Routing VLAN traffic

Is it possible to route VLAN traffic?
We have two buildings, each with several Catalyst 2950s and a 2651 router hosting several VLANS.
Can we connect the 2651s together and expand the VLANs into the other building?

HI
Can u give info about how these two buildings are connected to each-other.and as far routing in concerned u can configure sub-interfaces under u r physical inteface on u r router.Are this 2950's connected in 2651,if they how r u r vlans spread.r u using any sort of vtp.if u r 2950's are connected to 2651 then u can go for sub-interfaces per vlan.
for example if u r having 3 vlans then u can configure the the physical interface on u r router as
interface f0/0.1
encapsulation dot1q 1
ip address 192.168.1.1 255.255.255.0
and so on
Thanks
Mahmood

Similar Messages

  • Routing vlan traffic out from SGE2000P

    We have one SGE2000P switch that we are testing in Layer 3. We have a very simple configuration with some vlans that we want to route to our corporate network, but I want to test if there is actually traffic coming out from the up-link port first.
    1- Created the vlans:
    VLAN1:     10.10.1.12 /16 (native)
    VLAN10: 172.16.10.1 /24
    VLAN20:  192.168.0.1 /24
    2- Assigned ports to VLans:
    Port g3 is in Vlan 10
    Port g22 is in Vlan 20
    Port g1 is by default on Vlan 1 (native)
    3 - Connected PCs to Vlans:
    PC connected at g3 has Vlan 10 IP as gateway (172.16.10.1)
    PC connected at g22 has Vlan 20 IP as gateway (192.168.0.1)
    4 - Looks like intervlan routing is working 'cause both PCs can ping each other.
    5 - I added a default route to another testing machine's IP, ie, 0.0.0.0 /0 10.10.0.1 connected to port g1, but the ping doesn't work.
    Now the questions:
    1 - How can I test if there is traffic being routed to port g1 from the vlans ???
    2 - What else do I need to add in the switch config to take traffic out from the vlans to Port g1 ???
    For reference, the sw's running-config:
    console# show running-config
    vlan database
    vlan 10,20
    exit
    interface ethernet g3
    switchport access vlan 10
    exit
    interface ethernet g22
    switchport access vlan 20
    exit
    interface vlan 1
    ip address 10.10.1.12 255.255.0.0          
    exit
    interface vlan 10
    ip address 172.16.10.1 255.255.255.0
    exit
    interface vlan 20
    ip address 192.168.0.1 255.255.255.0
    exit
    ip route 0.0.0.0 0.0.0.0 10.10.0.1 
    console#
    Any help / comment is much appreciated.
    Thanks in advance,
    jose

    Hello Jose,
    In order for a vlan to be active, you will have to have something connected to a port on that vlan. In this case you should be able to add a PC to port g1 and set it to be 10.10.1.1 with gateway of 10.10.1.12.
    If you are looking to add a router in place as the main way out to the internet, you will:
    have to have the router IP be 10.10.1.1
    add a static route in the router for each subnet pointing back to 10.10.1.12
    With the ip route already in there for 0.0.0.0 to 10.10.1.1, you should be able to get online.

  • Wireshark capture on access port displays different vlan traffic

    Hi Guys,
    i have a nexus 4001i Blade Center Switch where i have a server connected in mode access to a particular vlan.
    when i use wireshark on this port, i see different traffic conversations of different servers in different vlans which seems strange to me.
    anybody have an idea why a server in mode access with wireshark is able to view different vlan traffic? I also see non multicast and non broadcast converations.
    the port the server is connected to is not a monitor port but only in switch port mode access.
    thanks in advance for you feedback

    Hi,
    So it looks like you're getting unicast traffic flooded to all ports. There are a couple of reasons I've come across that can cause this.
    Asymmetric routing: See Unicast Flooding in Switched Campus Networks and/or Case Study #8: Asymmetric Routing and HSRP (Excessive Flooding of Unicast Traffic in Network with Routers That Run HSRP) for details of why it happens and how to prevent it.
    Microsoft Network Load Balancing. As per the Microsoft Troubleshooting NLB:
    In unicast mode (the default Forefront TMG cluster operation mode) NLB induces switch flooding, by design, relaying packets sent to the VIP addresses to all cluster hosts. Switch flooding is part of the NLB strategy for obtaining the best throughput for any specific load of client requests. However, if the NLB interfaces share the switch with other (non-cluster) computers, switch flooding can add to the other computers' network overhead by including them in the flooding and consequently have a detrimental effect on network and/or server performance.
    Regards

  • Help config vlan and inter routing vlan on 2 switches SF300-24 ???

