Inter-vlan bridging for sna/netbios
I have a requirement to have several vlans bridged because of sna/netbios applications. I have heard that inter-vlan bridging has the potential for many problems and have heard that running the dec protocol for bridging on the core routers instead of ieee would help in preventing these problems. I do not want the router interfaces to be root. Has anyone done this, and are there any pitfalls?
thankx
This is from a co-worker, Matthias Binzer:
Hi,
is the question that the customer wants to bridge into dlsw?
If yes they can use a different bridge-group per interface, thus they do not bridge the vlan's together but only into dlsw.
If you talk about pure transparent bridging i guess the answer is it depends. It depends on your topology and on the other devices paritcipating in the spanning tree. If you dont want the router doing the transparent bridging to become root while you use ieee spanning tree on the router and the switches you can set the bridge priority higher than the default. Thus we would not attempt to become root given that there are other devices with a
better bridge priority.
the usage of dec spanning tree will work as long as there is no other device bridging the same vlan's together. If there is i.e. another router bridging the same vlan's you MUST make sure that this second router also uses dec spanning tree, otherwise you create a loop.
What you essentialy do is to create separate spanning trees overlaying each other.
thanks...
Matthias
Similar Messages
-
Inter VLAN Routing for IEC 61850
Hello,
Hoping someone can help me with this query. I'm in the process of configuring two CGS2520 switches located in two electrical substations. Each of these switches have Protection Relays and Remote Terminal Units (RTUs) connected to them. These devices communicate with each other as follows:
IEC 61850 GOOSE: http://en.wikipedia.org/wiki/Generic_Substation_Events
IEC 61850 MMS: http://en.wikipedia.org/wiki/IEC_61850
- Protection Relay to Protection Relay communication within either substation (Using IEC 61850 GOOSE - VLAN 11 and VLAN 21)
- Protection Relay to Protection Relay communication between substations (Using IEC 61850 GOOSE - VLAN 50)
- RTU to Protection Relay (Using IEC 61850 MMS - VLAN 10 and VLAN 20)
I've attached an image (hope that clears things out). Basically GOOSE traffic is VLAN tagged and and the MMS traffic is untagged.
I need to be able to route between VLAN 10 and VLAN 20 between the substations and I want to allow VLAN 50 between the substations. How do I go about configuring this?
So far I've configured the interfaces as follows:
Switch A2:
Fa0/5 and Fa0/7 (Protection Relay Ports)
port type nni
switchport trunk native vlan 10
switchport trunk allowed vlan 11, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 10
Switch B1
Fa0/4 and Fa0/5 (Protection Relay Ports)
port type nni
switchport trunk native vlan 20
switchport mode allowed vlan 21, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 20
Locally at each substation this seems to work (I can ping the Protection Relays from the RTU port and the Protection Relays send each other GOOSE messages). However I don't know how to configure the inter vlan routing (I want to be able to ping a Protection Relay Substation B from the RTU Port at Substation A) at and how to configure the switch interfaces that connect to each other?
Any help is much appreciated.
Thanks
DarshHello DarshanaD,
Could you fix this? Im asking because I have the same problem right now.
I'll appreciated if you can tell me how did you configure the inter VLAN routing.
Thanks
Ali -
Multiple "vserver" for different apps in a single VLAN (Bridge Mode)
Hi,
I'm deploying Cat6500 with CSM-S & FWSM modules. Doing bridge mode for the CSM (and FWSM will do the inter-VLAN routing upfront).
There are 3 (three) different applications (Vidiator, BEA & XIAM) placed in the Internet VLAN. Each application consist of multiple servers. Two applications (BEA & XIAM) need to be load-balanced, and the other one (Encoder) in the same VLAN does NOT need to be load-balanced.
The questions are:
- Is it possible to create multiple virtual servers (vserver) for different applications (BEA & XIAM) on the same VLAN client/server ?
- Is it also possible to do Load Balancing only for some Servers (BEA & XIAM) on one VLAN, while other servers (Encoder) on the same VLAN do NOT need load-balance? If, so what is the method? If not, what should be done?
Below is the script for CSM-S that I'm planning to deploy, please kindly provide your comments and advices.
Thanks a lot in advance.
Johan KC
MY SCRIPT:
module ContentSwitchingModule 9
vlan 96 client
ip address 10.67.96.9 255.255.252.0
alias 10.67.96.8 255.255.252.0
vlan 296 server
ip address 10.67.96.9 255.255.252.0
vserver BEA-PROXY-WEB
virtual 10.67.96.1 tcp www
vlan 96
server farm BEA-PROXY-SERVERS
replicate csrp connection
persistent rebalance
inservice
server farm BEA-PROXY-SERVERS
nat server
no nat client
real 10.67.96.2
inservice
real 10.67.96.5
inservice
probe ICMP
server farm XIAM-WEB-SERVERS
nat server
no nat client
real 10.67.96.26
inservice
real 10.67.96.29
inservice
probe ICMP
vserver XIAM-WEB
virtual 10.67.96.25 tcp www
vlan 96
server farm XIAM-WEB-SERVERS
replicate csrp connection
persistent rebalance
inserviceHi Gilles,
Thanks a lot for your respond.
1. For the multiple vservers.
Both applications provide HTTP service but think that I could run them on different port number: 80 and 8080. Will this work?
2. About the non-loadbalancing apps (encoder).
There are two servers and future adding is possible. They can work independently of each other. Both servers just provide FTP access, for content provider to upload files.
Since both servers will run the same service (FTP) and port number, I don't think we can create two vservers for them, right?
You also said that I could have the server in the internet vlan and client accessing it directly. Is this mean that no vserver config needed? So, from FWSM the client traffic will go straight to the servers (without passing the CSM)?
If this is possible, sound like good option to me.
Please kindly provide your advice/comments.
Thanks again.
Best Regards,
Johan KC -
If I have 2 core Layer 3 switches that are in an HSRP config, each of the active router vlans are setup already as the root bridge for those particular vlans, who should I designate as the root bridge for VLAN 1 ?
Root bridge and the active router in hsrp are not really related.
Root bridge selection is only used to control which paths are blocked if any. The actual path of the traffic does not have to pass via the root bridge. It will always take the most direct path between the machines.
It is much more important to see where the blocked link is if you have any.
As a example you have a distribution switch connected to your 2 core switches and the 2 core switches connected to each other. You design you spanning tree to block the link between the 2 core switches by setting the cost very high. In this case any machine on the distribution switch can directly access either core switch. Since only the core switch that is the active HSRP router for a vlan will advertise the common mac address the distribution switch will only see the mac address on one of the two links. Either core switch can be set as the root but the traffic will alway directly flow to the active HSRP device.
Of course you don't want to block the line between the switches because the HSRP keepalive message will be layer 2 routed via the distribution switch. In a very simple design it is common to have the root bridge be the HSRP active device just because its easier to configure but the concepts are not really related. Root bridge placement is more related to traffic volumes than anything else it just tends to be true that the switch has the gateway is also the highest volume of traffic -
Setting Inter VLAN in the Router.
Hi,
I trying to set up inter VLAN on the Cisco 2651XM router. I try to type the IP address on the sub interface but it gives me an error. I need to set up first
the encapsulation dot1 q. I type encapsulation command but it doesn't recognized.
This is the version of my router
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 21-Jun-02 08:50 by ccai
Image text-base: 0x80008074, data-base: 0x80A2BD40
ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Router uptime is 32 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.122-8.T5.bin"
cisco 2651XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of memory.
Processor board ID JAD07130B30 (708131756)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142
Do I need to update my cisco IOS if I do what os version I need and how can i download the cisco IOS.Thanks for the help. I don't need to change the version. I figure it out already..
-
Hi forumers'
My problem statement
a. how to let a single switchport to carry vlan voice and vlan data?
say i had create and configure the vlan voice (20) and vlan data (10)
first i do as this (attach voice vlan.png)
what should i do over
a1. VLAN Management-Port to VLAN
(set the interface as general, but then should i tick PVID, tag or untag? )
a2. VLAN Management-VLAN to Port
(is it let vlan 10 and vlan 20 to join the switchport?) (attach VLAN to Port.png)
b. can this switch doing "ip routing" for inter VLAN routing?
say i create the VLAN, assign IP for the virtual interface for it. What need to do to enable inter-VLAN routing?
