Re: Native VLAN question [7:64431]
Jim, When you encapsulate your router interface with dot1q you are turning it into a trunk port. All of the traffic coming out of that port will be tagged with a vlan id except for traffic generated on the native vlan. By default, any subinterface encapped with vlan 1 will be native and its traffic will be untagged. If you want a subinterface other than one encapped as vlan 1 to generate untagged frames, then you will need to add the native keyword to the end of the encap statement. BTW: 1. Encapping subifs to dot1q makes that interface a trunk port, but not a switch port (does not generate stp frames, e.g). 2. You need to connect this router port to a switch port that is a dot1q trunk, and the native vlans must match (if you want it to work). I have an Ethereal capture of traffic from such a port showing the native vlan traffic untagged if you are interested. HTH, -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: Jim Devane To: Sent: Tuesday, March 04, 2003 10:49 PM Subject: Native VLAN question [7:64431] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64477t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Native VLAN question [7:64431]
I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64431t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64434t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
Sam or Bill Ok, fair enough. But if I create an uplink to a router and specifically define VLANs e.g. 25, 26, 27 etc. I assume (yes, I realize the danger) that VLAN 1 will be included. However, I am concerned on how to create the router interface the switch is linking to. In the config I posted I created sub-interfaces and ties the VLANs to them and defined the subnet (albeit only /30's) that is in the VLAN. I am wondering how the VLAN 1 traffic will react to the interface. I would like to be able to route from the VLAN 1 interface on the 3550 to the router. I am not sure about the untagged comment. When the traffic leaves the 3550 on it's way to the router is there a VLAN ID of 1? I somehow doubt it. I believe the VLAN 1 is used in the switch itself. Perhaps I am wrong, but it seems to me with the scenario I am working that there would be traffic that has an explicit VLAN ID defined and other traffic that has no VLAN ID set (untagged) This is just what I assume and am not sure however. Is it the case that if the traffic leaves the switch on a trunk port it populates the VLAN ID with 1? Thank you for your response. I am still looking for answers/input as well. - Original Message - From: Bill To: Sent: Tuesday, March 04, 2003 8:19 PM Subject: Re: Native VLAN question [7:64431] Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64441t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
I would tend to think that all frames will be switched since its a layer 2 bridge...Switches/bridges dont route traffic. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Bill To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 8:19 PM Subject: Re: Native VLAN question [7:64431] Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
The ethernet interface with its sub-interfaces is a vlan interface on each of the sub-interfaces...Tagging is only for switch ports that are set up as trunks I believe... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Jim Devane To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 7:49 PM Subject: Native VLAN question [7:64431] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64447t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quick Vlan question [7:49533]
Hi, If I have two Vlans and want to route between them using an external router, but the router has only 10mb ports, how can it be done? I can't use ISL or 802.1q because it isn't supported on 10mb/s ports, correct? Does every Vlan need a separate physical connection? or do i use sub interfaces? please advise. thank you -DJ - Get a bigger mailbox -- choose a size that fits your needs. http://uk.docs.yahoo.com/mail_storage.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49533t=49533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick Vlan question [7:49533]
ISL is not supported on 10mbs interfaces. You need the ISL header so that you retain the VLAN information. If you had a 100mbs interface is would look something like this. This would set up int fa0/0 as a trunk and it would be trunking VLAN 1,2,3. int fa0/0.1 encapsulation isl 1 Ip address 10.0.1.1 255.255.255.0 int fa0/0.2 encapsulation isl 2 ip address 10.0.2.1 255.255.255.0 int fa0/0.3 encapsulation isl 3 ip address 10.0.3.1 255.255.255.0 router rip network 10.0.0.0 on the switch set up the port you are connecting to the router with as a trunk and make sure VLANS 1,2,3 are in it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49553t=49533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick Vlan question [7:49533]
