2950 multi-vlan

Hi, I need a help!
I have a Catalyst 2950 with 24 ports.
How Can I add 2 or more vlans in an interface? This interface is connected with a Firewall.
With Catalyst 2900 no problem, I use switchport.
Thks.

With 2950, you will need to configure the port to "trunk" if you want to carry more than one VLAN over it. Does your firewall support trunking?

Similar Messages

  • What happened to the multi-vlan feature?

    I've read cisco documentation that discusses the multi-vlan feature on the 2900 XL series, but not for the 2950s. Is this functionality provided in a different way on the 2950s?

    The short answer is yes, via trunking.
    The multi-vlan feature was originally supported on the early 2900XL hardware since the asics used at the time did not support ISL or dot1q encapsulation. When the updated 2900XL and the 3500XL were released they had asics that did support ISL and dot1q encapsulation and so multi-vlan support was no longer required. A decision was made to keep the multi-vlan feature available for these platforms... I assume... so that customers with a mix of 'old' and 'new' hardware could configure them the same.
    When the 2950 and 3550 were released a decision was made to no longer support the multi-vlan feature since the hardware of both already supported either ISL and dot1q (3550) or dot1q (2950).
    HTH,
    Bobby

  • 3550, 12.0(5)WC9, "switchport multi vlan 24,25"== 3750, 12.2(25)SEC2, ?

    Dear all;
    Many IOS trains for the 2950, the 3550 and the 6500 has mode "multi" for its ports to make one port belonging to different vlans. It is issued as follows:
    interface FastEthernet0/16
    description xxxxxxxxxx
    duplex full
    speed 100
    switchport multi vlan 24,25
    spanning-tree portfast
    What is the corresponding mode for the 3750 platforms running under 12.2(25)SEC2 IOS?
    Regards

    Hi;
    Nope! There is no prerequisite -other than sited in this document. And there is no "multi vlan" condition.
    Please review the same document you've posted."
    Step 4
    monitor session session_number destination {interface interface-id [, | -] [encapsulation replicate]}
    Specify the SPAN session and the destination port (monitoring port).
    For session_number, specify the session number entered in step 3.
    Note For local SPAN, you must use the same session number for the source and destination interfaces.
    For interface-id, specify the destination port. The destination interface must be a physical port; it cannot be an EtherChannel, and it cannot be a VLAN.
    (Optional) [, | -] Specify a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen.
    (Optional) Enter encapsulation replicate to specify that the destination interface replicates the source interface encapsulation method. If not selected, the default is to send packets in native form (untagged).
    Note You can use monitor session session_number destination command multiple times to configure multiple destination ports. "
    And hereafter an example:
    "This example shows how to remove any existing configuration on SPAN session 2, configure SPAN session 2 to monitor received traffic on all ports belonging to VLANs 1 through 3, and send it to destination Gigabit Ethernet port 2. The configuration is then modified to also monitor all traffic on all ports belonging to VLAN 10.
    Switch(config)# no monitor session 2
    Switch(config)# monitor session 2 source vlan 1 - 3 rx
    Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2
    Switch(config)# monitor session 2 source vlan 10
    Switch(config)# end

  • Dual band router with multi vlan suggestion

    Hi, I've got a RV220w and would like the change a dual band router
    but I find out that RV042G only have port based vlan seems like same in network but separate multi vlan
    any other suggestion like RV220w with multi vlan in different network
    what I want to do is dual band network and create vlan network ip by myself same as RV220w
    192.168.0.0 vlan1
    192.168.1.0 vlan2
    192.168.2.0 vlan3
    192.168.3.0 vlan4
    192.168.4.0 vlan5
    Thanks

    RV042G does not support tagged VLAN. What you need is a Cisco RV320 or a Linksys LRT224.

  • Port with multi-vlan for voice and data??

