Creating VLAN on Cisco 3800 Series

Similar Messages

• How to create VLAN on Cisco PIX 6.3?

  Hi,
  how to create vlan on pix-6.3? i am bit confused.
  how do i assign a single internet face with multiple ip address(not secondary IP address) for each & every vlan?
  how to i connect to the switch, i mean if i put "switch port mode trunk" on the switch side, what command should i need on the PIX "inside" interface? in router the command is "encapsulation dot1Q 1"
  also is there any restrictions that only limited vlans can be created or it is unlimited?

  hi
  When you configure your interface, you usualy do it like that
  interface ethernet0 auto
  interface ethernet1 auto
  Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:
  interface ethernet1 vlan100 logical
  interface ethernet1 vlan200 logical
  After that you need to name those interfaces and set the security level.
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif vlan200 V200 security4
  nameif vlan100 V100 security6
  This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)
  PIX will not negociate a trunk, your switch config is correct.

• Cisco 3800 with NME-XD-48ES-2S-P module

  I have a (Cisco) 3800 series router. It has a "NME-XD-48ES-2S-P" module (48 Ethernet ports). When issuing the command "#sh int brief" all is see is gigabit Ethernet or serial interfaces. I do not see any fast Ethernet ports. Can someone please guide me on how to see these ports...Thanks

  Hey,
  Use the command "service-module session g x/y session" to enter the service module. As its an independent module and run its own IOS. The port g x/y will be visible in router with 'sh ip int br' command.
  HTH.
  Regards,
  RS

• VLAN's Cisco SF 300-24

  I need create vlans in Cisco SF 300-24 Switch.
  Ports 1 to 6 are available for other ports (from 7 to 24).
  For examples:
  port 7 is available for ports from 1 to 6 but is not available for ports from 8 to 24,
  port 8 is available for ports from 1 to 6 but is not available for ports from 9 to 24 and 7,
  port 9 is available for ports from 1 to 6 but is not available for ports from 10 to 24 and 7 and 8,
  .....(to port 24)
  How I can do it?
  When I add ports from 1 to 6 to VLAN 12, the ports was automatically removed with VLAN 11(in attachment).

  Hi Dominik,
  Here are the rules for VLANs ..
  When you set the switch port  interface to  access mode, a switch port can be only a member of one untagged VLAN
  When you set the switch port  interface to trunk mode, a switch  port can be a member of only one untagged VLAN but also a  member of many Tagged VLANs.
  But what you seem to be trying to achieve is use ports 1-7 as  unprotected or open  ports  for  ports 8-24 within the switch.
  Really seems like something called  Priveate Vlan Edge PVE, whereby protected ports will only forward packets to unprotected ports and not other protected ports. .
  Here is the definition found in the help text from within the switch.
  Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows:
  Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and Link Aggregation Groups (LAGs)) that share the same Broadcast domain (VLAN).
  Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications.
  Port protection is not subject to VLAN membership. Devices connected to protected ports are not allowed to communicate with each other, even if they are members of the same VLAN.
  Both ports and LAGs can be defined as protected or unprotected. Protected LAGs are described in the Configuring Link Aggregation section.
  So my steps were
  So I am wondering if you really need to configure alot of vlans.
  make ports 8-24 protected port
  Save the configuration
  Clicked to tick the option to protect switch port 8.
  That's what we end up with , port 8 is now protected.
  Now lets copy the settings from port 8 to ports 9-24, see the circled area below.
  now will in the ports you also wish to protect.
  Now ports 8-24 are protected ports.
  Hosts on these ports will only be able to communicate with hosts on ports 1-7 or  switch port 24 onwards, in the case of my switch.
  Make sure you save your configuration.
  I hope this is what you want.
  regards dave

• Creating VLAN on our Cisco 300 series router

  I am wanting to create separate VLANs on our Cisco 300 series switches, but I am struggling to find any decent examples out there.
  Our basic infrastructure is
  Router with
  192.168.1.1 VLAN1
  192.168.2.1 VLAN2
  The switch is set up on ports 2345 for VLAN2
  Port 1 is attached to the router on VLAN1 and VLAN2 assigned.
  My problems seem to be that I really not sure what settings I should be using for each the ports to get this to work correctly

  Hi,
  Hope below link will have the information which you are looking for.
  https://supportforums.cisco.com/document/140341/vlan-configuration-articles-sx200300-series-managed-switches
  If you are looking for only vlan creation then below link will help.
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=80
  According to your above description you have connected the router to port 1 of switch and you have configured it as vlan 1...Should this port be trunk???
  Regards
  Najaf

• Which command in the Cisco AP1200 series will you use to broadcast the SSID using VLANs?

  Folks,
  Which command in the Cisco AP1200 series will you use to broadcast the SSID using VLANs?
  Thanks

  If you have enabled mbssid, "guest-mode" would be replaced by "mbssid guest-mode" this would also allow multiple ssid's to be broadcast
  -Tim
  Sent from Cisco Technical Support iPad App

• Creating a private/isolated vlan on Cisco switch

  Hello
  I have many Cisco switches 65xx, 37xx at my company with a lot of vlans already configured.  I need to create a new isolation vlan that will not be able to communicate with my other existing vlans.  We are setting up a NAC solution at my company and we want a vlan that we can send ports to if the computer or device is compromised and cannot talk or risk the existing network (other vlans).  What is the best method to make this happen?
  I have created VLANs in the past but this is my first dealing with private/isolated vlans and would be grateful for any guidance on how I should implement this.

  So are you saying I should just create a new L2 vlan and not configure the vlan interface (which is at L3) for this new vlan so I cannot communicate with any of my existing vlans therefore isolating the new vlan?
  Yes, without an SVI clients in that vlan cannot communicate with anything outside that vlan.
  The only thing that wasn't clear was whether these clients should still be able to access the internet even though they couldn't talk to any other internal vlans. If they did need the internet, or any other remote network, then you would need an SVI but it sounds as though you don't want any external communication for these clients ?
  Jon

• Can't create VLAN's with Cisco Network Assistant

  Hello everyone
  I have a problem with my newest Switch, a WS-C2960X-48TS-L
  Normaly I can programm all my Switches with Cisco Network Assistant. But now I have a problem with creating VLAN's. I can create them, safe them but after a refresh, all the new VLAN's are gone!
  I updated the CNA to the newest Build 6.0 and updated the Switch to 15.2(2)E, but nothing helps!
  Over the CLI I can do everything, but this is not a option for me! To programm sometimes a switch CNA is perfect for me! If it works!!
  Thanks 
  Tobi

  yes I can programm the vlan's over CLI. That's works. I have not tested this if its really works, but the VLAN's are programmed.
  hmm I checked the STP / VTP settings with a second identical Switch, but there are no differents. Made a backup of one Switch and restore on the other One, but I'm still not able to create VLAN's.
  however, I contacted my vendor today, he tell me that it shouldt be a problem to take back the switch. 
  Best regards
  Tobi

• MIB Required for Bandwidth Monitoring on Cisco 3800 and 3900 series Routers

  Hi Team,
  Need your help here.
  I am planning to do Bandwidth Monitoring on Cisco 3800 and 3900 series Routers. I want to know the exact MIB which I need to use for getting this done.
  Thanks,
  Karthik Anbumani

  Matt, based on feature navigator GLBP is supportted on 3800 series.
  Go to this link and search by feature (GLBP)
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  HTH
  Jorge

• Cannot ping Cisco C series server using direct connect to UCSM

  We have connected 2 Cisco C series servers (VIC 1225 Cards) with direct connect to Fabric Interconnects and managed via UCSM but cannot get network working.
  Service profiles have been created and pushed with only 1 VLAN and the default VLAN as native but cannot communicate with IP address configured.  Mac address is learnt at the Nexus 5K northbound switches.  Seems to be a VLAN tagging issue somewhere

  We do not use the CIMC as the server is all managed from UCSM and the CIMC has to be set to default for this mode
  Sorry I was not clear; I mean of course that even with UCSM, your C-series server will get an IP address for CIMC, which is used if you open a KVM session. You should be able to ping this IP address.

• Help create VLAN for home use.

  I use Cisco switch SG300 and SG200 series. I set my home network as attach picture.
  I want set up VLAN with these condition
  1.Every port can connect to internet through ADSL router.
  2.VLAN10( Home alarm and IP camera ) can access by internat, connect by access point and PC file server
  3.Every port can connect the PC file server
  I am new for network and fail to try setup myself and not understand static route.
  Thank you.
  Jarey
  [email protected]

