Connect additional switch to existing switch, receiving vlan mismatch, also want to configure same VLAN's

Similar Messages

• Networking Best Practices - Connecting Two Switches

  Connecting two switches together is an easy task, which makes it so frustrating when it doesn’t work. Here we will outline a basic scenario of connecting two switches and achieving connectivity. In these scenarios we will be using commands and settings that will work for most modern PowerConnect switches. However this does not cover all possible scenarios and the commands may differ slightly from switch to switch.
  For instance, in most cases you can use General or Trunk mode when connecting two switches. However, on the PowerConnect 62xx series switches, you must use General mode if you want to allow management traffic onto the switch over the PVID.  If you use Trunk mode, you will not have the default VLAN on those ports.  The ports will only allow tagged traffic.
  For more details on the difference between Access, General, and Trunk modes, follow this link.
  http://en.community.dell.com/support-forums/network-switches/f/866/p/19445142/20089157.aspx#20089157
  It is always a good idea to have the user and CLI guide for your switch, to reference any possible changes in command syntax.
  http://support.dell.com/support/edocs/network/
  Layer 2
  Layer 2 switches operate at the data link layer of the OSI model. Layer 2 is responsible for error checking and transmitting data across the physical media. MAC addressing sources and destination protocols are layer 2 protocols. Layer 2 switches use the MAC address of data packets to determine where those packets should go. It learns the MAC addresses of all devices and creates a segment/forwarding table.
  When a switch receives a frame with a destination address that isn't in its forwarding table, the switch forwards the frame to all other ports. If the destination machine responds to the server, the switch will listen to the reply and learn which port the destination machine is attached to. It then adds that MAC address to the forwarding table.
  The Dell PowerConnect Layer 2 switches have ports that all operate in VLAN 1 by default. If it is acceptable to have all traffic on the same broadcast domain, then you can simply leave the default alone, connect the two switches and traffic will flow.
   If you do not want all traffic on the same broadcast domain, then we need to look at adding additional broadcast domains through the use of VLANs.
   We will use 3 VLANs for the following scenario.
  VLAN 1=Management
  VLAN 2=Client
  VLAN 3=Server
  To create these VLANs we do the following commands (VLAN 1 is already created by default)
  console(config)# vlan database
  console(config-vlan)# VLAN 2
  console(config-vlan)# VLAN 3
  console(config-vlan)# exit
  We can then name the VLANs to help keep things organized.
  console(config)# interface vlan 2
  console(config-vlan)# name Client
  console(config-vlan)# exit
  console(config)# interface vlan 3
  console(config-vlan)# name Server
  console(config-vlan)# exit
  Once we have the VLANs created we can place a device in that VLAN by placing the port it plugs into, in access mode for the specific VLAN.
  So we have a workstation on port e2 we want to be placed in VLAN 2, we would issue the following commands.
  console(config)# interface ethernet 1/e2
  console(config-if)# switchport mode access
  console(config-if)# switchport access vlan 2
  console(config-if)# exit
  The next port plugs into a server on port e3 we want on VLAN 3, we would issue these commands.
  console(config)# interface ethernet 1/e3
  console(config-if)# switchport mode access
  console(config-if)# switchport access vlan 3
  console(config-if)# exit
  For the ports connecting the two switches together, we place the ports in trunk mode and specify the native VLAN and allowed VLANs.
  For the port e1 that connect the two switches to each other would be configured like this.
  console(config)# interface ethernet 1/e1
  console(config-if)# switchport mode general
  console(config-if)# switchport general allowed vlan add 2,3 tagged
  console(config-if)# switchport general pvid 1
  console(config-if)# exit
  Once these VLANs and port settings are made on both switches. A server connected to switch A on VLAN 3 should be able to communicate with another Server connected to switch B that is also in VLAN 3.  Without the use of a router the devices in VLAN 3 will not be able to communicate with devices that are outside of their broadcast domain (i.e. VLAN 2 devices could not reach VLAN 3 devices)
  Layer 3 + Layer 2
   Until recently, routers were the only devices capable of layer 3 protocols. Switches capable of routing are now available and in widespread use. In most cases we will connect our layer 2 switches to a Layer 3 capable switch to perform our routing for us.
   On the layer 3 switches we will use the same VLANs and setup that we did with the layer 2 switches.  Then we will add to the configuration.
   We can assign an IP address to each switch with the following command.
  Switch A
  console(config)#ip address 172.16.1.1 255.255.255.0
  Switch B
  console(config)#ip address 172.16.2.1 255.255.255.0
  Then we will enable routing only on Switch A
  console(config)# ip routing
  Switch A we assign an IP address to VLAN 2 and enabling routing on the VLAN.
  console(config)# interface vlan 2
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 172.16.20.1 255.255.255.0
  console(config-if-vlan2)# exit
  Switch A we assign an IP address to VLAN 3 and enabling routing on the VLAN.
  console(config)# interface vlan 3
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 172.16.30.1 255.255.255.0
  console(config-if-vlan2)# exit
  On both switch A and switch B we will keep things simple and use interface 1/e1 for the connection between each switch. Setting both switches 1/e1 to general mode, allowing the additional VLAN 2,3, and keeping the PVID of 1.
  console(config)# interface ethernet 1/e1
  console(config-if)# switchport mode general
  console(config-if)# switchport general allowed vlan add 2,3 tagged
  console(config-if)# switchport general pvid 1
  console(config-if)# exit
  We will have one client computer connect to switch A on port 1/e2 and one client connect to switch B on port 1/e2. These ports will be in access mode for VLAN 2, and the config should look like this on both switches.
  console(config)# interface ethernet 1/e2
  console(config-if)# switchport mode access
  console(config-if)# switchport access vlan 2
  console(config-if)# exit
  We will have another client computer connect to switch A on port 1/e3 and one client connect to switch B on port 1/e3. These ports will be in access mode for VLAN 3, and the config should look like this on both switches.
  console(config)# interface ethernet 1/e3
  console(config-if)# switchport mode access
  console(config-if)# switchport access vlan 3
  console(config-if)# exit
