Cisco SG 300-10 VLAN and IP Interface Question

Similar Messages

• Cisco switch 300 configure vlan and ports

  Hi i need help
  i cant see the vlan on port vlan membership
  i did create the vlan and i did configure the port the access
  but when i try to port vlan membership to tell which port to wich vlan i cant see the vlan i have created in the list
  thanks to help

  Hi,
  This forum is focusing on the issues related Windows Server.
  To get better help, please post your question on the forum of cisco.
  Here is the address,
  https://supportforums.cisco.com/
  Best Regards.
  Steven Lee
  TechNet Community Support

• Cisco 877w -Configuration of subinterfaces and main interface within the same bridge group is not permitted

  Hi,
  I have another problem - after upgrade ios wirelles connection not work.
  After reload i have :
  Configuration of subinterfaces and main interface
  within the same bridge group is not permitted
  STP: Unable to get the port parameters.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  SETUP: new interface NVI0 placed in "shutdown" state
  my old configuration work propertly in the old software, but after update i have notificatio.
  Old thread:
  https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
  my current sh run:
  version 12.4 
  no service pad 
  service tcp-keepalives-in 
  service tcp-keepalives-out 
  service timestamps debug datetime msec localtime 
  service timestamps log datetime msec localtime 
  service password-encryption 
  hostname cisco 
  boot-start-marker 
  boot system flash:c870-advipservicesk9-mz.124-24.T6.bin 
  boot-end-marker 
  logging message-counter syslog 
  logging buffered 4096 informational 
  enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s. 
  aaa new-model 
  aaa session-id common 
  dot11 syslog 
  dot11 ssid ciscowifi 
   vlan 1 
   authentication open 
   authentication key-management wpa 
   guest-mode 
   wpa-psk ascii 7 050D031D26595D0617 
  dot11 wpa handshake timeout 500 
  ip source-route 
  no ip dhcp use vrf connected 
  ip dhcp excluded-address 192.168.56.1 
  ip dhcp pool CLIENT 
     import all 
     network 192.168.56.0 255.255.255.0 
     default-router 192.168.56.1 
     dns-server 8.8.8.8 194.204.159.1 194.204.152.34 
     lease 0 2 
  ip cef 
  no ip domain lookup 
  no ipv6 cef 
  multilink bundle-name authenticated 
  username marek password 7 00121A0908500A 
  archive 
   log config 
    hidekeys 
  ip tcp path-mtu-discovery 
  bridge irb 
  interface ATM0 
   description Polaczenie ADSL do ISP$ES_WAN$ 
   no ip address 
   no atm ilmi-keepalive 
   pvc 0/35 
    encapsulation aal5mux ppp dialer 
    dialer pool-member 1 
   hold-queue 224 in 
  interface FastEthernet0 
   description Edzia 
  interface FastEthernet1 
   description dom 
  interface FastEthernet2 
   description Dziadek 
  interface FastEthernet3 
  interface Dot11Radio0 
   no ip address 
   no ip redirects 
   ip local-proxy-arp 
   ip nat inside 
   ip virtual-reassembly 
   no dot11 extension aironet 
   encryption vlan 1 mode ciphers tkip 
   encryption mode ciphers aes-ccm tkip 
   broadcast-key change 3600 
   ssid ciscowifi 
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 
   station-role root 
   world-mode dot11d country AU indoor 
   no cdp enable 
   bridge-group 1 
   bridge-group 1 subscriber-loop-control 
   bridge-group 1 spanning-disabled 
   bridge-group 1 block-unknown-source 
   no bridge-group 1 source-learning 
   no bridge-group 1 unicast-flooding 
  interface Dot11Radio0.1 
   description ciscowifi 
   encapsulation dot1Q 1 native 
   no cdp enable 
  interface Vlan1 
   no ip address 
   bridge-group 1 
  interface Dialer0 
   description Interfejs dzwoniacy 
   ip address negotiated 
   ip nat outside 
   ip virtual-reassembly 
   encapsulation ppp 
   dialer pool 1 
   dialer-group 1 
   ppp chap hostname [email protected] 
   ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx 
  interface BVI1 
   description Polaczenie dla sieci LAN 
   ip address 192.168.56.1 255.255.255.0 
   ip nat inside 
   ip virtual-reassembly 
  no ip forward-protocol nd 
  ip route 0.0.0.0 0.0.0.0 Dialer0 
  no ip http server 
  no ip http secure-server 
  ip nat inside source list 100 interface Dialer0 overload 
  ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80 
  ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22 
  logging trap debugging 
  logging 192.168.56.10 
  access-list 100 permit ip 192.168.56.0 0.0.0.255 any 
  access-list 100 deny   ip any any 
  no cdp run 
  snmp-server community ciskacz RO 
  snmp-server chassis-id ciskacz 
  control-plane 
  bridge 1 protocol ieee 
  bridge 1 route ip 
  line con 0 
   no modem enable 
  line aux 0 
  line vty 0 4 
   exec-timeout 0 0 
   transport preferred ssh 
   transport input ssh 
  scheduler max-task-time 5000 
  end 
  please help - thanks!

