L2VPN Local Switching VLAN to VLAN issue on 7200VXR/NPE-G1

Similar Messages

• HREAP - Local switching

  Hi All,
  I have a working WLC with several HREAP AP's all Woking as they should, my question is what happens to dhcp requests when an AP is configured for HREAP local switching with no VLan support enabled ( connected to an access port not a trunk)? The local VLan has a dhcp helper address configured for an external DHCP server When a wireless client connects does all the traffic get dropped directly onto the local VLAN (in my case VLAN 10) or does any traffic transverse through the controller? I ask this because on the advanced setting page of the WLAN I have ticked DHCP REQ, how does the controller determine if the wireless client has a valid IP if the DHCP request is being supplied by the local VLAN.
  I was under the impression that the control and data planes are separated?
  Thanks in advance for any replies.
  Sent from Cisco Technical Support iPhone App

  You are correct, it gets dumpped on your vlan 10. As for your very specific question, thats a great question and I dont know that I have the anwser. Perhaps someone else like Steve, Leo or Scott can reply if they tested it.
  Im going to take a stab in the dark and say perhaps the ap makes sure it sees a dhcp req packet come in before it allows the client to get into the run state.
  OR, its doesnt work.
  OR, if that check box is marked, perhaps the ap relays some type of response back to the WCL ...
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

• Setting Locally Switched VLAN Id for HREAP'd ap's?

  I am using HREAP on a number of AP's to fulfill a need of my end-users to have wireless devices connect to a locally hosted resource on a sites network.  Getting the AP's to operate correctly has not been an issue (for the most part), and getting the "Locally Switched VLAN's" functional was not a problem.  However, when I routinely go back through my AP's to check on them or to look t-shoot an unrelated issue I have noticed that some of the AP's have retained the Locally Switched VLAN mapping (i.e.: WLAN Id=5, Profile Name = test ssid, VLAN Id = 123) and some of them resolve the VLAN Id to 1 (for example).
  Is the anyone that may have experienced this and can offer or point me towards a resolution?
  I am also curious if I can configure the Locally switched vlans directly to my WiSM's instead of to each individual HREAP'd AP?
  BTW: I have a wireless environment of 1242, 1252, and 1142 ap's with WiSM's on a 65xx w/ sup720.
  Thanks for the help.

  I saw similar behavior at a client site running 6.0.181.0 & 6.0.196.0 code, what I found the issue to be was that when you set the native vlan and hit apply the AP took a minute to initate a reboot (or so it appeared) and when I set the VLAN Mappings they weren't actually being applied.
  I found if I set the AP to H-REAP and applied that then waited about 3-4 minutes, then enabled VLAN Support and set Native VLAN, apply that, wait 3-4 minutes, then set my VLAN Mappings that the issue went away.
  Not sure if that's the same issue your running into but it's worth a shot.. I tried tons of things before discovering that pattern.. Incidentally it didn't seem to behave that way in 4.0 code nor does it seem to behave that way in 7.0 code.
  Hope this helps...
  Please rate useful posts.
  Thanks,
  Kayle

• Multiple VLANs per SSID with local switch

  Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode? 
  If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
  Thanks!

  dont think its possible...
  I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
  Example:
  AP1 -- ssid 1 --- vlan 10
  AP2 -- said 1 --- vlan 11 and so forth..
  Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
  Sent from Cisco Technical Support iPhone App

• Flexconnect - local-switching - Interface Groups - multiple subnets/vlans

  So I'm trying to setup an "interface-group-like" configuration on some Flexconnect APs with local switching enabled in order to support multiple subnets/VLANs linked to a single SSID.
  Does anyone know if this is possible or have any suggestions?
  I've tried:
  AP Groups - One SSID which would require central switching for it to be of use (I think).
  AP Groups - Creating an additional SSID and then placing the APs in a group per site. This works but is going to be difficult to manage if I have 400+ sites running this sort of setup.
  For reference, my end goal is to have multiple (400+) branch sites with the same WLAN mapped to 3 or 4 different VLANs in order to split the subnets up into smaller chunks (/23s or /24s). These VLANs are all switched locally and are uniform in numbering across all the sites from a layer 2 perspective.
  Thanks,
  Ric

  Interface groups is not an available feature on FlexConnect. FlexConnect doesn't support layer 3 roaming if devices roam from one FlexConnect ap to another and the wlan to vlan mappings are different. This is a limitation to FlexConnect along with a few others listed in the FlexConnect deployment guide.
  -Scott

• 802.1X dyanmic VLAN assignment DHCP issue (Vista client)

  I am labbing dynamic VLAN assignment and have run into a small problem.  The switchport is succesfully changing to the new VLAN, but my test PC seems to get an IP address in the native data VLAN before being moved to the new dynamic assigned VLAN.  So when the switch changes the VLAN the PC keeps its old IP address and nothing talks any more.
  Is this a Vista issue?  I thought all of these problems were just issues in XP?  Do I need to tweak any interface dot1x timers?
  (Cat3750 with 12.2.55 / ACS5.1.  Everything else is running fine by the way.)

  if i do a show run on the switchport the config hasnt changed, but i dont expect it to, as its not a permanent config change that you would want to be saved by a different admin user saving the config.  You can see the debug report it is changing the VLAN:
  Apr 19 09:22:56.263: %AUTHMGR-5-START: Starting 'dot1x' for client (0014.c209.896f) on Interface Gi1/0/19 AuditSessionID C0A8FE250000000900291476
  Apr 19 09:22:58.604: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/19, changed state to up
  Apr 19 09:22:59.560: %DOT1X-5-SUCCESS: Authentication successful for client (0014.c209.896f) on Interface Gi1/0/19 AuditSessionID
  Apr 19 09:22:59.568: %AUTHMGR-5-VLANASSIGN: VLAN 12 assigned to Interface Gi1/0/19 AuditSessionID C0A8FE250000000900291476
  Apr 19 09:22:59.585: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan12, changed state to up
  Apr 19 09:23:00.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/19, changed state to up
  Apr 19 09:23:00.315: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0014.c209.896f) on Interface Gi1/0/19 AuditSessionID C0A8FE250000000900291476
  as well as checking with the show int switchport command and it is in v12 which is the dynamically assigned vlan
  DHCP server is the cat3750 for all local VLANs

• L2vpn interworking options for Local Switching

  Hi All
  theres not much offered by cisco for interworking local attachment circuits for atom l2vpn. ive looked it up, but im specifically wondering about the FR-ethernet/vlan or PPP-ethernet/vlan couldnt find any references for those. are these possible locally on the same router. what are the supported platforms.
  Thank you
  -Glen

  Hello Glen,
  here's some documentation about local switching:
  http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/28sblcl.html
  http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fslocal.html
  Hope that helps.
  Antonio

• SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

  Hi Everyone,
  Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
  I  just got the new SG-300 28P switches. My Bios ordered for me. I did not  know how it runs until now... not an IOS based. I really do not know  how to configure it.
  I have 2 VLAN are Data and Voice.
  -          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
  -          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
  -          I created two vlans, in switch, Data and Voice.
  -          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
  -          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
  -          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
  -          Port settings No.1
  I set it up as Trunk with Data vlan 2 untagged, and  200  Tagged (voice vlan). I plugged in a phone with a pc attached. But the  PC will get to the vlan 200 to get the DHCP address, but no from vlan 2.  The Phone works with correct vlan ip.
  -          Port settings No.2
  Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
  -          Port settings No.3
  Access  with 200U...of course the phone will work... and the PC could not get  to its own vlan. Instead, the PC got an ip from the voice vlan. Not from  VLAN 2.
  I have Linksys phone I’m not sure if this help.
  For more information I setup in switch,
              - enable voice vlan
  - set the port on auto voice vlan
  - enable LLDP-MED globally
  - create a network policy to assign VLAN 200
  - assign this network policy to the port the phone is connected to.
  I  hope this information help to help me to setup Data and Voice vlans, to  plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from  phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