Well, here's the deal. What's the reason for the VLANs? Since each of the PCs in each VLAN are on a different IP subnet, it's possible to just combine all of the PCs into a single VLAN, then setup the router interface with two IP addresses (one for each IP subnet). If your reason for the VLANs is security, then that my suggestion won't work. But if there's no security reason, it shouldn't hurt to have them all in the same VLAN. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49555t=49533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick Vlan question [7:49533]
=?iso-8859-1?q?maine=20dude?= wrote: Hi, If I have two Vlans and want to route between them using an external router, but the router has only 10mb ports, how can it be done? I can't use ISL or 802.1q because it isn't supported on 10mb/s ports, correct? Does every Vlan need a separate physical connection? or do i use sub interfaces? You say 10mb ports, i.e. plural. If the router has two ports, use them both, one for one VLAN and one for the other. It's as simple as that. I have this same problem in my home lab due to ancient equipment. I simply put e0 on the router in subnet 172.16.10.0 and e1 on the router in subnet 172.16.50.0. I connect one of my switches to the router using two ports on the switch, one going to e0 and one going to e1 on the router. These don't even have to be trunk ports, just any old ports. On the switch I have some devices in VLAN 1 (172.16.10.0) and some in VLAN 2 (172.16.50.0). The devices use the appropriate router address for their default gateway. I have the swtich connected to another switch in a redundant fashion to get some practice with trunking, etc., but the router just acts like an ordinary router from the pre-VLAN days when life was simple. ;-) Priscilla Oppenheimer http://www.priscilla.com please advise. thank you -DJ - Get a bigger mailbox -- choose a size that fits your needs. http://uk.docs.yahoo.com/mail_storage.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49590t=49533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick Vlan question [7:49533]
There are some router models that have 10Mb interfaces that support trunking (Dot1Q). What differentiates them is the IOS feature set. You need IP+ on some of the older models whereas most of the newer models have 100Mb interfaces and support trunking with just the IP feature set. If your router is a Cisco device and it turns out it will support trunking, then once you setup the trunking parameters, you would then create sub-interfaces for each VLAN. Rik -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 6:33 PM To: [EMAIL PROTECTED] Subject: RE: Quick Vlan question [7:49533] =?iso-8859-1?q?maine=20dude?= wrote: Hi, If I have two Vlans and want to route between them using an external router, but the router has only 10mb ports, how can it be done? I can't use ISL or 802.1q because it isn't supported on 10mb/s ports, correct? Does every Vlan need a separate physical connection? or do i use sub interfaces? You say 10mb ports, i.e. plural. If the router has two ports, use them both, one for one VLAN and one for the other. It's as simple as that. I have this same problem in my home lab due to ancient equipment. I simply put e0 on the router in subnet 172.16.10.0 and e1 on the router in subnet 172.16.50.0. I connect one of my switches to the router using two ports on the switch, one going to e0 and one going to e1 on the router. These don't even have to be trunk ports, just any old ports. On the switch I have some devices in VLAN 1 (172.16.10.0) and some in VLAN 2 (172.16.50.0). The devices use the appropriate router address for their default gateway. I have the swtich connected to another switch in a redundant fashion to get some practice with trunking, etc., but the router just acts like an ordinary router from the pre-VLAN days when life was simple. ;-) Priscilla Oppenheimer http://www.priscilla.com please advise. thank you -DJ - Get a bigger mailbox -- choose a size that fits your needs. http://uk.docs.yahoo.com/mail_storage.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49597t=49533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Stupid Access-List/VLAN question [7:43128]
Here's the deal... I have a 5500 with RSM with a few VLANs on it, each VLAN with an IP and the RSM is handling the routing for all VLANs. I've got one VLAN in particular (511) that I'm experimenting with I made the following access list: Router#(config)access-list 10 deny any log (I know this seems stupid because of the implicit deny, but I'm experimenting) then applied this to VLAN 511: Router#config t Router#(config)#int vlan 511 Router#(config-if)#ip access-group 10 in Router#(config-if)#ip access-group 10 out This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active in that subnet (10.51.1.0/24) as there are no devices setup yet. I do have a port on that VLAN connected to another (Nortel) switch, so the VLAN511 interface shows up/up when you do a 'sh int vlan511'. Here's my deal I'm in a different subnet a few hops away (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC shouldn't that access list deny all traffic coming in/out of that VLAN?!?! I check the log file after pinging (that VLAN IP from my PC) and there's nothing...