Passing vlan across unmanaged switch

Similar Messages

• Creating multiple vlans across multiple switches

  Hi All,
  How should I create multiple vlans across multiple switches?
  For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP?  Just trying to practice and learn.. Any help will be greatly appreciated:)
  VLAN 100: [DHCP-workstations]
  172.26.4.0/24
  172.26.5.0/24
  VLAN 200: [Servers]
  172.16.1.0/24
  172.16.2.0/24
  VLAN 300: [Printers]
  192.168.129.0/24
  192.168.130.0/24
  VLAN 800: [Management for switches/routers]
  10.160.1.0/24

  Hi
  You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
  Thanks
  Ankur
  "Please rate the post if found useful"

• Spanning vlans across access switches in distribution block.... please help

  Hi All
  Can someone please explain why Cisco states that in a Campus Hierarchical modle if Vlans are spanned across Access switches in a distribution block, then the Distrubution to distribution link should be Layer 2. Is this really necesary or just a recommendation, and if so why? Can't this link be a L3 link when spanning vlans across Access switches in distribution block, as I understand the benefit of having a L3 distribution to distribution link so that SPT is avoided.
  Please help

  Hello,
  The cisco recommended design is L3 links, but these is only possible if you have no vlans you need to span over the hole network.
  It depends on your topology or what you want achieve.
  If you need for one or more vlan's spanned the LAN, you need to use a layer 2 connection between all switches and between distribution too.
  In my company we have for example a few vlans for restricted areas, like device management or else, so we can't use L3 Links in the distribution area because these vlan's are terminated at the firewall. I think these is good thing.
  I would recommend you if you don't have to span one or more vlan's across the network to use L3 Links, specially in the case of redundancy way's. So you need no spanning-tree, but need to use other protocols like GLBP or else. The works faster and are not so confusing (for some people) as STP.
  best regards,
  Sebastian

• Configure VLANs across multiple switches

  Hi.
  I'm trying to configure a segregated network using a VLAN. There are 5 switches on the site (all SG200). A router with 2 interfaces - one for the normal network and for the segregated network - is connected and located at switch 1. The network which needs to be segregated and the PCs on it are connected to a port on switch 5. Switch 1 is connected to switch 2, 2 to 3, 3 to 4 and 4 to 5.
  I have created a VLAN but can't get the network to talk to the first switch over the link. I have created a VLAN ID 10 on each switch. Do the switches have to be linked together logically in some way to get this to work.
  Thanks.

  Hi,
  Try to create the VLAN 5 in all switches.I have assumed that Management VLAN for all switches are VLAN 1.Kindly configure Trunk between switch 1 to S2 ,S2 to S3,S3 to S4,S4 to S5, S5 to S1.Allow the VLAN's 1U,10T.
  regards
  Moorthy

• How to setup the trunk for private vlans across 2 switches (Both are SF300-24)

  Dear All,
  I have 2 switches which are SF300-24.
  Switch 1 is connected to Internet Router for all clients on swith1 and switch 2.
  The clients on switch 1 & switch 2 don’t communicate each other.
  Port1~Port24 on switch 1 & switch 2 are isolated ports.
  Gigaport1 on switch1 is connected to gigaport1 on switch2.  
  Gigaport2 on switch2 is connected to Internet Router.
  The VLAN 100 is for isolated ports.
  The native VLAN is 1.
  Please help me how to configure the case. Thanks for your help.

  I think he's just looking for PVE.  You can enabled 'protected port' on a port by port basis.
  Here's the excerpt from the admin guide.
  Protected Port
  —Select to make this a protected port. (A protected port is
  also referred as a Private VLAN Edge (PVE).) The features of a protected port
  are as follows:
  Protected Ports provide Layer 2 isolation between interfaces (Ethernet
  ports and LAGs) that share the same VLAN.
  Packets received from protected ports can be forwarded only to
  unprotected egress ports. Protected port filtering rules are also applied
  to packets that are forwarded by software, such as snooping
  applications.
  Port protection is not subject to VLAN membership. Devices connected
  to protected ports are not allowed to communicate with each other, even
  if they are members of the same VLAN.

• SD205 (unmanaged) switch and VLANs

  In addition to all my Cisco Catalyst (managed) switches, I have a bunch of Linksys SD205 unmanaged switches on my LAN. 
  I want to configure my network for VLANs, which means I will be changing all of my Cisco managed switches to a "trunking" configuration.   This configuration is working correctly with the Cisco Catalyst switches
  Question: can the SD205 function in this environment?  I know I can't set any of the ports on the SD205 to be "trunking", but I would like to connect the SD205 to a Cisco port that is "trunked", so the devices on the SD205 can communicate to the rest of the world.
  So far, I have not been successful, so -- maybe they just won't work in a trunked environment.  Anyone have a definitive answer?  If they simply can't do it, I'll stop wasting my time!
  Thanks
  Solved!
  Go to Solution.

