×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VLAN configuration on SGE2010

Unanswered Question
May 29th, 2012
User Badges:

Hello,


I have a hybrid kind of network. I want to create create two VLANs on Cisco SGE2010 so that these two VLANs should not talk each other but at the same time they are able to talk Domain controllers, DHCP and other servers which are on other switches.

I am able to create two separate VLANs but they stop talking with other servers(DC, DHCP, etc) which are on another switch.


Please help for configuring this setup.


Thanks,

Vijay Khapekar.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yassin Alizadeh... Tue, 05/29/2012 - 02:40
User Badges:

Hi

You have to creat 3 vlan and inter vlan routing for communicating between vlan. If you want use acl to control trafic between vlans


Sent from Cisco Technical Support iPad App

vijaykhapekar Tue, 05/29/2012 - 03:04
User Badges:

Thanks for quick reply.


I forgot to tell you that other servers(DC, DHCP) resided on HP and nortel switches which are managed switches but i have not configured them. So now servers are connected to default VLAN of respective switches. Does this difference ?


The setup is like this,


I have configured two VLANs - 100 and 200. I have configured g3 port in 100 VLAN as untagged member and g37 port in 200 VLAN as untagged member. Now they don't talk each other which is my requirement. Now I want to talk these two VLANs members with DHCP, DC which are on HP/nortel switches.


It would be great if you give me some direction to achieve this setup.


Thanks.

Yassin Alizadeh... Tue, 05/29/2012 - 10:03
User Badges:

These are not important.

You must creat one svi for each vlan and run routing between this SVIs


Sent from Cisco Technical Support iPad App

bagganitin Tue, 05/29/2012 - 11:32
User Badges:

Hi Vijay,


If you want two vlans not to communicate with each other and you have SVIs created on the switch.

you can filter the traffic between these two vlans.


Vlan 50 - 192.168.10.0/24

VLan 60- 192.168.20.0/24


Assume vlan 50 60 should not commucate with each other..I think the following strategy should work.


int vlan 50

ip add 192.168.10.1  255.255.255.0


int vlan 60

ip add 192.168.20.1  255.255.255.0


access-list 111 deny ip 192.168.10.0  0.0.0.255  192.168.20.0  0.0.0.255

access-list 111 permit  any any


int vlan 50

ip access-group 111 in


Let me know how this works.

Yassin Alizadeh... Tue, 05/29/2012 - 11:59
User Badges:

Hi

For this type of networks is better that you use private vlan

In this type of vlan first you creat a primary vlan and thats associated secondaries

Then you have to specify ports

For server's ports you can use promiscuous port and for other 2 ports you can use 2 community vlan

If you need more information let me know




Sent from Cisco Technical Support iPad App

vijaykhapekar Wed, 05/30/2012 - 04:19
User Badges:

Hello Yasin,


It will be great help if you can tell me how to create promiscuous port and community vlan as I dont see these options in SGE2010 cisco switch.


Thanks.

vijaykhapekar Wed, 05/30/2012 - 04:17
User Badges:

Hi Nitin,

Thanks for the reply.


I don't think SGE2010 have option to enter commandes you mentioned. Please let me know if this option is available in web interface.

Actions

This Discussion