Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
6
Replies

Moving away from VLAN1 on 4006 switch

JUSTIN LOUCKS
Level 1
Level 1

‎02-04-2003 10:18 AM - edited ‎03-02-2019 04:47 AM

I had a reply to an earlier post where an individual suggested that no actual ports be put on VLAN1 of a Catalyst 4006 switch as this is only to be used for switch/router management and uses process switching where as any additionally configured VLANs would use fast switching. I am wanting to confirm this as well as get some assistance on correcting the problem.

Unfortunately the switch is in-place and in-use, so I have to make the corrections here without extended downtime. I have created a new VLAN on the 4006 and placed one port in the VLAN for testing. I found that it does not communicate with the rest of the network as the SC0 interface is still a member of VLAN1 and there is no correlation between the two VLANs yet. Is there a way to make the SC0 work for both VLANs or am I going to have to schedule an outage and re-assign the SC0 interface and all other ports to the new VLAN to get everything moved over and working again.

Any assistance would be greatly appreciated.

Thank you,

Justin Loucks

Labels:
0 Helpful
6 Replies 6

paulo.s
Level 1
Level 1

‎02-04-2003 02:04 PM

Hi ! I don't know, if I will help you .

Did you configure an ip address for each vlan ? It 's important, because this IP will be the Default Gateway for your subnets.

Verify if vlans are shutdown .

Paulo

0 Helpful

JUSTIN LOUCKS
Level 1
Level 1
In response to paulo.s

‎02-04-2003 03:34 PM

The switch has a S2 engine running the CAT OS which I am not that familiar with. I have not yet been able to figure out where you assign an IP address to a VLAN (I don't see anything under the "set vlan ?" options. Again I would appreciate any assistance/feedback you can lend on this issue.

0 Helpful

paulo.s
Level 1
Level 1

‎02-04-2003 02:12 PM

Go to :

http://www.cisco.com/warp/public/473/8.html#topic5

0 Helpful

Erick Bergquist
Level 6
Level 6
In response to paulo.s

‎02-05-2003 12:12 AM

You need a router or Layer3 blade for the 4006 to route between VLANs.

The sc0 interface is just for management purposes. It's an address on the switch to telnet to, do SNMP queries to, etc.

Process-switching and fast-switching are switching methods used on routers or the router modules.

Here's what I think the person was trying to tell you. Whatever VLAN sc0 is assigned to is the mangement VLAN. Thus whatever broadcasts (ARPs, etc) are occurring in this VLAN the switches management interface will need to process them just like any other device in that VLAN. So for example, you have a broadcast storm in the VLAN sc0 is in the switch management will probably be very slow or unresponsive until the broadcast storm goes away.

0 Helpful

efrahim
Level 4
Level 4
In response to Erick Bergquist

‎02-05-2003 09:50 AM

Not only this but under broadcast strom, if the sco is in the same vlan than other, it will cause high cpu and switch can still missing bdpdu , can cause all other types of problems.

Management interface can be part of one vlan at a time,.so you have to sch the downtime or you can move the sco in the different vlan that the other ports in that case, you just need to have the console access on the switch and while switching the ip address , you only going to lose the telnet capabilities of the switch and everything else will be working..

Hope this helps

0 Helpful

vincent-n
Level 3
Level 3

‎02-05-2003 09:29 PM

Justin

It was me who put a posting on the board about NOT putting "normal" devices on VLAN1 because of process switching instead of fast switching. I can see that you haven't much experience on the Catalyst 4006 running CatIOS so I'll try my best:

1. From security point of view, it's wise to have routers/switches on VLAN1 and all other "normal" devices on other VLANs. ie you won't have an intruder directly connected to your routers/switches but instead will have to be routed and thus susceptible to things like security ACLs.

2. The process/fast switching on Catalyst 4006 is applicable ONLY when you have a L3 routing blade (part # WS-X4232-L3). Cisco documentation said that any traffic going in/out of VLAN1 when using the L3 module WILL be process switch instead of fast switch. I found this out when I was trying to implement MLS on the 4006. Traffic being routed between other VLANs will be automatically fast switched by the L3 module. I've tested this and found that the same transfer to/from other VLANs is something like 10 times faster than VLAN1. Note that what I said here is NOT applicable to other L3 devices other than the L3 module on the 4006. ie if you're using an external router to do VLAN routing then what I said is not applicable.

3. Leave the interface SC0 of the switch on VLAN1 (and its IP address on VLAN1 of course). The interface SC0 does NOT do any routing function for you hence it's no use playing around with it. What you'll have to do is to create other VLANs, assign ports to other VLANs (like what you did), configure VLAN routing on your L3 device (whether it's a L3 blade or an external router) and things will work.

If you're not sure, let me know (email vincentn#mediamonitors.com.au) and I'll do my best to help.

0 Helpful
Customers Also Viewed These Support Documents