    Hi guys,
    I've a situation where my VOIP and DATA on a different segments. Voice is 10.x.x.x riding on VLAN 701. And my data is 192.x.x.x riding on VLAN 100.
    The problem occur when our receptionist PC have a software installed for call forwarding for our general line. This software need to be on the same vlan with the IP Phone vlan which is 701. If I put her PC on those vlan, she can't access
    to our LAN which is vlan 100. So she can't check her email etc.
    Can I know what is the options I have? Can I configured multi-vlan for her PC on the switch? We are using Cisco PoE 3560 switch. Thanks.

    Hi,
    on the L3 switch, you should have an IP address for both VLAN 701 and 100. So, the L3 switch is doing inter-VLAN routing.
    This means, unless you have ACL blocking traffic, any device will be able to reach any other device, even on a different VLAN.
    And, no matter where you put voice and applications, everything will work anyway.

  • Cisco 2950 dual Vlans

    I have 2 Cisco 2950 switches one for each network in my office. One switch is full the other only has 8 ports used. Since both swithches are 24 port I though I might be able to split the switch on the underused network and allocate 12 ports on it to the other busy network.
    I assume I have to create 2 Vlans on the switch, but can I assign 1 vlan with the same IP as the other switch and simply patch them together.

    Hi Mark,
    first of all i have a question.... Why do u need ip adresses on your switch? just to manage them?
    If so here is my suggestion...
    u should assign 3 vlans not 2... make one of them your management vlan and assing an ip addresses from a diffent subnet than your nodes. Then configure a trunk between the two switches. Remember to make your management vlan the native vlan (switchport trunk native vlan ).
    Next u assign each port to the appropriate vlan and your done.
    If u manage the switches via console port, forget about ip adresses... u dont need one. just make two vlans and assign the ports (dont forget the trunk).
    Regards,
    Sebastian

  • 2950-EI vlan issue

    Hi,
    Originally someone else setup the switch, gave it a vlan of 6, an ip on the vlan interface, and assigned all the ports to vlan 6. I added a vlan 7. Assigned it to one port (nothing was plugged into it), and the telnet session dropped out. Now I cannot telnet to the switch via the ip setup on vlan 6.
    Can someone explain to me how I telnet to this switch once again?
    Thanks in advance

    Hi Jschar,
    I was sure that was the problem because you updated in your first post that you have assigned vlan 7 to unused port.
    2950 is a layer 2 switch so only one vlan with an ip can be active on it. Actually layer 2 switch only need an ip on interface vlan just to manage it remotely as you are doing via telnet.
    So as soon as you assign or create any other vlan and assign any ip to it it will remain in line protocl down state but as soon as you assign any port to that new vlan the line protocl will come up and it will bring down the other interface vlan (vlan 6 in your case) as that was the reason you lost the telnet connection.
    Yes you are very right you can create many vlans at layer 2 and it will be active and work fine. And if you create a trunk on a port which is already in vlan 6 it will definetely allow all the vlan including your vlan 7 till the time you manually restrict it.
    I will suggest just let the interface vlan 6 with an ip address so that you cxan telnet it anytime for remote management and craete a trunk to allow other vlans to pass through the network.
    HTH
    Ankur

  • WAN Load-Balancing and multi VLAN design

    Hello,
    I need some help to define the design of a specifi LAN-WAN network.
    1) There are 2 independant WAN entries (they have their own ISP-managed router)
    2) I need to load-balanced the requests over the 2 WAN
    3) If possible, the load-balancer must be redundant (GLBP ?)
    4) On the LAN itself, there must be 15 different VLAN
    5) We also need a DHCP solution (also redundant if possible) to provide IP to these VLAN, with unique gateway (the load-balancer)
    What do I need to implement this configuration ?
    And is it possible to configure with as much GUI as possible ?
    Thanks in advance for your help.

