Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VLANS on Catalyst 4500

We have two 4500 series switches set up with an etherchannel between the two and configured in a flat network with secondary interfaces. There are 6 different secondary interfaces. There are several 3Com switches uplinked to the 4500's and servers connected directly to some of the ports on the switch. The switch is also running RIP for route distribution to secure tunnels via the Internet thru another router.

Of course the goal is to VLAN all of the secondarys into seperate broadcast domains.

My questions are these:

Do I just create the layer 2 and layer 3 VLANs on the switch and give the servers the respective layer 3 address as the default gateway for that server, or do the ports have to be specifically assigned to the VLAN also?

2. The 3com switches that are uplinked to the 4500, this port will have to be converted to a trunk port correct?

3. The 3com I am thinking is also going to have to have the ports "tagged" so the VLANs can be trunked to the Cisco, is this correct?

4. Can you prevent routing from one VLAN to another (in the 4500)for security reasons and still have all the VLANs routed to the other VLANs configured in the switch?

4 REPLIES

Re: VLANS on Catalyst 4500

Hello,

1> If you are configuring trunks to connect to the DLINKs then there's no need to add the vlans to the interfaces.

switchport

switchport mode trunk

switchport trunk encap dot1q

For the servers, you have to use :

switchport

switchport mode access

switchport access vlan #

2> I think its better to set these links as trunk

switchport

switchport mode trunk

switchport trunk encap dot1q

3> Yes, you can use do1q between cisco and 3com

4> Yes, you can use ACL to restric traffic inter-vlan, if needed.

HTH,

Vlad

New Member

Re: VLANS on Catalyst 4500

Is it as simple as that?

What about down time? I will have to do all this with out loosing any connection, is this possible?

How would the access-list configuration look?

I guess I am not sure what all needs to be done.

Re: VLANS on Catalyst 4500

Do I just create the layer 2 and layer 3 VLANs on the switch and give the servers the respective layer 3 address as the default gateway for that server, or do the ports have to be specifically assigned to the VLAN also?

>> Yes, you need to create a vlan database or through the config mode, then you need to assing these vlans to the appropriate L2 ports, then you need to create the SVi, interface vlan, for inter-vlan routing and default gateways for the hosts and servers.

2. The 3com switches that are uplinked to the 4500, this port will have to be converted to a trunk port correct?

>>Yes and No. Yes, if the 3com ports are assigned to different vlans or will be assinged to different vlans.

No, if all the port will be assigned to the same vlan. Trunk is just so you can allow multiple vlans to propagate through a single port - a trunk port. If the switch connected to that port will not have multiple vlans then no need to trunk, it will be much simpler. But the port on the 4500 will have to belong to a vlan where those users in 3Com you would like them assigned to.

3. The 3com I am thinking is also going to have to have the ports "tagged" so the VLANs can be trunked to the Cisco, is this correct?

>> terms might not be the same but the concept to allow multiple vlans to propagate through a single port is what cisco called trunk. The industry standard used to encapsulate packets (tagged them with vlan ID) is Dot1Q. In Cisco, there is native vlan concept which basically is the vlan that is not tagged with vlan ID.

4. Can you prevent routing from one VLAN to another (in the 4500)for security reasons and still have all the VLANs routed to the other VLANs configured in the switch?

>> Yes, for that you can create an ACL preventing certain network to talk to certain networks.

Rate helpful posts.

New Member

Re: VLANS on Catalyst 4500

bosalaza,

I think I understand conceptually where you are going but I am not sure exactly how it should be implemented.

Could you explain in a little more detail (sorry), about what the config would look like?

suppose for example some of the servers were attached directly to this switch on ports 2-10 and there are 3com switches linked on ports 13,14 and 15 with multiple VLAN's needing to be trunked.

Also say I wanted to prevent vlan 2 from talking to vlan3?

It seems I am having trouble getting what it should look like.

269
Views
0
Helpful
4
Replies