    Dear Cisco!
    now we have 2 switches: SF300-24
    on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
    VLAN ID 2 (ports: 2 -6) have ip interface  192.168.2.254/24
    VLAN ID 3 (ports: 7 - 10) have ip interface  192.168.3.254/24
    VLAN ID 4 (ports 11- 15 ) have ip interface  192.168.4.254/24
    and VLAN 1 default have IP address: 192.168.1.200
    DHCP relay  - DHCP server 192.168.3.1
                       - DHCP relay: VLAN2; VLAN3; VLAN4
    ip route: 0.0.0.0   0.0.0.0  192.168.3.1
    all ports of VLAN2, VLAN3, VLAN4 set access mode.
    and another SF300-24
    was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports  2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
    And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
    But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
    Could you please help me check this situation?
    How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
    Thanks!
    See you soon!

    Son Nquyen,
    First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
    Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
    Thanks,
    Jasbryan.

  • Vlan traffic is not passing through Wireless Bridge

    Hi,
    Recently we have placed wireless bridge in our network (Cisco AIR-BR1410A-E-K9 model). Now after installing the bridge we are facing the issue like only the management interface traffic is reachable through bridge, but not able to reach other vlan traffic.
    like management range is in vlan 1 (which inlcudes AP' Switch and router) and the bridge IP's are also in Vlan 1.
    Switch port is kept in trunk mode both ends of bridge. still other vlan traffic is not reachable, do we have to place any special configuration for this ?
    all the business users are in Vlan 3
    all the sale team users are in vlan 123.
    now problem is other end switches are reachable for me through bridge that is in vlan 1, but vlan 3 and vlan 123 are not reachable for me.users are not getting IP's, when we assigned the static ip address and tested still it is not working.
    i am attaching my wireless bridge configuration in the discussion, please help on this issue.
    Root Bridge ---- Non--Rootbridge--- Cisco Switch--Cisco Switch..
    now i am able to those two switch also, but not able to reach the vlan 3 users who are connected to that switches.

    Hi,
    infrastructure-ssid has been placed at both end still not able to get IP's to the devices.
    I am not able to attach txt files in the reply, could you please let me know your email ID so that i will send the config files to your ID.

  • Monitoring VLAN traffic

    I moved from 2500 series routers to a switched network using a Catalyst 3750 and 3560 switches over the course of the last year. In my routed network I used MRTG to monitor traffic on my interfaces. In my switched network environment I have not been able to find a free or low cost tool that will monitor VLAN traffic. Any suggestions?

    I have the same problem and found these links that provided answers:
    http://forums.cacti.net/about29656.html&highlight=
    http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_23738165.html
    Vlans on 3560s, 3750s and 3550s do not show stats.  The packets are forwarded with the ASIC chips and do not cross the CPU for actual processing.  To actually see the traffic you will need to turn off CEF, which decrases the performance significantly (not recommended, see links above).

  • Mountain Lion Server VPN unable to route internet traffic

    Hi! I have set up a VPN server on my home network specifically so that I could connect via a VPN client remotely and tunnel all internet traffic through my home network (It is a long story but I need to be able to access services that are specific to my home IP . . . ) I have been tearing my hair out trying to get it work but can not. The VPN connection happens OK and I can set up the remote client to send all traffic via VPN but any internet traffic just times out . . . In other words I can not get the server to share my home network via the VPN connection.