  Hi Jarey,
  Are you sure you want to do this on the switch as opposed to the router? Are you going to use static IP addresses for the vlans or do you want your router to issue DHCP?
  To proceed, using the switch for inter-vlan routing, make sure the SG300 is in layer 3 mode.
  1. If you are currently in layer 2 mode, open a CLI connection and issue command:
  set system mode router
  Take note that this will delete your current config and the switch will reboot.
  2.  Create the vlans on your switch under VLAN Management -> create vlan
  3. Go to IP Configuration -> ipv4 interface and assign each vlan a static IP for the switch in the subnet for the new vlan
  4. Vlan Management -> Interface settings. I would leave all the ports as trunk ports, or change the ports to trunk if you have previously changed them.
  5. Vlan Management -> Port VLAN membership. Assign your vlans to the appropriate ports.
  6. When everything is all plugged in, you should be able to see the switch created static routes for you already under IP Configuration -> IPV4 static routes. Make sure all your subnets are there and are showing route type local
  7. You may need to add a route such as 0.0.0.0 with the next hop being your router
  At this point, you should be up and running, with all vlans connected to each other and to the internet.
  If you want to restrict access across the vlans, you'll have to create access control lists.
  You need to first create an ACL (Access control -> IPV4 based ACL) and give it a name. then go over to IPV4 based ACE where you put the actual access control rules.
  This is a sample set of rules I made, it will block all access between two subnets (each vlan you created above will have to be its own subnet) and allow certain traffic such as 3389 - remote desktop, etc. You'll need to customize based upon your needs and subnet IPs. So for ex, to allow the Xboxes to access the file server, rather than any - any, you put the xbox subnet or specific IPs as the source, the file server as the destination, and the ports used as source ports. Remember to make the converse of the rule as well.
  Then, go to Access Control -> ACL bindings and bind the access control list to the applicable ports.
  Hope that helps, good luck with your set up.
  Best,
  David
  Please remember to rate helpful posts and identify correct answers.

• VLAN 2800 and 3800 for Benchmark

  I need to bechmark a 2800 and a 3800 to get a thermal characteristic. From what I understand I can setup VLANs and transfer a couple huge ISOs to exersise the cisco's, and the VLANs would push the file(s) through the entire switch. If I am way off base, I am very open for suggestions, but if I am on the right track can you guys help me out with this. I am an EE, but there is no-one else in the company that has any idea what they are doing, so I get to do it. Any help would be GREATLY appreciated.
  Thank you!

  Out of the box, 2800 and 3800, which are routers, don't support VLANs. The only exception is when/if you install switching module into those routers, then you can create VLANs on them.
  Since you're trying to push the routers to the limit, ideally, you'd disable all performance enhancing features such as CEF and fast switching so that the router's CPU will do all the work. This way, the thermal output _should_ also be higher. The following is a high-level check-list you can use as a guideline.
  1. Connect both routers with cross-over via their 1st Ethernet ports
  2. Connect a PC at each end of the router with a crossover to the router's 2nd Ethernet ports
  3. Configure IP addresses on each router-PC pair so that they can communicate.
  4. Configure static routes on both routers to allow the other to learn the IP subnet of the 2nd Ethernet ports
  5. Disable CEF and fast-switching on the Ethernet ports with the command "no ip route-cache". Confirm that "Process Switching" is used by entering the command "sh ip int fa0/0" or "sh ip int gi0/0".
  6. Copy HUGE amount of data across from PC1 to PC2.
  HTH.

• Need a tool for flash backup on Cisco 2821 series routers

  Hello Folks,
  We have around 1200-1500 cisco 2821 series routers on those we are performing the hardware upgrade so we are taking the backup of all the files available in the flash of all the routers, we just want to know is there any trusted tool available to make this task easy to schedule and take the backups.
  Please let me know if you know any tool name.
  Thanks,
  Raja.

  Sorry, I don't know any tool that makes a backup of the whole flash...
  You could fo it with from ios cli maybe execute it automatically...
  To flash:
  archive tar /create flash:/backup.tar flash:/
  copying directly to ftp should also work:
  archive tar /create ftp://test:[email protected]/backup.tar flash:/

• VMS 2.3 Device package for 3800 Series

  hi
  We are having VMS 2.3 installed which is not able to monitor or to perform any operations on 3800 series routers.
  How we can add device pack for 3800 series routers ?
  And from where to download the pack ?

  The device pack is available for download on Cisco.com and you can get it if you have correct licence. After downloading the pack stop the cisco works deamon manager service and and apply the pack.

• How to search/Scan Vlan of cisco switch ports

  Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
  Consider this scenario as i have no access to switch and i want to know below things:
  1-Vlans created on switch?
  2-which switch port belongs to which vlan id?
  Thanks

  Hi,
  You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
  Regards,
  Aleksandra