11-18-2008 05:47 AM - edited 03-06-2019 02:32 AM
Hi,
I have a Cisco ASA firewall and for it's sub-interfaces/VLAN's (not sure which) I have a 3750 switch with many VLAN's.
From the 3750's FastEthernet1/0/2 port I have an old 3560 switch:
interface FastEthernet1/0/1
Description Trunk to ASA
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,6-9,300
switchport mode trunk
!
interface FastEthernet1/0/2
description WebServers
switchport access vlan 6
What I want to do is add a fresh VLAN to this 3560 switch. It will be VLAN 10 and I can see the port is not a trunk port so will I have to make this a trunk port and allow vlan 6 and 10 through?
The 3560's port is:
interface GigabitEthernet0/1
description Trunk
switchport access vlan 6
I just want to expand on this switch really so the ASA can utilise a few my VLAN's
Thanks
Solved! Go to Solution.
11-19-2008 04:40 AM
.) I am getting a second 3750 to stack with the first, I've made the first the master and set the prioity to 5 I will also provision it with ws-c3750-48ts, but I guess this will not effect the trunk to the 3560?
Correct, it shouldn't affect your current working configuration.
Can't telnet to this 3560, would I need to give this an IP of one of the vlan ranges?
Correct, you need to create a switch virtual interface in the 3560. Since you have Vlan 6 in the switch, just do the following:
interface vlan 6
ip address [choose an available IP from Vlan 6 ] + [subnet]
If you want to reach this SVI from another subnet, then you need to have the following:
no ip routing
ip default-gateway [gateway for Vlan6]
HTH,
__
Edison.
Please rate helpful posts
11-18-2008 06:37 AM
Hi,
I am not sure but you want the trunk configuration !!!
1.You just need to add/modify the trunk configuration on Catalyst 3750 Fa1/0/1,Fa1/0/2 port and Catalyst 3560 Gi0/1 port
2.On Catalyst 3750 side modify configuration
interface FastEthernet1/0/1
Description Trunk to ASA
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,6-9,10,300
switchport mode trunk
interface FastEthernet1/0/2
description WebServers
switchport trunk encapsulation dot1q
switchport mode trunk
3.On Catalyst 3550 side modify configuration
interface GigabitEthernet0/1
description Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
Take downtime to do this activity..
HTH..rate if helpful..
11-18-2008 07:05 AM
This is what I thought, thanks for the confirmation.
Both switches are in VTP server mode, so I guess all VLAN's on the 3750 with pass to the 3560 switch as there is no "allow vlan" on the trunk?
Also when I add this will there be downtime?
11-18-2008 07:14 AM
Yes!!! there will be downtime...so do this activity in maintenance window only..
HTH...rate if helpful..
11-18-2008 08:00 AM
So I just the reconfigured port will down itself to make the change then bring its;ef back up, so maybe 20-30 seconds downtime?
I'm thinking after work.
11-18-2008 08:37 AM
Both switches are in VTP server mode,
Before making this change, verify both switches are part of the same VTP domain and if so, they should have the same configuration revision.
If they have the same VTP domain name but the configuration revision does not match, the switch with the higher configuration revision will overwrite the one with the lower configuration revision.
This is a vital step in order to avoid losing any Vlan information in your network.
HTH,
__
Edison.
11-18-2008 08:43 AM
Will this happen if both are in VTP server mode?
3750:
sh vtp status
VTP Version : 2
Configuration Revision : 14
Maximum VLANs supported locally : 1005
Number of existing VLANs : 15
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x51 0x01 0xF2 0xDB 0xB6 0xCB 0x01 0x20
Configuration last modified by 0.0.0.0 at 10-31-93 02:41:01
3560:
sh vtp status
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x9B 0x4D 0x21 0xF6 0xC3 0x00 0x29 0x23
Configuration last modified by 0.0.0.0 at 3-1-93 00:48:41
11-18-2008 08:50 AM
It seems the 3560 only has the 5 default Vlans and Vlan 6 on its database.
1) I recommend changing the 3560 to VTP Client
2) You need to have a VTP Domain name for Vlan propagation between switches.
3) Create all Vlans in the 3750.
HTH,
__
Edison.
11-19-2008 03:31 AM
Hi,
This is all setup and working. I set the 3750 as the server mode and the 2560 as client etc.
I extended a VLAN from the 3750 to the 3560 to test and it worked, hopefully this looks ok?
3750
#sh vtp st
VTP Version : 2
Configuration Revision : 15
Maximum VLANs supported locally : 1005
Number of existing VLANs : 15
VTP Operating Mode : Server
VTP Domain Name : CBSO
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x40 0x05 0xC8 0x7D 0x0B 0xBD 0x84 0x13
Configuration last modified by 1.2.3.4 at 12-3-93 20:28:47
Local updater ID is 1.2.3.4 on interface Vl2 (lowest numbered VLAN interface found)
3560:
#sh vtp status
VTP Version : running VTP2
Configuration Revision : 15
Maximum VLANs supported locally : 1005
Number of existing VLANs : 15
VTP Operating Mode : Client
VTP Domain Name : CBSO
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x40 0x05 0xC8 0x7D 0x0B 0xBD 0x84 0x13
Configuration last modified by 1.2.3.4 at 12-3-93 20:28:47
Any other useful commands let me know :)
The only other 2 issues I have are:
1.) I am getting a second 3750 to stack with the first, I've made the first the master and set the prioity to 5 I will also provision it with ws-c3750-48ts, but I guess this will not effect the trunk to the 3560?
2.) Can't telnet to this 3560, would I need to give this an IP of one of the vlan ranges?
11-19-2008 04:40 AM
.) I am getting a second 3750 to stack with the first, I've made the first the master and set the prioity to 5 I will also provision it with ws-c3750-48ts, but I guess this will not effect the trunk to the 3560?
Correct, it shouldn't affect your current working configuration.
Can't telnet to this 3560, would I need to give this an IP of one of the vlan ranges?
Correct, you need to create a switch virtual interface in the 3560. Since you have Vlan 6 in the switch, just do the following:
interface vlan 6
ip address [choose an available IP from Vlan 6 ] + [subnet]
If you want to reach this SVI from another subnet, then you need to have the following:
no ip routing
ip default-gateway [gateway for Vlan6]
HTH,
__
Edison.
Please rate helpful posts
11-19-2008 05:11 AM
Great help!
Everything is done.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: