cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1006
Views
0
Helpful
17
Replies

Minimum Switch Multiple VLANs

Pete89
Level 2
Level 2

We have a core switch that has 77 VLANs in the VTP domain. We are working to get this number down, but right now I have a few older switches that can only deal with 64 vlans. Also I am looking to put some Express 500 switches in our confernece rooms for a NAC deployment. I am sure that the 500s will only see 64 (or less) vlans. I want these switches to take part in the VTP domain as clients.

Questions:

Since I have a limit of only 64 VLANs on the older and I assume Express 500 series, can I pick and choose which VLANs they will talk on? In other words, since they cant talk on and see all 77 VLANs, can I tell the switches "theses all the vlans you need to deal with"?.

And how does that command look on the trunk?

Thanks a million,

P.

1 Accepted Solution

Accepted Solutions

P

"So as long as my trunk talks all all the vlans involved I am good to go I assume."

Yes, you will be fine.

Jon

View solution in original post

17 Replies 17

Jon Marshall
Hall of Fame
Hall of Fame

P

You would use the "switchport trunk allowed vlan..." command to limit which vlans could go over the trunk -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/command/reference/cli3.html#wp1948736

Jon

So this is the easiest way to get around the VLAN limitation right? Or do I need to buy enterprise ready switches for my conference rooms??

Thanks again

P

"Or do I need to buy enterprise ready switches for my conference rooms??"

Well how many vlans would you actually need on the switch in the conference rooms. It's unlikely i would have thought to be more than 64.

Remember that just because you only allow say 10 vlans on a trunk link to a switch clients within one of those vlans can still communicate with all the other vlans by routing. It's just that you can't have a client in one of those other vlans on the local switch.

I'm assuming in the above that you do indeed have a device(s) in your network that routes for all vlans.

Jon

Jon,

You assumed correctly. We have a core switch that routes for all VLANs.

The conference room switches will be controlled by a Clean Access Server so ideally ports will be initially in an authentication VLAN and then changed to an access VLAN. And depending on the user role there might be three or four access vlans. So as long as my trunk talks all all the vlans involved I am good to go I assume.

Thanks,

P.

P

"So as long as my trunk talks all all the vlans involved I am good to go I assume."

Yes, you will be fine.

Jon

Hi

I tried the "switchport trunk allowed vlan..." to allow only the first ten vlans but when i do a show vlan on the downstream switch, I still see the first 64 vlans instead of the first ten.

What am i doing wrong?

Thanks.

Your'e not doing anything wrong. The switchport allowed vlan command does not clear vlans from the switch vlan database, it simply determines which vlans are allowed on the trunk.

If the 10 vlans are included within the 64 then you are fine, you don't have to do anything.

If the 10 vlans are not included in the 64 then you will need to delete some of the existing vlans and add your 10 vlans. To do this you will need to make the switch VTP transparent.

If the switch is a VTP server you definitely don't want to be deleting vlans and if the switch is a VTP client you won't be able to delete vlans.

Jon

Thanks so far.

I now have a new problem:

I allowed vlans 1-10 but now I cannot do inter-vlan routing.

Note that VLAN 1 is the default/trunking/management vlan

Do you have L3 vlan interfaces for these vlans ?

Do these vlans exist on all the switches back to the 6500 that routes the vlans ?

Jon

Yes and Yes.

Okay, so how are you verifying that inter-vlan routing isn't working ?

Jon

Check the far end to see how they have trunking setup , it has to match on each end . Make sure the native vlan matches on each end if something or than vlan 1 is the native , should look something like this

int f1/1

switchport mode trunk (or dynamic desirable if dtp) is used)

switchport trunk allowed vlan 1-10

switchport trunk native vlan X (must match on each end)

Also when you have a smaller swith like a 2950 that supports 64 vlans , it is really telling you the switch supports 64 vlans with 64 individual spanning tree instances (PVST) , if you try to add more than that then switch will automatically change to transparent mode . Restricting vlans across the trunk will fix this if less than 64 vlans are allowed across the trunk . Each end should be configured the same on the trunk . If its not routing now then the trunk itself is broken .

Before I applied the command, inter-vlan routing was working - was able to get to Pcs on other VLANs.

After I applied the command, I cound not get onto any PCs on other VLANs - only to those PCs on the same VLANs connected to the switch.

Thanks for your help so far :-)

You would probably have to post the interface configs on both ends of the trunk to get any farther.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco