Serries 200 VLAN to 100 Serries Switches Can't Talk (Access Mode, Untagged)

Similar Messages

• Flexconnect AP - dynamic VLAN and local/central switched via radius possible?

  Hello at all,
  is it possible to tell a flexconnect ap if the client at a single ssid should get local switched or central switched and if central switched, which vlan it should use?
  All I got so far was either central switched with dynamic vlan assignment or local switched with static vlan (because it falls back to the default static vlan configured at the ap if the radius assigned vlan doesn't exist), but I need a flexconnect ap that puts client a into the local switched vlan a and client b to the central switched vlan b, both in the same ssid. Is there a radius attribute to tell a flexconnect ap how to handle this while non flexconnect aps ignore it?
  To be more detailed:
  At the central location all APs are running in local-mode, radius assigns different vlans to the clients (different departments), lets say client a = vlan 100, client b = vlan 200 and this works fine. At the remote locations the APs are running in flexconnect-mode with default vlan 10 so that the authenticated clients can break out locally and use the local infrastructure for printing and file storage. At this locations radius also says client a = vlan 100, but client a should be forwarded to local vlan 10 (which already works because there is no vlan 100 configured at the ap so the default static configuration with vlan 10 is used), while client b should stay at vlan 200 and should be central switched to the controller because it isn't allowed to access the local infrastructure. How could this be done? Creating another ssid isn't a valid option.
  Thank you,
  Christian

  Hi Christian.
  This is what 7.3 mobility design document tells about "FlexConnect VLAN Based Central Switching" which is listed in above slide.
  "From release 7.3 onwards, traffic from FlexConnect APs can be switched centrally or locally depending on the presence of a VLAN on a FlexConnect AP.
  In controller software release 7.2, AAA override of VLAN (Dynamic VLAN assignment) for locally-switched WLANs puts wireless clients on the VLAN provided by the AAA server. If the VLAN provided by the AAA server is not present at the AP, the client is put on a WLAN mapped VLAN on that AP and traffic switches locally on that VLAN. Further, prior to release 7.3, traffic for a particular WLAN from FlexConnect APs can be switched Centrally or Locally depending on the WLAN configuration."
  FlexConnect VLAN Central Switching Summary
  Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in connected mode are as follows:
  •If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally and the client is assigned this VLAN/Interface returned from the AAA server provided that the VLAN exists on the WLC.
  •If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally. If that VLAN is also not present on the WLC, the client will be assigned a VLAN/Interface mapped to a WLAN on the WLC.
  •If the VLAN is returned as one of the AAA attributes and that VLAN is present in the FlexConnect AP database, traffic will switch locally.
  •If the VLAN is not returned from the AAA server, the client is assigned a WLAN mapped VLAN on that FlexConnect AP and traffic is switched locally.
  Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in standalone mode are as follows:
  •If the VLAN returned by the AAA server is not present in the FlexConnect AP database, the client will be put on a default VLAN (that is, a WLAN mapped VLAN on a FlexConnect AP). When the AP connects back, this client is de-authenticated and will switch traffic centrally.
  •If the VLAN returned by the AAA server is present in the FlexConnect AP database, the client is placed into a returned VLAN and traffic will switch locally.
  •If the VLAN is not returned from the AAA server, the client is assigned a WLAN mapped VLAN on that FlexConnect AP and traffic will switch locally.
  Enjoy your weekend & I am sure you will be able to get this working.
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Cant communicate between nodes on the same vlan but on different switches (cat/nexus)

  Very odd situation that I cant quite figure out.
  I have two nexus switches connecte together with PO5
  Each Nexus has PO6 which connects to a Cat3750
  The nodes are all on vlan 46.
  Nodes that are connected to the nexus switches can ping each other but cant ping other nodes on the cat. switch.
  Here is an oddity. Nodes on the CAT switch CAN ping nodes on the nexus switches.
  It would appear that the nodes on the nexus (or the switches themselves) do not get the arp requests.
  Oddity 2. When I do show vpc I see on one of the nexus vlan 46 is active
  id     Port        Status Consistency Reason                     Active vlans
  6      Po6         up     success     success                    1,31,34,46,200,600-605
  When I look at the other switch I dont see vlan 46.
  id     Port        Status Consistency Reason                     Active vlans
  6      Po6         up     success     success                    1,31,34,200,600-605
  Comparing the configs I dont see a difference between the two (eyeballing sho run)
  Here are the running configs for PO6 on both switches (identical)
  MTL-N3548COLO-1# sho run int po6
  interface port-channel6
    switchport mode trunk
    spanning-tree port type normal
    speed 1000
    vpc 6
  Not sure what I am missing. Any help is appreciated.
  Thanks
  Drew

  Your setup with vMotion on a separate subnet is absolutely correct. For the vMotion issues I'd suggest you google for vMotion 14% which will list a couple of KB articles with possible issues and resolutions/workarounds.
  André

• How do I set up multiple VLANs on a single switch?

