Configuring VLANs on Cisco switches - help on basics please!

Hi people.
I'm buying Cisco switches to my home lab to practice VLAN and have some doubts, would someone kindly help me?
I'm thinking of buying two 300 series switches for the servers (VMware boxes), configure two separate VLANs for VMs and two other VLANs for desktop computers, in order to simulate a small office with a datacenter and two floors (one VLAN for each floor).
I presume that the connection between each floor switch and the 300 series core switch will be via trunk mode on both, not access port mode, is that correct?
Another question: for the desktop switches, the ports that are going to connect to the desktops (which runs windows with non-vlan tagging aware nic), will be configured with the correct VLAN, and the operating system will just communicate normally as if there was no VLAN tag on the frames?
Since I need inter-vlan routing only on the core switch (the 300 series), for the desktops switches I can purchase some 200 series, right?
And the last question: presuming that I configure a third VLAN and add a third floor switch, but this time a 100 series switch that is not VLAN capable, so connecting this switch to the 300 switch, will it work, or not?
Thank you!

Hi! Thanks for the rapid answers!
I have a couple more based on the same questions:
I presume that the connection between each floor switch and the 300 series core switch will be via trunk mode on both, not access port mode, is that correct? - Yes, trunk links are required to carry multiple vlans.
So, I could also use multiple links with LAG/LACP carrying all vlans between switches?
And the last question: presuming that I configure a third VLAN and add a third floor switch, but this time a 100 series switch that is not VLAN capable, so connecting this switch to the 300 switch, will it work, or not? - Yes, bit make sure that link between these two switches should be an access link, i.e must carry only third vlan.
So, If I understand correctly, if having one vlan per floor in an office building, for economical reasons you could deploy simple non-managed and non-vlan capable switches, and in the data center, a core switch with the vlans configured for each floor?
And viewing from a technical perspective, what would be the advantages of deploying in each floor a vlan capable switch configured with the correct vlan?
And which method mentioned above is more common deployed for endpoint floor switches?
Thanks!

Similar Messages

  • What's "SAVE" configuration command for Cisco switch/ router?

    What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
    but so long, any other command that easy to remenber?

    What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
    any other command that easy to remenber?
    yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

  • How to search/Scan Vlan of cisco switch ports

    Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
    Consider this scenario as i have no access to switch and i want to know below things:
    1-Vlans created on switch?
    2-which switch port belongs to which vlan id?
    Thanks

    Hi,
    You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
    Regards,
    Aleksandra

  • Creating a private/isolated vlan on Cisco switch

    Hello
    I have many Cisco switches 65xx, 37xx at my company with a lot of vlans already configured.  I need to create a new isolation vlan that will not be able to communicate with my other existing vlans.  We are setting up a NAC solution at my company and we want a vlan that we can send ports to if the computer or device is compromised and cannot talk or risk the existing network (other vlans).  What is the best method to make this happen?
    I have created VLANs in the past but this is my first dealing with private/isolated vlans and would be grateful for any guidance on how I should implement this.

    So are you saying I should just create a new L2 vlan and not configure the vlan interface (which is at L3) for this new vlan so I cannot communicate with any of my existing vlans therefore isolating the new vlan?
    Yes, without an SVI clients in that vlan cannot communicate with anything outside that vlan.
    The only thing that wasn't clear was whether these clients should still be able to access the internet even though they couldn't talk to any other internal vlans. If they did need the internet, or any other remote network, then you would need an SVI but it sounds as though you don't want any external communication for these clients ?
    Jon

  • Configure VLANs across multiple switches

    Hi.
    I'm trying to configure a segregated network using a VLAN. There are 5 switches on the site (all SG200). A router with 2 interfaces - one for the normal network and for the segregated network - is connected and located at switch 1. The network which needs to be segregated and the PCs on it are connected to a port on switch 5. Switch 1 is connected to switch 2, 2 to 3, 3 to 4 and 4 to 5.
    I have created a VLAN but can't get the network to talk to the first switch over the link. I have created a VLAN ID 10 on each switch. Do the switches have to be linked together logically in some way to get this to work.
    Thanks.