    Hi and thanks for taking the time to answer.
    As I am sure you have guessed I don't have much experience or knowledge with this. So I will try to clarify what I am trying to do.
    I do not need a VPN server for the conventional reasons of being able to access a private network (i.e my home network) remotely, although this is a nice additional benefit. I need the VPN server so that I can log in remotely (when I am using my mobile broadband or when I am overseas for example) and make it look like the machine I am using is on my home network.
    The reason for this is that I have access to web services that are IP specific. That is I can ONLY log in if I am logging in from my registered home IP (which is static for this exact reason).
    I have been told on similar support sites that if I route ALL traffic through the VPN, then when I use my browser on the remote machine all web traffic will go through the VPN as well and it will look like the traffic is coming from the subnet of my home IP.
    I guess in other words I am trying to use my VPN as an "anonymous" proxy (anonymous in the sense that although the traffic is coming form somewhere else, it still looks like it is coming from my home IP).
    I know this will cripple the speed due to the narrow upstream bandwidth but I am willing to pay this price.
    Now as for your questions:
    I have the server set up on a machine on my home subnet and I have enabled VPN port forwarding on the ADSL router.
    I know the connection happens as when I connect the VPN either from my iPhone using 4G or my laptop using my mobile broadband I get the "connecting . . . authenticating . . . connected" messages and when I check in properties it shows it to be connected to my home IP as VPN server and has an IP address that looks like it is on my home subnet.
    By internet traffic timing out I meant web traffic.
    As I mentioned above, I need all web traffic to go through the VPN. So indeed not ALL traffic but definitely ALL web traffic. The only way I could find to do this is to enable the "Send all traffic" option.
    Now I guess the obvious question is why am I not using a proxy. I have tried (and spent ages setting up Squid) but could never get it to "hide" the true origin of the traffic completely.
    Now having written all this, I reinstalled mountain lion and server yesterday (out of sheer frustration rather than anything else) and it seems to work this morning. So if I log in via VPN on my mobile or laptop and use an IP checker on the web it comes up with my home IP : ))
    The only thing I have now noticed is that if the VPN server stops working (which seems to be as soon as the computer I run it on goes to sleep) web traffic reverts to using the normal channels which is potentially problematic for me.
    So my questions now are -
    Any ideas what I was doing wrong in the first place?
    Any suggestions on how I could set this up better?
    Any way to set up the remote device so that it only allows web traffic via VPN (so that if the VPN connection drops, it is unable to use it's own internet connection for continuing web traffic)?
    Thanks for any suggestions : )
    Cheers

  • Routed VLAN Implementation

    I am new to Cisco, having only particpated in two training sessions.
    I am in the process of adding a routed VLAN into our current design. I'm hoping I can get confirmation from an expert on my design.
    Current config. is made up of a Cisco 1700 with a WAN interface and LAN interface (10.1.28 --- 2950 core sw --- 6 2950 access switches on one level and 3 on another level. The 6 2950 access switches need to be configured with VLAN 2 and configured on own ip subnet (10.28/16). To accomplish this a layer 3 2811 with a trunk to the core sw.
    FA 0/0 ip address 10.1.28.2 255.255.255.0
    FA 0/1 ip address 10.28.2.1.255.255.255.0
    ip helper address (DHCP SERVER)
    Configure VTP domain, dot1.q trunk, Server mode on core sw and FA 0/x as VLAN 2 with dot1q trunck to FA 0/0 to 2811.
    6 2950 ASW's in VTP Domain, VTP client in VLAN 2.
    Am I missing anything here, am I totally off or what. I would appreciate any suggestions, observations or comments.
    Thanks

    Hi
    i prefer to bring 2 points here one is with Cisco 1721 you can do intervlan routing that too with IP Plus ios set and also 2811 which you have pointed as L3 and u can have different subinterfaces created on that Cisco 2811 router for intervlan routing purpose.
    Also if possible do post out a sample diag representing the setup ur planning out over there.
    Again i dont think u can make 2811 as a VTP server here..which i feel ur considering as a core switch.
    regds

  • VLAN Traffic Monitoring

    Hi all
    I have a 2900XL core switches which in turn connected to several 2950 switches. All are connected to VLAN 1.
    I have a few questions:
    When people say broadcast traffic should not be more than 20% of the VLAN traffic.
    1. Does it mean the broadcast of a single port in the 2950 switch or the core switch ?
    2. How do i know the VLAN traffic ?
    Any tools etc and how is the setup?
    Hope comeone can help. :)
    Thanks in Advance.
    Alan

    Hi Narayanan,
    This is Guru Prasad.R from Saksoft Ltd. I am working as Network Engineer for past 1 year here. Also i had worked as part-time technical assistace in Networking Environment for 3 years too.
    Since, i am new guy to this networking world i may require your guidance, support for making my career the best one.
    I had finished my CCNA & 2-MCP exams one for Server 03 & another for Exchange Server 03. Also currently i doing with CCNP-Switching[BCMSN] exam.
    Kindly help me to make my career the best one. Expeting your kindness on the same.
    I had noted down ur contact number in Cisco profile. Below given my contact details:
    Guru Prasad.R
    Mobile: +91-9840822258
    Mail id: [email protected]
    Expecting your reply mail for the same.
    Thanks & Regards,
    Guru Prasad .R

  • RV042 - Priority Routing HTTP Traffic Over WAN2?

