7:62293] Date: Fri, 31 Jan 2003 18:45:00 -0800 MIME-Version: 1.0 Received: from mclean.mail.mindspring.net ([207.69.200.57]) by mc5-f13.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 31 Jan 2003 18:45:57 -0800 Received: from user-2ini8mv.dialup.mindspring.com ([165.121.34.223] helo=sparky)by mclean.mail.mindspring.net with esmtp (Exim 3.33 #1)id 18enfE-0002R9-00; Fri, 31 Jan 2003 21:45:53 -0500 X-Message-Info: dHZMQeBBv44lPE7o4B5bAg== Message-ID: In-Reply-To: References: X-Mailer: Calypso Version 3.30.00.00 (4) Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Feb 2003 02:45:57.0798 (UTC) FILETIME=[0C48E460:01C2C99C] Emile, Here's what I see right off hand... 1) You aren't trunking. The switch isn't set up for it. Pick a port to connect the switch to the router with and configure it to trunk. Make sure that it isn't set up with a VLAN as this can interfer witht eh trunking. Example, if you want FE0/1 to be your trunk and its native VLAN to be VLAN 3: interface FastEthernet0/1 switchport trunk encapsulation isl switchport mode trunk switchport trunk native 3 this set ts the default (non-trunking) vlan of the port to VLAN 3, sets the trunking encfapsulation to ISL, and tells the port to act as a trunk with the configured encapsulation. 2) You're set up up to run each VLAN into the router via separate links. Kind of negates the idea of using trunking doesn't it? See #1 3) Your switch's IP address is on one of your production VLANs. Not a good idea since high traffic can swamp out control and management traffic between the various switches and the router. *** REPLY SEPARATOR *** On 2/1/2003 at 12:25 AM Emile Harding wrote: I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0
Re: Cisco VLAN Help-Group Study [7:62293]
Ok Karen,Let me make sure I understand you correctly.thank you for your help in advanced This config is what I have on the switch,I have no VLAN attached to it. I understand all your point except your second one.I thought ISL was programmed on the router end and not in the switch.I do have trunking enabled on the switch.Could you please correct any configs I may have in the switch and the router and let me know what they are I am assuming the following command lets me know I am using VLAN 3.correct switchport trunk native 3 interface FastEthernet0/16 switchport mode trunk spanning-tree portfast From: Karen E Young Reply-To: [EMAIL PROTECTED] To: Emile Harding CC: [EMAIL PROTECTED] Subject: Re: Cisco VLAN Help-Group Study [7:62293] Date: Fri, 31 Jan 2003 18:45:00 -0800 MIME-Version: 1.0 Received: from mclean.mail.mindspring.net ([207.69.200.57]) by mc5-f13.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 31 Jan 2003 18:45:57 -0800 Received: from user-2ini8mv.dialup.mindspring.com ([165.121.34.223] helo=sparky)by mclean.mail.mindspring.net with esmtp (Exim 3.33 #1)id 18enfE-0002R9-00; Fri, 31 Jan 2003 21:45:53 -0500 X-Message-Info: dHZMQeBBv44lPE7o4B5bAg== Message-ID: In-Reply-To: References: X-Mailer: Calypso Version 3.30.00.00 (4) Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Feb 2003 02:45:57.0798 (UTC) FILETIME=[0C48E460:01C2C99C] Emile, Here's what I see right off hand... 1) You aren't trunking. The switch isn't set up for it. Pick a port to connect the switch to the router with and configure it to trunk. Make sure that it isn't set up with a VLAN as this can interfer witht eh trunking. Example, if you want FE0/1 to be your trunk and its native VLAN to be VLAN 3: interface FastEthernet0/1 switchport trunk encapsulation isl switchport mode trunk switchport trunk native 3 this set ts the default (non-trunking) vlan of the port to VLAN 3, sets the trunking encfapsulation to ISL, and tells the port to act as a trunk with the configured encapsulation. 2) You're set up up to run each VLAN into the router via separate links. Kind of negates the idea of using trunking doesn't it? See #1 3) Your switch's IP address is on one of your production VLANs. Not a good idea since high traffic can swamp out control and management traffic between the various switches and the router. *** REPLY SEPARATOR *** On 2/1/2003 at 12:25 AM Emile Harding wrote: I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0 of the router.I am also using ISL. On the switch I am using port 1-16 on VLAN 3 and ports 17-24 on VLAN 10 Workstation 2 is connected to port 17 which is on VLAN 10 Workstation 1 is connected to port 3 which is on VLAN 3 Workstation 1 Ip address=192.168.1.45 subnet=255.255.255.0 gateway=192.168.1.1 Workstation 2 Ip address=192.168.0.54 subnet=255.255.255.0 gateway=192.168.0.1 _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Current configuration: ! version 12.0 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Switch1-1 ! enable secret 5 $1$AppX$lxWOJEnWjeksz3O2bpPvs/ ! ! ip subnet-zero ! cluster commander-address 0001.96b1.0b40 ! ! interface FastEthernet0/1 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 3 spanning-tree portfast ! interface