  On Clients connected to Switch A we will assign an IP address and gateway based on the VLAN they are in access mode for.
  Client connected to access port for VLAN 2.
  IP Address:172.16.20.11
  Default Gateway:172.16.20.1
  Client connected to access port for VLAN 3.
  IP Address:172.16.30.11
  Default Gateway:172.16.30.1
  On Clients connected to Switch B we will assign an IP address and gateway based on the VLAN they are in access mode for.
  Client connected to access port for VLAN 2.
  IP Address:172.16.20.12
  Default Gateway:172.16.20.1
  Client connected to access port for VLAN 3.
  IP Address:172.16.30.12
  Default Gateway:172.16.30.1
  External Connection
  At some point we may want traffic to have an external connection. To do this we can create a new VLAN for our point to point connection from Switch A to our router. We will use VLAN 7 for this and assign an IP address.
  console(config)# vlan database
  console(config-vlan)# VLAN 7
  console(config-vlan)# exit
  console(config)# interface vlan 7
  console(config-vlan)# name WAN
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 10.10.10.2 255.255.255.0
  console(config-if-vlan2)# exit
  On our router we will assign an IP address of 10.10.10.1
  Then place the port connecting the switch and router into access mode for VLAN 7.  In this case we use port e4.
   console(config)# interface ethernet 1/e4
  console(config-if)# switchport mode access
  console(config-if)# switchport access vlan 7
  console(config-if)# exit
  We will then need to put in a default route with the next hop as the router IP address.  This allows the switch to know where to route traffic not destined for VLANs 2, 3, or 7.
  console(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
  Next on the router we’ll need to add a route back so the router knows about the networks attached to switch A.  Generally adding a static route on most routers is done with the following command: 
  ip route {Network} {Wildcard Mask} {Next Hop-IP}
  In our case here are the 2 static routes we could use.
  Ip route 172.16.20.0 0.0.0.255 10.10.10.2
  Ip route 172.16.30.0 0.0.0.255 10.10.10.2
  The routing that we enabled on Switch A will enable traffic from the other VLANs to traverse over port 1/e4 to the router, connecting us to external traffic. The routes we added to the router allow the traffic to flow back to the switch over port 1/e4.
  Layer 3 + Layer 3
  In some situations we have two switches, each setup to route for its own broadcast domain, which we want to connect together. In this situation we no longer have a need to use Trunk or General mode between the switches. Instead we can create a common VLAN that will be used for the connection between the two switches.
  To create this VLAN we will run the following commands on both switch A and B
  console(config)# vlan database
  console(config-vlan)# vlan 6
  console(config-vlan)# exit
  console(config)# interface vlan 6
  console(config-vlan)# name Connection
  console(config-vlan)# exit
  On switch A we assign an IP address to VLAN 6 and enable routing on the VLAN.
  console(config)# interface vlan 6
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 172.16.60.1 255.255.255.0
  console(config-if-vlan2)# exit
  On switch B we assign an IP address to VLAN 6 and enable routing on the VLAN.
  console(config)# interface vlan 6
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 172.16.60.2 255.255.255.0
  console(config-if-vlan2)# exit
  On both switch A and B we place the connecting ports into Access mode for VLAN 6.
  console(config)# interface ethernet 1/e1
  console(config-if)# switchport mode access
  console(config-if)# switchport access vlan 6
  console(config-if)# exit
  We then need to make some changes to switch B now that it is layer 3 and not layer 2 and has its own broadcast domain.
  We will enable routing on Switch B
  console(config)# ip routing
  What used to be VLAN 2 and 3 will now be VLAN 4 and 5 for our separate broadcast domains.
  Switch B we assign an IP address to VLAN 4 and enabling routing on the VLAN.
  console(config)# interface vlan 4
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 172.16.40.1 255.255.255.0
  console(config-if-vlan2)# exit
  Switch B we assign an IP address to VLAN 5 and enabling routing on the VLAN.
  console(config)# interface vlan 5
  console(config-if-vlan2)# Routing
  console(config-if-vlan2)# ip address 172.16.50.1 255.255.255.0
  console(config-if-vlan2)# exit
  On Clients connected to Switch B we will assign an IP address and gateway based on the VLAN they are in access mode for.
  Client connected to access port for VLAN 4.
  IP Address:172.16.40.11
  Default Gateway:172.16.40.1
  Client connected to access port for VLAN 5.
  IP Address:172.16.50.11
  Default Gateway:172.16.50.1
  The end result should look like this.
   Troubleshooting
  If we are having issues with connectivity, we may need to place some static routes in place to help traffic to the next hop in the network.
  On switch A we configure a static route to help traffic to the next hop in the network, which is the router.
  console(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1
  The external router will also need a path defined back to all networks/VLANs.
  To check the status of a port we can use the command. Show interfaces detail, this will help us see the port status. For example to check the status of port 48, we would run this command.
  console# show interfaces detail ethernet 1/g48
   To check routing paths:
  console# show ip route
  The IP address of the network for each VLAN should be listed as C – Connected. Then also a path or default route to your upstream router.
  We can use basic ping commands from a client to help test where connectivity is dropping off at. By doing this we can narrow down where in the network to start troubleshooting.
  -Ping from client to default gateway, being the VLAN the client is in access mode for. If this fails then we may need to double check our client settings making sure the proper IP and gateway are being used.
  -Ping from client to the ip address of the switch the client plugs into. If this fails we may not have VLAN routing enabled on the VLAN the client is in.
  -Ping from client to another client on same VLAN, same switch. If this fails we need to check on client settings, IP address and gateway.
  -ping from client to another client on different VLAN, same switch. If this fails we need to double check the VLAN routing commands are in place.
  -ping from client to the ip address of the next switch in the network. If this fails then check Trunk port configuration from switch to switch, ensuring the VLAN is added to the Trunk port.
  -ping from client to another client on same VLAN, different switch. If this fails, check Trunk port settings.
  -ping from client to another client on different VLAN, different switch. If this fails then check trunk settings and VLAN routing configuration.

  Derek,
  I tried to draw my prefered setup for this network configuration.
  I would create a Team with the two 1 GBit NICs and use it for Domain, DNS, Backup and any SystemCenter Agents.
  I would also Team the two 10 GBit NICs and than assign it to a Hyper-V Switch for the VMs. In Windows Server 2012 it is posible to create vNICs for the Management OS that use this Hyper-V Switch (Converged Network Design). I would create two vNICs SMB1
  and SMB2 to use them for Cluster and Livemigration traffic with SMB Multichannel. If your storage system supports SMB Multichannel you can also use both as storage NICs (but this depends wich vendor you have).
  Hope this helps.
  Grüße/Regards Carsten Rachfahl | MVP Virtual Machine | MCT | MCITP | MCSA | CCA | Husband and Papa |
  www.hyper-v-server.de | First German Gold Virtualisation Kompetenz Partner ---- If my answer is helpful please mark it as answer or press the green arrow.

• URGENT HELP-Connecting 2 Switches

  Hi All,
  I need to connect 2 switches (2960 & 2960S) with only one single link in our LAN network. This is to get extra number of ports.
  Requesting your help with the followings:
  Please confirm if straight throug cable will work to connect between the above two switches
  What will be the best configuration on each port (in sw1 & 2) to avoid any kind of loop? For example: spanning tree command
  Please advise
  Thanks in advance

  Ok. Here are the outputs:
  For SW1:
  sw1#show vtp status
  VTP Version capable             : 1 to 3
  VTP version running             : 2
  VTP Domain Name                 : dr
  VTP Pruning Mode                : Disabled
  VTP Traps Generation            : Disabled
  Device ID                       : 9caf.ca74.8400
  Configuration last modified by 10.212.100.11 at 9-2-13 12:20:53
  Local updater ID is 10.212.100.11 on interface Vl100 (lowest numbered VLAN interface found)
  Feature VLAN:
  VTP Operating Mode                : Server
  Maximum VLANs supported locally   : 255
  Number of existing VLANs          : 15
  Configuration Revision            : 17
  MD5 digest                        : 0xDE 0xA3 0x3E 0x80 0x2A 0x70 0x29 0xEC
                                      0xBB 0x30 0x88 0x32 0x6D 0x17 0x22 0x9A
  sw1#show spanning-tree vlan 100
  VLAN0100
    Spanning tree enabled protocol rstp
    Root ID    Priority    32868
               Address     9caf.ca74.8400
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    32868  (priority 32768 sys-id-ext 100)
               Address     9caf.ca74.8400
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi0/1               Desg FWD 4         128.1    P2p Edge
  Gi0/6               Desg FWD 19        128.6    P2p Edge
  Gi0/7               Desg FWD 4         128.7    P2p
  Gi0/8               Desg FWD 4         128.8    P2p
  Gi0/9               Desg FWD 19        128.9    P2p Edge
  Gi0/10              Desg FWD 19        128.10   P2p
  Gi0/15              Desg FWD 19        128.15   P2p Edge
  Gi0/16              Desg FWD 19        128.16   P2p Edge
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi0/21              Desg FWD 4         128.21   P2p
  Gi0/22              Desg FWD 4         128.22   P2p Edge
  Po6                 Desg FWD 2         128.96   P2p
  sw1#show spanning-tree vlan 103
  VLAN0103
    Spanning tree enabled protocol rstp
    Root ID    Priority    32871
               Address     9caf.ca74.8400
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    32871  (priority 32768 sys-id-ext 103)
               Address     9caf.ca74.8400
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi0/7               Desg FWD 4         128.7    P2p
  Gi0/8               Desg FWD 4         128.8    P2p
  Gi0/21              Desg FWD 4         128.21   P2p
  Po6                 Desg FWD 2         128.96   P2p
  For SW2:
  sw2#show vtp s
  qadr-sw2#show vtp status
  VTP Version capable             : 1 to 3
  VTP version running             : 2
  VTP Domain Name                 : dr
  VTP Pruning Mode                : Disabled
  VTP Traps Generation            : Disabled
  Device ID                       : 9caf.ca7b.3800
  Configuration last modified by 10.212.100.11 at 9-2-13 12:20:53
  Local updater ID is 10.212.100.12 on interface Vl100 (lowest numbered VLAN interface found)
  Feature VLAN:
  VTP Operating Mode                : Server
  Maximum VLANs supported locally   : 255
  Number of existing VLANs          : 15
  Configuration Revision            : 17
  MD5 digest                        : 0xDE 0xA3 0x3E 0x80 0x2A 0x70 0x29 0xEC
                                      0xBB 0x30 0x88 0x32 0x6D 0x17 0x22 0x9A
  sw2#show spanning-tree vlan 100
  VLAN0100
    Spanning tree enabled protocol rstp
    Root ID    Priority    32868
               Address     9caf.ca74.8400
               Cost        2
               Port        96 (Port-channel6)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    32868  (priority 32768 sys-id-ext 100)
               Address     9caf.ca7b.3800
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi0/1               Desg FWD 4         128.1    P2p Edge
  Gi0/6               Desg FWD 19        128.6    P2p Edge
  Gi0/7               Desg FWD 4         128.7    P2p
  Gi0/8               Desg FWD 4         128.8    P2p
  Gi0/9               Desg FWD 19        128.9    P2p Edge
  Gi0/14              Desg FWD 4         128.14   P2p Edge
  Gi0/15              Desg FWD 19        128.15   P2p Edge
  Gi0/21              Desg FWD 4         128.21   P2p Edge
  Gi0/22              Desg FWD 4         128.22   P2p
  Po6                 Root FWD 2         128.96   P2p
  sw2#show spanning-tree vlan 103
  VLAN0103
    Spanning tree enabled protocol rstp
    Root ID    Priority    32871
               Address     9caf.ca74.8400
               Cost        2
               Port        96 (Port-channel6)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    32871  (priority 32768 sys-id-ext 103)
               Address     9caf.ca7b.3800
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi0/7               Desg FWD 4         128.7    P2p
  Gi0/8               Desg FWD 4         128.8    P2p
  Gi0/22              Desg FWD 4         128.22   P2p
  Po6                 Root FWD 2         128.96   P2p

• SD205 (unmanaged) switch and VLANs

  In addition to all my Cisco Catalyst (managed) switches, I have a bunch of Linksys SD205 unmanaged switches on my LAN. 
  I want to configure my network for VLANs, which means I will be changing all of my Cisco managed switches to a "trunking" configuration.   This configuration is working correctly with the Cisco Catalyst switches
  Question: can the SD205 function in this environment?  I know I can't set any of the ports on the SD205 to be "trunking", but I would like to connect the SD205 to a Cisco port that is "trunked", so the devices on the SD205 can communicate to the rest of the world.
  So far, I have not been successful, so -- maybe they just won't work in a trunked environment.  Anyone have a definitive answer?  If they simply can't do it, I'll stop wasting my time!
  Thanks
  Solved!
  Go to Solution.

  No. An unmanaged switch does not support 802.1q. It will drop any ethernet frame that has been 802.1q tagged. The only frames which go through an unmanaged switch are untagged frames, i.e. the native VLAN of the port on the Catalyst.
  If you want to use unmanaged switches you have to connect them to a port configured in access mode, member of a single VLAN. For example, you can configure a port on the Catalyst for access mode in VLAN 10 and connect an unmanaged switch to this port. Then all devices connected to the unmanaged switch will be VLAN 10. This is as much as you can do.
  But getting multiple VLANs through unmanaged switches is impossible as all ethernet frames on the unmanaged switch must be untagged.