(note the log argument was used on the access-list) I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the same access list to one of the serial interfaces, and when pinging from the other 2500, I get the expected timeouts... So why wouldn't applying this access list to a VLAN interface on an RSM do the same thing and prevent me from pinging the IP on that VLAN interface?!?!? Am I missing something? Is there something different about how the ACLs are applied to VLANs in an RSM as opposed to a physical interface on a router? I'm not aware of any such differences... Please feel free to humiliate and make fun me when telling me the simple something that I'm just not getting =) TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43128t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid Access-List/VLAN question [7:43128]
If 10.51.1.1 is the only IP active on that subnet, then the traffic is not being sourced from that network, thus rendering the ACL irrelevant. If, however, your host was connected to one of the ports on vlan 511, you would not be able to communicate with the RSM past the ACL. So, in other words, you are pinging from the other (open) side of the ACL. On Thu, 2002-05-02 at 11:43, Michael Williams wrote: Here's the deal... I have a 5500 with RSM with a few VLANs on it, each VLAN with an IP and the RSM is handling the routing for all VLANs. I've got one VLAN in particular (511) that I'm experimenting with I made the following access list: Router#(config)access-list 10 deny any log (I know this seems stupid because of the implicit deny, but I'm experimenting) then applied this to VLAN 511: Router#config t Router#(config)#int vlan 511 Router#(config-if)#ip access-group 10 in Router#(config-if)#ip access-group 10 out This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active in that subnet (10.51.1.0/24) as there are no devices setup yet. I do have a port on that VLAN connected to another (Nortel) switch, so the VLAN511 interface shows up/up when you do a 'sh int vlan511'. Here's my deal I'm in a different subnet a few hops away (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC shouldn't that access list deny all traffic coming in/out of that VLAN?!?! I check the log file after pinging (that VLAN IP from my PC) and there's nothing...(note the log argument was used on the access-list) I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the same access list to one of the serial interfaces, and when pinging from the other 2500, I get the expected timeouts... So why wouldn't applying this access list to a VLAN interface on an RSM do the same thing and prevent me from pinging the IP on that VLAN interface?!?!? Am I missing something? Is there something different about how the ACLs are applied to VLANs in an RSM as opposed to a physical interface on a router? I'm not aware of any such differences... Please feel free to humiliate and make fun me when telling me the simple something that I'm just not getting =) TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43135t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid Access-List/VLAN question [7:43128]
Jay, Thanks for your input. But shouldn't ACL keep anything from other VLANs from even pinging the gateway IP of VLAN511? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43152t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid Access-List/VLAN question [7:43128]
No, that's not the case. If you think of it visually, INTERNET-ROUTER-INTERFACE-ACL-LAN Then you will see that the internet can still access the interface, and it's address. Because really, you are pinging the router, not the interface or the LAN. On Thu, 2002-05-02 at 14:22, Michael Williams wrote: Jay, Thanks for your input. But shouldn't ACL keep anything from other VLANs from even pinging the gateway IP of VLAN511? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43168t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN question [7:32626]
Greetings all, Just for clarification purposes, are there any advantages/disadvantages or a specific purpose to change the mtu size for a vlan(Ethernet Vlans)? I looked everywhere on Cisco's page, no luck. Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32626t=32626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN question [7:32626]
Nabil, in my opinion it would not be to any advantage. Seems like more administrative overhead to keep up with. [EMAIL PROTECTED] wrote: Greetings all, Just for clarification purposes, are there any advantages/disadvantages or a specific purpose to change the mtu size for a vlan(Ethernet Vlans)? I looked everywhere on Cisco's page, no luck. Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32631t=32626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN question [7:32626]