  No. An unmanaged switch does not support 802.1q. It will drop any ethernet frame that has been 802.1q tagged. The only frames which go through an unmanaged switch are untagged frames, i.e. the native VLAN of the port on the Catalyst.
  If you want to use unmanaged switches you have to connect them to a port configured in access mode, member of a single VLAN. For example, you can configure a port on the Catalyst for access mode in VLAN 10 and connect an unmanaged switch to this port. Then all devices connected to the unmanaged switch will be VLAN 10. This is as much as you can do.
  But getting multiple VLANs through unmanaged switches is impossible as all ethernet frames on the unmanaged switch must be untagged.

• Span VLANs across switches

  VLANs are new to me so please forgive me -
  We have 5 Cisco sg500x switches. We need to create two vlans across some or all of the switches.
  I have been successful in creating vlan1 on one switch and excluding and including ports to segregate traffic. My problem is I can’t get the other switches to see vlan1 that was created on the original switch. I have enabled gvrp on all switches and ports assigned to the vlan but no luck in getting vlan1 devices to communicate across switches. How do I make this work? I think my main problem is creating uplink ports between the switches to carry the vlan across.
  How do I go about spanning vlans across the switches?
  Many thanks

  Thanks Robert I think that has got me a bit further in that I'm not getting VLAN MISMATCH error any more. I believe it was because the trunk ports were marked as untagged.  I still don't feel I understand the NATIVE VLAN concept or how to set it. If I have the default VLAN(1) and I have the VLAN I am trying to span across two switches (VLAN2) do I then need a 3rd VLAN to be the native for either end of the trunk between the two switches? Anyway this what I've done in more detail -
  On Switch 1
  Create VLAN 2: VLAN ID 2
  Set port 2 as follows: Default VLAN1 = forbidden, VAN2 = trunk, tagged
  Set port 3 as follows: Default VLAN1 = forbidden, VAN2 = access, untagged
  On Switch 2
  Create VLAN 2: VLAN ID 2
  Set port 2 as follows: Default VLAN1 = forbidden, VAN2 = trunk, tagged
  Set port 3 as follows: Default VLAN1 = forbidden, VAN2 = access, untagged
  With rj45 connect port 2 on both switches to each other. Clients connected to port 3 on both switches cannot ping each other across the trunk.
  Seeing this in the logs:
  Warning: %STP-W-PORTSTATUS:gi1/1/2: STP status Forwarding
  IP info:
  Default VLAN1 on 172.16.1.0/21
  VLAN2 on 172.16.40.0/21
  Any suggestions or areas to investigate would be helpful however obvious they may seem to anyone as this is my first effort with a Cisco. Thanks

• Private vlan across switches in NX-OS

  Hi,
  I'm trying to make a scenario to span private vlan across multiple switches but I couldn't get this to work in NX-OS N7K.
  My topology is similar to the one in the picture attached.
  I tried to ping from isolated host vlan 201 in switch A to isolated host vlan 202 in switch B. Promiscuous trunk port has been configured to upstream router in Switch A. From switch a to switch b is a normal trunk port.
  But still, I can't establish any connectivity from host vlan 201 to host vlan 202.
  Any suggestion?
  thanks

  Jerry -
  Any idea why? This breaks the ability to use moderately complex ACLs. For example - how would you configure scavenger class traffic to ignore some traffic, and mark other?
  Carole

• Extending VLANs over an unmanaged switch

  We have a network which consists of primarily Cisco 3560X switches and Meraki MR34 wireless access points.  We have a handful of VLANs setup.  In one instance, a WAP was plugged into an unmanaged SD100D-08 switch.  I would have expected this to "break" our wireless access.  However, it appears everything is working as we'd want.
  The switchport on the 3560X that the unmanaged switch is connected to is configured as a trunk port with the default VLAN of 1.  No matter which SSID/VLAN we connect to on the Meraki Access Points, we get assigned a proper IP in the VLAN that we'd expect.  If we connect a computer to the unmanaged switch, it gets an IP from VLAN 1, just as we would have wanted.
  Why is this working?  I thought the unmanaged switch would drop all packets with VLAN headers?

  Thanks for the quick response Jon.  I have continued with my testing and connected two 3560X switches together with the same unmanaged switch in between them. I configured the 3560X ports as trunk ports and am able to pass all VLANs between the two 3560X switches with the unmanaged switch in between.
  As you stated, it looks like the unmanaged switch is capable of handling the VLAN tagged frames and passing them out all connected ports.
  Obviously this configuration is not best practice, but I guess it is pretty cool it's working that way.
  Jason

• VLANs across switches without trunking

  Assuming that you only have one VLAN, is it possible to have that single VLAN reach across multiple switches without trunk ports? I've inherited a network of a handful of Cat 6506s, and Cat4006's, which have one big flat /22 in a single VLAN. I'd like to break it up into smaller chunks and seperate VLANs, but I'm rather suprised that it appears to be working with one VLAN but without trunks.

