Dhcp on switch for vlans

if I setup 2 scopes on my layer 3 switch for my vlans, and i put each vlan in one of the scopes, will each vlan only recieve the addresses that the scope is set to that relates to the interface subnet ip ?
thanks

Hi Carl,
that is correct.
HTH,
Bobby

Similar Messages

DHCP on SG300-10P for VLAN

Using an SG300-10P with firmware 1.3.7.18 and boot version 1.3.5.06 there's an option to run a DHCP server on the device. If this is really a full DHCP server, documentation is spotty, can I create a DHCP zone to serve VLAN 25 and only VLAN 25?

According to documentation it should be possible:
Switch functions as an IPv4 DHCP Server serving IP addresses for multiple DHCP pools/scopes
Rigth now I do not have access to one SSG but I will check it tomorrow when I work with one of my clients for the specific path,
Regards,
Jcarvaja

SRW224G4 w/ vLan DHCP NAK responses for Macbook!

HI all,
After some wireshark, I see that when I have a vLan on the switch, only win7 gets IP, my macbook doesn't, sniffing to the bootp, I see that the DHCP sends NAK and after I only have DISCOVER & OFFER...
When I get the same switch and the same router and take out the vLan on the switch, everybody get an IP.
What's the deal with this switch and vLans and Mac OS x ???
Do I have to setup something else ?
cheers

DHCP NAK means the DHCP server is refusing to give an IP to the client. it might be that the client is requesting an already used IP, or is requesting an IP that does not fit within the scope defined for the VLAN or network the client is on. in any case, the NAK is not likely because of the the switch. check your dhcp server logs.

Time Capsule - Can it run as DHCP router, create a wireless network and plug into switch for wired network all at the same time?

I have a closet with Wired connections from all over the house terminating in it. I also have the internet modem and a switch in this closet. My old setup was a netgear in the closet creating a wireless network and also feeding the Ethernet ports all over the house. In my room, I had an Airport express (a month old) bridging the wifi to make the wifi network larger. The Express was hard wired from the wall and my mac mini was using it's wifi (printer was plugged into other ethernet port). Everything was working great.
Fast forward to last week. My Netgear died. So, I bought a time capsule. My plan was to move the Express to the closet and have it create the wifi network and also then run cat 5 cord from express to the switch to feed all the wired wall plugs. Reset it and set it up to create the wifi network as well as DCHP NAT. Wireless was running great on it. Then I plugged in the Cat 5 in the second Ethernet Port to the switch. Wifi stopped working and none of the computers would connect using wired connections either. They would see a 'network' but nothing would work. I would unplug the Cat 5 feeding the swtich and the wireless would start working again. Plug the Cat 5 back in and wireless would stop.
So I thought I would try the Time Capsule in the closet and see if I could get it to work. Pretty much the same thing, except at this point I figured out if I went in and told it NOT to create a wifi network the wired portion worked fine and all the wired computers in the house worked fine. Of course, then I didn't have Wifi.
I'm not clueless when it comes to networking, but I can NOT figure this out! Can either the Time Capsule or Express Create the wifi network AND also feed the data to the switch for all the wired computers?
To simplify this is what I want my end result to be. I prefer the Time Capsule to be the wireless connection extender, but if I have to have the Express do it, I'm fine with that.
1. Express in the closet creating the wifi network as well as feeding the data to the wired connections via my switch.
2. have the Time capsule in my room at the opposite end of the house plugged into the hard wired connection to extend the wrieless network as well as have wired connections such as my printer and my Mac Mini.
If I can get #1 to work, I don't think I'll have any problems with #2. Help!

I have an equally complex setup with a managed switch actually but I have never seen the TC have this kind of issue.
What I do notice is you have changed the TC from defaults.. you are using a non-default IP range.
I have run across issues like this where people move things from default.
I would like you to start over.. factory reset the TC. That will set it back to default router mode.
Do the min setup on the TC..
1. Change all names from what you were using. That includes the TC name and wireless name/s
Make them short, no spaces and pure alphanumeric because that is the correct way to network. Apple default names with spaces and apostrophes are fundamentally bad.
2. With just the TC plugged into the switch.. and a single computer connected by ethernet. Power cycle the whole network.. this allows the switch to clear all the old MAC address.
3. Test on the computer just ethernet. Turn the wireless off.
The computer must use dhcp and must get an ip from the TC.
It has to get the correct Router.. ie Gateway.. I wish apple could stick with proper network terminology.
And it must get same address or valid DNS server address/es.
If it fails.. please plug ethernet directly to the TC.. bypassing the switch.
You should get the standard IP addressing and internet connection.
If not please post the screenshot from the Mac of the network preferences showing the ethernet setup.
I need to see what address it does get. I need you to make sure the ethernet is the TOP of the list. So rearrange the order of network connection. With the airport off it should just go to the top of the list.
If it appears to be working .. but a browser cannot connect, open a terminal and ping an internet address.
Ping the actual gateway address the ISP gives you and ping the ISP dns address.