• Telnet/SSH Connection to Switch

  I'm studying for the CCENT, and I have one issue and two general inquiries I'd like to present.  
  First of all, I'm having trouble connecting to my 2950 using Telnet/SSH, though I've applied a VTY password.  As an aside, I'm able to connect through the console.  I applied an IP address to the switch, and I'm wondering if there's a part of the process that I've missed.  When using Putty to connect to the IP, I immediately receive the "Network Error: Connection refused" error; the same basic message happens, using Tera Term.  
  Here's my running config:
  Switch#show running-config
  Building configuration...
  Current configuration : 2416 bytes
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname Switch
  no logging console
  username CCNA password 0 CCIE
  ip subnet-zero
  ip domain-name modeofinquiry.com
  ip ssh time-out 120
  ip ssh authentication-retries 3
  spanning-tree mode pvst
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  interface FastEthernet0/1
   switchport mode access
  interface FastEthernet0/2
   switchport mode access
  interface FastEthernet0/24
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/25
  interface FastEthernet0/26
  interface Vlan1
   no ip address
   no ip route-cache
   shutdown
  interface Vlan2
   ip address 192.168.1.107 255.255.255.0
   no ip route-cache
  ip default-gateway 192.168.1.1
  ip http server
  line con 0
   exec-timeout 0 0
   password CCENT
   logging synchronous
   login
  line vty 0 4
   login local
   transport input telnet ssh
  line vty 5 15
   login local
   transport input telnet ssh
  end
   --More--
  The physical connection I'm using is from my desktop's second NIC, and I've configured the IPv4 connection to the switch's listed IP, which is 192.168.1.107.  Is there anything listed above that would be problematic?
  One of my questions has to do with the IP address that's supposed to be used to receive rsa keys: why is it necessary?  Also, I tried entering the "ip address dhcp" command to grab an address from my WRT54G and received the following:
  Switch#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Switch(config)#int vlan2
  Switch(config-if)#ip address dhcp
                               ^
  % Invalid input detected at '^' marker.
  I'm following the directions in Odom's book, and I don't see what I'm missing.  
  My other question has to do with passwords, in general.  Entering the username/password on either the interface-subcommand or the global configuration area seems unimportant, here:
  Switch#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Switch(config)#line vty 0 15
  Switch(config-line)#login local
  Switch(config-line)#transport input ssh telnet
  Switch(config-line)#username DDDD password EEEE
  Switch(config)#^Z
  ...and...
  Switch#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Switch(config)#line vty 0 15
  Switch(config-line)#login local
  Switch(config-line)#transport input ssh telnet
  Switch(config-line)#exit
  Switch(config)#username FFFF password GGGG
  Switch(config)#^Z
  Here's the running config, afterwards:
  Switch#show running-config
  Building configuration...
  Current configuration : 2535 bytes
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname Switch
  no logging console
  username CCNA password 0 CCIE
  username BBBB password 0 CCCC
  username DDDD password 0 EEEE
  username FFFF password 0 GGGG
  ip subnet-zero
  ip domain-name modeofinquiry.com
  ip ssh time-out 120
  ip ssh authentication-retries 3
   --More--
  It doesn't appear as though exiting out of config-if mode made any difference for the usernames/passwords.  Then again, I can't connect through Telnet/SSH, so I'm not able to test it, at the moment.  
  I'm really sorry for the huge post, but I didn't want to start multiple threads.  Any help is much appreciated.
  - B 

  First of all, thank you all for the helpful responses!
  My PC is currently connected through the router, from which a straight-through cable is connected to port Fa0/18, and it is indeed on vlan2, which is associated with 1.107.  
  I ran the arp -a command, and here's a portion of it:
  Interface: 192.168.1.105 --- 0xc
    Internet Address      Physical Address      Type
    192.168.1.1           00-0c-41-d4-6d-a1     dynamic
    192.168.1.104         64-a3-cb-3d-07-64     dynamic
    192.168.1.107         00-0a-b7-13-e5-c0     dynamic
  1.105 is one of the NICs on the desktop.  The BIA listed for 1.107 is one of the static "CPU" addresses on the switch.  Here's my current running config:
  Switch#show running-config
  Building configuration...
  Current configuration : 2434 bytes
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname Switch
  no logging console
  username CCNA password 0 CCIE
  ip subnet-zero
  ip domain-name modeofinquiry.com
  ip ssh time-out 120
  ip ssh authentication-retries 3
  spanning-tree mode pvst
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  interface FastEthernet0/1
   switchport mode access
  interface FastEthernet0/2
   switchport mode access
  interface FastEthernet0/18
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/19
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/20
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/21
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/22
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/23
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/24
   switchport access vlan 2
   switchport mode access
  interface FastEthernet0/25
  interface FastEthernet0/26
  interface Vlan1
   no ip address
   no ip route-cache
   shutdown
  interface Vlan2
   ip address 192.168.1.107 255.255.255.0
   no ip route-cache
  ip default-gateway 192.168.1.1
  ip http server
  line con 0
   exec-timeout 0 0
   password CCENT
   logging synchronous
   login
  line vty 0 4
   password NICE
   login
   transport input telnet ssh
  line vty 5 15
   password NICE
   login
   transport input telnet ssh
  end
  As you can see, I've added the VTY passwords, though I thought I had already done that.  Actually, to what do the "CCNA" and "CCIE" passwords listed above apply?  I'm assuming those are the local login credentials I added for the VTY lines.  
  I just got through disconnected the switch's straight-through cable from the router and connected it directly to my desktop's second NIC again, and I still can't connect, remotely.  Where should the troubleshooting start, at this point?