Unless you have a very specific need for it, I would not waste the time wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings all, Just for clarification purposes, are there any advantages/disadvantages or a specific purpose to change the mtu size for a vlan(Ethernet Vlans)? I looked everywhere on Cisco's page, no luck. Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32643t=32626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Vlan Question? [7:22276]
Hello gang i have a question that invloves intervlan routing. let me explain what i want to accomplish and see if this is possible. this is a simple layout of my local lan one campus connected -2900 switchtransiver--fiber---fiber--cat5--35000xl--7513-. I disconnected the cat 5 that was connected to the 3500 and ran it straight into the 7513 where i had an extra ethernet port. my local lan is connected to another fast ethernet port. now that i connected to that 10mbs port the speed is slower, thats asumed, however, i dont know if by creating a vlan on the 2900 switch with trunking and on the 3500 switch i can route that seperate network ,campus 10.101.x.x, to my network 10.200.x.x. by the way this campus was in the 10.200.x.x network before. the idea was to split them up. but their backbone is now 10mbs.i was wondering if i could create a vlan2 for example with a separate ip in the remote campus and , do intervlan in the 7513. currently my lan here at the office all the switches are vlan 1. any suggestions will help, and i dont know if i explain the design ok will this work remote campus-2900switch--transiver--fiber---transiver---3500xl--7513 with subinterfaces 10.101.0.0with the existing fast ethertnet port that i have Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22276t=22276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question [7:4038]
Brad Shifflett wrote: The user is a very high political figure who is real cautious about security and paranoid. I like the idea of a seperate nic in the server and two subnets. The cost of switches could be a deciding factor. Thanks for the input guys! I hope he doesn't figure out that if the server gets compromised, he may be compromised along with it... =) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4038t=4038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question [7:4038]
Brad Shifflett wrote: The user is a very high political figure who is real cautious about security and paranoid. I like the idea of a seperate nic in the server and two subnets. The cost of switches could be a deciding factor. Thanks for the input guys! I hope he doesn't figure out that if the server gets compromised, he may be compromised along with it... =) It rather puzzles me how much emphasis the paranoid put on physical protection, yet don't seem to consider end-to-end encryption. Some of the military security guidelines do insist on physically separate switches, patch panels, etc. Remember, though, that they may have defined their environments for situations where the operators may have the minor distractions of being shot at. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4050t=4038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question
LOL... can you say obsessive compulsive Maybe he was into security but not a DRA plan one without the other doesn't do much good. ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 03:01 PM 3/22/2001 -0800, you wrote: The user is a very high political figure who is real cautious about security and paranoid. I like the idea of a seperate nic in the server and two subnets. The cost of switches could be a deciding factor. Thanks for the input guys! Brad It's scary to find someone that's paranoid and demanding about security, yet doesn't want to pay for it. I'd like to assume that such a person, of course, have done everything they should about making their host secure, including encrypting the sensitive files, rather than just obsessing about the network. Of course, I've also had a customer that insisted on being BGP multihomed to two providers, connected to one provider at two sites and having redundant SONET local loops at one of the site, yet only had one physical server. Yes, they had a tape backup on the server. No, they had no spare machine to which they could restore the tape. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 12:44 PM To: [EMAIL PROTECTED] Subject: Re: Vlan Question At 02:01 PM 3/22/2001 -0600, you wrote: We'll he could be wanting to isolate consultants to their own VLAN but have a need to update files on the server. In our case we have auditors come in from time to time and so we don't want them in with the rest of the world so we isolate them in their own VLAN and then setup an access list. They are only here temporary. So I could see how this is a legit question. but if the server isn't on the same VLAN, how do they get to it? How does it get to them? Routing between VLANs, and VLAN-aware NICs, are pretty much the only alternatives. VLANs were introduced to isolate groups, but there's nothing magical about them. If there is sensitive data around, you also want host-level security. ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:26 AM 3/22/2001 -0800, you wrote: Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. I'm somewhat confused. First, if he is somehow hidden, how does the server send back to the client? Second, if he is on one VLAN/subnet and the server is on another, sounds like a fairly basic routing application. Another would be to have a VLAN-aware NIC on the server. Without further information, this sounds like a user whim rather than a real requirement. There's a flavor of the user wanting security by obscurity. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Vlan Question
Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Vlan Question
Why wouldn't you just put the one person on a different subnet and then use ACL's to control traffic flow? What will deploying VLANs get you that subnetting wouldn't? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Shifflett Sent: March 22, 2001 9:27 AM To: Groupstudy (E-mail) Subject: Vlan Question Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question
Brad I expect you know - but you must have a layer3 device (router) between the two Vlans you can then apply access lists to the vlan interfaces on the router. What about dual NIC's in the server one connected to the Lan the other to the single user It would be a lot cheeper just don't allow the cards on the same network and don't let them forward (route) between each other. hope that's of some help - Original Message - From: "Brad Shifflett" [EMAIL PROTECTED] To: "Groupstudy (E-mail)" [EMAIL PROTECTED] Sent: Thursday, March 22, 2001 4:26 PM Subject: Vlan Question Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question
At 08:26 AM 3/22/2001 -0800, you wrote: Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. I'm somewhat confused. First, if he is somehow hidden, how does the server send back to the client? Second, if he is on one VLAN/subnet and the server is on another, sounds like a fairly basic routing application. Another would be to have a VLAN-aware NIC on the server. Without further information, this sounds like a user whim rather than a real requirement. There's a flavor of the user wanting security by obscurity. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question
We'll he could be wanting to isolate consultants to their own VLAN but have a need to update files on the server. In our case we have auditors come in from time to time and so we don't want them in with the rest of the world so we isolate them in their own VLAN and then setup an access list. They are only here temporary. So I could see how this is a legit question. ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:26 AM 3/22/2001 -0800, you wrote: Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. I'm somewhat confused. First, if he is somehow hidden, how does the server send back to the client? Second, if he is on one VLAN/subnet and the server is on another, sounds like a fairly basic routing application. Another would be to have a VLAN-aware NIC on the server. Without further information, this sounds like a user whim rather than a real requirement. There's a flavor of the user wanting security by obscurity. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question
At 02:01 PM 3/22/2001 -0600, you wrote: We'll he could be wanting to isolate consultants to their own VLAN but have a need to update files on the server. In our case we have auditors come in from time to time and so we don't want them in with the rest of the world so we isolate them in their own VLAN and then setup an access list. They are only here temporary. So I could see how this is a legit question. but if the server isn't on the same VLAN, how do they get to it? How does it get to them? Routing between VLANs, and VLAN-aware NICs, are pretty much the only alternatives. VLANs were introduced to isolate groups, but there's nothing magical about them. If there is sensitive data around, you also want host-level security. ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:26 AM 3/22/2001 -0800, you wrote: Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. I'm somewhat confused. First, if he is somehow hidden, how does the server send back to the client? Second, if he is on one VLAN/subnet and the server is on another, sounds like a fairly basic routing application. Another would be to have a VLAN-aware NIC on the server. Without further information, this sounds like a user whim rather than a real requirement. There's a flavor of the user wanting security by obscurity. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Vlan Question