I check the switch only switch IPv4 Static Route, is it need to manual create the static route to reach every VLAN's subnet?
c. can this switch be NTP server?
Thanks
NoelHi!
a. Create vlan 10 (data) and vlan 20 (voice). Set the switchport where you have an IP phone attached to the Trunk mode (Vlan Management -> Interface Settings). Administrative PVID of the port should be 10. Go to VLAN Management -> Port VLAN membership, select the switchport and click Join VLAN button. In the right column you should have "10UP" (VLAN 10 Untagged, PVID: 10). From the left column select 20, Tagging should be Tagged, click right arrow button to add VLAN 20 Tagged to the port and click Apply.
These settings will make switchport transferring traffic from VLAN10 (data) as untagged and voice traffic from VLAN20 as tagged to the phone. Respectively your phone, if it has a PC attached to it should be configured to tag voice traffic with VLAN20 tag and pass data traffic untagged to the PC. Voice VLAN settings keep like shown on the screenshot - it will let the switch assign the optimal QoS settings to the voice vlan traffic.
b. If you have the latest firmware installed the Inter VLAN routing is enabled by default. Just create SVI interfaces (assign an IP address to the VLAN interface) and if you have at least one host connected to the switchport member of the VLAN, the route to that subnet will appear in the switch routing table automatically. If you have several VLANs with IP addresses assigned and active hosts on these VLANs - all these networks will appear in the routing table as directly connected and hosts from all VLANs will be able to reach each other. If you need to restrict Inter VLAN communication - use IP ACLs.
c. No, the switch can be SNTP client only. -
RV130W Inter-VLAN Routing occurs even when disabled
On my RV130W I have two VLANs set up:
VLAN1:
VLAN100:
Inter-VLAN Routing is NOT enabled:
Why then am I able to ping hosts in a different VLAN?
Does this require a bug fix?I put my theory to the test and it worked as I thought
which is that vlan 101 could get to vlan 102 and vice versa
but vlan 1 could get to either and vice versa
I take it that this is probably due to how the router os is setup and hardware options on it
based on that there is probably only a couple of real interfaces
and that the vlan 1 is assigned to the one of them or to the switch interface
and the other vlans are just attached to it,
vlan 1 has to be able to cross communicate due to my guess that there aren't enough real interfaces
in that vlan is the end gateway and the other vlans are just virtual gateways if you will
This is what I did with the ports
In my lab I actually don't assign vlan 1 to any ports at all, nothing is on it except that actual router
but I left it on a port for you to see, as it might be handy to connect to in worst case scenarios
which works because of routing
as to whether its a feature or a bug or a limitation is hard to say without more info from cisco -
ACE design with inter-Vlan routing
Hello all.
I'm working on a design for a customer where the ACE will perform inter vlan routing.
A few questions about that :
- is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per
https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable
- if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?
example :
VLAN2 (client) ----- ACE ----- VLAN3 (servers)192.168.2.0/24 192.168.3.0/24
If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?
I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.
Thanks in advance.Hello Surya!
Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.
And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.
Cheers,
Marko -
We are used Cisco 3750 Layer 3 Switch and linksys switch at Layer 2 level.
We are used total 10 VLAN, We want block all inter-vlan communication, So no body can access inter vlan .
All vlan can access server vlan
Thanks
Dinesh ChavanDinesh Chavan
Based on what you have told us one solution would be to configure an access list for each of the SVIs on your 3750 switch and apply it on the inbound direction for the interface. In the access list you would permit packets with source address in the vlan of that interface a destination of the server vlan. You would deny all other traffic. This would allow each vlan to communicate with the server vlan but not with any other vlan.
HTH
Rick -
Multiple Root Bridges for VLAN1
Greetings,
I have an interesting problem with my switch environment. I have (2) 3550s acting as my distribution layer (labeled d1 and d2) and (3) 3548s acting at my access layer (labeled a1, a2 and a3). Each access switch has a single dot1q trunk link to 1 of the distribution switches (a1 and a3 link via gig-E to d1; a2 links via gig-E to d2). d1 and d2 have a single dot1q trunk link and a single routed link between them.