  I have two 3750G-24PS switches and three Huawei S2300 switches. I have configured VLANs (15 nos.) in 3750. Is it possible for me to use those three switches for all VLANs or do I have to use separate switches for each VLAN?

  Got this answer.
  You can have as many as 1024 VLANs on a single switch and you need not create the same on Huawei S2300  switches. Create a VTP domain and specify one switch as server and others as transparent. All the VLANs created on server switch will get replicated to other switches.

• Help needed in loading data from BW(200) to APO(100).

  Hi everybody,
  I am trying to load a master data from BW(200) to AP1(100) , this is what i did.
  1) created a InfoObject, with some fields (general-ebeln, Attributes- bukrs, werks,matnr).
  2) created and activated communication structure.
  3) Then went to BW(200) created data source(sbiw) and extracted datas from a particular info object, which had same fields and saved it, then went to RSA3 checked for data availability in data source , and it was available there too.
  4) Came back to AP1(100), in the source system tab, opened BW(200) and replicated the datas. I was able to see the Data source name which is created in BW(200).
  5) Create and activated the Transfer struct.
  6) created a info package, and loaded the data, but the monitor says " NOT YET COMPLEATED" , "CURRENTLY IN PROCESS". and it also shows "0 of 0 RECORDS".
  I want to know,
  1) Is there any mistake in what i have done above ?
  2) how long will it take to complete the process (i.e. the loading) ?.
  Please help me through this problem.
  Thanks,
  Ranjani.

  Hi,
  I am surprised with your steps. In APO, you want to load data from a particular infoobject from BW. Why did you create a specific extractor in SBIW???
  You have just reinvented the wheel... It reminds me some people in the world ...
  Here is what you should do:
  - in BW, at the infosource level, you create a direct infosource based on the infoobject that you want to extract the data to APO (let's say 0MATERIAL)
  - in BW, at the infosource level, you right click on the infosource itself and you choose 'GENERATE EXPORT DATASOURCE. That will create the datasources for you (attributes, texts, hierarchies) depending on the infoobject settings. The names of these datasources will begin with a 8 for the datamart
  - in APO, you replicate the BW system. Now you find the datasources 80MATERIAL something
  - in APO, you create the transfer rules to your infosource and you can load
  Just give it a try
  Regards

• SWL order Error message on monitor 'Sum of % 200.0 exceeds 100%'

  Dear all,
  i am getting the following error for shop with limit order.
  User has created A SWL PO with all identical data like vendor, Pur org, product category and only description change for 2 lines. Its showing only one PO which is in 'Error in Process' .
  How can a cart with two lines convert into a 2 line PO ?? as per standard SRM it should create 2 different PO.
  Noted that Error message in monitors reads 'Sum of %>200.0<exceeds 100%' in RZ20.
  Line 1 reset. Sent to for approval. Ran resubmission process - did not work
  Error in process. Error message in monitors 'Sum of %>200.0<exceeds 100%'>

  Hi,
  I think that the error is with the backend system which cannot handle 2 limits for one PO...
  There is an OSS note...
  Kind regards,
  Yann

• Sum of percentages 200.0 exceeds 100 % in BAPI_ENTRYSHEET_CREATE FM

  Hi ,
  i am using this BAPI ( BAPI_ENTRYSHEET_CREATE) in my code
  and for a partcicular scenario return table is filled with the error message
  'sum of percentages > 200.0 < Exceeds 100%'
  How to remove this error any idea.
  Regards,
  Surendar Reddy.

  hi..
  Your error message clearly says that, it got the SUM Percentage as 200. Hope you know that, we can have percentage upto 100 only. So in your scenario, check whether retrieved value is appropriate or not.
  thanks.
  Padma

• Shared office Vlan setup on ESW switches

  Hi,
  I wonder if you can give me a bit of a sanity check on the following design for a shared office. We are somewhat restricted by the buildings cabling, the actual design is a bit larger.
  What we require is all IP phones (not Cisco) to be able to talk to each other and Company A's server, Company A's server and PCs to be able to communicate together and Company B's Router and the network behind it to be able to access a shared printer and the internet. Anything without a Cisco part no next to it isn't cisco and must be assumed to be dumb.
  I'm not after a detailed howto - I just want to check that in theory this is possible, I'll work bench the equipment if it will work.
  Thanks,
  Adam