• Asa connection to switch

  Hi,
  We have a set of users on the cisco 3750 switch. This needs to be connected to an asa where the gateway resides.
  I am bit confused on the connection configuration between asa & 3750.
  Should i just configure a port on 3750 to vlan 100 & physically connect it to an interface on the asa , while the asa interface gets the layer 3 ip address.
  3750:-
  int gig1/0/1
  des Connection to ASA
  switch mode access
  switch access vlan 100
  ASA:-
  interface GigabitEthernet0/1
  nameif LINK1
  security-level 100
  ip address 172.30.10.1 255.255.255.0
  Is the above correct? What else would i need to do if the users connected to 3750 need access via the ASA.
  Thanks in advance.

  Hi,
  Are you saying that you only have Vlan 100 on the 3750 and no other Vlans? In that case it would seem fine presuming you have the free ports on the ASA to support this setup.
  In the long term its not a good idea since you are going to run out of ASA ports pretty soon (if you do this for many Vlans on multiple switches perhaps). If you have several Vlans which L3 gateway should be on the ASA you would need to have a Trunk to the ASA to conserver ports on the ASA (unless ofcourse some Vlan alone requires a Gigabit link to the ASA with no other Vlans on that link)
  The most common problem I see here on the forums related to a setup where there might be a L3 configured 3750 on the internal network and ASA in front of it at the edge of the network is the fact that users have activated routing on the L3 switch and configure Vlan interface (SVI) for their Vlans on the 3750 which are used as gateways for some of the networks and then start expiriencing problems with asymmetric routing with the ASA.
  I guess you can avoid such problems by setting up the network in one of these ways
  A L2 Switch network with different user Vlans which all have their L3 gateway on the ASA. Provided that the ASA models throughput will not be a problems.
  A L3 Switch or router in the LAN acting as the L3 gateway for all the user traffic. This would naturally mean ASA could not control traffic between the networks like in the first setup.
  A L3 Switch or router in the LAN acting as the L3 gateway for all the user traffic. Furthermore different LAN/DMZ networks are divided in their own VRFs (own Routing Tables instead of the global routing table). This would enable you to attach each Vlan interface (host gateway) to a specific VRF (routing table) on a single L3 device and therefore separate their traffic and bring it through the ASA (as each VRF could have their own default route and link to the ASA)
  There are other options naturally that mix these up with eachother but I would say that the above are the most common ones that I have seen.
  But to shortly answer your question again, the configuration you suggest seems to be fine (but perhaps not optimal in the long run)
  Hope this helps
  - Jouni

• Connect unmanaged switch to 887VA fast ethernet port

  I tried connecting an unmanaged (and dumb) switch to one of the four fast ethernet ports on the back of the router. I configured the port to act as an access port bound to a specific VLAN, say no. 100.
  What I can see on the LEDs of the unmanaged switch is that the link goes up and down every few seconds. I don't know if this is related to the spanning tree protocol and unfortunately the unmanaged switch doesn't know about STP and doesn't send out BPDUs.
  So, how I should configure the port in order to avoid the link going up and down?
  The actual conf. for the port:
  interface fastEthernet 3
  switchport mode access
  switchport access vlan 100

  What do you mean by dumb siwthc? What model/make/company is that switch?
  Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?

• UC520 SNMP change fast ethernet switch port vlan

  Hi,
  I've a UC520 running with uc500-advipservicesk9-mz.151-4.M5. I try to change VLAN on the switchport using snmp however look like the UC520 doesn't support "vmVlan".
  snmpwalk -v 1 -c private 10.1.1.1 ifDescr
  IF-MIB::ifDescr.4 = STRING: FastEthernet0/1/1
  snmpset -v 1 -c private 10.1.1.1 1.3.6.1.4.1.9.9.68.1.2.2.1.2.4 integer 151
  Error in packet.
  Reason: (noSuchName) There is no such variable name in this MIB.
  Failed object: SNMPv2-SMI::enterprises.9.9.68.1.2.2.1.2.4
  Does anyone know what is the MIB for change switch port vlan ?
  Rg,
  Gerald.

  What do you mean by dumb siwthc? What model/make/company is that switch?
  Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?

• Unable to connect SD2008 switch to WRT610N

  I recently acquired a SD2008 8 port switch.  I attempted to connect it to my existing WRT610N router, and I am unable to get connectivity to the internet with devices connected to the switch.  I am not using a crossover cable to connect the switch to the router, but as I understand it, that should not matter as the SD2008 does not require this.  I have the switch connected via port 1 on the switch to port 4 of my WRT610N.  Any suggestions? 

