Solved: Re: VLANing using 3500xl switches

jonathan.hudson · ‎01-27-2006

Currently we have two separate LAN infrastructures each using only VLAN 1. Each LAN has a unique IP address subnet.

This is a campus environment. There is now a need to connect a small building on the campus that will have a few devices on one LAN and a few other devices on the other LAN. The company doesn't want to buy 2 switches. We have a 3524 switch with two fiber connections and we have enough fiber pairs so that we can use one fiber connection for each LAN. Each of the fiber connections would terminate into another 3500 switch in each LAN.

Is there a way I can define two VLANs on the switch in the small building, yet have the traffic for each LAN go over it's own fiber link to the appropriate LAN and be handed off as being part of VLAN 1 so that I don't have to define a new VLAN on a number of existing switches? Could the feature to configure the native VLAN for untagged traffic be used?

pkhatri · ‎01-27-2006

Absolutely..

Since the ports at each end are access ports, frames sent out over these ports will be raw untagged Ethernet frames...the VLAN ID will only be used internally within the switches. Consider this a form of VLAN translation...

It should work quite well.

Hope that helps - pls rate posts that help.

Regards,

Paresh

View solution in original post

pkhatri · ‎01-27-2006

Hi Jonathan,

You could do this:

- configure 2 VLANs on the 3524, say VLANs 100 and 200

- configure the fibre interface to the first existing switch as an access port in VLAN 100

- configure the fibre interface to the second existing switch as an access port in VLAN 200

- for devices at the new building that need to connect to the first LAN, configure the 3524 port to which they are connected as an access port in VLAN 100

- for devices at the new building that need to connect to the secondLAN, configure the 3524 port to which they are connected as an access port in VLAN 200

I reckon that should work and you need to change nothing on the existing switches...

Hope that helps - pls rate posts that help.

Regards,

Paresh

jonathan.hudson · ‎01-27-2006

Thanks for the quick response. Just to make sure I understand... currently we have two separate LANs (Office and Production) each only using VLAN 1. On the 3524 in the new building, configure VLANs 100 and 200 and assign the necessary ports to the appropriate VLAN. Assign one fiber interface to VLAN 100 (Office) and the other to VLAN 200 (Production).

Would each fibre connection work with the existing switches on each LAN since they only use VLAN 1? As an example, for the Office LAN, the fibre connection on the 3524 would be defined as an access port for VLAN 100 and it would work with the existing Office LAN switch on the other end of the fibre connection that is defined as an access port for VLAN 1?

Thanks for helping make sure I understand.

pkhatri · ‎01-27-2006

Absolutely..

Since the ports at each end are access ports, frames sent out over these ports will be raw untagged Ethernet frames...the VLAN ID will only be used internally within the switches. Consider this a form of VLAN translation...

It should work quite well.

Hope that helps - pls rate posts that help.

Regards,

Paresh

jonathan.hudson · ‎02-16-2006

Paresh,

Your solution worked! Thanks!

Now the only detail is the message "%CDP-4-NATIVE_VLAN_MISMATCH" that is now logged on each end of the fiber link every 60 seconds. I did some investigation to see how to supress the message but did not find anything. Any idea?

pkhatri · ‎02-16-2006

Hi Jonatha,

The 'error' message is simply because you have used different VLAN IDs on the access ports at either end. The message is pretty harmless in itself.

There are a couple of options to get rid of it:

- configure the native VLANs on your two sites to be 100 and 200 respectively.

- enable CDP version 1 on your switches. YOu can do this using: 'no cdp advertise-v2'.

The latter option is simpler and you don't really lose much in a network such as yours

Hope that helps - pls rate the post if it does.

Paresh

Georg Pauwen · ‎01-27-2006

Hello,

if you cannot create a new VLAN and need to use the existing VLAN 1 from both locations, there would be a (rather tedious) approach to this: add static MAC address entries on the switches connecting to your 3524. Let's say you have the following setup, including the 3524 switch:

Lan1(3500_1) --> Fiber Link --> 3524 --> Fiber Link --> Lan2 (3500_2)

On switch 3500_1, you would add static MAC entries for the devices from Lan2 like this:

mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2

Interface GigabitEthernet0/2 would be an unused interface, and by statically directing the MAC addresses from the other VLAN to that unused port, you effectively deny access for these MAC addresses. Do the same for the MAC addresses from Lan1 on switch 3500_2.

I am not sure if this is going to work as desired, but you might want to give it a try...

Regards,

GP