  Hello and good afternoon,
  You have the phones in the same VLAN, vlan 3. This is good.
  You have company B's router, the printer and server in the same vlan, vlan 5.
  You have company A's PCs, the server, and the 'router' to the Internet in the same vlan, vlan 1. The server appears in multiple vlans ... will it have multiple interface cards or dot.1q trunking?
  Do I have this right?
  I think this is fine overall, and do please let me ask a few questions to make sure I understand your approach and design.
  Company B's router will perform security to restrict company A's PCs from access it.  This router can actually run a firewall and then protect this second company.  Shared resources like the server and printer's specific IP addresses will be allowed into company B's network; you will need to make sure you allow bi-directional access.  
  Company A's PCs can access the printer in vlan 5 by being routed there by the Internet router; inter-vlan routing.  Security on this router will keep company B's network from accessing company A's PCs / network. 
  I suppose you will employ some security on the router for the printer and server so that only Company A and B can access the these shared devices.  Unless you plan on open access to these shared resources and then just simple inter-vlan routing is needed.
  All in all I do not see any problems with this, the switches can perform vlans and trunking just fine.
  Having an internal firewall and or a second router for a second company is not that rare (it's a good idea) and it does well to 'hide' or protect the second company.
  You will likely need to spend a little extra time in the lab to make sure you have all the configs right ... and I can imagine this getting confusing when you are configuring the Internet router.
  Do please respond with any follow up questions and or comments.  Many thanks 
  Andrew Lissitz

• VLAN : Cannot transfer files switch 3500XL

  Hello,
  i have configured VLAN's on my switch(802.1q ) with a linux machine as a router.and i cannot transfer files through SCP or FTP from nodes.It pings but is not able to transfer files.can u please expain ? the network cards on my linux machine are intel pro 100

  If you can ping through the linux router from one VLAN to another then this would suggest that routing is working correctly.
  I would check whether the Linux machine is using IP chains or similar which i believe is software that provides a firewall function and could potentially be blocking various ports.
  How many VLANs are you routing between, the reason i ask is that you mentioned 802.1q which is used for trunking VLANs over a single link. How does this fit in with Linux as i wouldn't have thought a Linux machine can differentiate between 802.1q and non 802.1q frames.
  HTH
  PJD

• Need SNMP MIB files For Cisco SF 300-48 48-Port 10/100 Managed Switch

  Hi All,
  I need SNMP MIB files for Cisco SF 300-48 48-Port 10/100 Managed Switch.
  I have gone through cisco site but not able to get it.
  Can anyone please provide me.I have stuck with this.
  Thanks
  Ram

  Hi Ram, yes the MIB can be used. The switches are essentially the same in many regards (especially on a software level).
  I do not know the OID for bandwidth. If you're looking for a particular OID may be this tool helps you
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=dot1dTpPortTable&translate=Translate&submitValue=SUBMIT&submitClicked=true
  -Tom
  Please mark answered for helpful posts

• Connecting two untagged VLANS from two different switches

  I have a Cisco SG300-52P Small Business switch and hopefully I can explain well what's going on. We have a Juniper EX4200 L3 switch that has a bunch of our corporate VLANs (they are routed VLANs) and that allows communication between all of our corporate networks. We have several other L2 Netgear, HP Procurve, etc... on which we have split the ports down the middle and divided them into two broadcast domains by setting them as untagged VLANs. One cable goes from each of the different VLANs on the L2 switches into different VLANs on the L3 switch. As long as STP is disabled this seems to work fine. However, we tried this same scenario on this Cisco Small Business switch and only one of the two untagged VLANs on the Cisco will pass traffic at a time. I believe that whenever the VLAN that is on the default (VLAN 1) is plugged in, the other (the one we created) shuts down but when VLAN 1 is unplugged, the other VLAN immediately starts to work. What seems weird is that the Cisco seems to learn the Juniper's MAC on the VLAN that doesn't work and the Juniper learns the MAC on the one that does work. In other words, the Juniper does not learn the Cisco's MAC on both of the VLANs that the Cisco is plugged into, as it does with the other L2 switches that we have, and the Cisco does not learn the MACs of the Juniper on both of its VLANs. I hope this is making sense and please let me know if there is any way I can further clarify. I'm sure I'm just doing something dumb that I'm overlooking so feel free to slap me in the face. :-)
  Thank you in advance for your time!