Currently, I am having an issue with VLAN1 on a few different levels.
Interface VLAN 1 is configured for HSRP on d1 and d2, with d2 being primary for HSRP and also it should be the root bridge for VLAN 1 (spanning-tree vlan 1 pri 4096).
First and most obvious to me when I first started looking at this problem (I recently started working at this company) is the the layer3 interface for VLAN 1 on d1 is showing down/down, even though there are trunk ports carrying VLAN 1 ok. I cannot see a reason the VLAN interface should be down/down. I have tried shutting and no shutting the interface with no luck.
The second problem is there are 4 switches (d1, d2, a1 and a3, recall both a1 and a3 have single dot1q trunks to d1) that all think they are the root bridge for VLAN1 even though I have the spanning-tree priority on d1 set lower to be root bridge. According to d1 spanning-tree, all the ports are in "DWN" status:
Interface Role Sts Cost Prio.Nbr Type
Gi0/7 Desg DWN 4 128.7 P2p
Gi0/9 Desg DWN 4 128.9 P2p
Gi0/10 Desg DWN 4 128.10 P2p
Gi0/12 Desg DWN 4 128.12 P2p
The weird part to me is that I have ~25 VLANs configured over these trunks and the rest of them don't have a problem with finding the correct root bridge.
Has anyone seen such oddness when it comes to root bridge election or the problem with VLAN 1 being down? Perhaps some advice on what else to look for in the configs?
Thanks for any information.
-jflahertyThanks for the reply. I see VLAN 1 being trunked and allowed from both sides on multiple links, d1 to d2 and d1 to a3, so I would think the autostate would see this and have VLAN 1 on d1 UP/UP.
d1 - g0/12 (link to d2)
Port Vlans in spanning tree forwarding state and not pruned
Gi0/12 1,10-11,13-15,19-23,26,40-41,43-50,52-57,100-101
d2 - g0/12 (link to d1)
Port Vlans in spanning tree forwarding state and not pruned
Gi0/12 1,10-11,13-15,19-23,26,40-41,43-50,52-57,100-101
And finally, a3 - g0/1 (link to d1):
Trunking VLANs Active: 1,2,5-8,20,26,44-46,48,53 -
881 - How to configure inter-VLAN routing
I hesitate to post here -- I know that I should know my job. But here goes...
Small business wants to use an ASA 5505 firewall on the edge connected to VDSL modem, and then an 881 to route internally (see attachment). The 881 has a downstream link to a 2960.
Want the following "blocks":
VLAN 33 - CLIENTS
VLAN 55 - SERVERS
VLAN 101 - CDLAB
The lab is for testing, and will be connected via Cisco 2500 series router. The server farm (Server 2008 domain +) will be connected via layer 2 switch over VLAN. A DMZ is anticipated after basic connectivity is established. Connectivity is already verified from a client connected to the INSIDE interface of the ASA going to the OUTSIDE and back.
Before I started I wiped the devices in order to start clean. Both the router and the switch are in vtp mode transparent.
To build a trunk link, I connected the 881 and the 2960 using a crossover cable from int fa0 to int fa0/8 respectively.
On both devices' interfaces I set switchport mode trunk.
I configured the 3 VLANs on the 881, assigned IP addresses to them, and used switchport trunk allowed vlan add 33,55,101 to assign them to the trunk but that doesn't appear in the sh run output under the interface.
I set both devices' to switchport nonegotiate (best practices?). Once again, on the 881 this command doesn't appear in the running config.
I configured the 3 VLANs on the 2960, then used the same switchport commands as above to assign them to the trunk.
Here's the deal.
From a client connected to a VLAN 33 access port on the 2960, I can't ping, for example, the VLAN 55 IP address. I can ping the VLAN 33 IP address. I also can't ping the IP address of the interface on the far side of the router headed to the ASA (int fa4).
