I have a small switched network which consists of a total of 3 2950 switches linked together with crossover cables. I want to setup a small test LAN that is isolated from the production network. What I did was the following:
On 2 ports of each switch I added "switchport mode access" and "switchport access vlan 101". On the ports being used as uplinks I added, "switchport mode trunk".
The setup seems to be working. Questions are:
1) Do I need to do anything else?
2) Are my two VLANS really isolated or the a way for traffic to cross over to the other vlans?
3) I tried to add a second IP to the switches by using "int Vlan101" but this shuts down my Vlan1 interface. Why does this happen?
4) When I do "sho vlan" I see a reference to a vlan2. I think this is because I initially used vlan2 on my switchport access commands. However, I no longer am using vlan2 and it still shows on all three switches. Will this eventually time out and go away?
1) Not if you just want to keep the 2 vlans entirely separate
2) Yes they are isolated from each other. Unless you create L3 interfaces for the vlans so that they can route between themselves.
There are some security concerns with keeping vlan traffic separate but they need to be exploited so you should be okay if it just within your LAN.
3) Because your switches are L2 only. This means that you can only have one vlan interface active at any one time. This vlan interface is not used to route user traffic but for you to be able to remotely manage it. On a L3 switch you can have multiple vlan interfaces active at any one time.
4) If you do a "sh vlan" and ot shows vlan 2 you will have to delete that vlan off your switches or it will stay there whether you use it or not.