Configure multiple Vlans per port

dbotzer77188 · ‎04-23-2008

How can I configure several Vlans per one physical port ?

I'm using Catalyst 3560

Port 1 : VID-> 200,300

Port 2 : VID-> 200

Port 3 : VID-> 300

Jon Marshall · ‎04-23-2008

If you want a port to be a member of more than 1 vlan you can

1) Configure and voice and data vlan on the port eg.

interface GigabitEthernet4/3

switchport access vlan 102

switchport mode access

switchport voice vlan 152

2) Configure the port as a trunk link

int fa0/1

switchport trunk encapsulation dot1q

switchport mode trunk

Jon

dbotzer77188 · ‎04-23-2008

Thanks Jon,

I used Configuration (1), and in "show vlan" i could see that VID 200 is associated with Gig 0/5 & Gig0/6 &&

VID 201 is associated with Gig 0/5 & Gig0/7

I want that Gig0/5 will send traffic to ports 6 & 7 differently.

But when I send ARPs I get error, and niether host get resolved. in the terminal -> Port_Security2-Psecure_Violation

Caused by MAC address (of the Host that sends the ARP).

Please advise,

jcoke · ‎04-23-2008

That's called a trunk. The switch expects to receive frames tagged with the vlan that the frame should be deposited in. If you're plugging a server into port 1, its NIC will need to support 802.1q.

The "switchport voice vlan" command mentioned is actually a trunk link with some pruning (simplification). The switch still expects the frames destined for the voice vlan to have a .1q tag with the specified voice vlan ID.

Jon Marshall · ‎04-23-2008

I know it's a trunk hence the reason you can use 802.1p marking on the packets from the phone.

I just wanted to show that there are 2 ways of configuration, one which is specifically for voice/data setup and does not mention "trunk" in the configuration and the more general trunk configuration.

Jon

Jon Marshall · ‎04-23-2008

Oops - sorry, i just read a very stroppy work e-mail, then had a very quick read of your post, misinterpreted it and wrote a really bad response.

I'll shut up now :-)

Jon

jcoke · ‎04-23-2008

Haha, I'm sure I've *never* done that ;-) Don't give it another thought Jon.

Kevin Dorrell · ‎04-23-2008

Mmm. In that case, perhaps I have been working under a misapprehension.

I thought that the point was that the phone didn't have to add the dot1q VLID tag, hence the phone did not have to be hard coded with its VLAN number. I thought it left the VLAN id as zero, but marked CoS 5 on the dot1p. The switch then recognises voice traffic by VLID=0 and CoS=5, and put all that traffic in the voice VLAN, while all other traffic got put in the access VLAN.

Of course, the phone MAY put in the correct VLAN if it wants. If a switch receives a dot1q frame tagged with its access VLAN, then it forwards it on the access VLAN. In the same way, if it receives a dot1q frame tagged with the voice VLAN, then it will forward it on the voice VLAN. If it receives a frame with a dot1q frame tagged with a NULL VLID AND CoS 5, then it forwards it on the voice VLAN.

Have I been misunderstanding this?

Kevin Dorrell

Luxembourg

m-abooali · ‎04-23-2008

Usualy, NIC cards don;t support 802 dot1Q for they must be member of untagged vlan. one NIC can only be member of one and only one untagged vlan. device to device, such as say, a PIX to a Switch, can be on a tagged VLAN.

HTP.

Mike