How to add VLAN to trunk port on Cisco SF200-24

Similar Messages

• Private VLAN Promiscuous Trunk Port - Switches which support this function

  Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks

  4500x Yes
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
  Nexus 5k Yes
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
  3850s
  They dont support pvs at all yet
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
  Restrictions for VLANs
  The following are restrictions for VLANs:
  The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
  The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
  Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
  Private VLANs are not supported on the switch.
  You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

• 2 vlans, 1 internet modem on Cisco SF200

  I recently bought a Cisco SF200. I'm unfamiliar with the whole vlan topic. We have 2 departments. I want to create 2 vlans, that share one internet connection. We have a standard Cisco Cable Modem.
  Can someone please advise on how to get this up and running?
  Current setup is, like this:
  VLAN1 = default
  VLAN10 = port 1,2,3
  VLAN20 = port 4,5,6
  Cable modem is on port 24.
  Please advice. Thanks in advance.
  Sidney

  Hello Sidney,
  My name is Chris from the Cisco Small Business Support Center.
  There is one problem with your current setup.  The cable modems generally do not support VLANs, so in order to setup two seperated networks like you are describing you will need either a Small Busines router that supports VLANs, or a layer 3 switch, like the SF300. 
  The SF200 only works at layer 2, meaning it cannot do the routing for that other VLAN.  Since the modem doesn't understand VLANs either you will really only be able to use one VLAN that covers the same subnet as the modem is handing out.
  With a VLAN capable router you can setup what we call router on a stick with your current switch where both VLANs are carried over one link to the router and the router then routes the traffic appropriately.
  You can also get a layer 3 switch, which would allow you to do the routing for those VLANs on the switch itself.  However I am not sure if your Cisco modem does NAT, which is what translates your private subnet (192.168.1.1) into a publicly routable internet address (97.26.25.14 for example).
  So the simplest solution to acoomplish what you would like to do would be to purchase a VLAN aware router and then setup a trunk link with both VLANs to the switch.
  All of our RV series router can do VLANs and trunking, with the exception of the RV016, RV042, and RV082.
  You can also give us a call at 1.866.606.1866 and we would be happy to discuss your options if any of this isn't clear, or to help set it up.
  Thank you for choosing Cisco,
  Christopher Ebert
  Senior Network Support Engineer - Cisco Small Business Support Center
  *Please rate helpful posts*

• VTP Pruning vs Allowing VLANs on Trunk ports

  We would like to know best approach to reduce VLAN traffic on our network. We are currently trunking all fiber ports 802.1q.
  We have about 73 VLANs across the network. We have done a lot of research and there seem to be a lot of theoretical answers but no one who uses it in practice.
  Here is our current configs for fiber ports between closets:
  Cisco WMH6509
  interface GigabitEthernet2/8
   description Fiber To STB Lab 3850
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
   no snmp trap link-status
  end
  Cisco STB Lab 3850
  interface GigabitEthernet1/1/1
   description Fiber To WMH6509
   switchport mode trunk
  end
  We are considering:
  VTP Pruning Enable
             or
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 26,99,109,188
   switchport mode trunk
  Thanks,
  Tom

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of   the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As I have some years (cough - decades) software development experience, I lean toward automation solutions, so, for example, I often prefer dynamic routing over static routing, and so likewise, I prefer VTP over manual configuration on multiple devices.
  However, VTP does have some "quirks".  For example, this year I ran into an issue where an edge switch had a new VLAN defined to a port which wasn't in use on a transit switch, so VTP auto pruning, pruned it off the transit's uplink trunk.  (I was a bit of a pain to find the cause as VTP doesn't prune right away - edge worked for a bit and then it stopped working.  One fix would have been to stop using VTP auto-pruning, across the whole VTP domain, but instead, configured VTP to not auto-prune the needed VLAN across the needed trunk.)
  So, as Paul notes, VTP auto pruning might be easier to get going, but be prepared for unexpected incidents (again, not saying you'll have any, just be prepared).  So, if you're prepared, I would go with VTP auto pruning, but if you want to "play safe", go with Paul's recommendation.

• How to add vlan virtual interface on a Catalyst Using SNMP

  Hi,
  I need some assistance in locating the  mib/variables to allow me to add and remove vlan
  virtual interface on Catalyst 3759G. If I understand correctly CISCO-VTP-MIB can not  carry
  out this requirement.
  Is there another way of accomplishing  this using SNMP ?
  Thanks,
  Zhou

  You cannot add a new interface directly using SNMP.  However, you can use the CISCO-CONFIG-COPY-MIB to copy a config snippet into the running configuration which can create a new VLAN interface.  See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml for more details.

• How to get info over snmp on cisco switch whether native vlan on a port is tagged or not?

  Hi!
  I want to know which oid(s) should I query to know whether native vlan on trunk port on cisco switch is tagged or not?
  I am querying the oid .1.3.6.1.4.1.9.9.46.1.6.3.0 (vlanTrunkPortsDot1qTag) on cisco 3560 (E Series) and I am getting global value. Also, this OID is showing as deprecated. So I query .1.3.6.1.4.1.9.9.246.1.6 (cltcDot1qAllTagged) and its subtree, but no value is returned.
  Switch Version is
  Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE2

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• Unknown vlan in trunk

  Hi all!
  We have mostly 2950 switches with standard image and 2950lre with EI. All switches in transparent modes with different domain names.
  Here is the problem
  cat1 <-trunk-> cat2 <-trunk> cat3
  On cat1 and cat3 there are ports in ,let's say ,vlan 10
  Right now I have to create vlan 10 in transit cat2. Otherwise it won't pass tagged packets recieved from cat1 to cat3.
  I was under impression that catalysts can pass all vlans in trunk by default,even if it's not known on local switch.
  I did debug on lre (debug switch vlan) and after creating vlan, it put trunk port in tagged mode for this vlan
  VLANDEBUG:STP_FORWARDING: vlan 1289 port 25
  strata_add_port_to_vlan: adding tagged port for VM_1Q_PORT
  VLANDEBUG:Set Tagged Mode For Port:25, Unit:0
  So, after creating vlan it permits this vlan on trunk port
  I wonder if it's platrofm depended, IOS image (c2950lre-i6l2q4-mz.121-22.EA1) depended or it's just the way catalysts work?

  Hi,
  You have to create Vlan 10 on your Cat2 otherwise it will not pass the traffic for the Vlan2. Think it in this way that if your switch is a VTP client and you have a VTP server, now your VLAN info will be passed to every VTP client and thus you have the same number of VLANS on the switch and hence the traffic gets pass over the trunk. If you have switches in Transparent mode than each switch has its own Vlan database and to get the traffic passed fo a particular Vlan that vlan should exist in Vlan database of each and every switch,.
  If that vlan doesnot exist then how the switch will tag the packets when it has to send the traffic to other switch. On catalyst switch the moment the tagged packet exists the trunk port it rips off the dot1q TAG and adds a Port vlan ID i.e vlan 10 on the packet and the moment it enters on the trunk port to pass it to other link, a DOT 1q tag is added on the switch. This is how the catalyst switch works. So if doesnot have any Vlan in its vlan database it will not pass the traffic for that Vlan.
  I remeber I did the same LAB when I was giving a training to some Army guys and it happend to be the same.
  regards,
  -amit singh

• Native Vlan and Trunking

  Hi Folks,
  I am having a doubt with native Vlan in trunk ports.
  In a topology of 3 switches. Switch A is connected with switchB and SwitchC on uplinks. Can I configure the different native vlans for 2 different trunk for switch A.
  Like I am having 3 vlan,s configured in switch A with VTP domain transparent(1,500,900-Vlans configured). Same configuration is there in B & C too.
  So can we use 999 as a native vlan for trunk between A&B and native vlan 1 for trunk configured between A&C.

  yes possible, if specific reasons. Already discussed several times on this forum. Pls refer this link:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe4e88

• Unable to add allowed VLANs to TenGig trunk port

  Hi,
  I've got a ten gig interface on a 6509 running 12.2(33) configured as a trunk, but I've not been able to add any allowed VLANs as I've done before on other ten gig ports on different 6509 chassis. Am I missing something obvious?
  I'm assuming that the reason I'm unable to set the encapsulation to dot1q is because the new hardware doens't support ISL, hence no need. The command to add the VLANs however doesn't get rejected, it just doesn't appear to do anything.
  I've tried adding single VLANs and multiples, but no joy. Any ideas?
  Here's what I've done:
  SWITCH_1631(config)#default int t4/1
  Interface TenGigabitEthernet4/1 set to default configuration
  SWITCH_1631#sh ru int t4/12
  Building configuration...
  Current configuration : 65 bytes
  interface TenGigabitEthernet4/12
   no ip address
   shutdown
  end
  SWITCH_1631(config)#int t4/1
  SWITCH_1631(config-if)#switchport
  SWITCH_1631(config-if)#switchport mode trunk
  SWITCH_1631(config-if)#switchport trunk allowed vlan ?
    WORD    VLAN IDs of the allowed VLANs when this port is in trunking mode
    add     add VLANs to the current list
    all     all VLANs
    except  all VLANs except the following
    none    no VLANs
    remove  remove VLANs from the current list
  SWITCH_1631(config-if)#switchport trunk allowed vlan add 700
  SWITCH_1631(config-if)#
  SWITCH_1631#sh vlan id 700
  VLAN Name                             Status    Ports
  700  VLAN_NAME                        active    <snip>
  SWITCH_1631#sh ru int t4/1
  Building configuration...
  Current configuration : 74 bytes
  interface TenGigabitEthernet4/1
   switchport
   switchport mode trunk
  end