  I just got done setting up voice VLANs on an SF 300-24P and verified working.  This was working with Cisco 7900 series phones connected to a Cisco UC setup.
  Here's my sample config.
  Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work.  However, this should give you a clue.  Also, don't take this as 100% accurate or correct.  I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years.  I'm a CCNP/CCDP.
  VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
  VLAN 149 is the data/computer VLAN here.
  VLAN 111 is the voice/phone VLAN here.
  VLAN 107 does nothing.
  interface range ethernet e(1-24)
  port storm-control broadcast enable
  exit
  interface ethernet e1
  port storm-control include-multicast
  exit
  interface ethernet e2
  port storm-control include-multicast
  exit
  interface ethernet e3
  port storm-control include-multicast
  exit
  interface ethernet e4
  port storm-control include-multicast
  exit
  interface ethernet e5
  port storm-control include-multicast
  exit
  interface ethernet e6
  port storm-control include-multicast
  exit
  interface ethernet e7
  port storm-control include-multicast
  exit
  interface ethernet e8
  port storm-control include-multicast
  exit
  interface ethernet e9
  port storm-control include-multicast
  exit
  interface ethernet e10
  port storm-control include-multicast
  exit
  interface ethernet e11
  port storm-control include-multicast
  exit
  interface ethernet e12
  port storm-control include-multicast
  exit
  interface ethernet e13
  port storm-control include-multicast
  exit
  interface ethernet e14
  port storm-control include-multicast
  exit
  interface ethernet e15
  port storm-control include-multicast
  exit
  interface ethernet e16
  port storm-control include-multicast
  exit
  interface ethernet e17
  port storm-control include-multicast
  exit
  interface ethernet e18
  port storm-control include-multicast
  exit
  interface ethernet e19
  port storm-control include-multicast
  exit
  interface ethernet e20
  port storm-control include-multicast
  exit
  interface ethernet e21
  port storm-control include-multicast
  exit
  interface ethernet e22
  port storm-control include-multicast
  exit
  interface ethernet e23
  port storm-control include-multicast
  exit
  interface ethernet e24
  port storm-control include-multicast
  exit
  interface range ethernet g(1-4)
  description "Uplink trunk"
  exit
  interface range ethernet g(1-4)
  switchport default-vlan tagged
  exit
  interface range ethernet e(21-24)
  switchport mode access
  exit
  vlan database
  vlan 107,111,149,199
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 107
  exit
  interface range ethernet e(21-24)
  switchport access vlan 111
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 111
  exit
  interface range ethernet e(1-20)
  switchport trunk native vlan 149
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 149
  exit
  interface range ethernet g(1-4)
  switchport trunk native vlan 199
  exit
  voice vlan aging-timeout 5
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  voice vlan oui-table add 108ccf MyCiscoIPPhones1
  voice vlan oui-table add 40f4ec MyCiscoIPPhones2
  voice vlan oui-table add 8cb64f MyCiscoIPPhones3
  voice vlan id 111
  voice vlan cos 6 remark
  interface ethernet e1
  voice vlan enable
  exit
  interface ethernet e1
  voice vlan cos mode all
  exit
  interface ethernet e2
  voice vlan enable
  exit
  interface ethernet e2
  voice vlan cos mode all
  exit
  interface ethernet e3
  voice vlan enable
  exit
  interface ethernet e3
  voice vlan cos mode all
  exit
  interface ethernet e4
  voice vlan enable
  exit
  interface ethernet e4
  voice vlan cos mode all
  exit
  interface ethernet e5
  voice vlan enable
  exit
  interface ethernet e5
  voice vlan cos mode all
  exit
  interface ethernet e6
  voice vlan enable
  exit
  interface ethernet e6
  voice vlan cos mode all
  exit
  interface ethernet e7
  voice vlan enable
  exit
  interface ethernet e7
  voice vlan cos mode all
  exit
  interface ethernet e8
  voice vlan enable
  exit
  interface ethernet e8
  voice vlan cos mode all
  exit
  interface ethernet e9
  voice vlan enable
  exit
  interface ethernet e9
  voice vlan cos mode all
  exit
  interface ethernet e10
  voice vlan enable
  exit
  interface ethernet e10
  voice vlan cos mode all
  exit
  interface ethernet e11
  voice vlan enable
  exit
  interface ethernet e11
  voice vlan cos mode all
  exit
  interface ethernet e12
  voice vlan enable
  exit
  interface ethernet e12
  voice vlan cos mode all
  exit
  interface ethernet e13
  voice vlan enable
  exit
  interface ethernet e13
  voice vlan cos mode all
  exit
  interface ethernet e14
  voice vlan enable
  exit
  interface ethernet e14
  voice vlan cos mode all
  exit
  interface ethernet e15
  voice vlan enable
  exit
  interface ethernet e15
  voice vlan cos mode all
  exit
  interface ethernet e16
  voice vlan enable
  exit
  interface ethernet e16
  voice vlan cos mode all
  exit
  interface ethernet e17
  voice vlan enable
  exit
  interface ethernet e17
  voice vlan cos mode all
  exit
  interface ethernet e18
  voice vlan enable
  exit
  interface ethernet e18
  voice vlan cos mode all
  exit
  interface ethernet e19
  voice vlan enable
  exit
  interface ethernet e19
  voice vlan cos mode all
  exit
  interface ethernet e20
  voice vlan enable
  exit
  interface ethernet e20
  voice vlan cos mode all
  exit
  interface ethernet e1
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e2
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e3
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e4
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e5
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e6
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e7
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e8
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e9
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e10
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e11
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e12
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e13
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e14
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e15
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e16
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e17
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e18
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e19
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e20
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e21
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e22
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e23
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e24
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g1
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g2
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g3
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g4
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e1
  lldp med notifications topology-change enable
  exit
  interface ethernet e2
  lldp med notifications topology-change enable
  exit
  interface ethernet e3
  lldp med notifications topology-change enable
  exit
  interface ethernet e4
  lldp med notifications topology-change enable
  exit
  interface ethernet e5
  lldp med notifications topology-change enable
  exit
  interface ethernet e6
  lldp med notifications topology-change enable
  exit
  interface ethernet e7
  lldp med notifications topology-change enable
  exit
  interface ethernet e8
  lldp med notifications topology-change enable
  exit
  interface ethernet e9
  lldp med notifications topology-change enable
  exit
  interface ethernet e10
  lldp med notifications topology-change enable
  exit
  interface ethernet e11
  lldp med notifications topology-change enable
  exit
  interface ethernet e12
  lldp med notifications topology-change enable
  exit
  interface ethernet e13
  lldp med notifications topology-change enable
  exit
  interface ethernet e14
  lldp med notifications topology-change enable
  exit
  interface ethernet e15
  lldp med notifications topology-change enable
  exit
  interface ethernet e16
  lldp med notifications topology-change enable
  exit
  interface ethernet e17
  lldp med notifications topology-change enable
  exit
  interface ethernet e18
  lldp med notifications topology-change enable
  exit
  interface ethernet e19
  lldp med notifications topology-change enable
  exit
  interface ethernet e20
  lldp med notifications topology-change enable
  exit
  interface ethernet e21
  lldp med notifications topology-change enable
  exit
  interface ethernet e22
  lldp med notifications topology-change enable
  exit
  interface ethernet e1
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e2
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e3
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e4
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e5
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e6
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e7
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e8
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e9
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e10
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e11
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e12
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e13
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e14
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e15
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e16
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e17
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e18
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e19
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e20
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e21
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e22
  lldp med enable network-policy poe-pse
  exit
  lldp med network-policy 1 voice vlan 111 vlan-type tagged
  interface range ethernet e(1-22)
  lldp med network-policy add 1
  exit
  interface vlan 199
  ip address 199.16.30.77 255.255.255.0
  exit
  ip default-gateway 199.16.30.3
  interface vlan 1
  no ip address dhcp
  exit
  no bonjour enable
  bonjour service enable csco-sb
  bonjour service enable http  
  bonjour service enable https 
  bonjour service enable ssh   
  bonjour service enable telnet
  hostname psw1
  line console
  exec-timeout 30
  exit
  line ssh
  exec-timeout 30
  exit
  line telnet
  exec-timeout 30
  exit
  management access-list Management1
  permit ip-source 10.22.5.5 mask 255.255.255.0
  exit
  logging 199.16.31.33 severity debugging description mysysloghost
  aaa authentication enable Console local
  aaa authentication enable SSH tacacs local
  aaa authentication enable Telnet local
  ip http authentication tacacs local
  ip https authentication tacacs local
  aaa authentication login Console local
  aaa authentication login SSH tacacs local
  aaa authentication login Telnet local
  line telnet
  login authentication Telnet
  enable authentication Telnet
  password admin
  exit
  line ssh
  login authentication SSH
  enable authentication SSH
  password admin
  exit
  line console
  login authentication Console
  enable authentication Console
  password admin
  exit
  username admin password admin level 15
  power inline usage-threshold 90
  power inline traps enable
  ip ssh server
  snmp-server location in-the-closet
  snmp-server contact [email protected]
  ip http exec-timeout 30
  ip https server
  ip https exec-timeout 30
  tacacs-server host 1.2.3.4 key spaceballz  timeout 3  priority 10
  clock timezone -7
  clock source sntp
  sntp unicast client enable
  sntp unicast client poll
  sntp server 199.16.30.1
  sntp server 199.16.30.2
  ip domain-name mydomain.com
  ip name-server  199.16.5.12 199.16.5.13
  ip telnet server

• SF300 VLAN IP Address Issues

  I have purchased 3 SF300-48 switches to work with my Aironet AP1131AG wireless APs. I have now switched from 1 VLAN for everything to having a Guest_Wireless VLAN 200 as well as the default VLAN 1 for my Corporate_Network. The issue that I am having is that any client on my default VLAN is receiving an IP address from the Windows DHCP server without issue, but when you connect to the Guest VLAN you cannot get an IP address.
  So, I also have a Cisco 3560G Router (Default Gateway) that has the same Aironet AP1131AG AP connected to it with the same config files as the other APs and it is working perfectly. I can connect to either wireless SSID (Corp Vlan1 or Guest Vlan 200) and get the proper IP address from the DHCP server.
  I attached the diagram of the network below and was looking for help in configuring the SF300 to allow the IP address to be obtained on the Vlan 200 subnet. I also tried connecting my laptop directly into the SF300 and setting the port to access Vlan 200 and I can still not get an IP address.
  Any help would be appreciated...
  Aaron                 

  Thank you for taking the time to help me Tom, yes the 3560G has its trunks set to dot11q encap and native valn of 1. The native vlan on the SF300 is set to vlan 1 but I didn't tag vlan 200 to the trunk. I was thinking that if not listed it would pass any vlan info across a trunk and when you tagged it would only limit passing vlan info of the vlans that you specified only.
  I will definately give this a try and update this thread.
  Thanks,
  Aaron

• Wrvs4400n vlans/ssid/dhcp issue

  Hi all,
  it will be great if someone will help me with my problem.
  the problem is : our wrvs4400n  wifi router configuration.
  network description: we need 2 separated wifi networks one for guests and one for internal access, and i configured them on router, and also configured each one of them to different vlan, guests to vlan 200 and internal use default vlan 1.
  vlan 1 configured as dhcp relay and its working pritty well.
  vlan 200 configured as dhcp and the problem begins here.
  somehow  on vlan 200 i get dhcp from our externam dhcp server,
  wrvs4400n conected  as follow> lan port1/vlan 200 connected to firewall port(configured as vlan 200) and lan port 4/vlan1 conected to our main switch wich connected to firewall also.
  i guess that my knowlege in networking its not so good......
  how can i prevent from our internal dhcp to comunicate with vlan 200 ,
  any help will be very appreciated.

  Hi Rich,
  You cannot have different L3 VLANs sharing the same subnet.
  Each VLAN must have it's own subnet and then you have a routing device routing between both VLANs.
  You should have a DHCP pool also for VLAN 111 configured on the DHCP server.
  Even if you have ip helper address configured and this should be done on the VLAN111 interface of the switch, you still need a DHCP pool for VLAN 111 because the DHCP discovery is coming on VLAN 111.
  Please take a look into this document:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml.
  Here it explains how to configure 2 ssids on 2 vlans and dhcp pool (on the switch itself) for each vlan.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Best Pactice for Connecting ASA to Catalyst Switch with Mulitple VLANs

  Hi all,
  Have the following network topology that was in place when I started the job (See attached pdf).  Am thinking it might be better if I could eliminate the Cisco 2811 router and connect directly from the ASA to my 12 port fiber switch (192.168.7.1).  In my thinking this would eliminate an unnecessary piece of equipment and also give me a gig link to my ASA as opposed to the 100 meg link I have now with the old router.  The 12 port fiber has links to most of my IDFs and is acting as my VLAN gateway for all inter VLAN routing.
  Is my current topology ideal or would I be better served to remove router and connect directly to the 3750G-12s Fiber switch or my Master Switch (192.168.7.4)?  Only thing I don’t like about direct connect to Master switch is that it takes scheduling a major outage for me to reboot it.  However, if that is best practice in this case, I can live with it.
  It appears the 12 port fiber cannot have IP addresses  assigned directly to Ports, only to VLANs.  So would I have to create a separate vlan for my ASA and assign IPs to the vlan on each end of the connection?
  I have read some suggestions that say it is better to terminate all VLANs on the ASA.  So as I understand that would require creating subinterfaces on my ASA LAN port and assigning each subinterface to its own VLAN  Inter VLAN routing would then be controlled by ASA.
  Does not seem practical to me as I have about 15 VLANs total.  Not showing everything in the drawing.
  Guess my main question is “What is best practice for topology and routing in my scenario?”