    Hi,
    Try to create the VLAN 5 in all switches.I have assumed that Management VLAN for all switches are VLAN 1.Kindly configure Trunk between switch 1 to S2 ,S2 to S3,S3 to S4,S4 to S5, S5 to S1.Allow the VLAN's 1U,10T.
    regards
    Moorthy

  • Configuring HSRP in Cisco Switches using Dynamips

    Dear Friends,         
      I am in process of configuring hsrp using dynamips   
       when i am putting the comand
        SW1(config)#standby 1 ip 10.1.1.10
                                               ^                                
      % Invalid input detected at '^' marker.      
       its showing error i,e the command is support by switch ios
      Please check the show version command for ios details
    "SW1#sh version Cisco IOS Software, 3600 Software (C3640-IK9O3S-M), Version 12.4(7), RELEASE SOF TWARE (fc6) Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Wed 01-Mar-06 00:58 by alnguyen  ROM: ROMMON Emulation Microcode ROM: 3600 Software (C3640-IK9O3S-M), Version 12.4(7), RELEASE SOFTWARE (fc6)  SW1 uptime is 3 hours, 13 minutes System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0 x0, BOOT_COUNT 0, BOOTDATA 19 System image file is "tftp://255.255.255.255/unknown"    Cisco 3640 (R4700) processor (revision 0xFF) with 94208K/4096K bytes of memory. Processor board ID 00000000 R4700 CPU at 100MHz, Implementation 33, Rev 1.2 16 FastEthernet interfaces DRAM configuration is 64 bits wide with parity enabled. 125K bytes of NVRAM. 8192K bytes of processor board System flash (Read/Write)  Configuration register is 0x2102  "
    Can anyone help me in solving this issue. Any kind of help is greatly appreciated

    Hi,
    SW1(config)#
    you have to be in (layer-3) interface configuration mode, e.g. on a SVI:
    R1#conf termR1(config)#interface vlan1R1(config-if)#standby 1 ip 1.1.1.1
    Hope that helps
    Rolf

  • Native VLAN on Cisco Switches

    I have a question regarding the default native  vlan, I have a cisco based environment and I set vlan XXX on a native on  trunk links, I also running Multiple Spanning Tree on my switches &  create instances for vlan segregation.
    My question is here could I put vlan 1 (default) in any of instance or not?
    Thanks & Regards,

    With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
    Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
    I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
    Daniel Dib
    CCIE #37149
    Please rate helpful posts.

  • Native vlan on 3750 switch

    Is it possible to configure AAA and EAPFAST on a 3750G switch to use a vlan other than vlan1 for management/native vlan?  We are working with RADIUS on Server 2008.

    Hi John,
    Yes, you can do that.
    On 3750 you can take a look at the feature called 802.1x Authentication with VLAN Assignment:
    http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1289244.
    Basically, you define on the RADIUS server what VLAN each User (or User Group) you want to assign, then when the user connects the PC to the port, it authenticates and the RADIUS server returns the required attributes for VLAN assignament to the switch. The switch interprets them and changes the switchport to the configured VLAN.
    The switch will be a simple man-in-the middle during authentication and only processes the RADIUS Reject (if authe fails) or RADIUS Accept (if authe passes).
    The authentication methods like EAP-FAST must be agreed between the RADIUS server (AAA Server) and the PC (AAA supplicant).
    If you want to authenticate users based on certificates you have to use either EAP-FAST, EAP-TLS or EAP-TTLS.
    The most widely spread (which comes by default on WinXP machines) authentication method is PEAP which uses MS-CHAP (username/password) to authenticate users.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Has anyone develped an EM plug-in for Cisco switches or routers

    Folks,
    Has anyone develped an EM plug-in for Cisco switches or routers? Please reply to this thread if you have developed one and would like to share your experience in developing this plug-in?
    Thanks,

    It's probably not the conversion from CMYK to RGB that's causing the problem, but color profile (ICC) embedding in Photoshop. Fireworks doesn't read color profiles. You might be able to create an action to remove the color profile in Photoshop and then batch process the images with it.

