11-24-2003 11:45 PM - edited 03-02-2019 11:57 AM
Can i create 3 VLAN in a layer 2 switch namely VLAN1,VLAN2,VLAN3 and configure in such a way that VLAN1 can communicate with all the other VLAN and other systems that are connected through a non-manageble switch and hubs and no other system in the network should communicate or connect to systems in VALN1 unlease specifically authenticated? If it can be done , can someone suggest how to configure for the same and documents related to this?
Thanks in Advance
11-25-2003 01:03 AM
For VLAN 1 to communicate with other VLANs you will need a Layer 3 device (router). The scenario you are trying to accomplish will not work with a Layer 2 switch.
11-25-2003 01:20 AM
If my VLAN1 is in ip range 10.1.1.0/24 and VLAN2 is in ip range 10.2.2.0/24 and VLAN3 in the range 10.3.3.0/24 and do a vtp trunking and it points towards the ethernet interface of the router which has primary ip in 10.1.1.0/24 and two secondary ip 10.2.2.0/24 and 10.3.3.0/24, will this make the 3 vlan to communicate with each other through the ethernet interface of the router. Will this work? If it works can i implement security on the layer 2 switch of securing the vlan1 for other vlans.
Thanks in Advance
11-25-2003 04:06 AM
For Layer 3 routing between VLANS you need to specify a VTP domain. At least 1 of your switches must be a VTP server any others can be clients unless they don't actually participate in the VLAN infrastructure then you can set them as transparent e.g.
server mode....
set vtp domain PINDAR
set vtp mode server
set vlan 2 6/3-8
set vlan 2 6/10
set vlan 2 6/13
set vlan 2 6/17
set vlan 2 name Cust_Svcs
set trunk 1/1 1-1000
set trunk 1/2 1-1000
set vtp pruning enable
set vtp pruneeligible 2-1000
client mode....
vlan database
vtp client
vtp domain PINDAR
vlan 2 name Cust_Svcs
exit
int f0/1
switchport mode access
switchport access vlan 2
int f0/2
switchport mode access
switchport access vlan 2 ...
...
..
...
int f0/24
switchport mode access
switchport access vlan 2
int g0/1
switchport trunk encap isl
switchport mode trunk
int g0/2
switchport trunk encap isl
switchport mode trunk
Not sure that you can do the secondary address set-up on the router's Ethernet interface. You may need to set them as sub-interfaces and set the encapsulation to whichever trunking mode you are using e.g
interface FastEthernet3/0
no ip address
duplex auto
speed auto
!
interface FastEthernet3/0.1
encapsulation isl 2
ip address 193.xxx.17.133 255.255.255.0
no ip redirects
!
interface FastEthernet3/0.2
encapsulation isl 3
ip address 193.xxx.15.108 255.255.255.0
no ip redirects
VLAN1 is by default the native VLAN. All ports will be on this VLAN until you assign them to another VLAN.
I was using 3640 routers, a Cat 4000 and Cat 2900 switches. Try that and see if it works for you.
Regards.
Steve.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide