Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
4
Helpful
5
Replies

basic VLAN config questions

Go to solution
tato386
Level 6
Level 6

‎04-17-2008 03:21 PM - edited ‎03-05-2019 10:27 PM

I have a small switched network which consists of a total of 3 2950 switches linked together with crossover cables. I want to setup a small test LAN that is isolated from the production network. What I did was the following:

On 2 ports of each switch I added "switchport mode access" and "switchport access vlan 101". On the ports being used as uplinks I added, "switchport mode trunk".

The setup seems to be working. Questions are:

1) Do I need to do anything else?

2) Are my two VLANS really isolated or the a way for traffic to cross over to the other vlans?

3) I tried to add a second IP to the switches by using "int Vlan101" but this shuts down my Vlan1 interface. Why does this happen?

4) When I do "sho vlan" I see a reference to a vlan2. I think this is because I initially used vlan2 on my switchport access commands. However, I no longer am using vlan2 and it still shows on all three switches. Will this eventually time out and go away?

Thanks,

Diego

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-17-2008 03:29 PM

1) Not if you just want to keep the 2 vlans entirely separate

2) Yes they are isolated from each other. Unless you create L3 interfaces for the vlans so that they can route between themselves.

There are some security concerns with keeping vlan traffic separate but they need to be exploited so you should be okay if it just within your LAN.

3) Because your switches are L2 only. This means that you can only have one vlan interface active at any one time. This vlan interface is not used to route user traffic but for you to be able to remotely manage it. On a L3 switch you can have multiple vlan interfaces active at any one time.

4) If you do a "sh vlan" and ot shows vlan 2 you will have to delete that vlan off your switches or it will stay there whether you use it or not.

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-17-2008 03:29 PM

1) Not if you just want to keep the 2 vlans entirely separate

2) Yes they are isolated from each other. Unless you create L3 interfaces for the vlans so that they can route between themselves.

There are some security concerns with keeping vlan traffic separate but they need to be exploited so you should be okay if it just within your LAN.

3) Because your switches are L2 only. This means that you can only have one vlan interface active at any one time. This vlan interface is not used to route user traffic but for you to be able to remotely manage it. On a L3 switch you can have multiple vlan interfaces active at any one time.

4) If you do a "sh vlan" and ot shows vlan 2 you will have to delete that vlan off your switches or it will stay there whether you use it or not.

Jon

0 Helpful

Go to solution
tato386
Level 6
Level 6
In response to Jon Marshall

‎04-17-2008 04:27 PM

What do you mean by "delete vlan2 off your switches"? I don't see any more commands referencing vlan2 on any of the switches. Is there a way to tell where its coming from? Will it expire or timeout after a while?

Rgds,

Diego

0 Helpful

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to tato386

‎04-17-2008 06:59 PM

Diego,

What Jon is asking you to do is delete vlan 2 from the vlan database. The running configuration doesn't show the vlan information. You can delete the vlan one of two ways.

Type 'vlan database' from privilege exec mode and it will put in vlan database mode. Do 'no vlan 2' to delete the vlan from the vlan database and type 'exit' to the vlan database mode and save the configuration.

(or)

enter 'no vlan 2' command from the config mode.

HTH

Sundar

Go to solution
tato386
Level 6
Level 6
In response to sundar.palaniappan

‎04-18-2008 03:05 AM

I have three switches showing this. Which one do I take these steps on? All three or any one?

Rgds,

Diego

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to tato386

‎04-18-2008 03:12 AM

Diego

It depends on how you have connected your switches together and what VTP mode your switches are in.

1) Switch connections. Are the ports that connect the switches together configured as trunk links or as access ports. If they are configured as access ports then you need to remove vlan 2 on each individual switch. If they are trunk links

2) VTP is used to automatically propogate vlan information across switches. So there are 3 modes. You can view the mode by entering the following command "sh vtp status"

i) vtp transparent. If all your switches are in vtp transparent mode then you need to delete vlan 2 of each individual switch.

ii) vtp client. If the switch in this mode you cannot delete the vlan off it.

iii) vtp server. If the switch is in this mode you can delete vlan 2 here and any vtp client switches will automatically remove vlan 2 providing the VTP domain name is common to all switches and the vtp password is the same on all switches if you have configured the password. Note this only applies if your switches are interconnected with trunks.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card