Using ACS for VLAN assignment

Hi Guys, I have been looking at the use of Cisco ACS server for VLAN assignment. So far I have searched through a number of threads and no found what I am looking for specifically so here it goes.
1) When the RADIUS attributes have been configured in ACS (64, 65 + 81), and in my case I have them in the group configuration. For the VLANs to be assigned to the various users at their ports will every VLAN name in the RADIUS settings have to in the switches which are used for access?
2) Is there a limit to the number of VLANs that can be assigned by the RADIUS(IETF) portion of ACS or would it be better to use RADIUS(IOS/PIX)? I am thinking of about 15 VLANS.
I am using a Catalyst 4500 (IOS supervisor) and 2950s and 2970s at the closets.
Thanks for any help...
Kelvin

Access Control Lists..I am thinking it is better to apply the ACLs at the closet (access) switches where I can specify the servers that should be reached by the hosts my test VLAN and deny those which they should not.
I used a named extended ACL for my tests however, it did not go well. With the ACL below applied I cannot reach anything including the server I actually want to reach. My intention was to allow the hosts in the test VLAN 172.16.12.0/24 to reach 2 particular servers and their gateway however with the list applied I cannot reach anything at all. The setup is one 2950 connected to a 4507 the 2 VLANs I am working with are trunked to the 2950 and dhcp is running. I have IP routing enable on the 4507 and it is the server for the VTP domain.
ip access-list extended guest
permit ip 172.16.12.0 255.255.255.0 host 172.16.12.1
permit ip 172.16.12.0 255.255.255.0 host 172.16.2.254
permit udp 172.16.12.0 255.255.255.0 host 172.16.2.245 eq 53
deny ip any any
Any advice on how I can restrict the hosts which will be on this VLAN from accessing the rest of the network?

Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

Hello,
I have an Spanning tree problem when i conect 2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy, with one IP of management)
In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
I dont know but do you like this solutions i want to try on sunday?:
Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
¿could you help me to control the root? ¿Do you think its better another solution? thanks!
CONFIG WITH PROBLEM
======================
3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
interface GigabitEthernet2/0/28
description VIRTUAL SNMP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
logging event trunk-status
shutdown
interface GigabitEthernet1/0/43
description VIRTUAL SNMP1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
shutdown
DELL M6220: (its only one swith)
interface Gi3/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit
interface Gi4/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit

F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk

FlexConnect Central Switching for GuestWLAN

Hi All,
I plan on setting up a new WLAN network.
5 office locations, a single WLC in the primary DC at the moment. Each 5 office location is routed over a L3 link
If I have a guest WLAN (vlan 30) that it available at each site and want to centrally switch it, do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC? I assume because this guest network is centrally switched, the actual assigned IP of the guest network does not matter if it not in the same supernet of the remote site?
For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).

do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC?
Yes, if you use WLC as your DHCP server for guest users, you have to use WLC management IP as DHCP server address on vlan 30 (assuming it is for guest)
For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).
As long as you do FlexConnect local switching with required vlan mapping in each WLAN, you do not required DHCP server setting on WLC interface where that WLAN assign to. All traffic locally switched & use helper address configured under SVI of that locally switched vlan.
Refer this configuration guide for more details
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001000.html
HTH
Rasika
**** Pls rate all useful responses ****

DHCP Setup across multiple VLANs on RV325 - DHCP Server only working on VLAN 1

I have multiple VLAN subnets defined on my RV325 - when I try and utilize a DHCP Server on each VLAN, it only seems to be issuing IP Addresses to clients on VLAN ID 1. When I first set this up months ago, I thought I had tested it providing IP Addresses via the other subnets. Now that I am trying to do so, it isn't working "as expected". Example - I am using VLAN 25 as the GuestWireless subnet utilizing a separate 802.11n WAP that is set to Bridge connections to the IP Address of the VLAN interface. Devices are able to connect to the WAP, but end up with a self-assigned IP Address 169.x.x.x address. There has to be an easy fix to this, but I seem to be "stuck" figuring out what it is…pointers/redirects appreciated. Thanks!