  Hello Marek,
  I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
  In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
  Remove the Dot11Radio0.1 subinterface entirely
  In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
  In the dot11 ssid ciscowifi section, remove the vlan 1 command
  After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
  Best regards,
  Peter

• Vlan and physical interface of vlan shwing different utilizations

  Puzzled???
  Anyone know why the physical interface of the vlan and the vlan interface show differnt utilizations? For instance the physical interface shows 60% utilization and the vlan interface is double that.
  Thanks in advance
  Mike G.

  as per my knowledge, the Subinterfaces are logical interfaces created on a hardware interface. These software-defined interfaces allow for segregation of traffic into separate logical channels on a single hardware interface as well as allowing for better utilization of the available bandwidth on the physical interface.
  http://www.cisco.com/univercd/cc/td/doc/product/software/iosxr3/int_c3/hc3vlan.htm

• Cisco aironet 1310G non_native vlan and dhcp

  hi evrybody
  i have problem with my cisco aironet 1310G
  non-native vlan can not get(dynamicly)ip address from cisco aironet 1310G
  this is all my configuration please can someone help me
  ip dhcp excluded-address 20.20.20.20
  ip dhcp excluded-address 20.0.0.0
  ip dhcp excluded-address 30.0.0.0
  ip dhcp excluded-address 30.30.30.30
  ip dhcp excluded-address 10.0.0.0
  ip dhcp excluded-address 10.0.0.10
  ip dhcp excluded-address 10.1.0.0
  ip dhcp excluded-address 10.1.0.10
  ip dhcp pool d01
  network 10.0.0.0 255.255.255.0
  default-router 10.0.0.10
  ip dhcp pool d02
  network 20.0.0.0 255.255.255.0
  default-router 20.20.20.20
  ip dhcp pool d03
  network 30.0.0.0 255.255.255.0
  default-router 30.30.30.30
  no aaa new-model
  dot11 ssid vlan01
  vlan 1
  authentication open
  dot11 ssid vlan02
  vlan 2
  authentication open
  dot11 ssid vlan3
  vlan 3
  authentication open
  username cisco password xxx
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  broadcast-key vlan 2 change 100
  broadcast-key vlan 3 change 100
  ssid vlan01
  ssid vlan02
  ssid vlan3
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root access-point
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  interface Dot11Radio0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 subscriber-loop-control
  bridge-group 3 block-unknown-source
  no bridge-group 3 source-learning
  no bridge-group 3 unicast-flooding
  bridge-group 3 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  hold-queue 80 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  no bridge-group 2 source-learning
  bridge-group 2 spanning-disabled
  interface FastEthernet0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  no bridge-group 3 source-learning
  bridge-group 3 spanning-disabled
  interface BVI1
  ip address 10.0.0.10 255.255.255.0
  no ip route-cache
  interface BVI2
  ip address 20.20.20.20 255.255.255.0
  no ip route-cache
  interface BVI3
  ip address 30.30.30.30 255.255.255.0
  no ip route-cache
  control-plane
  bridge 1 priority 9000
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 2 priority 10000
  bridge 2 protocol ieee
  bridge 3 priority 3100
  bridge 3 protocol ieee
  line con 0
  line vty 0 4
  login local
  end