    Dear Mike,
    Thank you and welcome to the Small Business Support Community.
    It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
    The Policy Routing setting you setup is exactly what I would do in your case.
    I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
    Kind regards,
    Jeffrey Rodriguez S. .:|:.:|:.
    Cisco Customer Support Engineer
    *Please rate the Post so other will know when an answer has been found.

  • 2940 connected to 2950 with VLANS

    Hi
    In my office, i have an 2940, no config. I want it to connect to the access sw, which again is connected to the dist/core. My port in the access sw have this config:
    interface FastEthernet0/8
    switchport access vlan 99
    switchport mode access
    switchport voice vlan 20
    no ip address
    spanning-tree portfast
    When i connect the 2940 to this 0/8 port, only some traffice seems to pass. I have several IP phones in my office, but only two would register. The pc is connected via IP phone, but then, only the pc get's access, not that IP phone. I find this strange, about how i should configure the 0/8 port in the 2940, so that all the traffice from the access sw gets through to all my 2940 ports.
    regards
    /alf

    If you configure port fa0/8 to be member of vlan 99 and voice vlan 20 you can only connect a IP phone to that port with built-in switchport that connects the PC/notebook.
    You should not connect a switch to that port. If you want a to connect that switch you can use a trunk to transport VLANs. Furthermore portfast is ONLY to be used on edge ports.

  • Multi site, multi vlan configuration question

    Hi Brian,Good questions.If the router connects to the switch on a VLAN 1 access port then it is a non-issue since the packets are not tagged.If there is a trunk between the router and the switch with tagged traffic, then I would recommend using inside and outside VLANs on the switch. Essentially this is just two VLANs, one for each Wanos interface so that it sits in the middle of the traffic flow. For example the gateway would say be in a VLAN 100 sub-interface on the router. Wanos wan0 would be in VLAN 100 and the lan0 interface remain in VLAN 1 along with the devices. The only way to the gateway is through the bridge. The bridge deployment is almost always the simplest way to get going, but where it is not possible, router mode is also available.Express will be ok for one remote location and if either direction across the WAN is...

    Ok, I'm getting ready to setup Wanos for a test run at one of our remote locations. I'm seeing packet loss on the circuit to this specific site and I want to test the packet loss recovery capability of Wanos. Our network topology is point to multipoint with MPLS connections between our main location and each of our 7 remote offices. So at our main location if I read correctly I would have to add a bypass rule for all the other offices that do not have a Wan optimization device.I have to preface my question with this... we have VLAN tagging going on at the remote locations for data and voice. The switch is ultimately responsible for the tagging of the packets. The IP phones and computers are both on completely different networks. The devices are assigned their IP's from the router through DHCP with the data VLAN 1 as the default. The...
    This topic first appeared in the Spiceworks Community

  • VLAN trunking

    I have a 2950T-48-SI, a 3508G-XL, and a 3548-XL.
    The 2950T and the 3508 are connected via Gig0/1 on the 2950 and Gig0/7 on the 3508.
    The 3548 and the 3508 are connected via Gig0/1 on the 3548 and Gig0/1 on the 3508.
    I have been using only the default VLAN for all of my devices. I now want to add a new VLAN (#10) and I want to be able to move each workstation port to a specific VLAN as needed.
    Devices on the 2 VLANS do NOT need to communicate with each other and each VLAN has it’s own router.
    I’ve created the new VLAN on all switches. The VLAN10 router is connected to the 2950, as is a port in my office. When I assign that port in my office to VLAN10, I get a DHCP address from my VLAN10 router and I get out to the world correctly (through the VLAN10 router and not the VLAN1 router). So I know that the basic VLAN10 is working properly, getting to the correct router, etc.
    The problem comes when I try to reconfigure the remote switches (the 3508 and the 3548) to use the new VLAN (in addition to the default VLAN). I can get the 3548 to talk to the 3508 correctly on VLAN10, but I can’t get the 3508 to talk to the 2950 on VLAN10.
    The options for Administrative Mode and Administrative Encapsulation on the Gigabit ports are different on the 2950 switch than they are on the 3500XL series, and I guess I don’t know how to set them up correctly.
    On the 2950, the only Administrative Encapsulation choice is 802.1Q. The Administrative Mode choices are:
    Static Access
    Dynamic Access
    Dynamic Desirable
    Dynamic Auto
    802.1Q Trunk
    802.1Q Trunk NonNegotiate
    On the 3508 and 3548, the only Administrative Encapsulation choice is ISL. The Administrative Mode choices are:
    Static Access
    Multi-VLAN
    Dynamic Access
    ISL Trunk
    802.1Q Trunk
    It seems like the Encapsulation settings should match on both ends, but that doesn’t seem to be possible on these switches …
    Can someone help educate me ?
    Thanks, Susan

