how to configure vlans on cisco 2950 switch

Unanswered Question
Aug 13th, 2004

Can somebody give the command set or any running config on how to configure VLANS on Cisco 2950 switch.

We have a single subnet 192.168.0.0/24 with 3 departments with 10 members in each department, so want to create 3 vlans. This switch will be connecting to Netscreen Firewall thru Gigabit port and then on to Internet.

Please somebody provide solution. i am also attaching the config i tried already.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.awan Fri, 08/13/2004 - 23:21

The Catalyst 2950s are Layer 2 switches and will not provide inter-vlan routing functionality. When you assign an IP address to a VLAN interface on a 2950 you basically do that for Management purposes and at one time only one Management VLAN can be active.

If you want the functionality of having different VLANs on different subnets you will have to introduce a routing device in the picture which can be a router or a routing switch like 3550, 3750.

dhandapani Fri, 08/13/2004 - 23:26

i have done config according to the document only , but the pc's in the vlans are not able to go beyond the switch. But from the switch i am able to ping the firewall ip 192.168.0.2, the same is not reachable from pc's on diff vlans.

int f0/1

switchport access vlan 10

switchport mode access

int f0/10

switchport access vlan 20

switchport mode access

int g0/1

switchport mode trunk

I have put this switch in Lab and connect 2 pc's on ports f0/1 and f0/10 and trying to reach firewall connected on g0/1, but in vane....

Pls. suggest......how to move forward

a.awan Fri, 08/13/2004 - 23:43

Is the trunk link (g0/1) active? Do you have the other side of the trunk configured properly on the Netscreen firewall? Post the output of the 'show interface trunk' , 'show interface gi0/1 trunk' , 'show int fa0/1 switchport', 'show int fa0/10 switchport' , 'show vlan'.

dhandapani Sat, 08/14/2004 - 00:35

let me tell u the whole setup. Netscreen firewall has 2 ports one is untrust going to internet and the other connected to my local lan 192.168.0.0/24.

I am not using 3 diff subnets.

Now i have to terminate the trunk port of switch to trust port of netscreen.

Netscreen Trust ip -->192.168.0.2(Default Gateway for whole Lan)

Can you give me a working config from some switch so that it becomes easy for me as i dont have much time left for things to go live...

pls. help

a.awan Sat, 08/14/2004 - 00:55

Well the problem here is that you are trying to pass traffic from multiple VLANs to the Netscreen firewall by using a trunk on the switch side but you do not mention whether the Netscreen side is also configured for trunking or not. You cannot have one side of a port set for trunking and the other side not configured to form a trunk. The reason i asked you to post the output of the various show commands was to see what is the operational status of your trunk link.

You ask for a working config but you cannot just apply one configuration working in one environment to another environment without any customizations. If you want to bring up things in a hurry then put everything in one VLAN and do not use trunking to the firewall and that will work. To move to multiple VLANs you need a way to trunk those VLANs to the firewall but then again i doubt that the firewall will allow you to configure a trunk with multiple VLANs all on the same subnet.

Actions

This Discussion