Newbie - Switch Configuration

Unanswered Question
Apr 8th, 2010

I'm new to Switch management and configuration, so please excuse the simplistic nature of this question.  Here is what I want to do.  I want to configure a 2950 with Three Different VLANs, interfaces 1-8 (VLAN 1), interfaces 9-16 (VLAN 2) and interfaces 17-24 (VLAN 3).  I have interface 0/1 connected to another switch on our LAN and it is communicating.  For now, I want to have VLAN 3 Blocked from talking to any thing except its own interfaces.  I want VLAN 2 able to communicate with VLAN 1, but most of the traffic should be just among devices in that VLAN.  I've issued the commands to configure my other two VLANs

SwitchA# vlan database

SwitchA(vlan)# vlan X name vlanX

SwitchA(vlan)# exit

I've assigned the interfaces to their respective VLANs.  Show Run displays this:

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
macro global description cisco-global


interface FastEthernet0/1-8
switchport trunk allowed vlan 1


interface FastEthernet0/9-16
switchport access vlan 2
interface FastEthernet0/17-24
switchport access vlan 3

interface Vlan1
ip address XXX.XXX.XX.X46
no ip route-cache
interface Vlan2
no ip address
no ip route-cache
interface Vlan3
no ip address
no ip route-cache

And Show VLAN displays this:

VLAN Name                        Status     Ports
----     -------------------------------- ------------- -------------------------------
1        default                       active      Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                         Fa0/5, Fa0/6, Fa0/7, Fa0/8
2        VLAN0002                 active      Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                         Fa0/13, Fa0/14, Fa0/15, Fa0/16
3        VLAN0003                 active      Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                        Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default                  act/unsup
1003 token-ring-default        act/unsup
1004 fddinet-default             act/unsup
1005 trnet-default                act/unsup

VLAN  Type   SAID       MTU   Parent RingNo  BridgeNo Stp   BrdgMode Trans1 Trans2
--------- --------- -------------- -------- ---------- ----------- -------------- -----   --------------- ---------- ---------
1         enet   100001     1500   -         -           -              -       -               0         0
2         enet   100002     1500   -         -           -              -       -               0         0
3         enet   100003     1500   -         -           -              -       -               0         0
1002    fddi    101002     1500   -         -           -              -       -               0         0
1003    tr       101003     1500   -         -           -              -       -               0         0
1004    fdnet  101004     1500   -         -           -              ieee  -               0         0
1005    trnet   101005     1500   -        -           -              ibm   -               0         0


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Is this all I need to do, or is there more that needs to be done????

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Thu, 04/08/2010 - 10:10

Hello Cpremo,

a C2950 is a L2 only LAN switch you cannot have 3 different SVI Vlans interface up and running at the same time

you need an external device to perform intervlan routing

if you try to enable interface Vlan2, interface Vlan1 is automatically disabled

Hope to help


cpremo Thu, 04/08/2010 - 10:40

So you're saying that I can only have Two VLANs - VLAN 1 and 2?  I guess I can live with that until I get a new switch.  If I drop VLAN 3 and use VLAN 2 as my old VLAN 3, what configuration changes do I need to do to keep VLAN 2 traffic contained on that switch?

Jon Marshall Thu, 04/08/2010 - 10:57

You can have multiple vlans at layer 2 ie. when you do a "sh vlan brief" you are viewing the L2 vlans and you can have all 3 vlans.

But at L3 ie. when you do a "sh ip int brief" you can only have one vlan interface up/up at any one time because as Giuseppe says this is a L2 switch. Also this one vlan interface is not used to route user traffic between vlans, it is only used for managing the switch.

If you want to route traffic between vlans you will need either a router or preferably a L3 switch.


cpremo Thu, 04/08/2010 - 11:20

Ah, I get it.  You're saying that this switch can't route the traffic, it would have to be a L3 type switch.  OK, then the routing would be handled by the router.  Is there a setting that needs to be done on the router to handle the traffic.  Basically, we are segmenting a Class C (that we own) to handle a Virtual server setup, segmenting (subnet our 14 IPs per segment.  The router is currently configure to "see" the whole range (actually two Class Cs - XXX.XXX.24 and 25 using subnet

So I still want the VLAN 3 segment to be contained within its own VLAN.  The Virtual devices that will be connected here will only need to talk to one another.  The router should handle VLAN 1 (by default), what about VLAN 2?  Does some setting need to be made to handle that?

jfraasch Thu, 04/08/2010 - 11:23

You can have any number of ports configured in different VLANs but you will have to trunk a port up to a router or other layer 3 device in order to route between the VLANs.

If port 1 if in VLAN3 and port 2 is in VLAN4 and port 24 is the trunk to the router then the packet would travel from port 1 up the trunk, down the trunk, and then to port 2.

Hope that helps.


Just saw your next post.

Yes, you will need to configure your port that connects to the router as a trunk with encapsulation dot1q.  On the router interface you will do the same thing and then configure subinterfaces fa0/1.1 for vlan1 fa0/1.2 for vlan2, etc.

Each subinterface will be configured with its own subnetted IP address and mask.



This Discussion