    Hi Susan,
    The encapsulation settings need not be same through out the network and it should be same on 2 oints connected to each other.
    Yes 2950 only supports dot1q
    So when you connect 2950T and the 3508 via Gig0/1 on the 2950 and Gig0/7 on the 3508 you can use dot1q encapslation and just issue a command
    switchport mode trunk
    When you connect 3548 and the 3508 via Gig0/1 on the 3548 and Gig0/1 on the 3508 you can also use dot1q trunk or ISL trunk your wish but better to use dot1q.
    config t
    interface interface_id
    switchport mode trunk
    switchport trunk encapsulation dot1q
    If you issue this config on all the switches connected to each other it should definetely form a trunk.
    Only thing is when you put this commands on 2950 switch need not put dot1q as it only supports dot1q
    config t
    interface interface_id
    switchport mode trunk
    HTH, if yes please rate the post.
    Ankur

  • Catalyst 2950 series

    Hello everybody,
    I have a Cisco Switch, model WS-C2950C-24 with the IOS version 12.0(5.3)WC(1).
    I have created two VLANs, so I have trying to assign one Ethernet port to those VLANS,
    I saw, this option is not avaliable. Switch(config-if)# switchport mode multi vlan [#], [#]. (this command does not exit).
    When I typed switchport mode ? , It appears just access and trunk,
    Could you help me to find a command to assign one port to several VLANs.?
    Thank you.
    Best Regards,

    2950s do not support multi-VLAN ports. You need to make it a trunk if you need to pass more than one VLAN over a link.
    You are seeing it in parser because you are running ancient 12.0 code(which also runs on XL series which support multivlan ports).

  • 802.1x Machine and User Auth Vlan assignments

    I have machine and user auth working between Win2K PC and ACS 3.3 but not sure how to best use the Vlan assignment feature. I use Vlans for different departments and if I assign a vlan in ACS to a machine when it authenticates but the user is assigned to a different Vlan, I don't get a renewed IP.
    Here is how it's working now:
    1. Machine authenticates to ACS and assigned to a Vlan
    2. User logs in and if they are assigned to the same Vlan as the machine, works fine. If assigned to another vlan, the switchport does get changed but the PC still has an IP from the initial Vlan it was assigned to. Releasing and renewing doesn't work but I really don't expect it to.
    So, I figure the solution to this is just not set a per user vlan and only set it per machine. But, the group mapping in ACS looked like a great way to assign Vlans based on a user's Active Directory group but it doesn't appear to recognize the different computer OU's we have. So I can assign vlan's based on user groups but not computer groups. As machines are added to ACS, I could change them to an ACS group with the Vlan set but this would be a lot more work than an automated method like unknown user policy.
    So, how are others assigning machines to vlans in large multi-vlan networks using ACS and 802.1x?

