Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
5
Replies

Newbie - Switch Configuration

cpremo
Level 1
Level 1

‎04-08-2010 10:05 AM - edited ‎03-06-2019 10:31 AM

I'm new to Switch management and configuration, so please excuse the simplistic nature of this question.  Here is what I want to do.  I want to configure a 2950 with Three Different VLANs, interfaces 1-8 (VLAN 1), interfaces 9-16 (VLAN 2) and interfaces 17-24 (VLAN 3).  I have interface 0/1 connected to another switch on our LAN and it is communicating.  For now, I want to have VLAN 3 Blocked from talking to any thing except its own interfaces.  I want VLAN 2 able to communicate with VLAN 1, but most of the traffic should be just among devices in that VLAN.  I've issued the commands to configure my other two VLANs

SwitchA# vlan database

SwitchA(vlan)# vlan X name vlanX

SwitchA(vlan)# exit

I've assigned the interfaces to their respective VLANs.  Show Run displays this:

!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
macro global description cisco-global

!

interface FastEthernet0/1-8
switchport trunk allowed vlan 1

!

interface FastEthernet0/9-16
switchport access vlan 2
!
interface FastEthernet0/17-24
switchport access vlan 3

!
interface Vlan1
ip address XXX.XXX.XX.X46 255.255.254.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
interface Vlan3
no ip address
no ip route-cache
shutdown

And Show VLAN displays this:

VLAN Name                        Status     Ports
----     -------------------------------- ------------- -------------------------------
1        default                       active      Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                         Fa0/5, Fa0/6, Fa0/7, Fa0/8
2        VLAN0002                 active      Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                         Fa0/13, Fa0/14, Fa0/15, Fa0/16
3        VLAN0003                 active      Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                        Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default                  act/unsup
1003 token-ring-default        act/unsup
1004 fddinet-default             act/unsup
1005 trnet-default                act/unsup

VLAN  Type   SAID       MTU   Parent RingNo  BridgeNo Stp   BrdgMode Trans1 Trans2
--------- --------- -------------- -------- ---------- ----------- -------------- -----   --------------- ---------- ---------
1         enet   100001     1500   -         -           -              -       -               0         0
2         enet   100002     1500   -         -           -              -       -               0         0
3         enet   100003     1500   -         -           -              -       -               0         0
1002    fddi    101002     1500   -         -           -              -       -               0         0
1003    tr       101003     1500   -         -           -              -       -               0         0
1004    fdnet  101004     1500   -         -           -              ieee  -               0         0
1005    trnet   101005     1500   -        -           -              ibm   -               0         0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Is this all I need to do, or is there more that needs to be done????

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-08-2010 10:10 AM

Hello Cpremo,

a C2950 is a L2 only LAN switch you cannot have 3 different SVI Vlans interface up and running at the same time

you need an external device to perform intervlan routing

if you try to enable interface Vlan2, interface Vlan1 is automatically disabled

Hope to help

Giuseppe

0 Helpful

cpremo
Level 1
Level 1
In response to Giuseppe Larosa

‎04-08-2010 10:40 AM

So you're saying that I can only have Two VLANs - VLAN 1 and 2?  I guess I can live with that until I get a new switch.  If I drop VLAN 3 and use VLAN 2 as my old VLAN 3, what configuration changes do I need to do to keep VLAN 2 traffic contained on that switch?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cpremo

‎04-08-2010 10:57 AM

You can have multiple vlans at layer 2 ie. when you do a "sh vlan brief" you are viewing the L2 vlans and you can have all 3 vlans.

But at L3 ie. when you do a "sh ip int brief" you can only have one vlan interface up/up at any one time because as Giuseppe says this is a L2 switch. Also this one vlan interface is not used to route user traffic between vlans, it is only used for managing the switch.

If you want to route traffic between vlans you will need either a router or preferably a L3 switch.

Jon

0 Helpful

cpremo
Level 1
Level 1
In response to Jon Marshall

‎04-08-2010 11:20 AM

Ah, I get it.  You're saying that this switch can't route the traffic, it would have to be a L3 type switch.  OK, then the routing would be handled by the router.  Is there a setting that needs to be done on the router to handle the traffic.  Basically, we are segmenting a Class C (that we own) to handle a Virtual server setup, segmenting (subnet 255.255.255.240) our 14 IPs per segment.  The router is currently configure to "see" the whole range (actually two Class Cs - XXX.XXX.24 and 25 using subnet 255.255.254.0).

So I still want the VLAN 3 segment to be contained within its own VLAN.  The Virtual devices that will be connected here will only need to talk to one another.  The router should handle VLAN 1 (by default), what about VLAN 2?  Does some setting need to be made to handle that?

0 Helpful

jfraasch
Level 3
Level 3
In response to cpremo

‎04-08-2010 11:23 AM

You can have any number of ports configured in different VLANs but you will have to trunk a port up to a router or other layer 3 device in order to route between the VLANs.

If port 1 if in VLAN3 and port 2 is in VLAN4 and port 24 is the trunk to the router then the packet would travel from port 1 up the trunk, down the trunk, and then to port 2.

Hope that helps.


James

Just saw your next post.


Yes, you will need to configure your port that connects to the router as a trunk with encapsulation dot1q.  On the router interface you will do the same thing and then configure subinterfaces fa0/1.1 for vlan1 fa0/1.2 for vlan2, etc.

Each subinterface will be configured with its own subnetted IP address and mask.

James

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card