Multiple scopes and multiple VLANS

Similar Messages

• Configure Voice and Data VLAN in CISCO SF 300 8P

  I have a couple of Cisco SF 300 8P and 24 P Switches. I have voice and Data VLAN configured as :
  Data VLAN : Default 145.17.59.0/24
  Voice VLAN : VLAN 20 172.22.20.0/24
  I have different DHCP servers as for Data VLAN we have physical server which is configured for 145.17.59.* IP Scope and Voice VLAN DHCP Server is configured in Gateway router with option 150.
  This configuation works fine with other cisco swiches like 2960 and 3750 etc except CISCO SF 300 8P and 24P. I was trying to configure both voice and Data VLAN in these CISCO Switches so that CISCO phone (Model 6941) shold get IP from Voice VLAN and PC should get IP from Data VLAN DHCP Server. I have tried several techniques like LLDP, Port to VLAN Config etc.
  Can anyone please guide me/help on this.
  Regards,
  A K.M.Sayeed

  Hi A.K.M., with Cisco phones you should be able to simply set auto voice VLAN to be VLAN20. 
  voice vlan id 20
  You should ensure CDP and/or LLDP are enabled as well. I would check this in web GUI. DHCP for the phones can come from the switch, a DHCP server on a VLAN20 access port or you can use dhcp helper to redirect DHCP to server elsewhere.
  If you prefer or have issues with CDP or LLDP you can also program ports as trunks and add tagged VLAN 20 to them.  In this scenario you need to insure inter-vlan routing is working and that phones download config file with corrrect VLAN config.
  These switches do not run ios so they are similar but different than catalyst switches you referred to.
  -- please remember to rate helpful posts --

• How do I route multiple SB302 switches at different sites and their VLANs?

  Hello Cisco Support Community,
  First thank you for any replies.
  The video posted today on 302's and multiple VLAN's on one switch was nice.
  Thank you, I have that working but it's not really what I need.
  Though pictures are worth a 1000 words so I hope someone will post something similar to my question.
  I have 7 - SB 302-08 switches with the most recent firmware. (updated firmware today, thanks to the video, and TG for the CLI)
  All 302's are configured for layer 3.
  This is my first experience with the SMB line of switches.
  I have a main office and several satellite branch offices.
  All locations are connected back with a "Q to Q" circuit on individual ports to a vendor supplied switch at the main office.
  I need to link all branch office 302 switches back to the main office 302 switch and allow traffic amongst them.
  Mainly traffic between each branch office and the main office.
  There maybe a future need to incorporate VoIP on them as well, but that is a back burner issue.
  These locations will have an individual VLAN and 302 switch but need to receive data from the main VLAN and possibly others.
  I have a "core" SB 302 setup at the main office with its own VLAN.
  Each branch switch has its own VLAN.
  I would also like to have a centralized management VLAN for the switches.
  In trying to configure the core 302 I keep losing connectivity and having to reset it.
  On the branch switches I end up getting them to only link to themselves with different IP's and not the core.
  I'm assuming this is caused by my not configuring interconnectivity using ACL.
  Please let me know if you need additional information.
  Thanks

  Alllan,
  Well first you want to make sure you are running latest firmware 1.1.1.8 I do believe
  Next either console into the switch or you can turn on SSH/Telnet under Web gui (Security••àTCP/UDP services and make sure SSH/Telent is enabled)
  Now we configure the switch via Cli
  We need to enter global configuration mode.
  Configure Terminal
  (next add our vlans)
  Vlan database
  Vlan 10
  Vlan 20
  Vlan 30
  Exit
  (you can run show command to see your vlans)
  do show vlan
  (Now configure the port how you would like)
  Interface GE1
  Switchport mode access   (this is making Gigabit port 1 an access port)
  Switchport access vlan 20 (this command is changing access port vlan from 1 to 20)
  (less configure a trunk port)
  Interface GE2
  Switchport mode trunk (this makes port 2 for trunking)
  (Now less add our Vlans)
  Switchport trunk native vlan 1
  Switchport trunk allowed vlan add 10,20,30
  Exit global configuration
  (Use this command to copy your settings to startup)
  Copy running-config startup-config
  (Some screen shots attached)
  I see you have a WRT54G router which i don't think support vlans unless you have 3rd party OS installed.
  So currently is the SG300 swtich operating in layer 2 or layer 3 , guessing this is why you choose to move up to 300 series switch?
  If the switch is not in layer 3 mode but in layer2 when setting it to layer3 the switch will default all pervious settings.
  If the switch is set in layer 3 mode you might have forgot your default route
  (Command setting default route)
  configure terminal
  ip route 0.0.0.0 0.0.0.0 192.168.1.1  (192.168.1.1 being address of your WRT54G)
  Now you would need to set up ACL's to deny and allow what traffic you wanted to filter on the SG300
  Also reading your post we would need you to call into support center SBSC @ 1-866-606-1866
  This way we could get a better idea of your current configuration and assist with fixing or finding a solution for you.
  you have 1 year phone support with this product
  Thanks,
  Jasbryan

• Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

  Hi,
  I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
  Router (RV016 10/100 16-Port VPN Router) as gateway mode:
  IP : 172.16.0.1/24
  DHCP Server :
  IP : 172.16.0.2/24 GW: 172.16.0.1
  2 subnets :
  172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
  172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
  Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
  IP 172.16.0.254 (vlan 8 default)
  Vlan 1 : 172.16.1.1
  Vlan 2 : 172.16.2.1
  1 device connected on each vlan
  a workstation on the vlan 1
  a laptop on the vlan 2
  In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
  But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
  I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
  I hope the explanations are clear enough and my English too
  Any help will be highly appreciated,
  Zoubeir

  Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.
  A couple things I notice in your description-
  48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.
  The connection between the switches, is it 1u, 2t?
  The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
  We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch
  The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
  We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 
  Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
  -Tom
  Please rate helpful posts

• Bridging multiple VLAN with sg 200-08 and wap321

  Hi all
  Equipment:
  ASA 5505
  2x gs 200-08
  2x wap321
  Is there a possibility, to bridge 2 VLAN between one and another side with two WAP 321 and use the AP's also as WDS Bridge to extend the Wireless Network?
  I need to extend the Range of the WLAN but also want to use 2 different VLAN on both sides of the network. There is no Possibility to establish a wired Connection, so i try to use the AP's in "workgroup bridge" mode, but i always can use only one VLAN on the other side.
  Thanks for any help

  Hi Luis
  The Problem is, there is no wired connection between the WAP321.
  The topology is like this:
  VLAN1------ASA5505--  --SG200-08---------WAP321             WAP321--------SG200-8-------VLAN1
                                               I                                                                                                 I
  VLAN2---------------------------                                                                                               -----------VLAN2
  VLAN1 and VLAN2 are also available in the WLAN on 2 Different SSID's:
  SSID: inside -> VLAN1
  SSID: outside -> VLAN2
  If i understand the Cluster mode right,there is a wired connection required between the WAP321 .
  In meantime i tried to connect the WAP321 over WDS, but always only VLAN1 is available on the "right" side of the Network.
  Is there a Possibility, to Bridge multiple VLAN's over a WDS connection?
  Best Regards
  Dominique

• Need help configuring multiple VLANs and SSIDs

  Hi,
  We bought a Cisco SGE2000P 24Port switch and 10 WAP4410N access points. Our intent is to provide a secure network to our LAN, and a guest network to the Internet.
  We are thinking 3 VLANs would be best for this: VLAN 100 connected to the LAN, VLAN 1000 for the Internet Router and Filter, and VLAN 1100 for the Guest Wireless access.
  We have the switch configured for all three of these, and 1 initial access point configured for the VLANS, too.
  We have not yet moved the current Internet connection to VLAN 1000 because we aren't sure how to setup routing between VLANS.
  Here are some specifics on how the traffic needs to route:
  1. We have the DHCP server, which is the PDC, handling both scopes for the LAN and Guest VLAN.
  2. The web filter in VLAN 1100 needs to authenticate with the DHCP server as there are different filter rules based on authenticated user. Any users coming from VLAN 1100 will have a default filter rule without requiring any authentication.
  3. Certain traffic coming in from the Internet needs to be able to get to VLAN 100. The router has a built-in firewall that handles NAT and port forwarding, so as long as traffic can be forwarded to VLAN 100 we should be good.
  4. Traffic on VLAN 1100 (guest Wireless network) should only be allowed to go to Internet (VLAN 1000).
  Right now I have the VLANs configured and the ports assigned to the Access Points are set for TAGGED and on VLAN 100 and VLAN 1100.
  The SGE2000P has the following IP addresses assigned to the VLANS:
  10.7.3.252 - VLAN 100
  10.7.40.254 - VLAN 1000
  192.168.254.254 - VLAN 1100
  Has anyone been able to setup a similar configuration? We have scoured the Internet for documentation but it seems to be very difficult to find!
  Thank you!
  Gary Smith