  It sounds like there is a layer 2 loop in your network if spanning tree is shutting down the ports.  You should be able to do a show spanning-tree on the switch, or look in spanning tree rstp interface status.
  are there any other interconnects between devices?  Like un-managed hubs, WAPs with bridging, virtual servers with multiple NIC cards?
  Show spanning tree on each device might show what is going on, or at least tell you which ports are root ports, which ones are forwarding or blocking.  Best practice is to configure your spanning tree if you have more than 1 or 2 switches.
  A detail topology showing port numbers, (sanitized) IP addresses, vlans and purpose, trunks with what vlans are tagged, and  untagged .
  from your description,  your network looks like
  multiple vlans - layer 3 Juniper swtich - netgearS1 vlan`1 --procurveS2 vlan 1 -- ciscoS3 vlan1
                                                         \-- netgearS1 vlan2 - - procurveS2 vlan --  ciscoS3 vlan 2
  I'm having trouble visiualizing <<One cable goes from each of the different VLANs on the L2 switches into different VLANs on the L3 switch. >>
  are the cables for vlan 1 going to vlan 1 or are the cables for vlan1 going to a different vlan on the other switch?
  Can you reduce the complexity and number of interconnects by using trunking?
  What are the IPs and default gateway of all devices, L3 switch?
  These switches do STP, RSTP and multiple spanning tree, but will not do per vlan spanning tree.  so there may be some configuration required on all switches to get the correct root bridge (the Juniper I assume)

• Question about VLAN handling for virtual switches and vnets

  Regards,
  We are encountering some problems when using VLAN tagged 10g ethernet. We assign the VLANS to the vsw like this:
  ldm add-vsw net-dev=net2 mtu=9000 vid=vid1,vid2,.... mode=sc primary-vsw0 primary
  the mode=sc is due to us planning for possible Solaris Cluster installation for some guests. The guest get its vnets like this:
  ldm add-vnet mode=hybrid vid=vid1 vnet0 primary-vsw0 guest
  we use mode=hybrid since this is a NIU 10 gig eth interface in a T4-4. My questions are:
  1. Do you see any problems with this config ?
  2. Do you know of any problems with using VLAN tagging in virtual switches/virtual nets for LDOMs ?
  3. When adding, subtracting VLANS to the vsw does it need to recreated or does a ldm set-vsw vid=vid1,... work dynamically (this goes of course for other vsw properties as well) ?
  This is VM Server for SPARC v2.2, Solaris 11 for control and service domains, solaris 10 in the guest LDOMs.
  Thanks,
  Edited by: DamnGoodCoffee! on Nov 2, 2012 4:59 AM

  Hi,
  1.
  - If you want that the vnet is handling the VLAN tagging for you, you need to set the pvid.
  - If you want to do the VLAN tagging in the guest LDOM (via the interface name vnetVLANID00x), it is OK.
  2. We use VLAN tagging in vnetX via setting the pvid for the vnet for guest LDOMs, and we use the interface name based VLAN tagging in the primary domain on the vsw interface.
  3. You don't need to recreate, you can set it. I'm not sure if you need to reboot to let it take effect, but IIRC it is dynamic (should be easy to test).
  Bye,
  Alexander.

• Problems setting up public/private vlans on sg300-52 switches

  A real beginner here with a problem on how to setup 3 SG300-52 (in L2 mode) as per this diagram:
  Port 1 on all switches should be able to talk to each other and access the blob at the right.
  The ports 25 on the other hand should only be able to talk among themselves in their own
  private vlan. They are to carry sensitive traffic.
  So I created 3 vlans, vlan 78 for ports gi1, gi51 and vlan 10 for port25,49,50 and a dummy vlan: 666
  with the intent of segratating vlan 10 from vlan 78.
  My attempts so far have failed.
  ports gi49-50 are configured as trunk ports and gi1,gi51 as access ports as the following
  cli output (excerpts of the startup config):
  vlan database
  vlan 10,78,666
  exit
  interface vlan 1
  ip address 172.16.10.11 255.255.255.0
  no ip address dhcp
  interface gigabitethernet1
  switchport mode access
  switchport access vlan 78
  interface gigabitethernet25
  switchport mode access
  switchport access vlan 10
  interface gigabitethernet49
  switchport trunk allowed vlan add 10,78
  switchport trunk native vlan 666
  switchport default-vlan tagged
  interface gigabitethernet50
  switchport trunk allowed vlan add 10,78
  switchport trunk native vlan 666
  switchport default-vlan tagged
  interface gigabitethernet51
  switchport mode access
  switchport access vlan 78
  Ports gi1 can talk to each other and access the blob but ports 25 refuse to talk to each other. But as soon as I remove
  the access links to the blob they can! Obviously, at that point port gi1 lose access.
  Is such a topology feasable or even advisable?
  Thanks,
  jf

