Re: Adding VTP Transparent switch to VTP server switch

csross · ‎06-16-2006

I have a 3750 VTP server and many 2950 clients. I also have one public class C address that is assigned to one of the vlans (vlan 3), and ports from vlan are on the client and server switches.

I want to add a switch to network but only have the uplink and 1 or two of its ports on the public network, the rest in 2 local vlans. I don't want it in VTP so I will put it in transparent mode, but I'm not sure what to do with regards to public access.

Is this what I need to do on the transparent switch to allow remote access to the switch, remote access to the servers that need public access, and have 2 local vlans

1) Create the same vlan # (vlan 3) as defined on the VTP server for the public network

2) Define the trunk port

3) Connect the uplink to the VTP server.

4) Assign one of the public addresses to that vlan interface (vlan 3) so I can access the switch remotely

5) Assign whatever remaining ports that need public acces to Vlan 3

6) Create the vlans that are local only to the switch and assign their ports.

One last thing, can I limit the vlans allowed on the uplink to limit broadcasting, etc?

Thanks

Roberto Salazar · ‎06-16-2006

1) Create the same vlan # (vlan 3) as defined on the VTP server for the public network.

>> Yes, vlan 3 in this transparent mode can be the same subnet/vlan as in the vlan 3 in the server mode switch. They just do not exchange VTP advertisements.

2) Define the trunk port

>> yes, if you want all the vlans to propagate through this single port

3) Connect the uplink to the VTP server.

>> I assuemd this port is the turnk port in item 2.

4) Assign one of the public addresses to that vlan interface (vlan 3) so I can access the switch remotely

>> Remotely from outside your private network or remotely from within. It's not really necessary to assing puclic ip to the switch for mgmt purposes.

5) Assign whatever remaining ports that need public acces to Vlan 3.

>> not sure what you mean by this, assign the remaining port to what vlan?

6) Create the vlans that are local only to the switch and assign their ports.

>> vlans in the transparent mode switch is not necessarily local to that switch, think of what you asked about vlan 3, where that vlan also exist in other switch in your case you said the vtp server mode switch. that vlan can exist in the vlan database of all the switches in your network, hence not local to a single switch.

One last thing, can I limit the vlans allowed on the uplink to limit broadcasting, etc?

>> Yes, you can clear unwanted vlan on a trunk port and allow only what needs to propagate through that trunk port.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea7/cr/cli2.htm#wp1635508

switchport trunk {{allowed vlan vlan-list}

Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. See the following vlan-list format. The none keyword is not valid. The default is all.

globalnettech · ‎06-16-2006

Hello,

your step-by-step plan sounds good. Regarding limiting the VLANs on the trunk, use the command:

switchport trunk allowed vlan

since you cannot use VTP pruning (after all, you do not want the switch to participate in VTP)...

Regards,

GNT

csross · ‎06-17-2006

Thank you for your response.

I was wondering if I have to create the same vlan# as on the vtp server for it to be a member of that vlan, but just not participate in vtp? The same IPs are in vlan3 on the server and this new transparent switch.

Do I set enter the switchport trunk allowed vlan command on the trunk port (uplink) on the server or the new transparent switch? Or do I need to allow only vlan3 on the server side since the other vlans on the new switch are local to it.

Thanks again