Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
3
Replies

I need VLAN help...

rmiles
Level 1
Level 1

‎03-27-2003 05:07 PM - edited ‎03-02-2019 06:12 AM

First off let me give a run down on what I am trying to accomplish. As of now, our network consists of all layer 2 switching. Every switch is on VLAN 1. All access switches are 3500XL's.

Soon we will be adding 3524 inline power switches to each closet. Then we will connect 1220 Access Points to the 3524PWR's.

I would like to have the wireless clients on different VLAN's, while keeping wired clients on VLAN 1. The wired clients will eventually be placed in different VLANs as well, but not now. I am trying to phase this in.

So, below is a diagram of what I am trying to do. I have only been able to get this partially working.

Here are my questions:

1. Should I use VLAN 1 on both 3524's as a management VLAN? I can't seem to ping out to either 3524 when I do it this way. Or should I create a VLAN 1 address on the first 3524 and a VLAN 50 address on the second 3524?

2. What should the default gateway addresses be on each 3524?

I actually did get this working weeks ago, but now I seem to have forgotten how I did it.

-CURRENT-

------------

| CORE | Currently, all ports are in VLAN 1 (172.16.18.10/20). The core is a

------------ Alcatel switch.

|

|

|

----------

| 3524 | All access ports on this access switch in VLAN 1.

----------

-FUTURE-

-----------

| CORE | Currently, all ports are in VLAN 1 (172.16.18.10/20). The core

----------- switch is a Alcatel. I also have created VLAN 50 (10.1.50.254/24).

|

| 802.1q trunk

|

----------

| 3524 | I want all access ports on this access switch in VLAN 1 still.

----------

|

| 802.1q trunk

|

----------

| 3524 | I want all access ports on this switch in VLAN 50 (10.1.50.0/24).

---------- (There may be a need to create multiple wireless VLAN's off of this

| 3524.)

|

|

--------

| AP | Wireless Access Points will connect to the 3524 and I want all clients

-------- to be in VLAN 50 (10.1.50.0/24). Right now one AP is connected and

addressed as 10.1.50.1.

Thanks!!!

Labels:
0 Helpful
3 Replies 3

milan.kulik
Level 10
Level 10

‎03-28-2003 12:25 AM

Hi,

to your questions:

1. I think it's a good idea from the compatibility point of view to leave VLAN1 as a management VLAN and also as a native VLAN on the trunks. This might be confidered as a security weakness but I don't think so.

(I remember some discussion about management VLAN port not working while there was no access port assigned to the same VLAN on the switch but I beleive it was not on 3524.)

2. The default gateway addresses should be the same on all switches which have management VLAN1 - your default router address (in 172.16.18.10/20 address range). But remember - default gateway is used by switch itself to connect out of the management VLAN (Telnetting to the switch from another network, e.g.), this value is not used for user traffic forwarding.

Generally, I would expect incompatibility problems while setting 802.1q trunk between Alcatel and Cisco switches. Be careful regarding native VLAN and PVST.

Regards,

Milan

0 Helpful

dasberry
Level 1
Level 1

‎03-28-2003 06:09 AM

Hi,

Our network much like yours is switched fabric. However the rules of thumb for vlan's are this:

VLAN 1 - should be reserved for Maintenance / Management

VLAN 10 - make this your wireless VLAN for your access-points

VLAN 20 - for your wired users

Next your default gateway should be that of your primary device that you have the switched network on. Example:

Router - L3 Switch address 172.16.1.1

1st Switch - 172.16.1.x ---- default gate 172.16.1.1

2nd Switch - 172.16.2.x --- default gate 172.16.1.1

At the router or L3 device point your default gate to the one you have defined currently in your network. This should move your traffic as you expect it to.

0 Helpful

rmiles
Level 1
Level 1
In response to dasberry

‎03-28-2003 06:39 PM

Thanks for the responses!

It seems that VLAN 1 is where my problem lies. I would like to just VLAN everything now, wired and wireless clients. The problem is that we have a few thousand nodes. So, what I want to do is be able to VLAN the wireless clients now while keeping wired clients on VLAN 1 until I am able to move them. I wanted to do this in a phased approach. I work in a hospital so there is no time that I can do this without affecting hundreds of people.

Once I trunk VLAN 1 and 50 on the core VLAN 1 stops working. If I create a VLAN 2 and assign it the address that was on VLAN 1 it works as well as VLAN 50. I assume this is because VLAN 1 frames aren't tagged? The core Alcatel switch will not allow me to change the native VLAN to something other than 1. I believe if I could change the native VLAN to something other than 1 I could proceed with my plan of leaving wired clients on VLAN while migrating in wireless VLAN users.

Does anyone have any suggestions on how I can still accomplish a phase in process to VLANs in my network?

Thanks!

0 Helpful
Customers Also Viewed These Support Documents