  Based on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
  With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
  interface FastEthernet0/1
  switchport mode access
  switchport access vlan 10
  switchport voice vlan 100
  This results in the same configuration as:
  interface FastEthernet0/1
  switchport mode trunk
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport trunk allowed vlan 100
  With the exception of CDP packets being sent advertising the Voice VLAN.
  With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
  Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
  I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
  HTH
  Andy

• Complex NAT and ACL issue with multiple VLANS

  Hello Forum. 
  We have about 12 different VLANS behind an ASA 5515-x. One of those vlans contains a webserver and a DNS server (different machines, different IP addresses). ASDM 7.1.3
  From outside the firewall, people need to be able to get to the webserver via http, https and a custom  port (3390). From outside the firewall, no one needs DNS access.
  From INSIDE the firewall, things are much more complicated. They need access to the DNS server from all VLANS and they need access to Webserver from all VLANS
  The VLANS themselves are defined on the core switches, not the ASA The Vlan labels and network subnets increment by 5 (except in the first 5 numbers) and the VLAN subnets are equal to the vlan name. So for example VLAN 10 is on the 10.10.10.x subnet, vlan 20 is on the 10.10.20.x subnet, and so on. Each subnet is 24 bits
  WHAT WORKS:
  Outside_in: http, RDP work fine. Pretty sure I will be able to get https myself, so not looking for help there
  Inside_in: traffic from vlan 10 to vlan 5 works fine, but I think that is in part to the any any allow rule on the vlan 10 interface. Apart from that, all vlans can get out to the web, but they cannot get proper DNS resoliution or access the webserver across vlans
  I have looked at the access lists, I have looked at NATting the DNS, but it is not working, and I am not sure why. Any assistance would be appreciated

  Tried that, no joy. It said that the problem was a NAT issue, but I cannot figure it out. The NAT rule looks right, but is not because it doesn't work

• Multiple DHCP on Multiple VLAN not working

  Hi there;
  In my core network switch, I have multiple VLANs, I have these command to assign to DHCP pools.  I configured a port on my core switch for DMZ_VLAN and when I connect my computer to this port, I can get the ip address from the dmz_vlan dhcp pool.  Because I assigned an IP address to the interface of vlan 192, then I found that one of my server "192.168.0.100" connection dropped, I cannot ping this server on the dmz VLAN, and it cannot provide the http service as usual until I remove the "interface vlan 192" from the switch.  Why?  However; without this command, I cannot receive the 192.168.0.0 network IP from the pool.
  ip dhcp pool data_vlan1
  network 10.10.1.0 255.255.255.0
  default-router 10.10.1.1
  dns-server 10.10.1.100 10.10.1.101
  domain-name company.local
  lease 7
  ip dhcp pool dmz_vlan
  network 192.168.0.0 255.255.255.0
  default-router 192.168.0.1
  dns-server 8.8.8.8 4.2.2.2
  domain-name company.com
  lease 7
  interface vlan 10
  ip address 10.10.1.254
  interface vlan 192
  ip address 192.168.0.254

  Sorry for the delay as I got busy with work. If your layer 3 switch is the default gateway for VLAN 192 then the default-router for the DHCP scope should be the IP address of the layer 3 switch interface (192.168.0.254). With that being said, the FW DMZ_192 interface, the switch SVI for VLAN 192  and the DMZ server should all be in the same broadcast domain, thus they should be able to reach each other.
  So, can you confirm with me exactly what does not work on the server configured with VLAN 192 and a static IP? For instance, 
  1. Can you ping the server from the L3 switch
  2. Can you ping the server from the FW
  3. Can the server ping 192.168.0.1 and 192.168.0.254
  4. Can the server ping the outside world? For instance, www.google.com and 4.2.2.2
  5. Have you tried taking a test PC, connecting to the switchport configured for VLAN 192 and see if you get an IP address from the DHCP scope