  hi friend
  i did what you sugested but it is styl not working so plz find below the show run and debug ip dhcp server in ordr to help us thanks for all your suport
  ip subnet-zero
  ip dhcp excluded-address 20.0.0.20
  ip dhcp excluded-address 30.0.0.30
  ip dhcp excluded-address 10.0.0.10
  ip dhcp pool d01
  network 10.0.0.0 255.255.255.0
  default-router 10.0.0.10
  ip dhcp pool d02
  network 20.0.0.0 255.255.255.0
  default-router 20.0.0.20
  ip dhcp pool d03
  network 30.0.0.0 255.255.255.0
  default-router 30.0.0.30
  aaa new-model
  dot11 ssid vlan01
  vlan 1
  authentication open
  guest-mode
  dot11 ssid vlan02
  vlan 2
  authentication open
  dot11 ssid vlan03
  vlan 3
  authentication open
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  broadcast-key vlan 2 change 100
  broadcast-key vlan 3 change 100
  ssid vlan01
  ssid vlan02
  ssid vlan03
  station-role root access-point
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  interface Dot11Radio0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 subscriber-loop-control
  bridge-group 3 block-unknown-source
  no bridge-group 3 source-learning
  no bridge-group 3 unicast-flooding
  bridge-group 3 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  hold-queue 80 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  no bridge-group 2 source-learning
  bridge-group 2 spanning-disabled
  interface FastEthernet0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  no bridge-group 3 source-learning
  bridge-group 3 spanning-disabled
  interface BVI1
  ip address 10.0.0.10 255.255.255.0
  no ip route-cache
  interface BVI2
  ip address 20.0.0.20 255.255.255.0
  no ip route-cache
  interface BVI3
  ip address 30.0.0.30 255.255.255.0
  ip helper-address 30.0.0.0
  no ip route-cache
  and debug ip dhcp server {events | packets | linkage}
  *Mar 1 01:06:37.054: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
  Station 0011.a304.2b65 Reason: Sending station has left the BSS
  *Mar 1 01:06:40.140: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0011.a304
  .2b65 Associated KEY_MGMT[NONE]

• SG-300-28P VLANs and Routing

  I want to have multiple VLANs share an internet connection. Can this be done with an SG-300-28P in Layer 3 mode, directly connected to a cable modem, with no additional router?
  Does anyone have a simple example of this? CLI or web interface is fine.
  Thanks,
  -Phil

  Just out of curiousity, is this possible?
  I have currently set my SG300 up in L2 mode with a pfsense firewall as "router on a stick". I have also tried using SG300 in L3 where all inter-vlan routing was done on Switch, but I found the ACLs rather limited compared to real firewall.

• WLS Users and Groups interface questions / observations

  I'm new to WLS, having just installed OBIEE 11g for the first time. There are some oddities in WLS around setting up Users that I'd like to ask about, to see if I'm just missing something, or if the interface really IS this bad. Please feel free to comment in any way, or to correct any statements that are erroneous. Here goes:
  1. The use of Previous and Next buttons instead of a vertical scroll bar for finding users and groups in their respective lists. What if you have several hundred users, and the one you want to modify starts with the letter 'Z'? That means clicking the Next button several dozen times. (Security Realms … myrealm … Users and Groups … Users) Not only is there no scroll bar, there's no search box either. The only way to get to a user near the end of the alphabetical listing is the Next button. Is that correct?
  2. After adding a new user, what's the next most logical thing to want to do? How about assigning that user to Groups? So why do I have to click Next several times to find that new user in the alphabetical list? I don't see a sortable 'Date Modified' field for the table of users, nor a link to the "Most Recently Added" user. Nor can I assign groups during the same action as creating the user. In the example in #1, I might have to click Next several dozen times to get to the user I just added. Is that correct?
  3. When creating a new User, immediately after clicking New, where is the most likely place that I'd want to go? How about the Name field? Right now, the cursor rests in some indeterminate location. I have to hit the Tab key 14 times, or move the mouse into the Name box and click it. The active cursor position does not default to the Name box when creating a new user. Is that correct?
  4. I don't see a 'Create Like' button for creating Users, so that existing group membership can be easily replicated. I'd like to be able to add a new employee by clicking to highlight an existing user from the same department, clicking a 'Create Like' button, then entering a new user name and password, with all group memberships assigned automatically based on the source user. The same could be said for replicating groups. I don't think that exists. Is that correct?
  5. I don't see a clean way to return to the User list on the page on which I clicked a user name. Imagine that I'm going through my entire list of users one at a time to set an attribute. I click on the user JSMITH and set the attribute. The only way to get back to JSMITH's page and select the next user list is to hit the browser's back button three times, or to click the Users and Groups breadcrumb at the top of the screen and use the Next link multiple times to find that page again. Is that correct?
  6. I don't see a way to bring up a Group and assign Users to it from a list. It appears that the only way to assign a User to a Group is to access a User profile and click Groups. If we're creating a new group that has 200 users selected from a list of 500 users, that could potentially represent somewhere between 5000 and 10000 mouse clicks. It would be much more efficient to be able to bring up a group, then select its members from a list of users. That does not appear to be possible. Is that correct?
  7. It also appears that when assigning groups for Users, the list of Available Parent Groups sorts the lowercase entries after all uppercase entries, so that groups that start with the letter 'a' fall after groups that start with 'Z'. That is not the case with the list of users. The User table uses a case-insensitive sort. Is that correct?
  8. When I want to delete more than one User, and the ones that I want to delete are on different pages, there appears to be no way to select those users from multiple pages at the same time. So, imagine that I have 500 users, and I want to delete two users, one of whom is listed on page 48, and the other on page 50. I would have to click the Next button 47 times to find the first user and delete it. At that point, the interface returns to page 1, and I have to click the Next button 49 times to reach the second user. Is that correct?