  Hi Jean,
  Here's a pretty picture
  Now I will explain.
  The layer 3 switch is going to service as your core switch.
  Vlan 78 looks like your BLOB connection.
  Vlan 10 and 666 look like they don't belong on the BLOB.
  So how to configure this-
  You will want to configure the switch that connects directly to the BLOB as the layer 3 switch depicted in my diagram.
  Layer 3 switch, follow this document
  https://supportforums.cisco.com/docs/DOC-27038
  Bear with me, I am making up random numbers since I don't know what you want or will use.
  So VLAN 78 looks like the BLOB and 10 and 666 are staying out of the BLOB.
  config t
  vlan database
  vlan 10, 78, 666
  int vlan 1
  ip address 192.168.1.254 /24
  int vlan 10
  ip address 192.168.2.254 /24
  int vlan 78
  ip address 192.168.3.254 /24
  int vlan 666
  ip address 192.168.4.254 /24
  Configure the port you want to go to the BLOB, I am assuming vlan 78.
  config t
  int gi01
  switchport mode access
  switchport access vlan 78 (that 3750, what is the native vlan of the port it is connecting to??)
  Next, configure the downlink port to connect the layer 2 switch
  config t
  int gi0/2
  switchport mode trunk
  switchport trunk allowed vlan add 10, 78, 666  (this will make the port native vlan 1 untagged, rest ports tagged)
  On the downstream switch you need to configure an uplink and downlink with the respective vlans. It will remain layer 2 mode.
  config t
  vlan database
  vlan 10, 78, 666
  int gi0/1
  switchport mode trunk
  switchport trunk allowed vlan add 10, 78, 666
  int gi0/2
  switchport mode trunk
  switchport trunk allowed vlan add 10, 78, 666
  Same thing for the last switch, it will remain layer 2 mode
  config t
  vlan database
  vlan 10, 78, 666
  int gi0/1
  switchport mode trunk
  switchport trunk allowed vlan add 10, 78, 666
  int gi0/2
  switchport mode trunk
  switchport trunk allowed vlan add 10, 78, 666
  Let me know if this works out or if it is not logical for you.
  -Tom
  Please mark answered for helpful posts

• Differenet VLAN's on different switches

  In short, I have two SRW 2024 switches connected together.  The first one goes to the router, ASA 5510 (supports inter-vlan routing), on the native VLAN and the second one is trunked on port 12 to the first one.  I have been doing lots of research and have found ambiguous answers to my question.  My question is can I have different VLAN's on different switches?  Meaning can I have VLAN 10 on the first switch and VLAN 20 on the second but not have VLAN 20 on the first and VLAN 10 on the second?  So far, I have heard that I HAVE to have identical VLAN's on both switches in order for them to be able to talk to each other and I have also heard that that is not true because I can setup routes on my router to make them talk to eachother and get on the internet...  Does anyone have a definitive answer to my question?  I am totally pulling my hair out on this one...