    Hi,
    I have an RV042 set to load balancing.  WAN1 is a T1 and WAN2 is an ADSL connection.  It seems that more often than not web traffic is going out over the slower WAN1, so I'd like to try to route http traffic over the ADSL before the T1 due to the higher download speed.
    Is there a way to do this?
    Thanks!

    blasty,
    Yes it is possible. It is called protocol binding, and the configuration steps for this can be found on page 23 of this guide:
    http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf
    If you have any problems please post them in as much detail as possible.
    Bill

  • Can OS X Server 10.6 reverse proxy be setup to route port traffic 5003 (FileMaker Server) to 2 seperate servers (FM 11 and FM 12)?

    Can OS X Server 10.6 reverse proxy be setup to route port traffic 5003 (FileMaker Server) to 2 seperate servers (FM 11 and FM 12)?

    In your scenario, how is the 'OS X 10.6 Server' supposed to identify which FM machine to proxy the connection to?
    The FM client uses a proprietary protocol, so it's not something simple like HTTP.  Off hand I don't know of any way the server can accept arbitrary connections on port 5003 and know which FM server to relay it to.
    Two options come to mind. One is to nix the OS 10.6 Server altogether - I don't understand this machine's purpose in your network - the second is to setup different ports on the OS X 10.6 Server machine and map each port to a different FM server, e.g. 5003 -> FM11, 5004 -> FM12, then you configure the remote client to connect to a different port number based on the server they want to connect to. I haven't used FM client in a long time to know if this is supported on the client side, but I'm guessing it is.
    Either way, using a proprietary protocol, there's no way for the proxy machine to be able to filter the traffic on any given ports.

  • Help config vlan and inter routing vlan on SF-300

    Hello All.
    I have divided the problem in Routing "SF-300 (Layer 3) can be connected to the Gateway." I did not want to put the Gateway. Injury I ever met with Packet Tracer 5. Can I attach a file. Leave all to me.
    Thank you.
    ### config -code
    ip routing
    vlan 10
    vlan 20
    vlan 30
    interface FastEthernet0/1
    switchport access vlan 10
    switchport mode access
    interface FastEthernet0/6
    switchport access vlan 20
    switchport mode access
    interface FastEthernet0/11
    switchport access vlan 30
    switchport mode access
    interface Vlan10
    ip address 192.168.10.1 255.255.255.0
    interface Vlan20
    ip address 192.168.20.1 255.255.255.0
    interface Vlan30
    ip address 192.168.30.1 255.255.255.0

    Hi Suwatchai, I'm not sure what you are asking.
    On my first post, there are 2 different IP subnet. How I understand you, you would like the computer 1 on FA1 to talk to computer 2 on FA6 which are 2 different subnet. Using your example config on the original post, the computers should have an IP configuation such as stated
    Computer on fa1.
    IP 192.168.10.100
    Gateway 255.255.255.0
    Mask 192.168.10.1
    Computer on Fa6
    IP 192.168.20.100
    Gateway 192.168.20.1
    Mask 255.255.255.0
    These IP addresses do not have to be your selection. They only have to be in the proper subnet with the correct gateway address. The gateway and subnet mask are not negotiable, the IP address is. Assuming the NIC on each computer is configured correctly based off that switch config output, this should work without any issue. If it fails to work, it is most likely an external factor as to why.
    -Tom
    Please mark answered for helpful posts