  • Help with inline VLAN Pair and switch configuration

    Hello,
    I'm new to IPS and IDS in general, but I have an IPS-4255 and a couple of Catalyst 2900 switches to experiment with. I'm currently trying to enable an Inline VLAN Pair configuration on the IPS and have a simple setup.
    SW1 and SW2 have vlans 100 and 200 configured. PC1 and PC2 are on the same IP range (no routing). PC1 on vlan 100 connects to Sw1. PC2 on vlan 200 connects to SW2. The IPS connects to a SW2 trunking port, and SW1 and SW2 are connected together on another trunking port.
    I know that my trunking is working because PC1 and PC2 can ping each other whenever they are on the same vlan of either switch. But, they can't ping when on the separate vlans.
    From what I've read, the IPS with an Inline VLAN Pair acts as a bridge between the two vlans and should forward the traffic if it passes inspection. However, the IPS does not appear to see any traffic at all.
    My IPS is configured with inline VLAN pair 100->200 and associated to vs0.
    Have I missed something in my config somewhere? Or am I misunderstanding how inline VLAN Pairs are supposed to work?
    Below are my configs for the switches and the IPS.
    Any help would be appreciated. Thank you!
    IPS Config
    service interface
    physical-interfaces GigabitEthernet0/0
    no description
    admin-state enabled
    duplex auto
    speed auto
    alt-tcp-reset-interface interface-name GigabitEthernet0/3
    subinterface-type inline-vlan-pair
    subinterface 1
    description test
    vlan1 100
    vlan2 200
    exit
    exit
    service analysis-engine
    virtual-sensor vs0
    physical-interface GigabitEthernet0/0 subinterface-number 1
    inline-TCP-session-tracking-mode vlan-only
    exit
    exit
    SW1 and SW2 config
    interface FastEthernet0/1
    switchport access vlan 100
    interface FastEthernet0/9
    switchport access vlan 200
    interface FastEthernet0/18
    switchport trunk encapsulation dot1q
    switchport mode trunk
    interface FastEthernet0/24 (Sw 2 only)
    description IPS port
    switchport trunk encapsulation dot1q
    switchport mode trunk

    It has been awhile since I've dealt with a 2900 switch to I am just trying to guess at what may be wrong with your setup.
    I noticed that neither of your trunk port configuration are specifically stating which vlans are allowed on the trunks.
    It is possible that for the trunk between the 2 switches there may be some protocol negotiation so the switches can determine which vlans to trunk, BUT no such negotiation will happen with the sensor. If I remember right you will need to specifically state which vlans the trunk to the sensor should carry. If I remember right the commmand would be something like:
    switchport trunk allowed-vlan 100,200
    You will want to find the show command on your switch that will show you which vlans are actually being trunked by the port. It might be something like "show switchport trunk"
    And you will want to verify that the switch is actually trunking vlans 100 and 200 to your sensor.
    On your sensor you will want to execute "show interfaces" and look at the statistics for Gig0/0 to see if it is receiving packets on vlan 100 and 200.
    You can also run "packet display GigabitEthernet0/0" to see if any packets are making it to your sensor.
    You will also want to check Link status and make sure your sensor is linking up properly with your switch. A common mistake is to connect the wrong ports, as some sensors do not have the port numbers clearly marked.
    NOTE: If the above doesn't help, then take the additional step of eliminating the second switch. Attach both pcs to the same SW2 switch (1 in each vlan). The second switch isn't necessary to test the inline vlan pair functionality. Connecting both PCs to the same switch will help eliminate any possibility of misconfiguration between the 2 switches.

  • How to set up VLANs for Cisco SG500 - 28 switch

    Hi,
    First of all, this is my first post in here, I hope someone can help me, and please be patient since I am very little experienced.
    OK, so let me explain you the scenarion that I am facing and hopefully someone will be able to help me.
    We have a Cisco SG500 - 28 port gigabit switch in our workplace.
    Our goal, is to create 3 VLANs and seperate the networks between different departements.
    VLAN1 (which is the default VLAN in the switch) - will be used for IT department and the management.
    VLAN100 - will be used for business .
    VLAN200 - will be used for guests who need to connect to the internet through WiFi.
    I have created VLAN100 and VLAN200, and VLAN1 is there by default.
    I want to use port 13 for VLAN200 and to connect the Wifi access-point there.
    The uplink is in port 25.
    I would be glad if you could explain me the stuff first in a abstract more general level, and then we can look at the specific scenario that we have.
    The Cisco SG500 - 28 gets internet from a Sophos UTM 9 router.
    I will need to take care of inter-VLAN routing as well, and subnet, and DHCP
    Thanks in advance,
    Kindest regards,
    D

    Hello Desmond,
    You have two different options:
    Option 1:
    Configure Sg500 switch as a Layer 2 switch and let the Sophos firewall do all the Layer 3 routing along with internet access. If you choose this option, then, you need to configure your uplink port as a trunk port and allow all 3 vlans to pass through. Also, you need to make sure that the Sophos device supports VLANs and trunking (or at least sub interfaces and create sub interfaces for each vlan). Also, all LAN devices will have the respective sub-interface/VLAN interface IP on the Sophos as their default gateway.
    Option 2:
    Configure SG500 switch as a Layer 3 device and configure intervlan routing to manage internal network traffic locally and send just the internet traffic to Sophos device.
    You need to create Layer 3 interfaces for VLAN1, VLAN100, and VLAN200 on SG500 and then make those Layer 3 interfaces default gateway for respective VLAN.
    You can configure the uplink port as an access port in one of the VLANs.
    Make sure that the Sophos device has an IP on the same subnet as the VLAN you chose for the uplink port.
    You also need to enter static routes on the Sophos device for the remaining two subnets on the SG500 (next hop address pointing to the IP address of the VLAN that the uplink port belongs to).
    Also, on the SG500, you need to configure a default route, next hop address pointing to the Sophos interface IP address.
    Hope this helps.
    Nagaraja