Thanks - I've already reviewed that information before I posted. I've been working with DHCP since the mid-90's, so I'm comfortable with the settings/configuration I need to leverage to make this work via other means using various Network-based OSes.
I'm wondering if there are other options in configuring this device that can impact the ability to dynamically serve IP addresses on a VLAN/subnet-by-VLAN/subnet basis.
As I did more testing, I discovered when I reserved an IP Address via the IP & MAC Binding option within the DHCP Settings, those devices would receive their static reservations and work as expected, so the problem seems to be leveraging the DHCP Pool for devices connecting to VLANs other that VLAN 1.
Any ideas as to why the DHCP Pool's are "non-functioning" for the other VLANs is greatly appreciated...
Each VLAN is setup with a separate DHCP Server configuration as shown below:
VLAN ID = 1 (Default, Inter VLAN Routing = Enabled, LAN1-6 = Untagged, LAN7=Tagged, LAN8=Excluded, LAN9-14 Untagged)
Device IP Address = 172.16.xxx.1
Subnet Mask = 255.255.255.0
DHCP Mode = DHCP Server
Remote DHCP Server = 0.0.0.0
Client Lease Time = 1440 min
Range Start = 172.16.xxx.100
Range End = 172.16.xxx.199
DNS Server = Use DNS as Below
Static DNS 1 = 208.67.222.222
Static DNS 2 = 208.67.220.220
WINS Server = 0.0.0.0
Correctly serving IP Addresses via DHCP (both static and dynamic) to Wired devices & Wireless devices connecting through WAP (set to Bridge)
VLAN ID = 25 (GuestWireless, Inter VLAN Routing = Disabled, LAN1-LAN7 = Excluded, LAN8 = Untagged, LAN9-14 = Excluded)
Device IP Address = 172.16.yyy.1
Subnet Mask = 255.255.255.0
DHCP Mode = DHCP Server
Remote DHCP Server = 0.0.0.0
Client Lease Time = 1440 min
Range Start = 172.16.yyy.100
Range End = 172.16.yyy.199
DNS Server = Use DNS as Below
Static DNS 1 = 208.67.222.222
Static DNS 2 = 208.67.220.220
WINS Server = 0.0.0.0
NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP (set to Bridge)
Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client. Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.
VLAN ID = 100 (Voice, Inter VLAN Routing = Disabled, LAN1-6 Excluded, LAN7 = Untagged, LAN8-14 = Excluded)
Device IP Address = 192.168.zzz.1
Subnet Mask = 255.255.255.0
DHCP Mode = DHCP Server
Remote DHCP Server = 0.0.0.0
Client Lease Time = 1440 min
Range Start = 192.168.zzz.100
Range End = 192.168.zzz.199
DNS Server = Use DNS as Below
Static DNS 1 = 208.67.222.222
Static DNS 2 = 208.67.220.220
WINS Server = 0.0.0.0
NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP set to Bridge
Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client. Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.

Configuring the Catalyst 6500 Switch for IPS Inline Operation of the IDSM

I understand how to configure the Catalyst 6500 switch so that the monitoring ports are access ports in two separate VLAN's for inline operation.
However, I don't see any documentation that describes how the desired VLAN traffic gets forced through the IPS.
In promiscuous mode, you can use VACL's to copy/capture and forward the desired traffic to the IDSM for analysis. I'm not seeing how to get the desired traffic through the IPS.
Note that the host 6500 is running native IOS 12.2(18)SXE.
Thanks for any assistance.

A tranparent firewall is a fairly good comparison.
Let's say you have vlan 10 with 100 PCs and 1 Router for the network.
If you want to apply a transparent firewall on that vlan you can not simply put one interface of the firewall on vlan 10. Nothing would go through the firewall.
Instead you have to create a new vlan, let's say 1010. Now you place one interface of the firewall on vlan 10 and the other on vlan 1010. Still nothing is going through the firewall. So now you move that Router from vlan 10 to vlan 1010. All you do is change the vlan, the IP Address and netmask of the router stay the same.
The transparent firewall bridges vlan 10 and vlan 1010. The PCs on vlan 10 ae still able to communicate to and through the router, but must go through the transparent firewall to do so.
The firewall is transparent because it does not IP Route between 2 vlans, instead the same IP subnet exists on both vlans and the firewall transparently beidges traffic between the 2 vlans.
The transparent firewall can do firewalling between the PCs on vlan 10 and the Router on vlan 1010. But is PC A on vlan 10 talks to PC B on vlan 10, then the transparent firewall does not see and can not block that traffic.
An InLine sensor is very similar to the transparent firewall and will bridge between the 2 vlans. And similarly an InLine sensor is able to InLine monitor traffic between PCs on vlan 10 and the Router on vlan 1010, but will not be able to monitor traffic between 2 PCs on vlan 10.
Now the router on one vlan and the PCs on the other vlan is a typical deployment for inline sensors, but your vlans do not Have to be divided that way. You could choose to place some servers in one vlan, and desktop PCs in the other vlan. You subdivide the vlans in what ever method makes sense for your deployment.
Now for monitoring multiple vlans the same principle still applies. You can't monitor traffic between machines on the same vlan. So for each of the vlans you want to monitor you will need to create a new vlan and split the machines between the 2 vlans.
In your case with Native IOS you are limited to only 1 pair of vlans for InLine monitoring, but your desired deployment would require 20 vlan pairs.
The 5.1 IPS software has now the capability to handle the 20 pairs, but the Native IOS software does not have the capability to send the 40 vlans (20 pairs) to the IDSM-2.
The Native IOS changes are in testing right now, but I have not heard a release date for those changes.
Now Cat OS has already made these changes. So here is a basic breakdown of what you could do in Cat OS and you can use in preparation for a Native IOS deployment when it gets released.
For vlans 10-20, and 300-310 that you want monitored you will need to break each of those vlans in to 2 vlans.
Let's say we make it simple and add 500 to each vlan in order to create the new vlan for each pair.
So you have the following pairs:
10/510, 11/511, 12/512, etc...
300/800, 301/801, 302/802, etc....
You set up the sensor port to trunk all 40 vlans:
set trunk 5/7 10-20,300-310,510-520,800-810
(Then clear all other vlans off that trunk to keep things clean)
In the IDSM-2 configuration create the 20 inline vlan pairs on interface GigabitEthernet0/7
Nw on each of the 20 original vlans move the default router for each vlan from the original vlan to the 500+ vlan.
At this point you should ordinarily be good to go. The IDSM-2 won't be monitoring traffic that stays within each of the original 20 vlans, but Would monitor traffic getting routed in and out of each of the 20 vlans.
Because of a switch bug you may have to have an additional PC moved to the same vlan as the router if the switch/MSFC is being used as the router and you are deploying with an IDSM-2.

Switching for Cisco IPT

Here is a question a customer emailed me today
" so im looking at the Cisco IPT solution and its impressive. after noticing the costing, i see no way of justifying the switching infrastructure. our entire organization is based on dell switching and Cisco routers.
we intend to stay with this as our switches are new has QOS and POE enabled as well as IEE power compliant as i understand and will work with the Cisco Phone models. we can also acheive the same measure of redundancy as proposed in the 3-layer model that Cisco applies. please advise as to if there are any limitations of these switches as i cannot see any at this point in time"
from a pre-sales prospective how do you justify changing to Cisco, and more importantly, from a TECHNICAL prospective do we convince the customer to change or leave?

In terms of implementation and operation: if you follow the separate VLANs for voice and data model - which you probably should - you will have to manually set the correct VLAN on every phone in the phone settings. phones use CDP to discover voice VLAN. I've done a deployment with non-Cisco switches such as this, and it definately slows things down. Of course you don't want to hurt any feelings, but... there is a reason Dell was giving away their switches for free a few years back. I like to save money too, but I wouldn't stake my business on running critical infrastructure this level of switch.

Set-VMNetworkAdapterVlan throws Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' error

Hi,
I'm following this
guide I'm getting an error when running the below command:
Set-VMNetworkAdapterVlan -vmname PurpleVM1 -Isolated -PrimaryVlanId 2 –SecondaryVlanId 4
Generates the following error:
Set-VMNetworkAdapterVlan : The operation failed.
Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' on switch 'New Virtual Switch': One or
more arguments are invalid (0x80070057).
A parameter that is not valid was passed to the operation.
Does anyone know why this is happening?
ta

Hi TomG101,
It seems that there is a configuration conflict on the virtual switch port .
Also I tested the command on my lab , it works .
For troubleshooting please create a new virtual switch then try to configure again .
Any further information please feel free to let us know .
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