• DHCP Setup across multiple VLANs on RV325 - DHCP Server only working on VLAN 1

  I have multiple VLAN subnets defined on my RV325 - when I try and utilize a DHCP Server on each VLAN, it only seems to be issuing IP Addresses to clients on VLAN ID 1.  When I first set this up months ago, I thought I had tested it providing IP Addresses via the other subnets.  Now that I am trying to do so, it isn't working "as expected".  Example - I am using VLAN 25 as the GuestWireless subnet utilizing a separate 802.11n WAP that is set to Bridge connections to the IP Address of the VLAN interface.  Devices are able to connect to the WAP, but end up with a self-assigned IP Address 169.x.x.x address.  There has to be an easy fix to this, but I seem to be "stuck" figuring out what it is…pointers/redirects appreciated.  Thanks!

  Thanks - I've already reviewed that information before I posted.  I've been working with DHCP since the mid-90's, so I'm comfortable with the settings/configuration I need to leverage to make this work via other means using various Network-based OSes.
  I'm wondering if there are other options in configuring this device that can impact the ability to dynamically serve IP addresses on a VLAN/subnet-by-VLAN/subnet basis.
  As I did more testing, I discovered when I reserved an IP Address via the IP & MAC Binding option within the DHCP Settings, those devices would receive their static reservations and work as expected, so the problem seems to be leveraging the DHCP Pool for devices connecting to VLANs other that VLAN 1.
  Any ideas as to why the DHCP Pool's are "non-functioning" for the other VLANs is greatly appreciated...
  Each VLAN is setup with a separate DHCP Server configuration as shown below:
  VLAN ID = 1 (Default, Inter VLAN Routing = Enabled, LAN1-6 = Untagged, LAN7=Tagged, LAN8=Excluded, LAN9-14 Untagged)
  Device IP Address = 172.16.xxx.1
  Subnet Mask = 255.255.255.0
  DHCP Mode = DHCP Server
  Remote DHCP Server = 0.0.0.0
  Client Lease Time = 1440 min
  Range Start = 172.16.xxx.100
  Range End = 172.16.xxx.199
  DNS Server = Use DNS as Below
  Static DNS 1 = 208.67.222.222
  Static DNS 2 = 208.67.220.220
  WINS Server = 0.0.0.0
  Correctly serving IP Addresses via DHCP (both static and dynamic) to Wired devices & Wireless devices connecting through WAP (set to Bridge)
  VLAN ID = 25 (GuestWireless, Inter VLAN Routing = Disabled, LAN1-LAN7 = Excluded, LAN8 = Untagged, LAN9-14 = Excluded)
  Device IP Address = 172.16.yyy.1
  Subnet Mask = 255.255.255.0
  DHCP Mode = DHCP Server
  Remote DHCP Server = 0.0.0.0
  Client Lease Time = 1440 min
  Range Start = 172.16.yyy.100
  Range End = 172.16.yyy.199
  DNS Server = Use DNS as Below
  Static DNS 1 = 208.67.222.222
  Static DNS 2 = 208.67.220.220
  WINS Server = 0.0.0.0
  NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP (set to Bridge)
  Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.
  VLAN ID = 100 (Voice, Inter VLAN Routing = Disabled, LAN1-6 Excluded, LAN7 = Untagged, LAN8-14 = Excluded)
  Device IP Address = 192.168.zzz.1
  Subnet Mask = 255.255.255.0
  DHCP Mode = DHCP Server
  Remote DHCP Server = 0.0.0.0
  Client Lease Time = 1440 min
  Range Start = 192.168.zzz.100
  Range End = 192.168.zzz.199
  DNS Server = Use DNS as Below
  Static DNS 1 = 208.67.222.222
  Static DNS 2 = 208.67.220.220
  WINS Server = 0.0.0.0
  NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP set to Bridge
  Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.