Mgmt VLAN [7:62283]
I have a 6509 switch with Cisco IOS in it. I have created a sepearte VLAN for the managment purpose, and the only way to bring the Managment VLAN up to assign a port to the VLAN. In most designs, that is not a problem since there are other IDF switches connected to the backbone switch and trunking mechanism allows ports to assign to multiple vlans, and gladly we add the management vlan to this trunking port. However, what could be done in a small network where there is no other switches accept 6500, with only 2 or 3 vlans for users, servers, and the internet respectively. Since each port is a member of its specific vlan, and no trunking is needed, is there any techniqe to bring the managment vlan up w/o assigning any port?. I just don't waste a port for the managment vlan only. One thought, I had to make any data port (For example, my laptop connection port) to be a trunk port, and assign the port to user and mgmt vlan. Any suggestions. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62283t=62283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VLAN Help-Group Study [7:62293]
I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0 of the router.I am also using ISL. On the switch I am using port 1-16 on VLAN 3 and ports 17-24 on VLAN 10 Workstation 2 is connected to port 17 which is on VLAN 10 Workstation 1 is connected to port 3 which is on VLAN 3 Workstation 1 Ip address=192.168.1.45 subnet=255.255.255.0 gateway=192.168.1.1 Workstation 2 Ip address=192.168.0.54 subnet=255.255.255.0 gateway=192.168.0.1 _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Current configuration: ! version 12.0 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Switch1-1 ! enable secret 5 $1$AppX$lxWOJEnWjeksz3O2bpPvs/ ! ! ip subnet-zero ! cluster commander-address 0001.96b1.0b40 ! ! interface FastEthernet0/1 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/16 switchport mode trunk spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 10 spanning-tree portfast ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.1.2 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface VLAN10 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.1.1 snmp-server engineID local 000902D09760DAC0 snmp-server community public RO snmp-server community public@es3 RO snmp-server location Miami Corp Building 1st Floor snmp-server chassis-id 0x0E ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password 7 121A0C041104 login line vty 5 15 login ! end Building configuration... Current configuration : 1833 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! logging rate-limit console 10 except errors enable secret 5 $1$K0b.$trJY6jiYKI/2Rodpoie7f0 enable password 7 14141B180F0B ! ip subnet-zero ! ! no ip finger no ip domain-lookup ! no ip dhcp-client network-discovery call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation isl 3 ip address 192.168.1.1 255.255.255.0 no ip redirects ! interface FastEthernet0/0.2 encapsulation isl 10 ip address 192.168.0.1 255.255.255.0 no ip redirects ! interface Serial0/0 description Frame-Relay Network bandwidth 256 no ip address encapsulation frame-relay
Re: Cisco VLAN Help-Group Study [7:62293]