881w router to distribute DHCP to switch

I have a 881w router with static wan ip ssetup on fastethernet 4 and vlan1 distributes ip from fastethernet 0. It works fine when I plug a PC directly to fastethernet 0, address is assigned and internet access is connected, the problem is when I connect the fastethernet 0 to a switch no ips are distibuted and even static routing a PC connected to the switch gets no connection. Can someone please help me what I am missing?
Here is a piece of my running config:
ip dhcp excluded-address 192.168.1.1
ip dhcp pool local
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 66.180.96.12
ip name-server 64.238.96.12
ip name-server 66.180.96.12
no ipv6 cef
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
ip address xxx.xxx.248.98 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
shutdown
interface Vlan1
ip address pool local
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 23 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.248.97
access-list 23 permit 192.168.1.0 0.0.0.255

Try "no switcport" on fe0, then apply ip address.
on 881
interface FastEthernet0
no switchport
ip address 192.168.1.1 255.255.255.0
on switch
interface vlan 1
no shutdown

SD205 (unmanaged) switch and VLANs

In addition to all my Cisco Catalyst (managed) switches, I have a bunch of Linksys SD205 unmanaged switches on my LAN.
I want to configure my network for VLANs, which means I will be changing all of my Cisco managed switches to a "trunking" configuration. This configuration is working correctly with the Cisco Catalyst switches
Question: can the SD205 function in this environment? I know I can't set any of the ports on the SD205 to be "trunking", but I would like to connect the SD205 to a Cisco port that is "trunked", so the devices on the SD205 can communicate to the rest of the world.
So far, I have not been successful, so -- maybe they just won't work in a trunked environment. Anyone have a definitive answer? If they simply can't do it, I'll stop wasting my time!
Thanks
Solved!
Go to Solution.

No. An unmanaged switch does not support 802.1q. It will drop any ethernet frame that has been 802.1q tagged. The only frames which go through an unmanaged switch are untagged frames, i.e. the native VLAN of the port on the Catalyst.
If you want to use unmanaged switches you have to connect them to a port configured in access mode, member of a single VLAN. For example, you can configure a port on the Catalyst for access mode in VLAN 10 and connect an unmanaged switch to this port. Then all devices connected to the unmanaged switch will be VLAN 10. This is as much as you can do.
But getting multiple VLANs through unmanaged switches is impossible as all ethernet frames on the unmanaged switch must be untagged.

UC520 SNMP change fast ethernet switch port vlan

Hi,
I've a UC520 running with uc500-advipservicesk9-mz.151-4.M5. I try to change VLAN on the switchport using snmp however look like the UC520 doesn't support "vmVlan".
snmpwalk -v 1 -c private 10.1.1.1 ifDescr
IF-MIB::ifDescr.4 = STRING: FastEthernet0/1/1
snmpset -v 1 -c private 10.1.1.1 1.3.6.1.4.1.9.9.68.1.2.2.1.2.4 integer 151
Error in packet.
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: SNMPv2-SMI::enterprises.9.9.68.1.2.2.1.2.4
Does anyone know what is the MIB for change switch port vlan ?
Rg,
Gerald.

What do you mean by dumb siwthc? What model/make/company is that switch?
Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?

Root bridge for VLAN 1

If I have 2 core Layer 3 switches that are in an HSRP config, each of the active router vlans are setup already as the root bridge for those particular vlans, who should I designate as the root bridge for VLAN 1 ?

Root bridge and the active router in hsrp are not really related.
Root bridge selection is only used to control which paths are blocked if any. The actual path of the traffic does not have to pass via the root bridge. It will always take the most direct path between the machines.
It is much more important to see where the blocked link is if you have any.
As a example you have a distribution switch connected to your 2 core switches and the 2 core switches connected to each other. You design you spanning tree to block the link between the 2 core switches by setting the cost very high. In this case any machine on the distribution switch can directly access either core switch. Since only the core switch that is the active HSRP router for a vlan will advertise the common mac address the distribution switch will only see the mac address on one of the two links. Either core switch can be set as the root but the traffic will alway directly flow to the active HSRP device.
Of course you don't want to block the line between the switches because the HSRP keepalive message will be layer 2 routed via the distribution switch. In a very simple design it is common to have the root bridge be the HSRP active device just because its easier to configure but the concepts are not really related. Root bridge placement is more related to traffic volumes than anything else it just tends to be true that the switch has the gateway is also the highest volume of traffic

Dhcp on switch for vlans

Similar Messages

Maybe you are looking for