  • Configure Voice and Data VLAN in CISCO SF 300 8P

    I have a couple of Cisco SF 300 8P and 24 P Switches. I have voice and Data VLAN configured as :
    Data VLAN : Default 145.17.59.0/24
    Voice VLAN : VLAN 20 172.22.20.0/24
    I have different DHCP servers as for Data VLAN we have physical server which is configured for 145.17.59.* IP Scope and Voice VLAN DHCP Server is configured in Gateway router with option 150.
    This configuation works fine with other cisco swiches like 2960 and 3750 etc except CISCO SF 300 8P and 24P. I was trying to configure both voice and Data VLAN in these CISCO Switches so that CISCO phone (Model 6941) shold get IP from Voice VLAN and PC should get IP from Data VLAN DHCP Server. I have tried several techniques like LLDP, Port to VLAN Config etc.
    Can anyone please guide me/help on this.
    Regards,
    A K.M.Sayeed

    Hi A.K.M., with Cisco phones you should be able to simply set auto voice VLAN to be VLAN20. 
    voice vlan id 20
    You should ensure CDP and/or LLDP are enabled as well. I would check this in web GUI. DHCP for the phones can come from the switch, a DHCP server on a VLAN20 access port or you can use dhcp helper to redirect DHCP to server elsewhere.
    If you prefer or have issues with CDP or LLDP you can also program ports as trunks and add tagged VLAN 20 to them.  In this scenario you need to insure inter-vlan routing is working and that phones download config file with corrrect VLAN config.
    These switches do not run ios so they are similar but different than catalyst switches you referred to.
    -- please remember to rate helpful posts --

  • Help config vlan and inter routing vlan on 2 switches SF300-24 ???

    Dear Cisco!
    now we have 2 switches: SF300-24
    on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
    VLAN ID 2 (ports: 2 -6) have ip interface  192.168.2.254/24
    VLAN ID 3 (ports: 7 - 10) have ip interface  192.168.3.254/24
    VLAN ID 4 (ports 11- 15 ) have ip interface  192.168.4.254/24
    and VLAN 1 default have IP address: 192.168.1.200
    DHCP relay  - DHCP server 192.168.3.1
                       - DHCP relay: VLAN2; VLAN3; VLAN4
    ip route: 0.0.0.0   0.0.0.0  192.168.3.1
    all ports of VLAN2, VLAN3, VLAN4 set access mode.
    and another SF300-24
    was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports  2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
    And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
    But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
    Could you please help me check this situation?
    How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
    Thanks!
    See you soon!

    Son Nquyen,
    First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
    Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
    Thanks,
    Jasbryan.

  • Configure Domain Controller ( PDC emulator) as NTP source for Cisco switch 6509

    Hi All,
      My Org consists of 2 DC one Physical and One Virtual. All Roles are on Physical machine. I ran a W32tm /Query /Configuration command  on PDC emulator and the results are confusing.My PDC is using time source VMICTimeProvider a syou can see below.
    VMICTimeProvider (Local)
    DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    My first Question is that Is it Ok for PDC emulator to use this time source or should I change to some Other source like pool.ntp.org or time.windows.com,0x1.
    My Second Question is that I  have a core switch cisco 6509 and I want this switch to use my NTP server (PDC emulator ) as NTP source,but at present I cannot as I am getting this error on switch.(no select intersectionTP )
    Can Any one help ... Its is urgent
    Thanks in Advance
    EagleAsh

    You should not make your DCs sync their time with your Hypervisor. This usually ends with time synchronization problem so I would recommend to disable that on your DCs and domain joined VMs and use an external NTP server to sync time on your PDC while using
    your AD forest topology for time sync on other DCs and domain-joined computers.
    I have already started a Wiki article that describes how to configure time sync in an AD domain and you might consider using the GPO configuration option that is stated: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
    For the CISCO switch, I would recommend asking them in CISCO forums.
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • How can i configure hsrp in cisco 3850 switch please guide me

    how can i configure hsrp in cisco 3850 switch please guide me

    Hi Mauleshg,
    Please the below mention link to configure Hsrp hope this will help you.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ip/configuration_guide/b_fhrp_3se_3850_cg/b_fhrp_3se_3850_cg_chapter_010.html
    Br.
    Mohseen Patel

Maybe you are looking for