can you please provide the Ethernet and ethernet subinterface configurations for the router? can you provide the configurations for the appropriate switch ports? do you have the default gateways configured correctly on the workstations? do you need ip subnet-zero configured on the router? ( older IOS might require this ) -- TANSTAAFL there ain't no such thing as a free lunch Emile Harding wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0 of the router.I am also using ISL. On the switch I am using port 1-16 on VLAN 3 and ports 17-24 on VLAN 10 Workstation 2 is connected to port 17 which is on VLAN 10 Workstation 1 is connected to port 3 which is on VLAN 3 Workstation 1 Ip address=192.168.1.45 subnet=255.255.255.0 gateway=192.168.1.1 Workstation 2 Ip address=192.168.0.54 subnet=255.255.255.0 gateway=192.168.0.1 _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Current configuration: ! version 12.0 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Switch1-1 ! enable secret 5 $1$AppX$lxWOJEnWjeksz3O2bpPvs/ ! ! ip subnet-zero ! cluster commander-address 0001.96b1.0b40 ! ! interface FastEthernet0/1 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/16 switchport mode trunk spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 10 spanning-tree portfast ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.1.2 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface VLAN10 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.1.1 snmp-server engineID local 000902D09760DAC0 snmp-server community public RO snmp-server community public@es3 RO snmp-server location Miami Corp Building 1st Floor snmp-server chassis-id 0x0E ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password 7 121A0C041104 login line vty 5 15 login ! end Building configuration... Current configuration : 1833 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service udp-small-servers service tcp-small
RE: Cisco VLAN Help-Group Study [7:62293]
The router has under router eigrp 100 a network statement for 192.168.0.0 but not for 192.168.1.0 -Original Message- From: Emile Harding [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 6:25 PM To: [EMAIL PROTECTED] Subject: Cisco VLAN Help-Group Study [7:62293] I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0 of the router.I am also using ISL. On the switch I am using port 1-16 on VLAN 3 and ports 17-24 on VLAN 10 Workstation 2 is connected to port 17 which is on VLAN 10 Workstation 1 is connected to port 3 which is on VLAN 3 Workstation 1 Ip address=192.168.1.45 subnet=255.255.255.0 gateway=192.168.1.1 Workstation 2 Ip address=192.168.0.54 subnet=255.255.255.0 gateway=192.168.0.1 _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Current configuration: ! version 12.0 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Switch1-1 ! enable secret 5 $1$AppX$lxWOJEnWjeksz3O2bpPvs/ ! ! ip subnet-zero ! cluster commander-address 0001.96b1.0b40 ! ! interface FastEthernet0/1 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/16 switchport mode trunk spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 10 spanning-tree portfast ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.1.2 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface VLAN10 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.1.1 snmp-server engineID local 000902D09760DAC0 snmp-server community public RO snmp-server community public@es3 RO snmp-server location Miami Corp Building 1st Floor snmp-server chassis-id 0x0E ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password 7 121A0C041104 login line vty 5 15 login ! end Building configuration... Current configuration : 1833 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! logging rate-limit console 10 except errors enable secret 5 $1$K0b.$trJY6jiYKI/2Rodpoie7f0 enable password 7 14141B180F0B ! ip subnet
Re: Cisco VLAN Help-Group Study [7:62293]
Emile, Here's what I see right off hand... 1) You aren't trunking. The switch isn't set up for it. Pick a port to connect the switch to the router with and configure it to trunk. Make sure that it isn't set up with a VLAN as this can interfer witht eh trunking. Example, if you want FE0/1 to be your trunk and its native VLAN to be VLAN 3: interface FastEthernet0/1 switchport trunk encapsulation isl switchport mode trunk switchport trunk native 3 this set ts the default (non-trunking) vlan of the port to VLAN 3, sets the trunking encfapsulation to ISL, and tells the port to act as a trunk with the configured encapsulation. 