  • 1200 Series - Tagged Management VLAN Traffic

    Hi,
    As per my understanding the 1200 Series Access points running IOS (12.2(15)XR) send the management traffic (RADIUS,Accouting NTP etc) un-tagged i.e. using VLAN 1.
    As per our current setup, we assign this un-tagged traffic to a different VLAN (by changing native vlan to x for the Trunk Port) on the cisco switch.
    Is it possible to configure the Access Point to send Management Traffic as tagged with a particular VLAN id ? (Similar to what it does for Wireless Traffic, when SSID are associated to specific VLANs)
    We are trying to set this up with a 3-Com 4400 series switch i have been unable to configure the 3-Com switch, so that it can assign the untagged traffic to different VLAN instead of VLAN 1.
    Regards \\ Naman

    Changing the Native VLAN doesn't make a difference. I can create any VLAN and make it native but management traffic is still being sent un-tagged.
    Below was the setup i tested
    AP--->Trunk Link<->Switch Port(Native VLAN=15)
    Switch Port --->Trunk Link<->Router with VLAN15
    I can make any VLAN as native VLAN on the AP and it doesn't effect the functionality as long as the Switch Native VLAN matches to the corresponding VLAN on the router.

  • How to isolate vlan traffic

    I want to create two vlan's, VLAN 1 and VLAN 2. The setup is that VLAN 1 can communicate with VLAN 2, but VLAN 2 don't may have any permission to communicatie with VLAN 1. My switch is a Cisco 3750x. How can I configure this?        

    Hi,
    Don't forget that IP communication is bidirectional and that ACLs are stateless so unless you use a stateful feature like reflexive ACL or firewall feature you can't permit all communication from vlan 1 to vlan 2 and at the same time block from vlan 2 to vlan 1 because then you'll block the reply traffic in response to permitted traffic from vlan 1 to vlan 2.
    On access/distribution switches like 29xx/35xx there is no such feature so your only solution is to do the intervlan routing on a router or firewall and apply filtering policy on this device.
    Regards
    Alain
    Don't forget to rate helpful posts.

  • SFE2000 & ACL to stop VLAN traffic

    Hi All,
    I have setup a new SFE2000 switch to work in Layer 3 mode using the IP address 192.168.100.254 on VLAN 1
    Additional VLAN's are:
    VLAN2     192.168.102.x     To be used for guest wireless access
    VLAN3     192.168.103.x
    VLAN4     192.168.104.x
    I would like VLAN1, 2, 3 and 4 to be able to communicate with each other while VLAN2 (Guest) needs to be restricted from everything except web access and dhcp assignment from our server.
    I have been playing with various ACL's in an effort to accomplish this but so far I have drawn a blank in getting this working.
    Can any one draw any light to a managed switch newbie
    Thanks in advance
    James

    I was able to get this working with ACLs and setting a static route from the router (in my case Sonicwall TZ 180) back to the SG300 network. I have enclosed screen shots of the config from the GUI. You need to bind the ACL to whatever
    ports you want to filter the guest traffic either where they would connect a hard wired connection or where you would connect your Wireless AP. The ACL I have created allows VLAN 13 to get a DHCP address and communicate through DNS but nothing else. 192.168.9.254 is the Sonicwall router which I wanted on a different VLAN.
    Hope this helps others with their setup.

Maybe you are looking for

  • Sample editor 'functions' greyed out.

    Hi there, I'm having a problem in Logic 8 whereby all the functions in the sample editor are disabled. I'm pretty new to logic but i'm getting to grips with it, just can't figure out why i can't use any of the functions

  • Best way to modify a WMV file and save to computer

    I have a 200 MB WMV file for a 4 hour meeting presentation.  I want to split it up and save it into 4 separate 1 hour presentations.  With a little editing in the middle to remove breaks and downtimes.  I can do everything but the Save.  Whenever I s

  • Maximum Size of bind variables/model names in a SPARQL query

    I was wondering what the maximum field size is for a bind variable (?'' being used in the subject or object within a triple) in a SPARQL query using the Jena Adapter for Oracle? The reason for this is that I keep getting Oracle exception (ORA-00972:

  • Visual feedback in quiz?

    I'm creating a multiple choice quiz in Captivate (not graded). Feedback messages appear when a user makes a correct or incorrect choice. I'd like to provide some visual feedback, too -- perhaps a check mark next to the correct choice, or perhaps dimm

  • Is it possible to populate a PDF from an excel sheet?

    I have been asked to create a dynamic PDF which will take values from an excel sheet & grow accordingly... Is it possible to link cells(which may not yet have values) in an excel sheet to fields in a dynamic PDF? Thanks in advance