What am I doing wrong? I'll gladly post the running configs if anyone wants to see. I've spent most of the day on this racking my brain and literally scouring the Internet. I'd be very grateful for some assistance.
Help!Thanks, Mike.
Yeah, I might not have been too clear. But on the router, each VLAN was created using the vlan 33 command (for example) and given a name. Then I went to int vlan 33 (for example) and used ip address 10.0.33.xx 255.255.255.0 for the address and subnet mask. Those have been in place since I started. And like I said, I can ping the SVI for VLAN 33, which is mapped to the client access port I'm on.
The problem is, I still can't ping inter-VLAN and I still can't ping the far side interface.
Bummer... -
Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper
Hope that somebody can help me with the setup in the screenshot.
Planning to use Auto-Voice VLAN and Smartports to configure VOIP
LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right?
Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
Normal data should pass the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
Still confused on how to set it up, hope that someone can point me in the right directionIf you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS. -
RV180 Router: Cannot get Inter-VLAN Routing to work.
I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
Here is the est-up:.
Upgraded to latest Cisco firmware (1.0.1.9).
Starting with factory default settings, I added 2 VLANS as follows:
vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
vlan vlan2 (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
vlan vlan3 (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
(unconnected)
WAN port
|
Routing/NAT
|
vlan ip 192.168.1.1 192.168.2.1 192.168.3.1
vlan name default vlan2 vlan3
vlan id ID=1 ID=2 ID=3
Inter-VLAN Routing No Yes Yes
Port 1 Untagged Excluded Excluded
Port 2 Excluded Untagged Excluded
Port 3 Excluded Excluded Untagged
Port 4(not of interest) Untagged Excluded Excluded
Port 1 Port 2 Port 3
| | |
AdminPC PC2 PC3
192.168.2.191 192.168.3.181
PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
BUT....
PC2 cannot ping PC3 - NOT WORKING
PC3 cannot ping PC2 - NOT WORKING
(does not work in both Gateway Mode and Router Mode)
ANYONE CAN HELP ME FIGURE OUT WHY ??????
Your help is much appreciated.
I bought this device specifically because it supported inter-VLAN routing!.
Venu
Supporting Information:
Screen captures:
VLAN Membership:
VLAN ID Description Inter VLAN Device Port 1 Port 2 Port 3 Port 4
Routing Mgment
1 Default Disabled Enabled Untagged Excluded Excluded Untagged
2 VLAN2 Enabled Enabled Excluded Untagged Excluded Excluded
3 VLAN3 Enabled Enabled Excluded Excluded Untagged Excluded
Multiple VLAN Subnets:
VLAN ID IP Address Subnet Mask DHCP Mode DNS Proxy Status
1 192.168.1.1 255.255.255.0 DHCP Server Enabled
2 192.168.2.1 255.255.255.0 DHCP Server Enabled
3 192.168.3.1 255.255.255.0 DHCP Server Enabled
Routing Table (Gateway Mode)
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.3.0 0.0.0.0 255.255.255.0 0 0 0 bdg3 Dynamic UP
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 bdg2 Dynamic UP
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
192.168.1.0 192.168.1.1 255.255.255.0 1 0 0 bdg1 Static UP,Gateway
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo Dynamic
Routing Table (Router Mode)
(Same)cadet alain, you hit the nail on the head. The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet. Thank you for your help in resolving this.
I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that. Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it. My current routing table looks like this:
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 bdg2 Dynamic UP
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo Dynamic UP
It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254). Can't seem to find a way to add a default route. -
SA540 Inter-VLAN ACL Support Options
We have several VLANs, basically a different VLAN for each department (i.e. Developers, Payroll, Accounting, etc.) with Inter VLAN Routing turned off. We have several printers with static IPs that are currently part of a near by VLAN. We would like to group/share most of our printers across all/most of our current VLANs though. How can this be achieved? We don't want to turn Inter VLAN Routing on
If we had to, it may be possible to move all the printers we want to share across the existing VLANs to a new VLAN (and turn Inter VLAN routing on for that VLAN). Would that allow all the existing VLANs access to the new *printer* VLAN? Would all the existing VLANs still be separate and secure from one another?