  I actually already tried that and unfortunately, it did not work.  I was then looking on various sites regarding the SD2008 version 2.1 which is the version I have, and there have been technical concerns about this particular unit.  I noted it had a lifetime warranty, and took it back to where I bought it, and they gave me a new one-version 3.  I plugged it in and it worked on the first try without power cycling the network or router. 
  Thank you for your reply.  Maybe it was just a bad unit.  I could not figure it out for the life of me. 

• CEF Switching accross VLANs

  Hello,
  I am looking for some clarification of CEF switching behavior when using the following topology.
  2 layer 3 switches, A and B, directly connected via a dot1q trunk and 2 hosts, C and D, both connected to switch B. Host C is in VLAN 10, Host D is in VLAN 20, and Switch A is the default gateway for both VLANs.
  In the event that Host C needs to communicate with Host D the traffic must be sent accross the trunk link to the VLAN 10 interface on Switch A (default router) and routed back accross the same trunk link before reaching Host D in VLAN 20. Can this be avoided by configuring a L3 interface in VLANs 10 and 20 on switch B. I do not want to make switch B the default gateway for the hosts, only to add a connected L3 route on switch B. In this case would CEF add the connected route to the FIB and switch all traffic locally or will inter VLAN traffic still be routed via Switch A?

  Hi,
  Unfortunately, even if you do what you proposed, all traffic between the VLANs will be routed via Switch A. One option you might want to consider is to create L3 interfaces on Switch A for the two VLANs and then run HSRP with Switch B. The virtual IP address that you use for HSRP can be the same address currently used as the default gateway by your hosts.
  Hope that helps - pls rate the post if it does.
  Paresh

• Connect to switch loopback address

  Hello,
  I have a loopback address on swich A, also switch A connects to switch B through a trunk.  Switch B has 3 SVI vlans that are routed thru eigrp.  What I want to do is connect to switch A to loopback IP address. I tried a static route but did not work can connect to loopback address.  The config for switch A is loopback address is 192.168.137.6 255.255.255.255. On swich B one switch SVI address is 192.168.136.1 255.255.255.128 and eigrp  routes 192.168.136.1 thru network 192.168.136.0.  Can I use a static route from loopback address to SVI address 192.168.136.1 I tried that did not work. I just want to configure something only on switch A to connect  to loopback address for management, any suggenstions what will work and with what switch commands?
  Thanks,

  I am not fully understanding the environment that you describe and so do not fully understand your issue. But based on what I think that I do understand it seems to me that it should be possible to configure a host specific static route on switch B that would allow you to connect to the loopback on switch A, assuming that switch A has an IP address other than the loopback which is reachable from switch B. If this does not seem to adequately address your question then please provide clarification of your question.
  HTH
  Rick

• Two srw switches with vlans and pfsense gatway

  Hi,
  I've got a bit of a problem that a can't seem to get a handle of things.
  I've got two srw 48 port switches that I would like to link together  and then on to the pfsense box.
  First I'd like to connect the two switches to see if everything works and then on connect the pfsense box.
  Now I would be very great full if someone with a bit more experience with VLANs would be so kind to walk me trough the procedure of creating VLANs, configuring them to ports on the switch and connecting the whole thing to another switch.
  This is what I've done so fare.
  1. I created 3 VLANs on both switches (VLAN2-office,VLAN3-WiFi, VLAN5-VoIP). I've created these VLANs with the same tags on all the devices.
  2. I configured the ports that connect the switches as trunk. (I can't seem to be able to configure anything else on this port. Is there something else I should configure on these ports?)
  Now as fare as I understand the documentation the VLANs on each switch should now see each other.
  I'm still not sure on how to configure a physical port to one VLAN. After creating the VLANs on both switches and connecting them trough the trunk port I set ports 10-20 to VLAN2 by going to VLAN Management -> Ports to VLAN I selected VLAN2 and marked ports general and untagged and saved the settings. I repeated the procedure on the other switch. Now if I stuck my network cable into one of this ports I didn't get an IP anymore form the DHCP witch means that they were on a different VLAN than the other ports so I setup another router to act as a test DHCP with a different IP range as the main DHCPto see if it works. Now when I connectedthe test router to one of the ports in VLAN2 and my PC to the same VLAN2 port I got the test IP no problem. But when I connected the PC to the other switch VLAN2 port nothing happened until I connected the test DHCP to one of the VLAN2 ports. So clearly the switch VLANs are not communicating.
  Now I don't know did I forget something, made a mistake with some setting or I just don't know what I'm doing because I think I need to get the VLANs between switches working before tackling the pfsense connection.
  I would be really great full if someone explains to me how to set these VLANs up so that they would work between switches.
  Thank you for your help.