  Hi,
  Regarding your first question, you might want to press the "Customize this table" button, then select the maximum allowed amount of rows in "Number of rows displayed per page:" that would resolve some of the problems you're having with the interface. I do think this is not a great graphical tool, and there are some usability issues.
  Regarding the adding of users to groups, it seems the way you describe is the only way of doing it, however you could try using a script instead of the graphical console, the easiest way of making it is adding a user to a group while using the "Record" button on the top of the screen to get a wlst script to use as a model, then create a new script with all new users you want to add/modify.
  Regards,
  Franco.

• Configure Voice and Data VLAN in CISCO SF 300 8P

  I have a couple of Cisco SF 300 8P and 24 P Switches. I have voice and Data VLAN configured as :
  Data VLAN : Default 145.17.59.0/24
  Voice VLAN : VLAN 20 172.22.20.0/24
  I have different DHCP servers as for Data VLAN we have physical server which is configured for 145.17.59.* IP Scope and Voice VLAN DHCP Server is configured in Gateway router with option 150.
  This configuation works fine with other cisco swiches like 2960 and 3750 etc except CISCO SF 300 8P and 24P. I was trying to configure both voice and Data VLAN in these CISCO Switches so that CISCO phone (Model 6941) shold get IP from Voice VLAN and PC should get IP from Data VLAN DHCP Server. I have tried several techniques like LLDP, Port to VLAN Config etc.
  Can anyone please guide me/help on this.
  Regards,
  A K.M.Sayeed

  Hi A.K.M., with Cisco phones you should be able to simply set auto voice VLAN to be VLAN20. 
  voice vlan id 20
  You should ensure CDP and/or LLDP are enabled as well. I would check this in web GUI. DHCP for the phones can come from the switch, a DHCP server on a VLAN20 access port or you can use dhcp helper to redirect DHCP to server elsewhere.
  If you prefer or have issues with CDP or LLDP you can also program ports as trunks and add tagged VLAN 20 to them.  In this scenario you need to insure inter-vlan routing is working and that phones download config file with corrrect VLAN config.
  These switches do not run ios so they are similar but different than catalyst switches you referred to.
  -- please remember to rate helpful posts --