  Hi Mcreilly,
  You should be able to assign an ip address on cat6k sup720 if you are running native ios on sup 720.
  If you are running catos then you will not be able to do that and you can have it configured as trunk and connect to the router.Also I do not think that you need subinterfaces on router and trunk on switch because your cat6k with sup720 must be doing intervlan routing between vlans.
  You can just connect it on some port on any vlan and same subnet ip address which you have it on msfc for that vlan you can assign on the router interface and anybody want to go out via t3 link will get routes on sup720 and move out via router vlan.
  For suppose you do not want the router to be part of existing vlan you can create one vlan on cat6k sup720 and assign one port to that new vlan and connect the royter to that new vlan port and then create logical interface on msfc for that new vlan and assign an ip address range on that logical vlan and same subnet ip address range you can assign on router physical interface.
  Any one from other vclan get routed on sup 720 msfc and will move out via the vlan on which you have connected the router.
  because you have only one router you will not be able to maintain box level redundancy by which i mean if the router goes down t3 will be unreachable.
  HTH
  Ankur

• Hyper-V VM not talking to Physical Switch on Tagged VLANs

  Hello!
  I'm having a problem where a VM is not communicating with its trunked VLANs.
  My configuration:
  Windows Server 2012 R2 configured with Hyper-V
  VM 1 has 4 Virtual NICS. One of the NIC2 is connected to vSwitch 1. vSwitch 1 is using an external network - a Windows NIC Team consisting of 4 Ethernet ports.
  All 4 ports are connected to a physical Cisco switch in a link aggregation group with LACP. The LAG is configured on the switch as follows:
  Trunk
  VLAN 1 Tagged
  VLAN 2 Untagged & PVID
  VLAN 3 Tagged
  VLAN 4 Tagged
  VLAN 5 Tagged
  VLAN 6 Tagged
  VLAN 7 Tagged
  No VLANs are configured in Hyper-V itself.
  VM1 runs an OS other than Windows, and several  interfaces are configured using NIC2. One interface per VLAN.
  Interface 1 VLAN 1 10.10.1.254/24
  Interface 3 VLAN 3 10.10.3.254/24
  Interface 4 VLAN 4 10.10.4.254/24
  Interface 5 VLAN 5 10.10.5.254/24
  Interface 6 VLAN 6 10.10.6.254/24
  Interface 7 VLAN 7 10.10.7.254/24
  Each interface should be able to talk to the switch though its VLAN and allow traffic to pass though. But it does not.
  Can anyone please suggest a way to get this working?
  Thank you in advance

  Hi ,
  I am afraid  the command "Get-VMNetworkAdapter " could not help you out .
  " Hyper-V leverages 802.1q VLAN trunking to achieve this objective. To utilize this functionality, a virtual network switch must be created on the host and bound to a physical network adapter that supports 802.1q VLAN tagging. "
  http://blogs.msdn.com/b/adamfazio/archive/2008/11/14/understanding-hyper-v-vlans.aspx
  Regarding to the Vlan and  NIC teaming , please refer to following links ：
  http://blogs.technet.com/b/keithmayer/archive/2012/10/16/nic-teaming-in-windows-server-2012-do-i-need-to-configure-my-switch.aspx
  http://blogs.technet.com/b/keithmayer/archive/2012/11/20/vlan-tricks-with-nic-teaming-in-windows-server-2012.aspx
  Hope this helps
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Switch allowed 2 vlan

  I have a Switch 3560/24 ports
  i want know, how can i allow two vlans in a one switchport?
  Vlan voice and vlan data.

  Hi, alain.
  I try, but the switchport continiuos in one vlan
  SWFISA11-1(config)#interface fastEthernet 0/1
  SWFISA11-1(config-if)#switchport mode access
  SWFISA11-1(config-if)#switchport access vlan 220   <<<< data vlan
  SWFISA11-1(config-if)#switchport access vlan 200   <<<<< voice vlan
  SWFISA11-1#show vlan brief
  VLAN Name                             Status    Ports
  1    default                          active    Gig0/1, Gig0/2
  30   VLAN0030                   active    Fa0/5, Fa0/21
  128  MedicaSur                  active   
  200  VLAN0200                  active    Fa0/1, Fa0/6, Fa0/7, Fa0/8
                                                           Fa0/9, Fa0/10, Fa0/12
  210  VLAN0210                  active    Fa0/2, Fa0/11, Fa0/13, Fa0/16
                                                          Fa0/17, Fa0/18, Fa0/19, Fa0/20
  220  VLAN0220                 active    Fa0/15
  1002 fddi-default                     active   
  1003 token-ring-default               active   
  1004 fddinet-default                  active   
  1005 trnet-default                    active
  I try, but the switchport continue in one vlan.
  Maybe the configuration of the vlan??  need configuration additional??