• Encrypting Aironet 1410 bridge link using multiple VLANs

  I've looked at the documentation available for Aironet 1400 series, and still would like to see a single document showing an example of
  the best encryption/authentication available for bridge links using multiple VLANs.
  As I understand it, 1400 series can support WPA-PSK using AES, which would work for me.  I just can't picture how to integrate chapters 9 and 10 for the 'WEP and WEP Features' + 'Configuring Authentication Types' instructions.
  I'm looking either for an example config, or a step-by-step that did all steps consecutively.
  Thanks

  What doc are you refering to?  If you want to encrypt the link from root bridge to non-root bridge, then WPA/TKIP-PSK is what you should use.  Here is a link to how to setup your link ssid to WPA: http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15auth.html#wp1044935
  Don't worry about the example they show on the WEP, just use the configuration from the above link for your encryption.
  Configuring a VLAN
  Configuring your bridge to support VLANs is a five-step process:
  1. Create subinterfaces on the radio and Ethernet interfaces.
  2. Enable 802.1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN.
  3. Assign a bridge group to each VLAN.
  4. (Optional) Enable WEP on the native VLAN. <-- Use WPA-PSK
  5. Assign the bridge's SSID to the native VLAN.
  http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15vlan.html
  Here is an example of vlan 1 (native) will be your management and your wireless link.  vlan 10 & 20 will pass through the link.
  BR# configure terminal
  BR(config)# interface dot11radio0.1
  BR(config-subif)# encapsulation dot1q 1 native
  BR(config-subif)# bridge group 1
  BR(config-subif)# exit
  BR(config)# interface fastEthernet0.1
  BR(config-subif)# encapsulation dot1q 1 native
  BR(config-subif)# bridge group 1
  BR(config)# interface fastEthernet0.10
  BR(config-subif)# encapsulation dot1q 10
  BR(config-subif)# bridge group 10
  BR(config)# interface fastEthernet0.20
  BR(config-subif)# encapsulation dot1q 20
  BR(config-subif)# bridge group 20
  BR(config-subif)# exit
  BR(config)# interface dot11radio0
  BR(config-if)# ssid batman
  BR(config-ssid)# vlan 1
  BR(config-ssid)# infrastructure-ssid
  BR(config-ssid)# end

• Windows Load Balancing on Multiple VLAN?

  Hi all.  Just wondering if any of you having this same issue as I did.  I've got NLB configured on 2 VM running on Hyper-V.  Each of the VM equiped with 2 NIC.  The NIC for heart beat purpose is configured
  with Static MAC and with the option "Enable Spoofing for MAC Address" enabled.  Another NIC is for LAN communication purose.  Each of the NIC is reside on a different VLAN (VLANx and VLANy).  After I've got the NLB configured,
  with "unicast" mode.  I've noticed I am not able to ping the NLB virtual IP address from any of the clients.  Ping works between the NLB hosts, and is accessible.  Once I've put all the NIC into the same VLAN, NLB works
  fine; I can ping the NLB virtual IP, and test on IIS works good.  My question, does NLB requires all the host to reside in the same VLAN?  If NLB support mulitple VLAN, then how can I configure it to support multiple VLAN (eg: production LAN
  NIC on VLANx, and heart beat NIC on VLANy)?  Thank you.

  Hi,
  It seems that we need to use Multicast mode.
  Configure Network Load Balancing Cluster Operation Mode
  http://technet.microsoft.com/en-us/library/cc731616.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• AP1300 Bridging Multiple Vlans with Dot1q

  I have a pair of AIR-BR1310G-E-K9 to do ptp bridging. Topology is like this:
  host-switch-rootAP---nonRootAP-switch-host
  We have multiple vlans and have followed this doco:
  <http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html>
  The native vlan is all good and can ping across end-to-end. However, the when I attach a host to the switch in another vlan i.e. user vlan - there is no connectivity. Essentially, we want to dot1q over the ptp bridge setup.
  running version:
  c1310-k9w7-mx.124-10b.JA1
  appreciate any input.
  Ajaz

  yes. standard trunk config on both switches:
  5SL_SWITCH#srif 0/24
  Building configuration...
  Current configuration : 186 bytes
  interface FastEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  5SL_SWITCH#show interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/24 on 802.1q trunking 1
  Port Vlans allowed on trunk
  Fa0/24 1,100
  Port Vlans allowed and active in management domain
  Fa0/24 1,100
  Port Vlans in spanning tree forwarding state and not pruned
  Fa0/24 1,100
  5SL_SWITCH#
  11SL_SWITCH#srif 0/24
  Building configuration...
  Current configuration : 186 bytes
  interface FastEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  11SL_SWITCH#show interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/24 on 802.1q trunking 1
  Port Vlans allowed on trunk
  Fa0/24 1,100
  Port Vlans allowed and active in management domain
  Fa0/24 1,100
  Port Vlans in spanning tree forwarding state and not pruned
  Fa0/24 1,100
  11SL_SWITCH#
  furthermore the vlans exist in the db and when i trunk between the switches - I can ping the SVI's.
  Do you want me to post the AP config?