• Problems setting up Guest VLAN on Cisco SG 300-28

  Hi,
  I am primarely enquiring whether the setup I have explained below is actually possible, and if so then how I can set this up. I know it isn't the easiest configuration and I need to set this up without purchasing any more equipment if at all possible.
  I have a Cisco SG 300-28 setup with three VLAN's
  VLAN1 (Business) - 192.168.10.0 - Switch IP 192.168.10.254
  VLAN2 (VOIP) - 192.168.20.0 - Switch IP - 192.168.20.1
  VLAN3 (Guest) - 192.168.30.0 - Switch IP - 192.168.30.1
  Default Gateway is 192.168.10.1 (Netgear Router)
  I have a Wireless network setup (Netgear WMS and 2 WAP's) configured with the TWO VLAN's (1 and 3). These go into ports on the Cisco SG 300-28 which are tagged on both VLAN's. The Business wireless worked fine but the guest network didn't reout out to the internet.
  After some troubleshooting I realised the reason the guest wasn't working was because there was no route back from the internet to the router.
  The router I have isn't really ideal, it is a Netgear DGN2200, but I managed to create a static route to 192.168.30.1 with a metric of 2, with 192,168,10.254 being the hop.
  Success, the connection worked, the only problem is that now my guest network can see my business network because the business network is using the static route on my router to route back over to the guest network (due to the limitations of this device I can't do anything about that)
  So basically, what I have is
  Guest network can connect to Business VLAN via switch. I am assuming this is because the router is on the Business VLAN and the default gateway is the router. As they are on the same network the Guest network can inevetably see the business server and network.
  The Business network can get back to the Guest network via the router using my static route I created. The static route is really basic and I can't create a firewall rule on the router to prevent the Business network speaking to guest network because it only has a LAN - WAN firewall and this connection is LAN - LAN.
  What I need is...
  to somehow stop any traffic from the 192.168.30.0 network routing to anything on the 192.168.10.0 network, appart from the router on 192.168.10.1.
  Is this possible? I have this setup on a number of different site, the only difference is I have a CIsco Security Router on these with the VLAN's configured so I don't have this problem. Because I have a rather limited Netgear DGN2200 I am unable to setup the VLAN's correctly and as such I need to see if I can do this on the switch in any way.
  Any assistance would be much appreciated.
  This is my first post by the way so if I missed anything out that would help anybody then please let me know.
  Kind Regards
  David

  Hi David,
  Why not apply a access list to filter incoming traffic into the SG300 switch such as, via command line or GUI.
  Here is an example below, by no means complete, just an example
  Just remember,  we are using reverse masking in the ACE;
  config
  ip access-list extended restrictGuest
  deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
  deny tcp 192.168.30.0 0.0.0.255 any 192.168.30.1 0.0.0.0 www
  deny tcp 192.168.30.0 0.0.0.255 any 192.168.30.1 0.0.0.0 telnet
  deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
  permit ip any any
  exit
  interface gigabitethernet1
  service-acl input restrictGuest
  exit
  Don't forget to save the configuration with the following command and respond to the prompt.
  write
  or do it via the GUI method
  Step 1.  Create a ACL name
  step 2, Add the port based ACE which is the filter list,.
  step 3.   Apply or bind the list to a port so that the port can look at and filter pattern matches for traffic ingressing into the switch.  I have given you an example of a ACE list above, you can be more creative in what you deny.
  step 4. Now add or copy the entry to other switch ports.
  Remember to save your configuration change.
  Hope this helps.
  regards Dave

• Static VLAN with Cisco SF 300-24 - Configuration

  Hello Everyone!
  Let me start by saying that i am quite new to cisco equipment.
  I have a new Cisco SF 300-24 and try to configure a static VLAN.
  What Interface VLAN Mode should I Use? General or Trunk?
  I am looking for a step by step instruction.
  Any help would be appreciated,
  Thanks!
  Jürgen

  Hello Everyone!
  Let me start by saying that i am quite new to cisco equipment.
  I have a new Cisco SF 300-24 and try to configure a static VLAN.
  What Interface VLAN Mode should I Use? General or Trunk?
  I am looking for a step by step instruction.
  Any help would be appreciated,
  Thanks!
  Jürgen

• VLAN's Cisco SF 300-24

  I need create vlans in Cisco SF 300-24 Switch.
  Ports 1 to 6 are available for other ports (from 7 to 24).
  For examples:
  port 7 is available for ports from 1 to 6 but is not available for ports from 8 to 24,
  port 8 is available for ports from 1 to 6 but is not available for ports from 9 to 24 and 7,
  port 9 is available for ports from 1 to 6 but is not available for ports from 10 to 24 and 7 and 8,
  .....(to port 24)
  How I can do it?
  When I add ports from 1 to 6 to VLAN 12, the ports was automatically removed with VLAN 11(in attachment).