The user is a very high political figure who is real cautious about security and paranoid. I like the idea of a seperate nic in the server and two subnets. The cost of switches could be a deciding factor. Thanks for the input guys! Brad -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 12:44 PM To: [EMAIL PROTECTED] Subject: Re: Vlan Question At 02:01 PM 3/22/2001 -0600, you wrote: We'll he could be wanting to isolate consultants to their own VLAN but have a need to update files on the server. In our case we have auditors come in from time to time and so we don't want them in with the rest of the world so we isolate them in their own VLAN and then setup an access list. They are only here temporary. So I could see how this is a legit question. but if the server isn't on the same VLAN, how do they get to it? How does it get to them? Routing between VLANs, and VLAN-aware NICs, are pretty much the only alternatives. VLANs were introduced to isolate groups, but there's nothing magical about them. If there is sensitive data around, you also want host-level security. ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:26 AM 3/22/2001 -0800, you wrote: Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. I'm somewhat confused. First, if he is somehow hidden, how does the server send back to the client? Second, if he is on one VLAN/subnet and the server is on another, sounds like a fairly basic routing application. Another would be to have a VLAN-aware NIC on the server. Without further information, this sounds like a user whim rather than a real requirement. There's a flavor of the user wanting security by obscurity. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Vlan Question
At 03:01 PM 3/22/2001 -0800, you wrote: The user is a very high political figure who is real cautious about security and paranoid. I like the idea of a seperate nic in the server and two subnets. The cost of switches could be a deciding factor. Thanks for the input guys! Brad It's scary to find someone that's paranoid and demanding about security, yet doesn't want to pay for it. I'd like to assume that such a person, of course, have done everything they should about making their host secure, including encrypting the sensitive files, rather than just obsessing about the network. Of course, I've also had a customer that insisted on being BGP multihomed to two providers, connected to one provider at two sites and having redundant SONET local loops at one of the site, yet only had one physical server. Yes, they had a tape backup on the server. No, they had no spare machine to which they could restore the tape. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 12:44 PM To: [EMAIL PROTECTED] Subject: Re: Vlan Question At 02:01 PM 3/22/2001 -0600, you wrote: We'll he could be wanting to isolate consultants to their own VLAN but have a need to update files on the server. In our case we have auditors come in from time to time and so we don't want them in with the rest of the world so we isolate them in their own VLAN and then setup an access list. They are only here temporary. So I could see how this is a legit question. but if the server isn't on the same VLAN, how do they get to it? How does it get to them? Routing between VLANs, and VLAN-aware NICs, are pretty much the only alternatives. VLANs were introduced to isolate groups, but there's nothing magical about them. If there is sensitive data around, you also want host-level security. ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:26 AM 3/22/2001 -0800, you wrote: Scenario: Got a client who has a person on the network that does not want to be on the network but wants access to the server. I'm somewhat confused. First, if he is somehow hidden, how does the server send back to the client? Second, if he is on one VLAN/subnet and the server is on another, sounds like a fairly basic routing application. Another would be to have a VLAN-aware NIC on the server. Without further information, this sounds like a user whim rather than a real requirement. There's a flavor of the user wanting security by obscurity. My thought was to install a switch, setup to Vlans, one for all the users (10 or so) and the second Vlan for the 1 user by himself. This way no one can get to his machine, then setup an access list to permit his Vlan to access the first Vlan and deny all the other users to his Vlan. Does this sound right? Anything I am missing? Seeing if I understand Vlans correctly or not. Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Set VLAN question?
!doctype html public "-//w3c//dtd html 4.0 transitional//en" html Hi, pI cannot distinguish the situation I should use portvlancost or portvlanpri. Would someone can tell me? pThanks brnbsp; pmak/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AW: Set VLAN question?
Hi mak, let me know what you want to do ? First you can try set spantree portcost mod_num/port_num cost - global port cost for a switch port set spantree portpri mod_num/port_num priority - global port priority for a switch port cu Udo -Ursprungliche Nachricht- Von: mak [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 14. Marz 2001 14:14 An: [EMAIL PROTECTED] Betreff: Set VLAN question? !doctype html public "-//w3c//dtd html 4.0 transitional//en" html Hi, pI cannot distinguish the situation I should use portvlancost or portvlanpri. Would someone can tell me? pThanks brnbsp; pmak/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Set VLAN question?