    By default users and computers belong to different global groups. "Domain Users" vs. "Domain Cmpouters" for example.
    As for your example, it seems like you have a misbehaving supplicant, and authentication is attempting and then timing out and starting over .. that never actually gets to fail, so the auth-fail stuff won't help.
    Note: A good way to troubleshoot this is to notice it in action via show command:
    Here's an example of what you should see on a switch port.
    AuthSM State = State of the 802.1X Authenticator PAE state machine
    VALUES:
    AUTHENTICATED -- Auth Succeeded
    AUTHENTICATING -- Auth is attempting
    CONNECTING -- Dot1x is up and configured and trying to locate a supplicant.
    HELD -- Auth probably failed.
    BendSM State = State of the 802.1X back-end authentication state machine
    VALUES:
    IDLE -- Nothing is happening.
    REQUEST -- Switch sent some EAP data to AAA, and is waiting to get something back.
    RESPONSE -- AAA sent the switch back some data, and the switch in turn asked the supplicant for more data.
    NOTE: You should rarely see the RESPONSE state above. If you see it for more than a second or so i nthe middle of an auth attempt, that's a smoking gun that you might have a mis-behaving supplicant, b/c it shouldn't take that long to send an EAPOL frame. The switch will eventually time out, and start auth over.
    Hope this helps,

  • Basic Vlan routing question

    I am connecting a 4503 to a 2950.  I have native Vlan 1 between them on the trunk.  On that vlan 1 the subnet is 172.16.138.0.  The default gateway on the 2950 is 172.16.138.1.  There are devices attached to the 2950 that are all subnet 172.16.98.0.  I need to be able to get those devices to talk to the 4503. The only vlan I had on the 2950 is vlan 1.   I made another vlan on the 2950 but when I try to no sh it I get kicked out of the switch.     Any ideas?              

    The 2950 is a L2 switch and can only have a single vlan interface for management. When you're creating a new vlan, it's kicking you out because the 4500 doesn't have the vlan configured to support the new vlan that you're creating. That being said, you should be able to do the following to route your other subnet:
    If the 4500 vlan 1 subnet is 172.16.138.0/24, and you're wanting to create 172.16.98.0/24, you'll need to do it on the 4500.
    4500: (Assuming you want to create vlan 10)
    vlan 10
    int vlan 10
    ip address 172.16.98.1 255.255.255.0
    Then you'll need to trunk the port that leads to the 2950 - assume that's fa0/1
    int fa0/1
    switchport trunk encaps dot1q
    switchport mode trunk
    Then on the 2950, you'll need to keep your vlan 1 interface:
    int vlan 1
    ip address 172.16.138.2 255.255.255.0
    ip default-gateway 172.16.138.1 <-- this is to get to the management vlan interface above from another subnet
    Then create your vlan that matches on the 4500 (vlan 10)
    vlan 10
    Trunk the port that leads to the 4500 (assuming f0/1)
    int fa0/1
    switchport trunk encaps dot1q
    switchport mode trunk
    Then the ports that you want on vlan 10, you'll put in the vlan:
    int range fa1/2-48
    switchport mode access
    switchport access vlan 10
    Your hosts will use 172.16.98.1 as a default gateway, but that traffic will be routed at the 4500 series switch. The 2950 cannot do the routing for you, but it can carry the vlan information that you need.
    HTH,
    John
    *** Please rate all useful posts ***

  • VLANs across switches without trunking

    Assuming that you only have one VLAN, is it possible to have that single VLAN reach across multiple switches without trunk ports? I've inherited a network of a handful of Cat 6506s, and Cat4006's, which have one big flat /22 in a single VLAN. I'd like to break it up into smaller chunks and seperate VLANs, but I'm rather suprised that it appears to be working with one VLAN but without trunks.

    Actully you can run seperate access port links per vlan, chewing up a seperate physical port per vlan on each switch. There was a 2900 series switch I had a long time ago that supported vlans but not trunks.
    It had a feature called multi vlan that you could add to a port, but this was a way of letting one port talk to all vlans and was messy.
    But you could run a seperate cable for each vlan. if you have 5 vlans then 5 cables between switch A and switch B, port 1 vlan 1, port 2 vlan2, port 3 vlan3, etc...

Maybe you are looking for