• 3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

  Hi forum,
  we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
  my questions:
  1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
  2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
  3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
  4) is there a way on the design side to effectly counter this problem?
  Kind regards,
  paul

  It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
  As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
  P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

• Cisco/Linksys SLM224G SWITCH: Problem with VLANs

  Hi!
  I'm trying to set up VLANs in my racks. I have some knowledge about VLANs, but I still can't set it up in my way.
  My situation:
  I have PC which contains two virtual machines, which has to works as a routers between three networks: LAN1, LAN2, WAN. It's a bit complicated, but I'll try to draw it:
                                                   |-------------|
  |----------------------------|                   |           e1|-to-eth1-VM2-----WAN
  |VirtualMachine 1        eth0|---trunk-VLAN1&2---|g1         e2|-to-eth0-VM2-----LAN2
  |eth0=VLAN1 eth1=VLAN2       |                   |           e3|-to-eth0-VM2-----LAN2 etc.
  |                         PC |                   |   SWITCH  e4|
  |VirtualMachine 2            |                   |           e5|-to-eth1-VM1---wire-to-LAN2
  |eth0=VLAN3 eth1=VLAN4   eth1|---trunk-VLAN3&4---|g2         e6|-to-eth0-VM1-----LAN1
  |----------------------------|                   |           e7|-to-eth0-VM1-----LAN1 etc.
                                                   |-------------|
  gX = Gigabit ports
  eX = 100Mbit ports
  VMX = Virtual machine number
  wire-to = patch-cord connection between ports on the switch
  Schema of routing and logical visibility:
  LAN1---VM1-----VM2---WAN
                |
  LAN2----------|
  Important note is that LAN1 and LAN2 has to be separated (visible only through routers). WAN has to be visible only through VM2 for LAN2 and through by VM1 and VM2 for LAN1. It looks easy, but VLANs which I done on that switch seems to doesn't works.
  I'm doing this like that:
  Step1: VLAN Management / Create VLAN...
  Creating VLANs from 1, 2, 3, 4 (numbers doesn't meters right now - I now that number 1 is restricted at the switch).
  Step2: VLAN Management / Port to VLAN...
  Setting up VLAN1 with ports g1, e5 (both tagged or untagged? - I haven't seen difference)
  Setting up VLAN2 with ports g1, e6, e7, etc...
  Setting up VLAN3 with ports g2, e2, e3, etc...
  Setting up VLAN4 with ports g2, e1
  Step3: VLAN Management / Port Setting...
  Setting up port e1 to PVID4 (frame type=all I suppose, but what with "ingress filtering"?)
  Setting up port e2 to PVID3
  Setting up port e3 to PVID3
  etc...
  Setting up port e5 to PVID1
  Setting up port e6 to PVID2
  Setting up port e7 to PVID2
  etc...
  So, on that configuration and on that switch it doesn't work for me
  I know that switch is seeing MACs from VLANs which are done by PC's, because when I get in "Admin / Dynamic Address" I can see MACs on correct ports and with correct VLAN ID. So the problem is to forward VLANs on their ports, next clear frames from IDs and let packets go (and back: take clear packets, add VLAN ID and send to gigabits ports).
  Showed configuration is the one of many that I tried :/ but I think this one is the best one.
  Or maybe I don't know VLANs as I think and that schema is impossible? Please tell me if I' doing sth wrong.
  Regards
  and waiting for any suggestions,
  Lucas

  You need to make sure that your VirtualMachine can send tagged frames if the VMs share physical ethernet ports on the host.
  I count 4 different LAN segments but you have only 2 physical ports on your PC (router).
  And VM2 requires 3 physical connections according to the list below.
  Depending on the virtualisation software you can maybe create the connection PVM1 to VM2 internally inside the PC (logical connection)
  Are these the connections you require ?
  VM1 --- LAN1
  VM1 --- VM2
  VM2 --- WAN
  LAN2 --- VM2
  Is this correct ? Will your PC, Virtualisation Software/Hypervisor tag frames with VLAn tags ?
  If this is true I can help you configure the switch.
  Jo