We were hoping for Inter VLAN Firewall ACL support in the latest firmware as we were told is was on the roadmap for the SA500 Series routers. However, we are currently beta testing the 2.2.0.3_1 firmware and Inter VLAN Firewall ACLs are still not possible to create. Is there anyway to get that into the next firmware release (2.2.0.x) that is coming out soon?Good morning.
Hi Curtis Counsil my name is Johnnatan and I am part of the Small business Support community, unfortunately it is not possible to create ACL´s in your device, the solution is to enable inter vlan or placing a printer for each vlan's with the inconvenience that it could not communicate with each other, however that's what you do not want. I recommended to you get or buy a Cisco layer 3 device that supports ACL. Such a router or a Switch L3, you can contact our presales team and explain your newortk issue and they will help you with your case
http://www.cisco.com/web/siteassets/contacts/international.html?reloaded=true
Thank you and have a nice day!!!
I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Best regards.
Johnn.
Cisco network support engineer. -
I'm new to creating VLANs on a Cisco switch, and I'm trying to create VLANs using the SG 300-10 for a VMware environment. I'd like to use Virtual Switch Tagging on the ESX hosts, so I can use many VLANs over few physical NICs. Plus using VST, I can just specify the VLAN ID (setup on the physical switch), on the port group for each VLAN.
I've changed the SG 300 to layer 3, as I'd like inter-routing between my VLANs. This is the type of setup I'm looking for:-
VLAN1 - Default
VLAN 10 (192.168.10.1) to 20 (192.168.20.1) linked to ports GE3 & GE4. I've connected port GE3 to ESX1 (vmnic2) and port GE4 to ESX2 (vmnic2)
The problem is when I check my physical network adapters (i.e. vmnic2) in vSphere, the IP Ranges for observed traffic in every VLAN specified for the configured port are not showing (i.e. networks 192.168.10.1 to 192.168.20.1)
I have attached screen captures of all my setup & configuration so far, I'm obviously making a mistake...
Could someone please advise what I'm missing?
Thank youI'm new to creating VLANs on a Cisco switch, and I'm trying to create VLANs using the SG 300-10 for a VMware environment. I'd like to use Virtual Switch Tagging on the ESX hosts, so I can use many VLANs over few physical NICs. Plus using VST, I can just specify the VLAN ID (setup on the physical switch), on the port group for each VLAN.
I've changed the SG 300 to layer 3, as I'd like inter-routing between my VLANs. This is the type of setup I'm looking for:-
VLAN1 - Default
VLAN 10 (192.168.10.1) to 20 (192.168.20.1) linked to ports GE3 & GE4. I've connected port GE3 to ESX1 (vmnic2) and port GE4 to ESX2 (vmnic2)
The problem is when I check my physical network adapters (i.e. vmnic2) in vSphere, the IP Ranges for observed traffic in every VLAN specified for the configured port are not showing (i.e. networks 192.168.10.1 to 192.168.20.1)
I have attached screen captures of all my setup & configuration so far, I'm obviously making a mistake...
Could someone please advise what I'm missing?
Thank you
Maybe you are looking for
-
HT204053 Can I have an apple Id for my kids?
Is it possible to have a separate apple id for my kids iPod touch! So they can face time me
-
I need for a simple example of reading a xml file using jdom
Hello I have been looking for a simple example that uses Jdom to read am xml file and use the information for anything( ), and I just can't find one.since I'm just beggining to understand how things work, I need a good example.thanks here is just a s
-
Help!! The update on my airport is 6.3 I think. Shoot me!! I'm in graduate school and it's taking me all day to answer one discussion!!
-
My headphone jack isn't working.
Whenever I plug in my headphones or the auxilary cable, it does not work. How can I fix this? It works when I connect the usb cable to the car, I can still hear music when I plug it in through the usb cable. I've tried using two separate auxilary cab
-
Exception condition "INVALID_POS"
Hi, I am getting the error while monitoring the outbound queue in SMQ1 very rarely as FM-------"BBP_NOTIFY_FOLLOWON_INBOUND" with exception condition "INVALID_POS". Kindly assit me what could be the reason for this error. regards, Kannan B