Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VLAN setup

I'm new to this so please forgive my ignorance. My question: How can I set up two VLANs that maintain security between the two (VLAN1 cannot access VLAN2 and vice versa). We have a Cisco 1721 router (ver 12.3) and a HP Procurve 2524 switch in the network. Do I have to configure both the switch and router for this, i.e. both router and switch have the same VLAN configuration? I would appreciate any config examples, help or advice you can give. Thanks again!!

[I may have posted this originally in the wrong topic group.]

5 REPLIES

Re: VLAN setup

Diane,

You are lucky to have a 1721 instead of a 1720. As intervlan routing is not supported on a 1720.

Here is a link to configuring intervlan routing using Cisco switch. Since you will be using 802.1q trunking on router and switch (HP should support this - check their documentation), configuration should be similar.

http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a00800949fd.shtml

HTH

Sankar

PS: please remember to rate helpful replies!

New Member

Re: VLAN setup

Sankar,

In the documentation you suggested, it deals with Cisco 2600, 3600 and 4500/4700 routers. I just want to confirm that this should work equally as well with the 1721 that we have.

If I reviewed the documentation correctly, both the switch and the router have to be configured for VLAN.

Thanks again!

Re: VLAN setup

I have not programmed a HP Procurve switch, so I am not sure if HP supports 802.1q.(99% chance that it should) But the documentation holds true for a 1721 as well. Like I said before, since you are going to be using different vendor equipments, you need to use 802.1q and I think 1721 also supports only 802.1q. You will need to configure vlans on the switch database and then configure a trunk port and connect to the router to that trunk port. Allow the created vlans on this port, so that all vlans are trunked to the router. On the router, you will have to configure as many sub interfaces as the number of vlans you created and under each sub interface you have type the command "encapsulation dot1q ".

HTH

PS: please remember to rate helpful posts!

VIP Purple

Re: VLAN setup

Hello,

yes indeed, you have to create the VLANs on both the switch and the router. Since in your initial post you were asking how to make sure that VLAN 1 and VLAN 2 cannot talk to each other, here is what the entire configuration of the 1721 should look like (including access lists that disallow communication between VLANs):

interface FastEthernet0/0.1

encapsulation dot1q 1 native

ip address 192.168.1.1 255.255.255.0

ip access-group 100 out

!

interface FastEthernet0/0.2

encapsulation dot1q 2

ip address 192.168.2.1 255.255.255.0

ip access-group 101 out

!

access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip any any

!

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip any any

Have you set up the VLANs on your HP 2524 already ? In case you don´t know exactly how to set VLANs up on the ProCurve, here is the link to the manual (PDF):

ftp://ftp.hp.com/pub/networking/software/59692354.pdf

Regards,

GP

New Member

Re: VLAN setup

Thank you! I appreciate all the help!

403
Views
17
Helpful
5
Replies