  Well, reading this post now makes me wonder if we have the same understanding.
  What do you mean with "have VLAN 10 on the first switch" etc.? What do you mean with "have"?
  If you connect the ASA to switch 1, and switch 1 to switch 2. If you use VLAN 20 on the second switch and you want to give VLAN 20 access to the internet through the ASA switch 1 must know about the existence of VLAN 20. The switch will only forward frames for VLANs it knows of. If VLAN 20 does not exist on switch 1 VLAN 20 cannot pass through switch 1.
  If you use VLAN 10 only on switch 1 and not on switch 2, you could omit VLAN 10 on the second switch as no VLAN 10 traffic has to go to switch 2. However, generally it is better to have all VLANs on both switches because it makes management easier.
  This has nothing to do with routing, though, as the SRWs are only layer 2 switches. Routing allows you to connect a VLAN to another VLAN or LAN or internet.
  Think of a single VLAN like a normal switched LAN. Different VLANs are just like different, physically separated LANs.
  If you want to allow traffic between these separated LANs you'll need a router which routes traffic between them.
  A managed switch with VLANs allows you to run these different LANs on the same hardware, making the individual VLAN assignments configurable.
  A port on a managed switch usually is in on of two modes:
  * access mode: an access mode port connects to a normal device like a desktop, printer, or similar. An access mode port can be member of a single VLAN only, i.e. you have to decide to which VLAN it is supposed to belong to. In your case, you configure an access mode port for either VLAN 10 or VLAN 20.
  With a single switch things are clear now: some ports are VLAN 10 and some ports are VLAN 20. VLAN 10 can talk to each other. VLAN 20 can talk to each other. No traffic passes between VLAN 10 and VLAN 20.
  Of course, now you want to connect this switch to some other network devices, in particular the second SRW because you need additional ports or you have an additional location. And there is the ASA which provides internet access for these VLANs.
  * trunk mode: This is where trunk mode comes in. A trunk mode port can carry multiple VLANs on a single port. This is done using 802.1q tags. 802.1q tagged ethernet frames have an additional field for the VLAN to which the frame belongs to. With this, a switch can send frames for VLAN 10 and VLAN 20 through a single port to another switch or router. Each frame sent is tagged with 10 or 20 depending on which VLAN the frame belongs to. The receiver will accept each frame and assign it to the corresponding VLAN on the receiving side. This way the receiving switch or router is able to keep those VLANs strictly separated.
  So let's say you want two VLANs 10 & 20 in your network. You would create VLANs 10 & 20 on your ASA and both SRWs. (Create only means that the device knows this VLAN exists and is able to handle traffic for this VLAN). You would configure LAN port 1 of your ASA as trunk with members VLAN 10 & 20. You configure port 1 & 24 of your first SRW in trunk mode with members VLAN 10 & 20. You configure port 1 of your second SRW in trunk mode with members VLAN 10 & 20. Now you wire port 1 of your ASA to port 1 of your first SRW. Then you wire port 24 of your first SRW to port 1 of your second SRW.
  This creates the VLAN trunk through your network. Traffic in both VLANs can travel through this trunk between the switches and to the ASA and from there, if properly routed, into the internet.
  In a very simple scenario you configure all remaining port in access mode. For each access mode port you define whether this port belongs to VLAN 10 or 20. If port 2 is in access mode and member of VLAN 10 then the device connected to port 2 is in VLAN 10.
  You are completely free how to assign the VLANs. If you assign ports 2-24 on switch2 to VLAN 20 and ports 2-23 on switch 1 to VLAN 10 this is fine. In this case, you could reduce the VLAN configuration a little by not creating VLAN 10 on the switch 2 and not adding VLAN 10 on the trunk ports connecting switch1 and 2. However, as mentioned before, I would recommend not to do so. If at some point you decide to have a port in VLAN 10 on the second switch everything would already be set up if you created the VLAN 10 on the second switch and added it to the trunk.
  You must create all VLANs on your ASA and the first switch in your case. VLAN 20 traffic has to travel through switch 1 (even if there is no end device connected to VLAN 20 on switch 1). Thus, VLAN 20 must exist on switch 1 and the trunk between the ASA, switch 1 and switch2 must carry VLAN 20 for traffic to pass through. If VLAN 20 did not exist on switch 1 no VLAN 20 traffic could travel trough switch 1.
  As you only have two switches you will only have a few VLANs which you should be able to create in the beginning. If you really have to add a new VLAN you have to touch both switches and the ASA. But with some planning, it should not be necessary to add VLANs later. With two 24 port switches you won't have more then 48 VLANs anyway.
  Your VLANs "terminate" on the ASA. The ASA is a 802.1q capable router. You can trunk your VLANs to the ASA. The ASA allows you to define gateway interfaces in each VLAN which will operate as gateways for each VLAN. Through that VLANs can talk to the internet. You can also configure the ASA to allow inter-vlan-routing, i.e. let specific traffic be routed from one VLAN to the other. For instance, if you have a printer in one VLAN you could allow traffic to this printer from the other VLAN while still blocking any attempt to access other devices on the other VLAN.

• I am having trouble, my icloud is using an old Apple ID, and i can no longer access that email account, or know the password to that, how do i switch it?

  I am having trouble, my icloud is using an old Apple ID, and i can no longer access that email account, or know the password to that, how do i switch it to my new Apple ID?

  Having the email address is not necessary. It is just the username for the device. All you need is that Apple ID and password. Now, if you forgotten the password, then you have more work to do. Since that email is no longer active, you would need to send the reset to your rescue email, if you remember that. Or you will need to contact Apple Security for help. Apple ID: Contacting Apple for help with Apple ID account security