  Hi,
  I was successful and I did exactly that. I put all VLANs on trunk ports and the switch to switch to pfSense started to work.
  The only thing that gave me some problems was the end port(port connecting to the device pc, phone, printer) configuration. I was under the impression that the port was supposed to be in general mode and tagged. But I figured out that the port is supposed to be in access mode and untagged and only a member of one VLAN(the one I wanted it to connect to).
  Anyway all is working now and I've figured out all the kinks. 
  So thanks guys for the help.
  Nice day to all.
  Bye

• Two network segment on the same switch (no vlan), possible?

  Why can't 2 or more network segment work on same switch (without VLAN configuration)? It seems like switch should learn MAC addresses for each interface then work but what when I try to connnect two network segment (different network id ex.192.168.1.0 and 172.16.1.0), a lot of (or all) requests are timed out. Why? Should switch igore network id because it is layer2? I know that this might be a stupid question but I kind of confuse. Thank you

  Hi,
  it should be possible, but you need a router for connectivity or maybe a small trick.
  Let us assume you have a host A 192.168.1.10/24 and another host B with 172.16.1.5/24 connected to one switch (or in one VLAN, which would give the same result).
  When you f.e. ping 172.16.1.5 from host A, it will first consult its internal routing table ("route print" on a MS host). As the destination address is not local it would not send any packet unless there is a default gateway, because otherwise no route to the destination is known. The same applies to host B, when you try to reach host A. So one possible solution is installing a router and setting it to be the default gateway. Example config:
  host A
  IP 192.168.1.10
  Mask 255.255.255.0
  GW 192.168.1.1
  host B
  IP 172.16.1.5
  Mask 255.255.255.0
  GW 172.16.1.1
  interface FastEthernet0
  ip address 192.168.1.1 255.255.255.0
  ip address 172.16.1.1 255.255.255.0 secondary
  The router will get the IP packet from host A and forward it to host B and vice versa, which results in connectivity.
  Another possibility is to modify the routing tables of host A and B.
  host A
  IP 192.168.1.10
  Mask 255.255.255.0
  GW 192.168.1.10
  host A
  IP 172.16.1.5
  Mask 255.255.255.0
  GW 172.16.1.5
  The small trick here is that both hosts have their own IP as default gateway. This will result in host A sending an ARP for host Bs MAC, when you execute f.e. ping 172.16.1.5
  As long as those ARPs are successful - and they finally should, because the switch would deliver them being OSI layer broadcasts to all ports - connectivity should be given.
  Regarding your specific network problem with timed out connection attempts, I do not know your specific configuration (hosts, router), so it is hard to tell, what is going on. If you can reveal your settings it should be possible to find a solution.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Failed while creating virtual Ethernet switch. Failed to connect Ethernet switch port

  Hello Folks
  I am completely stuck with the configuration of my virtual networks. I have one logical switch left to add to one of my Hyper-V 2012 R2 hosts when I started getting the error below when I try to add logical switches to either Hyper-V Host. I have been using
  the document. 'Hybrid Cloud with NVGRE (Cloud OS)' to implement the virtual networking. Basically using the exact configuration that is in the document. I have added the PA Logical Network and the Network adapters and added the logical switch for it to my
  hyper-v 2012 R2 host and everything was fine. I am now trying to add my ISCSI Logical Switch to the host and this is the error I get. My other Hyper-V host I get this error for any logical switch I am trying to add. Can someone help me with this error. I haven't
  been able to find any information about it.
  Also a some quick info on tracing an error like this so I can figure out what is causing it.
  Thsi is my configuration so far
  So as far as I know everything is peachy untill the error below. Dead stop now
  Error (12700)
  VMM cannot complete the host operation on the 08-NY-VHOST01.accounts.ccac-ont.ca server because of the error: Failed while creating virtual Ethernet switch.
  Failed to connect Ethernet switch port (switch name = '******', port name = '88C16766-ED02-4AC0-8CD7-660AC9D424DD', adapter GUID = '{FAF431D8-0124-4E40-BB3B-9234BAA02973}'): The system cannot find the file specified. (0x80070002).
  Unknown error (0x800b)
  Thank you for your time
  Christopher
  Christopher Scannell

  notice your GUID?  you may want to consider ensuring that is the same GUID associated in your database.  Sometimes during data corruption theres a smidge of a chance your sql database kind of either pulls old guids esp if this was reverted to snapshot
  without it being powered off etc.  
  I would try that first.  then i would consider if you get to configure that with your current liscense associated with the host.  I would need way more info to help any further

• How to connect SGE2010 switches

  I have purchased a SGE2010 and a SGE2000P switches.  I wish to connect these two switches together.  Do I need to buy a MGBT1 mini-GBIC and connect them that way, or can I just use a switch port on each switch and connect them that way? 
  Is the MGBT1 really just a module to connect non-gigabit switches via a gigabit trunk with Cat5?
  Solved!
  Go to Solution.

  There were no modules mentioned to connect the switches together, with what I have read from the Cisco or Linksys help page.  However, you may want to check out the link I have provided below.  It's an article from the Cisco website which discusses stacking SFE and SGE switches.  Not as simple as we may think though.
  http://www.cisco.com/en/US/products/ps9967/products_qanda_item09186a0080a362e3.shtml