  Actully you can run seperate access port links per vlan, chewing up a seperate physical port per vlan on each switch. There was a 2900 series switch I had a long time ago that supported vlans but not trunks.
  It had a feature called multi vlan that you could add to a port, but this was a way of letting one port talk to all vlans and was messy.
  But you could run a seperate cable for each vlan. if you have 5 vlans then 5 cables between switch A and switch B, port 1 vlan 1, port 2 vlan2, port 3 vlan3, etc...

• How to span vlans across core layer in core/distribution/access campus design?

  Hi,
  I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.
  Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
  Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
  In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
  So using the same vlan in different buildings seems not to be supported?
  Best Regards,
  Thorsten

  Thorsten
  Just to add to Joseph's post.
  It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.
  Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.
  Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)
  As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.
  If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.
  But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.
  There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).
  What you do really depends on just how many vlans you actually need to extend between sites.
  Jon

• Cisco sg 100d unmanaged switch not connecting to network

  I have a Cisco sg 100d-08 unmanaged switched that had been working just fine for several months  but now devices attached to the network thru are no longer on the network.  All lights are on indicating the ports are active.  Tried power recycle but no joy. When I replaced the switch with an old Belkin model everything works fine.  Is there anyway to reset this unmanaged switch or do I now just have an expensive paper weight?

  When the management interface is part of VLAN x
  Make sure that the management interface vlan id is set to 0  (untagged ) If the native vlan on the switch trunk connected to controller is vlan x. If the native vlan is something else make sure to tag the mangement interface vlan with x.
  Another interesting thing that might happen with switch having the following command enabled:
  SW(config)#dot1q tag native
  In that case all trunk native vlan frames will be tagged , so you have to tag the management vlan on the controller as well in that case.
  To be able to troubleshoot such connectivity problem, you should get the output of:
  show run int
  show interface <\\ > switchport
  the latter command should be your best friend.
  One recommondation, make sure to tag your management / ap-manager interface with vlan id  to maintain QoS limiting based on dot1p values for downstream traffic from the wired side.
  In the above scenario , If you can provide the output of show interface <\\> switchport
  I should tell you why the recommended action solved your issue based on the above explanation, and if you would like I can maitain the tag for you.
  Please Don't Forget to rate correct Answers

• Connect unmanaged switch to 887VA fast ethernet port

  I tried connecting an unmanaged (and dumb) switch to one of the four fast ethernet ports on the back of the router. I configured the port to act as an access port bound to a specific VLAN, say no. 100.
  What I can see on the LEDs of the unmanaged switch is that the link goes up and down every few seconds. I don't know if this is related to the spanning tree protocol and unfortunately the unmanaged switch doesn't know about STP and doesn't send out BPDUs.
  So, how I should configure the port in order to avoid the link going up and down?
  The actual conf. for the port:
  interface fastEthernet 3
  switchport mode access
  switchport access vlan 100

  What do you mean by dumb siwthc? What model/make/company is that switch?
  Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?

• Extending VLANs across routed interfaces

  Hello;
  I'm trying to create a L3 core network. The core equipment will be Cisco 3750 enhanced. My idea is make each link between core 3750 a routed interface, with /30 IP addresses.
  The problem is the customer needs some VLANs extended across the full enterprise. Is there any way to encapsulate the VLAN inside routed interface?
  Thanks in advance.

  I realize this thread is 5+ years old, but I feel like commenting anyway.
  If you want to encapsulate the vlan across that link, you won't be able to use routed interfaces.  You will need to use a layer 2 trunk(dot1q).  Therefore, I wouldn't bother with the /30 addresses unless you want to monitor that specific link by IP.  In that case, use a special VLAN just for those two interfaces and put your /30 addresses on the vlan interfaces.
  If you want fast fail over on a layer 2 link, well then, use Rapid STP.  The goal should be to get rid of those flat VLANs that span the core and switch to your original plan of routed interfaces using EIGRP or OSPF.

• 1 isp(T1), 1 unmanaged switch, 2 routers(WRT54G), 2 public ips

  1 isp(T1), 1 unmanaged switch, 2 routers(WRT54G), 2 public ips - How should I connect everthing?
  Help. I got a client with a T1 and multiple public IP's that he wants to share with his neighboring companies. How should I connect everying.

  You need a manageable switch and create VLAN so you can segement the taffic between the 2 internet connections.