You would use the commands to modify the behavior of STP. To influence which port forwards and which port blocks for a particular VLAN, on redundant links. Check here: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_1/cmd_ref/ setsn_su.htm#22448 (watch for word wrap) or here: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/s pantree.htm#xtocid2879624 and here: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/s pantree.htm#xtocid2879622 If you are not sure how Spanning Tree works, the Perlman or Webb books would be a good read. HTH, Evan -Original Message- From: mak [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 14, 2001 7:14 AM To: [EMAIL PROTECTED] Subject: Set VLAN question? !doctype html public "-//w3c//dtd html 4.0 transitional//en" html Hi, pI cannot distinguish the situation I should use portvlancost or portvlanpri. Would someone can tell me? pThanks brnbsp; pmak/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AW: Set VLAN question?
!doctype html public "-//w3c//dtd html 4.0 transitional//en" html Hi, pBoth commands portvlancost and portvlanpri configure different things, but it seems that the function is just the same. So I don't know when I should use portvlancost, when I should use portvlanpri. brnbsp; pmak pUdo Konstantin wrote: blockquote TYPE=CITEHi mak, plet me know what you want to do ? pFirst you can try brset spantree portcost mod_num/port_num cost - global port cost for a switch brport brset spantree portpri mod_num/port_num priority - global port priority for a brswitch port pcu pUdo br-Ursprungliche Nachricht- brVon: mak [a href="mailto:[EMAIL PROTECTED]"mailto:[EMAIL PROTECTED]/a] brGesendet: Mittwoch, 14. Marz 2001 14:14 brAn: [EMAIL PROTECTED] brBetreff: Set VLAN question? plt;!doctype html public "-//w3c//dtd html 4.0 transitional//en" brlt;html brHi, brlt;pI cannot distinguish the situation I should use portvlancost or brportvlanpri. brWould someone can tell me? brlt;pThanks brlt;bramp;nbsp; brlt;pmaklt;/html p_ brFAQ, list archives, and subscription info: bra href="http://www.groupstudy.com/list/cisco.html"http://www.groupstudy.com/list/cisco.html/a brReport misconduct and Nondisclosure violations to [EMAIL PROTECTED] p_ brFAQ, list archives, and subscription info: a href="http://www.groupstudy.com/list/cisco.html"http://www.groupstudy.com/list/cisco.html/a brReport misconduct and Nondisclosure violations to [EMAIL PROTECTED]/blockquote /html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN question
The only solution that jumps to my mind is remote bridging - the following links will give you some basic info about it: http://www.cisco.com/warp/public/701/37.html http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bridging.htm There's no mention of how VLANs work over a WAN link, though. Good luck - Bradley J. Wilson CCNP, CCDA, MCSE, CNX, NNCSS, MCT, CTT - Original Message - From: Shane Stockman To: [EMAIL PROTECTED] Sent: Thursday, February 22, 2001 12:22 PM Subject: VLAN question I will just like to enquire whether it is possible to have a VLAN split over 2 lans divided by a point-to-point Frame-relay wan. VV LL AA N 4MEG WAN N 50 50 At both LANs there is Vlan50 Is this possible ? Any suggestions on implementations would be appreciated and possible problems to avoid Thanks _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN question
Yes, you could do this with IRB, but why would you want to? This seems like it would be more trouble than it's worth... Is there a specific application that you are using that requires one broadcast domain? If so, you need to get rid of it! :) Brant I. Stevens Internetwork Solutions Engineer Thrupoint, Inc. 545 Fifth Avenue, 14th Floor New York, NY. 10017 646-562-6540 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shane Stockman Sent: Thursday, February 22, 2001 7:23 AM To: [EMAIL PROTECTED] Subject: VLAN question I will just like to enquire whether it is possible to have a VLAN split over 2 lans divided by a point-to-point Frame-relay wan. VV LL AA N 4MEG WAN N 50 50 At both LANs there is Vlan50 Is this possible ? Any suggestions on implementations would be appreciated and possible problems to avoid Thanks _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]