2) You're set up up to run each VLAN into the router via separate links. Kind of negates the idea of using trunking doesn't it? See #1 3) Your switch's IP address is on one of your production VLANs. Not a good idea since high traffic can swamp out control and management traffic between the various switches and the router. *** REPLY SEPARATOR *** On 2/1/2003 at 12:25 AM Emile Harding wrote: I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0 of the router.I am also using ISL. On the switch I am using port 1-16 on VLAN 3 and ports 17-24 on VLAN 10 Workstation 2 is connected to port 17 which is on VLAN 10 Workstation 1 is connected to port 3 which is on VLAN 3 Workstation 1 Ip address=192.168.1.45 subnet=255.255.255.0 gateway=192.168.1.1 Workstation 2 Ip address=192.168.0.54 subnet=255.255.255.0 gateway=192.168.0.1 _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Current configuration: ! version 12.0 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Switch1-1 ! enable secret 5 $1$AppX$lxWOJEnWjeksz3O2bpPvs/ ! ! ip subnet-zero ! cluster commander-address 0001.96b1.0b40 ! ! interface FastEthernet0/1 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/16 switchport mode trunk spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 10 spanning-tree portfast ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.1.2 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface VLAN10 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.1.1 snmp-server engineID local 000902D09760DAC0 snmp-server community public RO snmp-server community public@es3 RO snmp-server location Miami Corp Building 1st Floor snmp-server chassis-id 0x0E ! line con 0 exec
RE: Cisco VLAN Help-Group Study [7:62293]
Since the interfaces are directly connected it shouldn't matter. The routes are already there. Doesn't need EIGRP for that. Remember your administrative distances. *** REPLY SEPARATOR *** On 2/1/2003 at 2:02 AM Daniel Cotts wrote: The router has under router eigrp 100 a network statement for 192.168.0.0 but not for 192.168.1.0 -Original Message- From: Emile Harding [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 6:25 PM To: [EMAIL PROTECTED] Subject: Cisco VLAN Help-Group Study [7:62293] I am having a problem getting two VLANS to work.Help, I can't ping I am using ISL as my trunking protocol.As far as I know you have to enable trunking on the switch and use one of the trunking protocols on the router(which I choose ISL)..Please help me and if I have any configs wrong,please let me know. I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router with two fastethernet ports. I have the configs for the router and the switch below. I have spanning-tree enabled and I am using VTP in server mode because I plan on adding 8 more swtiches. I have trunking enabled on port 16 of the switch with a straight through cable that is connected to Fast Ethernet 0/0 of the router.I am also using ISL. On the switch I am using port 1-16 on VLAN 3 and ports 17-24 on VLAN 10 Workstation 2 is connected to port 17 which is on VLAN 10 Workstation 1 is connected to port 3 which is on VLAN 3 Workstation 1 Ip address=192.168.1.45 subnet=255.255.255.0 gateway=192.168.1.1 Workstation 2 Ip address=192.168.0.54 subnet=255.255.255.0 gateway=192.168.0.1 _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Current configuration: ! version 12.0 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname Switch1-1 ! enable secret 5 $1$AppX$lxWOJEnWjeksz3O2bpPvs/ ! ! ip subnet-zero ! cluster commander-address 0001.96b1.0b40 ! ! interface FastEthernet0/1 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 3 spanning-tree portfast ! interface FastEthernet0/16 switchport mode trunk spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 10 spanning-tree portfast ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN3 ip address 192.168.1.2 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface VLAN10 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.1.1 snmp-server engineID local 000902D09760DAC0 snmp-server community public RO snmp-server community public@es3 RO snmp-server location Miami Corp Building 1st Floor snmp-server chassis-id 0x0E ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password 7 121A0C041104 login line vty 5 15 login ! end Building configuration... Current configuration : 1833 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug datetime localtime service timestamps log datetime
Defautl VLAN woes [7:62152]