  Steve,
  Thanks for getting back to me. You're right that it is by default a dot1q trunk allowing all VLANs, therefore it should work for what I want to do.
  Port                Mode         Encapsulation  Status        Native vlan
  Gi3/39              on           802.1q         trunking      1
  Te4/1               on           802.1q         trunking      1
  Po1                 on           802.1q         trunking      50
  Po2                 on           802.1q         trunking      50
  Po3                 on           802.1q         trunking      50
  Po4                 on           802.1q         trunking      50
  Po5                 on           802.1q         trunking      50
  Port                Vlans allowed on trunk
  Gi3/39              15-16,20-23,30,401,608
  Te4/1               1-4094
  Po1                 10,13,20-21,25,30,50,52,61,70,600,700-701,950
  Po2                 10,20,30,50,52,61,70,600,700-701,950
  Po3                 10,20,30,50,61,70,600,700-701,950
  Po4                 10,20,30,50,61,70,600,700-701,950
  Po5                 2-3,10-23,25-26,30,35-36,40,50-53,56,58,61,65,70,77,101-102,145-146,155-158,401-402,600-602,608,700-701,800,950
  The problem was that I've always been advised that best practise is to only allow the VLANs that are actually required on a trunk to avoid broadcasting traffic unnecessarily. I worked out what the issue was though, and it was a pretty simple one!
  Once I saw that 1-4094 was allowed I tried "switchport trunk allowed vlan remove 700" which worked and left me with 1-699,701-4094.
  Then I realised what the problem was  trying to use the "add" command when all possible VLANs had already been added. As soon as I got rid of it and used "switchport trunk allowed vlan 700" followed by "switchport trunk allowed vlan add 701" I was back in business.
  So it was a very simple issue, but thank you Steve for pointing me in the right direction and confirming that all the VLANs were already allowed!

• SG-300 CLI How to display trunk ports

  Hello
  I have a very simple question about CLI on SG-300. How to display trunk ports via cli? I have switch with 28 ports and I wanted to see what switchport mode is applied to every port - or simply we can just focus on trunk ports. On Cisco Catalysts there is "show trunk" command in order to get list of ports in Trunk mode. Is there any way to do it on SG-300?
  srv-sw-1#show version
  SW version    1.3.0.62 ( date  02-May-2013 time  14:55:01 )
  Boot version    1.1.0.6 ( date  11-May-2011 time  18:31:00 )
  HW version    V02
  thank you
  michal

  Hi,
  I remember something at least that works port by port:
  >#sh int switchport fa 1
  Port : fa1
  Port Mode: Trunk
  Gvrp Status: disabled
  Ingress Filtering: true
  Acceptable Frame Type: admitAll
  Ingress UnTagged VLAN ( NATIVE ): 1
  Port is member in:
  Vlan               Name               Egress rule Port Membership Type
  1                  1                  Untagged          System
  Displays detailed info about each port, range command will not work, but it's something.
  You can check for vlans and or tags with:
  sh vlan
  sh vlan tag 1.
  NTex

• Authenticating Trunk Ports - VLAN list

  I have a requirement to authenticate trunk ports to wireless access-points on our Cisco switch, By default all ports are access ports and we run MAB authentication. I have managed to change the port to a trunk using Cisco-av-pair attribute in ACS (cisco-av-pair = deivce-traffic-class=switch)
  My problem now is that I need to add a VLAN allowed list on the port once it has changed to a trunk port (switchport trunk allowed vlan x,y,z). ideally we would not want to statically assign the VLAN's on each port as an AP could be on any port and may wish to authenticate other trunk ports using different VLAN's in the future. Below is the configuration used on the ports.
  cisp enable
  interface FastEthernet0/2
   description *** Client Device ***
   switchport access vlan 2
   switchport mode access
   no logging event link-status
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 3
   authentication event server alive action reinitialize
   authentication order mab dot1x webauth
   authentication priority mab dot1x webauth
   authentication port-control auto
   authentication fallback GUEST_FALLBACK
   mab eap
   dot1x pae authenticator
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 10
   dot1x max-reauth-req 1
   dot1x timeout auth-period 600
   no cdp enable
   spanning-tree portfast
  Any help will be greatly appreciated. 
  Thanks
  John