  Hi Dominik,
  Here are the rules for VLANs ..
  When you set the switch port  interface to  access mode, a switch port can be only a member of one untagged VLAN
  When you set the switch port  interface to trunk mode, a switch  port can be a member of only one untagged VLAN but also a  member of many Tagged VLANs.
  But what you seem to be trying to achieve is use ports 1-7 as  unprotected or open  ports  for  ports 8-24 within the switch.
  Really seems like something called  Priveate Vlan Edge PVE, whereby protected ports will only forward packets to unprotected ports and not other protected ports. .
  Here is the definition found in the help text from within the switch.
  Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows:
  Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and Link Aggregation Groups (LAGs)) that share the same Broadcast domain (VLAN).
  Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications.
  Port protection is not subject to VLAN membership. Devices connected to protected ports are not allowed to communicate with each other, even if they are members of the same VLAN.
  Both ports and LAGs can be defined as protected or unprotected. Protected LAGs are described in the Configuring Link Aggregation section.
  So my steps were
  So I am wondering if you really need to configure alot of vlans.
  make ports 8-24 protected port
  Save the configuration
  Clicked to tick the option to protect switch port 8.
  That's what we end up with , port 8 is now protected.
  Now lets copy the settings from port 8 to ports 9-24, see the circled area below.
  now will in the ports you also wish to protect.
  Now ports 8-24 are protected ports.
  Hosts on these ports will only be able to communicate with hosts on ports 1-7 or  switch port 24 onwards, in the case of my switch.
  Make sure you save your configuration.
  I hope this is what you want.
  regards dave

• The difference between IEEE802.1Q Native VLAN sub-interface and Physical interface?

  Hello
  I think the following topologies are supported for Cisco Routers
  And the Physical interface also can be using as Native VLAN interface right? 
  Topology 1.
   R1 Gi0.1 ------ IEEE802.1Q Tunneling  L2SW ------ Gi0 R2
  R1 - configuration
  interface GigabitEthernet0.1
   encapsulation dot1Q 1 native
   ip address 10.0.0.1 255.255.255.0
  Topology 2.
  R1 Gi0 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
  interface GigabitEthernet0
  ip address 10.0.0.1 255.255.255.0
   And is it ok to use the physical interface and sub-interface with dynamic routing such as EIGRP or OSPF etc?
  R1 Gi 0 ---- Point to Multipoint EIGRP or OSPF ---- Gi0 R2 / R3 
        Gi 0.20--- Point to Point EIGRP or OSPF --- Gi0.10 R4  (same VLAN-ID) 
  R1 - configuration
  interface GigabitEthernet0
   ip address 10.0.0.1 255.255.255.0
  interface GigabitEthernet8.20
   encapsulation dot1Q 20
   ip address 20.0.0.1 255.255.255.0
  Any information is very appreciated. but if there is any CCO document please let me know.
  Thank you very much and regards,
  Masanobu Hiyoshi

  Hello,
  The diagram is helpful.
  If I am getting you correctly, you have three routers interconnected by a switch, and you want them to operate in a hub-and-spoke fashion even though the switch is capable of allowing direct communication between any of these routers.
  Your first scenario is concerned with all three routers being in the same VLAN, and by using neighbor commands, you force these routers to establish targeted EIGRP adjacencies R1-R2 and R1-R3, with R1 being the hub.
  Your second scenario is concerned with creating one VLAN per spoke, having subinterfaces for each spoke VLAN created on R1 as the router, and putting each spoke just in its own VLAN.
  Your scenarios are not really concerned with the concept of native VLAN or the way it is configured, to be honest. Whether you use a native VLAN in either of your scenarios, or whether you configure the native VLAN on a subinterface or on the physical interface makes no difference. There is simply no difference to using or not using a native VLAN in any of your scenarios, and there is no difference to the native VLAN configuration being placed on a physical interface or a subinterface. It's as plain as that. Both your scenarios will work.
  My personal opinion, though, is that forcing routers on a broadcast multi-access segment such as Ethernet to operate in a hub-and-spoke fashion is somewhat artificial. Why would you want to do this? Both scenarios have drawbacks: in the first scenario, you need to add a neighbor statement for each spoke to the hub, limiting the scalability. In the second scenario, you waste VLANs and IP subnets if there are many spokes. The primary question is, though: why would you want an Ethernet segment to operate as a hub-and-spoke network? Sure, these things are done but they are motivated by specific needs so I would like to know if you have any.
  Even if you needed your network to operate in a hub-and-spoke mode, there are more efficient means of achieving that: Cisco switches support so-called protected ports that are prevented from talking to each other. By configuring the switch ports to spokes as protected, you will prevent the spokes from seeing each other. You would not need, then, to configure static neighbors in EIGRP, or to waste VLANs for individual spokes. What you would need to do would be deactivating the split horizon on R1's interface, and using the ip next-hop-self eigrp command on R1 to tweak the next hop information to point to R1 so that the spokes do not attempt to route packets to each other directly but rather route them over R1.
  I do not believe I have seen any special CCO documents regarding the use of physical interfaces or subinterfaces for native VLAN or for your scenarios.
  Best regards,
  Peter