All, This will probably sound like a horrendous situation but unfortunately networks are not always master-planned communities! However, I have a Cisco router connected to a 2924 switch connected to a Riverstone 8600 There are 2 100FX connections coming from the GSR to the 2924 and 2 10/100 (Cu) connection from the 2924 to the 8600 (yes, a loop) The first connection is a routed connection with the GSR and the 8600 both having L3 addresses on their respective ports ( .1 and .2 /30) The second connection is a L2 tagged connection trunking VLANs 25 and 26. When I set the 2924 for switchport mode multi it will move the VLANS but raises hell since the MTU is off and there is packet loss. To fix that scenario I use siwtchport mode trunk to get the right MTU. But my problem is this..in trunk mode the defualt VLAN, VLAN 1 is automatically included. I have tried to remove it (switchport mode trunk allowed-vlans remove 1) but it does not remove. I can exclude the default VLAN on the riverstone, but wiht the Cisco transporting it the RS freaks out since it hears it's own MAC on two different ports. The RS had no problem when the Cisco was in multi mode since the default VLAN was not transported x.x.64.1/30 x.x.64.2/30 GSR 7/0 2924 -- et.2.2 RS8600 7/1 -- 25-- ---25- et.2.4 My question/problems: Does anyone know if it is possible to have a trunk on a 2924 and not include VLAN1 ? Is my only other alternate to make the routed connection connect to access ports on the 2924 and exclude that VLAN from the trunk on the tagged connection? Any ideas? Thanks for you time and in advance for any help, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62152t=62152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Defautl VLAN woes [7:62152]
To my knowledge, the IOS based switches I have in my network, the vlan 1 can't be removed from the trunks, in the case of 2924/2950/3524... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Jim Devane To: Sent: Wednesday, January 29, 2003 3:53 PM Subject: Defautl VLAN woes [7:62152] All, This will probably sound like a horrendous situation but unfortunately networks are not always master-planned communities! However, I have a Cisco router connected to a 2924 switch connected to a Riverstone 8600 There are 2 100FX connections coming from the GSR to the 2924 and 2 10/100 (Cu) connection from the 2924 to the 8600 (yes, a loop) The first connection is a routed connection with the GSR and the 8600 both having L3 addresses on their respective ports ( .1 and .2 /30) The second connection is a L2 tagged connection trunking VLANs 25 and 26. When I set the 2924 for switchport mode multi it will move the VLANS but raises hell since the MTU is off and there is packet loss. To fix that scenario I use siwtchport mode trunk to get the right MTU. But my problem is this..in trunk mode the defualt VLAN, VLAN 1 is automatically included. I have tried to remove it (switchport mode trunk allowed-vlans remove 1) but it does not remove. I can exclude the default VLAN on the riverstone, but wiht the Cisco transporting it the RS freaks out since it hears it's own MAC on two different ports. The RS had no problem when the Cisco was in multi mode since the default VLAN was not transported x.x.64.1/30 x.x.64.2/30 GSR 7/0 2924 -- et.2.2 RS8600 7/1 -- 25-- ---25- et.2.4 My question/problems: Does anyone know if it is possible to have a trunk on a 2924 and not include VLAN1 ? Is my only other alternate to make the routed connection connect to access ports on the 2924 and exclude that VLAN from the trunk on the tagged connection? Any ideas? Thanks for you time and in advance for any help, Jim [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62156t=62152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Why multicast protocol packet in th VLAN changed [7:61937]
I have this situation: I connect four ethernet port to a hub . - --- | port1 |---| | | | | | | port2 |---| | | | | hub | | port3 |---| | | | | | | port4 |---| | | | --- - I also assign the port1 - port4 to a single vlan v1 the vlan v1 has ip 1.1.2.1/24 I enable protocol vrrp on the vlan v1 Vrrp protocol packet was send from port1-4 However , because the four ports send multicast packet, the packet length changed ,increase and then decrease. I do not know why ? Anyone can tell me the reason. I appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61937t=61937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan on a 3548 catalyst [7:61393]
If you use the web interface you can. -Original Message- From: Bob Perez [mailto:[EMAIL PROTECTED]] Sent: 20 January 2003 20:05 To: [EMAIL PROTECTED] Subject: vlan on a 3548 catalyst [7:61393] Can I assign multiple ports to a vlan in one swoop rather than each one individually? IOS on a 3548XL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61442t=61393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