  Hello
  I would suggest the following:
  >> Arrange for some physical enclosure (locked) or  any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.
  >> Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.
  >> Change the NATIVE VLAN from the default (VLAN 1)
  >> Disable Trunk negotiation (ON mode)
  Regards
  Farrukh

• How to add a port for a IP cam in the airport extreme setting? thx!

  I has buy a IP cam, but I don't know how to add a port for a IP cam in the airport extreme setting? (I can see the IP cam in local, but not the internet.) Many Thanks!

  atwoodjordan, Welcome to the discussion area!
  See Steve Newstrum's user tip "How do I use Port Mapping (Part I)". When it talks about giving your Mac a static IP address just substitute camera instead.

• HT4522 Sounds fine but how do I add partitions in air port utility

  Sounds fine but how do I add partitions in air port utility

  It is possible to partition the drive, but you have to physically pull the hard drive from the Time Capsule and place it in a separate enclosure for the formatting operation, then reinstall the drive again back in the Time Capsule.
  Unfortunately, in addition to a lot of work, this will void the warranty on the Time Capsule.
  It is possible to create one or more disk images on the Time Capsule using Disk Utility.
  While a disk image is not technically a "partition" in the normal sense, it will allow you to specify and reserve a given amount of space on the drive for the image or images that you create.

• How to add control buttons using Java thorugh serial port?

  Hi everyone,
  I'm new to this forum.
  I have some questions on Java and serial port.
  I want to write a Java program to control my robot, through serial port. For example, when I click "Forward", the robot will go forward, and so on.
  Now I already have the buttons, so next I would like to ask how to interface the buttons with the serial port.
  I already have all the javax.comm things installed.
  below is the code for my buttons:
  import java.awt.*;
  public class ControlButtons extends java.applet.Applet
       GridLayout myLayout = new GridLayout(3, 3);
       Button button1 = new Button(" ");
       Button buttonForward = new Button("Forward");
       Button button2 = new Button(" ");
       Button buttonLeft = new Button("Left");
       Button buttonStop = new Button("Stop");
       Button buttonRight = new Button("Right");
       Button button3 = new Button(" ");
       Button buttonReverse = new Button("Reverse");
       Button button4 = new Button(" ");
       public void init()
            setLayout(myLayout);
            add(button1);
            button1.setVisible(false);
            add(buttonForward);
            add(button2);
            button2.setVisible(false);
            add(buttonLeft);
            add(buttonStop);
            add(buttonRight);
            add(button3);
            button3.setVisible(false);
            add(buttonReverse);
            add(button4);
            button4.setVisible(false);
  }Now I would like to ask for direction on how to add in the code to make it work with serial port.
  Thanks

  The plan is, I have a robot device connected to the serial port.We don't know anything about that device. We don't know how to control it. We don't know what you have to write to the device to make it do anything. Only you know what.
  For example, when I click "Forward", the robot will go forward, and so on.So what do you have to send to make it do that? and same for the other buttons.
  Next, you need to work out from the javax.comm API how to open the serial port and send data to it. This is a standard exercise in learning a new API. You must be able to do this. Again and again.
  But the program is useless. The button can be clicked, but didn't do anything.Because (a) they have no ActionListeners and (b) there is no code to send anything to the serial port.
  You have to write all that. So you also have to look up ActionListener in the Java API and how to attach it to a button. You can do that. We all do that kind of thing every day.
  So next I would like to ask how to interface the buttons with the serial port.You've been asking nothing else since you started, but you've also only done enough investigation of your own to create the buttons. That's only the start.
  The problem is what method and command should I use to make those buttons actually functioning.See above. You've been told part of it several times. The rest only you can answer, because it's your robot.

• Dynamic Vlan-Trunk port

  Hi,
  Is posible to configure a Switchport like dynamic vlan port and in the same time to be trunk port?

  Hi,
  Static ports that are trunking cannot become dynamic ports. You must turn off trunking on the trunk port before changing it from static to dynamic.
  You can find more info here.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html
  HTH,
  Sundar