• Multiple VLANs per SSID with local switch

  Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode? 
  If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
  Thanks!

  dont think its possible...
  I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
  Example:
  AP1 -- ssid 1 --- vlan 10
  AP2 -- said 1 --- vlan 11 and so forth..
  Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
  Sent from Cisco Technical Support iPhone App

• Multiple Vlans Per SSID

  Hi
  We are just putting in a new Controller - 5500 type
  We are using a WCS .
  Someone has raised the issue of whether we can have multiple vlans
  per SSID - as otherwise we may have very large broadcast domains
  due to the overall design being to have  Maybe 3 SSIDs
  Guest
  Staff
  Engineering
  I think in SWAN we could get away with dynamic vlans.
  We would like to have multiple vlans in each SSID to avoid the above.
  Can we do this in the new setup.
  Kind Regards
  Steve

  Hi Steve,
  yes it works just the same.
  Enable AAA override on the controller and have interfaces configured for each vlan. Then the ACS can simply push the vlan depending on the user authentication. Users are then split in separate vlans.
  Another way of doing is to group APs. You can have a group of APs serving SSID Guest in vlan 1, Employee in vlan 2 and another group of APs serving the same SSIDs but in vlan 3 and 4. It's "per-user" vlan load balancing or "geographic" vlan load balancing.
  However, broadcast domains should not be a major concern in wireless as broadcasts are blocked by default. The WLC will proxy for ARP and DHCP.
  Regards,
  Nicolas

• Creating multiple vlans across multiple switches

  Hi All,
  How should I create multiple vlans across multiple switches?
  For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP?  Just trying to practice and learn.. Any help will be greatly appreciated:)
  VLAN 100: [DHCP-workstations]
  172.26.4.0/24
  172.26.5.0/24
  VLAN 200: [Servers]
  172.16.1.0/24
  172.16.2.0/24
  VLAN 300: [Printers]
  192.168.129.0/24
  192.168.130.0/24
  VLAN 800: [Management for switches/routers]
  10.160.1.0/24

  Hi
  You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
  Thanks
  Ankur
  "Please rate the post if found useful"

• DLSW ethernet redundancy for multiple vlans

  Can dlsw ethernet redundancy support mutliple vlans with the following configuration?
  host dlsw router1 host dlsw router2
  | |
  local dlsw router 1 local dlsw router2
  | |
  ethernet switch1-------ethernet switch2
  Ethernet switch1 and 2 are supporting multiple vlans and connected to local dlsw router1 and 2 through 802.1Q. SNA support is required for the vlans of ethernet switch1 and 2 .
  We found that configuration of dlsw ethernet redundancy is not allowed on the 802.1Q sub-interface of the local dlsw router1 and 2. In this case, how can dlsw ethernet redundancy can be supported for SNA server attached to multiple vlans? Can you provide us some reference / sample for dlsw ethernet redundancy to support SNA servers attached to different vlans in a switch environment.
  Thanks.

  I think that I understand the problem. I am thinking the following:
  dlsw local-peer peer-id 2.2.2.2 promiscuous
  dlsw transparent switch-support
  interface Ethernet0
  mac-address 0000.3333.3333
  dlsw transparent redundancy-enable 9999.9999.9999 master-priority 10
  dlsw transparent map local-mac 0000.6666.0000 remote-mac 0200.eca2.0000 neighbor 0000.5555.5555
  interface Ethernet1
  mac-address 0000.4444.4444
  dlsw transparent redundancy-enable 9999.9999.0001 master-priority 10
  dlsw transparent map local-mac 0000.6666.0001 remote-mac 0200.eca2.0000 neighbor 0000.7777.7777
  Of course, you need an ethernet interface per VLAN. If you need DLSw ER over dot1q interface, please contact the local Cisco Sales Rep or partner. You are not the first one to ask for it. Hope that there is a strong business case to initiate the new feature.