I'm just setting up a lab, I have 2 VLAN's on a Cisco 2950, one for servers and one for users. Both VLANS are on different subnets:
Would I have to make the VLAN's layer 3 and give each VLAN an IP and add some sort of static route?
Cisco Catalyst 2950 is a layer 2 switch. In order to allow your vlan to communicate you need to have either a router or a layer 3.
this will allow you to activate inter vlan routing.
I agree with karim. In order to set this up you will need a so called "Router on a stick" - a router connected to the 2950 with a single link (a better option). You will need to configure the interface on the 2950 connected to the router as a trunk (switchport mode trunk blah blah), and configure two (per a VLAN) subinterfaces on the router. Make sure the IOS on the router supports dot1q. Then you will need to assign IP addresses to these subinterfaces in the same ranges as your VLANs. You will need to set default gateways on your PCs to the IPs of the subinterfaces, corresponding to the VLANs the PCs are in.
The second option is to use a L3 switch instead of the router. You will need to connect it to the 2950 over a trunk, configure the same VLANs on the L3 switch AND configure VLAN interfaces with the IP addresses in the same ranges as your VLANs. The rest is the same as in the first option.
And option 3 - to use a L3 switch instead of 2950. Then you will skip the step with trunk ports and start from the VLAN interfaces.
"Router on a stick" - a router connected to the 2950 with a single link (a better option) - can you explain this a bit better, I have a Cisco 2620, 1721 any good?
Would a Cisco 3550 switch help to I have one?
It's for a CCNA lab so it would be good to learn all.
Router on a stick
the idea is to have a L3 interface per a VLAN to be able to route between them. In your case (as 2950 does not provide this option) this can be achieved by either connecting as many physical interfaces from your router to the switch as the number of VLANs you have (which is normally not possible or wise), or by configuring the corresponding number of subinterfaces on the router on one of teh interfaces and then connecting the physical interface to the switch. By configuring the port on the switch as a trunk you will allow it to pass traffic for all VLANs. Router's IOS must support dot1q encapsulation in order to understand what is going on.
So as a result each subinterface on the router will act as a virtual router for each corresponding VLAN on the switch. Traffic between VLANs will be sent up the trunk to the router, where the router will make a desision what to do with it and then it will send it down one of the subinterfaces to the destination VLAN.
2620 will do it, just check with cisco.com that the IOS supports dot1q, 1721 should be able to do it too, depending on whether it can run the required IOS level or not.
3550 switch is a layer 3 switch and will do all that itself without an external router. You will need to configure VLAN interfaces one per a VLAN and assign IP addresses to them.
Hi, this is how I would over come this issue.
Inter VLAN Routing,
set up the network like normal, connecting the servers to the ports that are contained in the wanted VLAN, Servers VLAN 10 and users in VLAN 20, OK with that done our next step is to set the port on the switch that is connected to the router to a trunk port, next move to the router and enter
interface fa 0/1.10, encapsulate it using ISL or (dot1q 10) assign the interface an IP address within the server subnet, this IP will act as the default gateway for the server subnet.
when finished in this interface exit and then enter the interface fa 0/1.20 do the same here, encapsulate it in (dot1q 20)this is the default gateway for the Users subnet,
Now "do not" assign an IP address to the interface fa0/1 instead make it a trunking interface.
this is a quick run down of the commands for the router.
fastethernet 0/0.20 is for the vlan number created on the switch
I have two 2500 routers and two 2950 switches, I couldnt do intervaln routing with these because it was not supported by the IOS and for some reason I cannot download an IOS, so I bought a 800series router for England and got it this week, now no probs all works well
2950 won't do it as it is a L2+ switch - you can have only one VLAN interface on it for management. If you try to configure lets say interface VLAN 10 on it, it will admin down the default VLAN 1 interface.
2950 can do as many VLANs as you need (up to the maximum of 4096) but it can only do one VLAN interface. In other words - you can use this one interface for managing the box (telnet to it for example), but the box will never be able to do inter VLAN routing without help of an external router.
1 port is all you need. Remember though - IOS must support encapsulation (ISL or DOT1Q).
hm... I am not sure 2950 does ISL by the way.
So from the 2950 I would just the one port off this for the router and the router would work our the routing and trunk info and send it back down that port to the right VLAN?
Is very simple terms
Yes , one port on the router set up with subinterfaces for each subnet
What a great idea, I'm studying for my CCNA and someone told me youdon't need to learn scenarios like this but I think it helps. Am I gettign ahead of myself, trunking is part of the CCNA I beleive?
Trunking is part of everyday life in networking and absolutely something you should know like the back of your hand . :-)
So the 2950 and the 1721 or 2620 will need to support dot1q trunking? How can I find this out as I will need to upload the correct IOS.
its easy enough to find out - try to configure a subinterface as per one of the posts in this thread. If it accepts commands - it is supported. If not - go on cisco.com and look for the minimum version for your hardware with required support.
Here are my configs, I have the routers FE 0/0 port plugged into the switches FE 0/1 port.
A laptop in the switches FE 0/9 VLAN 10 - 192.168.2.50/24 gateway of 192.168.2.1
A laptop in the Switches FE 0/17 VLAN 20 - 192.168.3.50/24 gateway 192.168.3.1
They can't ping each other or their own gateways, have I missed something?
Switch#sh interfaces fastEthernet 0/1 switchport
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Well... you do have the Native VLAN 1 on the switch and VLAN 10 in the same network range - 192.168.2.0/24. Change the IP range of one of the VLANs. In fact you can shut down the VLAN 1 interface completely, unless you are planning to use telnet to connect to the switch in the future.
Have a look here:
All you need really... :)
I will test with no VLAN1, however how would I set the switch up so I could telnet to it as well?
Also how did you find that link, I did a search and found nothing! :)
You cannot take the VLAN1 off the switch (not 2950 any way) all you can do is to either admin down the VLAN1 interface, or change the IP range.
To telnet onto it configure a third subinterface on the router with the IP range of the VLAN 1 interface (that is if you choose the VLAN 1 as your management VLAN, typically it is advisable to configure a VLAN with some random number to be your management VLAN, for security sake).
How did I find the link? :) It is easy enough - go to http://www.cisco.com and type something like "inter vlan routing" in the search field :)
I think cisco.com is a VERY good place to look for networking solutiuons.
I guess it's knowing what to look for like "inter vlan routing" it's difficult if you don't know the correct wordind somtimes :)
I will configure a differnt VLAN and give it the same range as what WLAN 1 was or VLAN 10 for the users as that's where I will be.
A little progress, the trunk is nearly working I think.
I have a PC (PC A) with:
IP address - 192.168.2.50
Gateway - 192.168.2.1
In Port 9 of switch
I have a PC (PC B) with:
IP address - 192.168.3.10
Gateway - 192.168.3.1
In Port 17 of switch
PC A can ping 192.168.2.1 and 192.168.3.1
PC B can ping 192.168.3.1 but NOT 192.168.2.1
What could this be?
I'm not sure my Cisco 2620 (45 or 48mb mem) can to trunking, would it me the same trunk commands as the switch?
Trying to look for an IOS with not much luck.
Check the IP addresses on your VLANs 1 and 10 - they are in the same range. If it could't do trunking it wouldn't have accepted the commands.