Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2948G-L3 VLAN'ing

I'm a new user to the 2948G-L3 switch and am having some degree of difficulty simply doing what I want to do. I'll try to be as descriptive as possible here to define what it is I want to do. If anyone is willing to help, they are more than welcome to email me directly for more information.

I recently purchased a 2948G-L3 switch for the purpose of upgrading the performance on a small network. In particular, I want to isolate some machines from others using VLANs with interVLAN routing. In the past, I have had no trouble doing this on a CatOS based 6509, but this switch is pure IOS 12 and it's got me a little lost.

I have 3 networks I want to create;

Network 1

192.169.1.0/24 FastEthernet2-FastEthernet3

Network 2

192.168.2.0/24 FastEthernet3-FastEthernet4

Network 3

172.17.129.0/24 FastEthernet5-FastEthernet6

In this configuration, I would like Net1 and Net2 to be routable to one another (the 2948 being the DEFAULT router on both networks), but would like Net3 to be completely isolated.

In CatOS, this is a simple process using "set vlan" on a particular port. With the 2948G-L3 the process appears to be much more involved, and honestly, I haven't a clue where to begin......so ANY help is much appreciated.

4 REPLIES

Re: 2948G-L3 VLAN'ing

Hi,

You're going to need to do bridging and use IRB since this is IOS. If you search for IRB on cisco.com you should find plenty of samples.

Example config:

bridge irb

int bvi1

ip address 192.169.1.1 255.255.255.0

int fa1

bridge-group 1

int fa2

bridge-group 1

int bvi2

ip address 192.169.2.1 255.255.255.0

int fa3

bridge-group 2

int fa4

bridge-group 2

int fa5

bridge-group 3

int fa6

bridge-group 3

bvi1 is Network 1, bvi2 is Network 2.

I didn't create a bvi for network 3 since you want it

completely isolated.

the bridge-group # ties to the bvi#. Ie: bridge-group 1 goes with bvi1. The BVI interface is treated like any other router interface so you can run any routing protocol, etc.

New Member

Re: 2948G-L3 VLAN'ing

Thanks very much for the fast response. Wow, I am impressed.....these forums really work.

As per your solution then, correct me if I am wrong, but this is not utilizing what I would call traditional VLANs.....but rather bridging. VLANs would only come into play with this device when I need inter-switch VLAN'ing?

As an aside, it might be a moot-point, but is there a way to name a BVI?

Re: 2948G-L3 VLAN'ing

There is no way to name a BVI, but you could put descriptions on the interface.

ie:

interface bvi1

description Network1...

As for the VLAN question, if your doing ISL or 802.1Q (dot1q) VLAN trunking/tagging you can have subinterfaces on the fastEthernet interfaces and do VLAN trunks there. See below for sample.

interface fa1

no shutdown

interface fa1.2

description VLAN2

encaps isl 2

ip address x.x.x.x

interface fa1.4

description VLAN4

encaps isl 4

bridge-group 4

New Member

Re: 2948G-L3 VLAN'ing

Sweet. The description is perfect.

Many thanks for your help, I've got what I need to get the basic implementation going.......

119
Views
0
Helpful
4
Replies
CreatePlease login to create content