• Cisco RV180 VLAN tagging WAN interface

  Is there by any chance in the future firmware update that this product (RV180) will be able to support VLAN tagging on WAN interface like the Cisco's RV315W router? ISP in Singapore (Singtel) and Malaysia(Unifi) (http://klseet.com/index.php/mikrotik/mikrotik-rb750-750g/setup-for-unifi) requires certain type of vlan tagging on the WAN interface for it to work. 
  Is there any workaround to this?

  I tried with only two vlans and set the DHCP active only for the office "vlan2". Computers receive the correct ip but some of them won't register on the network, i tried to set the ip manualy on the computers but that computer will still be isolated.
  Ex: computer A receives ip 192.168.10.25, Subnet 255.255.255.0, Gateway 192.168.10.1, for 2-3 minutes i can access the router on 192.168.10.1 and the internet, after a random time interval the gateway won't even respond to ping.It's not from firewall related issues as i set to accept all both incoming and outgoing. If i set a manual ip corresponding to vlan1 "default" everything works.It's like that computer is isolated so i believe it has to do with the asignment of Tagged, untagged and Excluded settings on the vlans.

• Vlans and cisco router

  I have a netgear managed switch and a cisco 1750 router. I would like to set up 2 vlans. the first one is a wan, with a residential cable model connected to it. the other vlan is for my private lan. I will then have the cisco router connected to one port on the switch set up as a trunk. I'm no pro, but from what I've read so far, it should work that way, right? the part I need help with is setting up the cisco router as a gateway and dns proxy, accepting the dynamic ip, gateway, and dns addresses from the cable modem.
  I did see this http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Getting%20Started%20with%20LANs&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddcef50
  router in a stick *write that down* so my setup should work if I can figure out the router configuration. a good online tutorial or something would be helpful for this. I have plenty of cisco books, but maybe something for dummies would help me get started, before digging into the tough stuff.

  In order to set up inter vlan routing or a "router on a stick" with a netgear switch you will need a router that supports IEEE 802.1q VLAN Support.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/8021q.htm#28767
  On the router interface that is "trunked" to the switch you will need to have a configuration that looks like the what I have below.
  Router(config)#interface FastEthernet0/1.1
  Router(config-subif)#encapsulation dot1Q 1 native
  Router(config-subif)#ip address 10.xx.xx.16 255.255.255.xxx
  Router(config-subif)#interface FastEthernet0/1.2
  Router(config-subif)#encapsulation dot1Q 2
  Router(config-subif)#ip address 10.xx.xx.130 255.255.255.xxx
  The sub-interface 1."2" corresponds to the vlan id on the trunk. In this case the .2 is vlan 2.
  I have attahced a link that exlains the intricate details on inter vlan routing below:
  http://www.cisco.com/warp/public/473/50.shtml
  Lastly you may want to check the Cisco IOS feature Navigator. I was looking at it and I did not see that the 1750 has IEEE 802.1q VLAN Support. It looks like the 1751 is the first platform in the 1700 series that does.

• Cisco 1702i WAP: how to get an interface in a non-native bridge group/ VLAN to be recognized by the internal DHCP server

  Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
  Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
  In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
  interface bvi1
    ip address 192.168.1.205 255.255.255.0
    no ip route-cache
    exit
  It would be the ..1. subnet.
  Since the dhcp pool is set as:
  ip dhcp pool GeneralWiFi
    network 192.168.1.0 255.255.255.0
    lease 1
    default-router 192.168.1.1
    dns-server 8.8.8.8
    exit
  There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
  Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
  Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve