SG500 in L3-Mode: new VLAN Interface won't create route

Hello,
i have some SG500 in a stack.
The Stack has Routing enabled and everything works as expected.
But now i created a new VLAN10, assigned an IP-adresse and i'm not able to route into this vlan.
There is no entry in the routing table. In VLAN10 are 2 members: one LAG (tagged) and one port untagged.
Also deleting and recreating then vlan10 interface does not solve anything.
How can i get my stack routing into vlan10 ?
CiscoStack#show ip int
    IP Address         I/F      I/F Status      Type     Directed   Precedence   Status
                                admin/oper               Broadcast
192.168.10.254/24   vlan 10    UP/UP         Static      disable    No         Valid
192.168.102.254/24 vlan 2     UP/UP         Static      disable    No         Valid
192.168.112.2/24    vlan 9     UP/UP         Static      disable    No         Valid
192.168.160.253/22 vlan 1     UP/UP         Static      disable    No         Valid
CiscoStack#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static
S   0.0.0.0/0 [1/1] via 192.168.160.1, 01:20:09, vlan 1
C   192.168.102.0/24 is directly connected, vlan 2
C   192.168.112.0/24 is directly connected, vlan 9
C   192.168.160.0/22 is directly connected, vlan 1

Similar Messages

Vlan Interface on a 2691 router

Hi,
I am trying to create an vlan interface on a 2691 router but can't do it. What switch module do I need and what code. Argh!! I've searcehed all over cisco but I can't find it. What am I mmissing??
Thanks,
Lee

Can you give us more information about what is it that you're trying to do?
Your IOS is the latest and greatest in the 12.3 line as of the date of this posting. And your Feature Set is Advanced Enterprise Services, which is the fullest Feature Set you can get. (The "Plus" capabilities were folded into Enterprise Services when Cisco reorganized the Feature Sets they offer.)
Going back to your original situation. I may have misunderstood exactly what you are trying to do.
RE: "I am trying to create an vlan interface on a 2691 router but can't do it."
If by this you mean you are tring to create an "interface Vlan2" or "interface Vlan10" or "interface Vlan18" like you can do on the Cisco Catalyst switches, and then put interface-specific commands underneath it, then I don't think you can. Even though you can enter "interface ?" and it shows Vlan as one of the options, it is my understanding that you do it as I outlined above in my previous post.
If you are going to carry multiple VLANs on a single router port connected to an 802.1Q trunking switch port, then if you need IPX capabilities on a particular sub-interface, just add the IPX network address and IPX frame/encapsulation type under the sub-interface.
If you're just trying to dedicate one router LAN port to act as a default gateway for a particular VLAN, then connect the router to a switch port that is defined as an access port for that VLAN. Assign the appropriate IP and IPX addressing under the router's LAN interface and you're done. No need for sub-interfaces, or bothering to configure the router with any Layer 2 VLAN information, except maybe a description assigned to the port that tells you what VLAN on the switch you're connecting it to.
RE: "What switch module do I need and what code."
If you're trying to host multiple 10/100 switching ports within the router, then you are looking for some version of Cisco's 16-port EtherSwitch Network Module. The model number NM-16ESW-something, where the "something" designates support for inline power or an optional Gigabit Ethernet interface. This should run on the code you have.
The NM-16ESW supports 802.1Q, according to the documentation. But I have never worked with one, so I couldn't tell you how the interfaces are numbered (Fa1/0 through Fa1/15?). Also, I have no idea how the router communicates with the switching network module internally: are there 16 separate FastEthernet ports now, each one configurable as the router's own LAN ports are? Or is there some common, internal backplane-type connection between the network module and the router's CPU, configured like a Gigabit Ethernet VLAN trunk port when you implement multiple access VLANs on the 10/100 ports?
Rather than use an NM-16ESW in a router to handle multiple VLANs, I would just use a Cisco Layer 3 switch if it were only for routing IP. 3550 or 3750 would be fine. But if you need IPX routing, then in Cisco's line you either need routers or chassis switches running Enterprise code. Other manufacturers support IPX and IP in a stackable size: Foundry, HP, and Extreme Networks, for example. In fact, Foundry and HP (who OEMs some product from Foundry) use a CLI very much like Cisco's. I've even seen HP switches show up as CDP neighbors to a Cisco router.
There are times to use routers and times to use Layer 3 switches. And times when you need both. It all depends on what you're doing, and what you're trying to do it with...

Netflow on 6509 in Native Mode from Vlan Interface

I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
Or could it be that MLS is not configured except for a couple commands:
mls netflow interface
mls cef error action reset
netflow setup:
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
    Source(1)       10.31.101.1 (Vlan52)
    Destination(1) 10.30.2.196 (2055)
Version 5 flow records
14927339 flows exported in 615072 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to Card not being able to export
interface:
interface Vlan52
description AN.VDI.stu
ip address 10.31.101.1 255.255.255.0
ip helper-address 10.31.149.200
no ip redirects
ip flow ingress
ip flow egress
ip pim neighbor-filter 98
ip pim sparse-dense-mode
ip cgmp

Enabling MLS was the fix.
mls netflow interface
mls flow ip interface-full
mls nde sender version 5
mls cef error action reset

Catalyst 2912 additional Vlan interface won't come out of "shutdown"

I've got an old 2912 and I'm currently converting this network over from using the dafault Vlan1 as the administrative Vlan. I've configured an additional Vlan interface but when I do a no shut on the interface it will not come up. Any idea what's going on? I haven't worked on a 2912 in years.
interface VLAN1
ip address 169.2.128.226 255.255.255.192
no ip directed-broadcast
no ip route-cache
interface VLAN299
description MGMT
ip address 10.227.95.136 255.255.255.128
no ip directed-broadcast
no ip route-cache
shutdown

OK, I'll answer my own question. I found the answer in some 2912 documentation. "Only one management vlan can be administratively active at a time".

WLC, mapping new dynamic interface to an already used port

This is my question
We have a multiple wlc deployment and a wlan which is running dhcp issues (scopes exhausted)
The main Wlan is mapped to a dynamic interface group (2 vlans), both vlans are mapped to a single physical port
adding a new dynamic interface (vlan) to the interface group is needed,
- a new dynamic interface will be created and mapped to the same physical port of the other two (3 vlans)
- the new interface will be addad to the interface group
the question is:
does this operation will require some network downtime (controller reboot,ap reboot... etc.) or will it be a seamless operation?
thank you

Does this mean, when utilizing an 802.1x WLAN in an AP Group, you can not dynamically assign an interface via radius because itw ill be ignored due to the AP Group settings? If so, that seems short sited to me?
AAA override get priority when AAA override and AP group is used. the debug client output should show site specific over-ride for AP group initially and once it goes into .1x auth it will return the overrided vlan.

My brand new iPad mini won't rotate I have done factory reset still not working. If I lock and unlock on landscape or portrait it remains in that mode. Any ideas pretty sure I've tried everything suggested.

My brand new iPad mini won't rotate done factory reset still not working. If I lock and unlock on landscape or portrait it remains in that mode. Any ideas pretty sure I've tried everything suggested such as off/on, reset, reboot, double checked lock off. It did work and I changed wallpaper and stopped motion, not sure if this related

Reset all settings. Settings>General>Reset>Reset All Settings. Your iPad will reboot on its own. You will have to enter all of the device settings again, but no data will be lost.
I eould not spend a whole lot more time trying to fix this, if the device is really brand new. I would take it back to where you bought it, bring the box, the charger, the cable and your receipt and if they can't get it fixed, return it and get another one.

Cisco 871W - VLAN-Interface = 'Up/Down'

Hi,
I have configured our company's Cisco 871W per suggested configs found on the cisco web site, however, VLAN1, VLAN10 and VLAN20 interfaces won't come up (e.g. up/down) and it's preventing communication. Guess I'm expecting this to behave like a multi-layer swt/rtr (i.e. 3560). Can anyone help me on this?
Here is the config:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxxxxxxxxx
boot-start-marker
boot-end-marker
enable secret xxx
enable password xxxxxx
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
ip dhcp pool VLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name xxxxxxxxxxxxxxxx
lease 4
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name xxxxxxxxxxxx
lease 4
no ip domain lookup
ip domain name xxxxxxxxx
crypto pki trustpoint TP-self-signed-1485172728
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1485172728
revocation-check none
rsakeypair TP-self-signed-1485172728
crypto pki certificate chain TP-self-signed-1485172728
certificate self-signed 01
<--------some output omitted--------->
interface FastEthernet0
switchport access vlan 20
spanning-tree portfast
interface FastEthernet1
switchport access vlan 10
spanning-tree portfast
interface FastEthernet2
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
switchport access vlan 10
spanning-tree portfast
interface FastEthernet4
ip address 10.2.5.1 255.255.0.0
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Vlan1
no ip address
interface Vlan10
description Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan20
description Guest Network
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
<--------------output omitted---------->
End
Sample device-specific configs would help.
We are not concerned with the wireless portion of the config at this point.
Any insight is appreciated.
Thanks!
Chris
News Corp.

You may be hitting with a bug : check the details of this bug : CSCsc10989

VLAN interface on ME2600X

I'm trying to configure a VLan interface on my ME2600X (for inband management), but the switch won't accept the command.
What am I missing? I need a way to combine layer-2 services and a management vlan on the same dot1q trunk into the ME2600X.
Geir Jensen

Hello Geir,
You can use service instances e.g.:
interface GigabitEthernet0/3
switchport trunk allowed vlan none
switchport mode trunk
dampening
mtu 9100
load-interval 30
media-type rj45
service instance 5 ethernet
description Management VLAN
encapsulation dot1q 5
rewrite ingress tag pop 1 symmetric
bridge-domain 5 – this will pop up message:
Bridge-domain 5 created
VLAN 5 does not exist, creating vlan
interface Vlan5
description Management VLAN
ip address 10.0.0.1 255.255.255.0
ip access-group MNGT-ACL in
end
adam

Vlan Interface state constantly disabled

Hi.
I have a SF500 in layer 3 mode. I have 5 vlans (10,100,200,201,202)
Of these 5 vlans, each one has a vlan interface configured.
However, vlan 10 and 202 don't have an IPv4 route (which is created automatically I believe).
I had a look and the vlan interface state is set to 'Disabled' (yes I'm using the GUI...)
Whenever I click 'Edit', it brings up the new window, but it has a tick in the Enabled box. Unchecking and applying and then checking and applying makes no difference. I just can't seem to change the state of the vlan interface.
Am I missing something weird?
Cheers.
Andy

Hi.
Thanks forumers!!
Turns out that even thought it was assigned to an interface, the static route never appeared until the end device was connected (even if you tried to access that vlan from a different vlan).
For example, the internal interface vlan 1 (192.168.1.254) would never have a route added until a device appeared on a vlan1 port - even if a device on a vlan2 port had access to vlan1, it didn't recognise it as being valid.
Many thanks for your help!
Andrew

The spanning-tree add strange value when I create new Vlans

Hi,
On all switchs access, the spanning-tree add strange value when I create new Vlans from Distrib Layer,
and no association is created with any interface with spanning-tree vlan 700, see below in this exemple,
until I reboot the switch.
somebody already saw this values ?
DSFDS112#sh span sum
Switch is in rapid-pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is enabled
UplinkFast                   is disabled
Stack port is StackPort1
BackboneFast                 is disabled
Configured Pathcost method used is long
Name                   Blocking Listening Learning Forwarding STP Active
VLAN0001                     0         0        0          3          3
VLAN0002                     0         0        0         22         22
VLAN0006                     0         0        0          3          3
VLAN0007                     0         0        0          8          8
VLAN0009                     0         0        0          4          4
VLAN0010                     0         0        0          3          3
VLAN0011                     0         0        0          3          3
VLAN0012                     0         0        0          3          3
VLAN0013                     0         0        0          3          3
VLAN0090                     0         0        0         15         15
VLAN0109                     0         0        0          3          3
VLAN0200                     0         0        0          4          4
VLAN0300                     0         0        0         26         26
VLAN0302                     0         0        0          4          4
VLAN0700               -   253 -1872756560 2087191206 -1872756549 2080375982
VLAN0702               -   253 -1872756560 2087191206 -1872756549 2080375982
VLAN0704                     0         0        0          4          4
VLAN0710               -   253 -1872756560 2087191206 -1872756549 2080375982
VLAN0816                     0         0        0          3          3
VLAN0820                     0         0        0          3          3
20 vlans               -   759 -1323302384 1966606322 -1323302237 1946160764
DSFDS112#sh span vlan 700
VLAN0700
Spanning tree enabled protocol rstp
Root ID    Priority    4796
             Address     0008.e3ff.fcbc
             Cost        10000
             Port        608 (Port-channel1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    62140 (priority 61440 sys-id-ext 700)
             Address     885a.9213.6880
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Po1                Root FWD 10000     128.608 P2p
DSFDS112#sh run int Gi1/0/25
Building configuration...
Current configuration : 194 bytes
interface GigabitEthernet1/0/25
description Station12
switchport access vlan 700
switchport mode access
end
DSFDS112#sh span interface Gi1/0/25
no spanning tree info available for GigabitEthernet1/0/25
DSFDS112#sh int status interface Gi1/0/25
Port      Name               Status       Vlan       Duplex Speed Type
Gi1/0/25 Station12          connected    700          full    100 10/100/1000BaseTX
Thanks for your help,
Regards.

Venki,
The ORA-00942 is okay because there is no existing object. But what stuck me is the ORA-01921 error which may indicate that this might not be a new database.
CREATE ROLE exp_full_database
ERROR at line 1:
ORA-01921: role name 'EXP_FULL_DATABASE' conflicts with another user or role name
CREATE ROLE imp_full_database
ERROR at line 1:
ORA-01921: role name 'IMP_FULL_DATABASE' conflicts with another user or role name
Are there any existing databases on this server? Have you tried to create it on other machine?I searched on Metalink too and found Doc ID: 237486.1 ORA-29807 Signalled While Creating Database using DBCA which say that eroror could be ignored. You may want to review that as well.
Ittichai

How do you keep a VLAN interface up?

Is there a method that enables you to keep a vlan "UP", even when none of the physical interfaces assigned to that vlan are connected?

If you are using vtp, you can "force" the VLAN active using those commands; depending on the switch you are using, this is done a number of different ways.
newer IOS switch running native mode -
conf t
vlan 1
state active
exit
wr mem
older IOS switch
From an enable prompt -
vlan database
[enters vlan database mode)
[Note: Newer IOS warns that this is deprecated and will not show help -- the help is as follows -
switchname#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
switchname(vlan)#?
VLAN database editing buffer manipulation commands:
abort Exit mode without applying the changes
apply Apply current changes and bump revision number
exit Apply changes, bump revision number, and exit mode
no Negate a command or set its defaults
reset Abandon current changes and reread current database
show Show database information
vlan Add, delete, or modify values associated with a single VLAN
vtp Perform VTP administrative functions.
switchname(vlan)#vlan ?
<1-1005> ISL VLAN index
switchname(vlan)#vlan 1 ?
are Maximum number of All Route Explorer hops for this VLAN
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero
if none)
switchname(vlan)#vlan 1 state ?
active VLAN Active State
suspend VLAN Suspended State
switchname(vlan)#vlan 1 state active (enter)
This will make the VLAN active.
Note that it "works" even when there is no help.
There's a way to do it for CAT OS, but I only have VTP clients on my few remaining Cat OS switches.
Good luck -
Nick
(PS - if this helps, please 'rate' the answer ! :-) )

3750X - Dropped multicat traffic flooding on all switchport vlan interfaces

Hello forum,
I have a problem on source multicast blocking. I have a switch with a vlan interface (Ex. vlan 20 )and on that vlan interface an extended ACL is present. That ACL block specific multicast groups. Furtehrmore I have many switchport access interfaces on vlan 20 with different sources connected.
If one source start streaming with multicast destination IP blocked by ACL, dropped traffic is flooaded on all switchports on source's vlan
IGMP snooping on this vlan is enabled but seems that dropped traffic stay on L2 vlan without it.
Device used: C3750X
IOS: 15.0(2)SE5
Thank you for help

Hi Michal,
thanks for your reply!
Yes, probably i've captured all lines of access-list... but I've to change my approach because my access-list is a extended "named" access-list and, on other post, I've read that "named" access-list cannot be debugged...
Now i've deleted all access-lists entries that refer to vlan2 and I've created new one "numerical":
#ip access-list extended 100
#10 ip permit 172.16.2.0 0.0.0.15 any log
In this mode the debug shows only access-list 100 traffic + bcast + mcast.
But, the strange thing is another one now...
I've bought a multifunction printer, that send scanned document to a email account, the printer haven't internal smtp, it makes a connection to hp servers that forward scans to real destination address...
I was curious to find out how this connection works because, my private/confidential documents are send on internet and, i would hope that hp use a secure connection from my printer to its server...
Well, if I add "log" switch command at the end of access-list, or I enable access-list debug, the printer stop to comunicate to hp services/server... if I turn off debug or rewrite access-list without "log" feature, incredibly the printer re-start to comunicate with hp...
Have you any idea that explain that? I'm going crazy...

SG300-20 - Configure DHCP on VLAN interface

I have been reading the various related discussions on the SG300 and SG500 switches regarding setting up VLAN's and DHCP on those VLAN's. For whatever reason I have been unable to even get this simple task to work.
First thing I did was to update my firmware and boot version as follows:
SW version    1.3.7.18 ( date 12-Jan-2014 time 18:02:59 )
Boot version    1.3.5.06 ( date 21-Jul-2013 time 15:12:10 )
HW version    V02
When I reloaded the SG300 after the SW/Boot updates the startup config was wiped out and I had to setup my switch from scratch. The intent is to have two VLAN's:
VLAN 1: all devices, servers, etc.
VLAN 2: basic subnet that hands out DHCP addresses
The SG300-20 is connected to an Asus RT-AC66U router on the 192.168.1.x subnet and provides internal network access and WiFi access (router IP address is 192.168.1.1 and is default gateway). All that works with no issues. So my task is simply to create VLAN 2 on 192.168.2.x subnet and use DHCP to allocate addresses. I have spent many hours on this and I still can't get it to work. When I connect a laptop to the port (GI8) assigned to VLAN 2, I end up getting some wonky 169.254.x.x address. I certainly thought something this "easy" wouldn't be that hard to setup, but apparently I was wrong.
The SG300 is running in L3 mode as shown in my running-config below.
Does anyone happen to see something that might be preventing my laptop client from recieving IP addresses from the VLAN 2 DHCP interface that are not in the 192.168.2.x subnet?
Any ideas / suggestions would be greatly appreciated!
Here's my running-config:
config-file-header
MYSTICSW1
v1.3.7.18 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname MYSTICSW1
logging host 192.168.1.15
logging origin-id hostname
username cisco password encrypted b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 privilege 15
snmp-server location Office
clock timezone " " -5
clock summer-time web recurring usa
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 192.168.1.10 poll
interface vlan 1
ip address 192.168.1.254 255.255.255.0
no ip address dhcp
interface vlan 2
name MysticWAN
ip address 192.168.2.254 255.255.255.0
interface gigabitethernet8
switchport mode access
switchport access vlan 2
exit
ip default-gateway 192.168.1.1
Thanks in advance!
Clint Lambert

Tom,
Thanks ... I followed the steps you outlined and it worked! The only difference being that I have an Asus RT-AC66U router and the there is no "enable multiple subnet" option. So, I just followed your instructions on creating the static routes in the RT-AC66U and everything worked. The DHCP addresses were correct and I had internet connectivity when I plugged a laptop into the gi8 port.
I did make one tweak to the Network Pools screen as follows:
My DHCP configuration for gi8 on VLAN 2 now looks like:
ip dhcp server
ip dhcp pool network InternalWAN
address low 192.168.2.1 high 192.168.2.99 255.255.255.0
lease infinite
domain-name MYSTIC
default-router 192.168.2.254
dns-server 8.8.8.8
Previously I had followed your advice in the article "Need help configuring SG300-10 switch" and had setup everything using CLI. However, I didn't think about needing the static routes. So, I think it was probably setup correctly beforehand but had no chance to work because the routes were not setup.
Thanks very much for your help!
Clint

Create 2 new VLANs and Trunk

Hi
I am working with a service provider to segment inbound traffic for a client. Rather than creating a seperate fibre circuit, we have opted for two new VLANs and a trunk to the upstream router.
The equipment we are working on is a Cisco Catalyst 2900XL, IOS (tm) C2900XL Software (C2900XL-H-M), Version 11.2(8)SA2, RELEASE SOFTWARE (fc1)
Current configuration:
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
hostname
enable secret
ip subnet-zero
ip domain-name
ip name-server
interface VLAN1
ip address
no ip route-cache
interface FastEthernet0/1
speed 10
duplex full
spantree portfast
interface FastEthernet0/2
speed 100
duplex full
spantree portfast
interface FastEthernet0/3
spantree portfast
interface FastEthernet0/4
shutdown
spantree portfast
interface FastEthernet0/5
shutdown
spantree portfast
interface FastEthernet0/6
shutdown
spantree portfast
interface FastEthernet0/7
shutdown
spantree portfast
interface FastEthernet0/8
shutdown
spantree portfast
ip default-gateway
snmp-server community private
snmp-server community public
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
password
login
end
I need to creat VLAN 2 and VLAN 3. Traffic currently running through VLAN 1 will be segmented between these two VLANs with a trunk to an upstream router.
vlan database commands don't appear to be working. At this stage I only want to create the VLANs. Can anyone recommend a command reference?

Hi Paresh!
Good to hear from you!
User Access Verification
Password:
>en
Password:
#sh vtp status
^
% Invalid input detected at '^' marker.
It doesn't accept the command.
Here are the results of a show ? from enable mode:
publicswitch#sh ?
access-lists
accounting
aliases
arp
boot
buffers
cdp
clock
configuration
controllers
debugging
file
forward
history
hosts
html
interfaces
ip
line
location
logging
mac-address-table
memory
port
privilege
processes
queue
queueing
registry
reload
rhosts
rmon
running-config
sessions
snmp
spantree
stacks
startup-config
subsys
tcp
tech-support
terminal
users
version
Thanks

Add switchports to new VLAN/DHCP pool

Hello community,
Our company recently added a new VLAN/Subnet/DHCP pool to seperate the physical workstations. I updated a few interfaces to the new VLAN...which is fine for testing a few workstations, however what is the best approach and least disruptive way to update a range of ports to the new VLAN/DHCP pool.
Can we update the Interfaces to the new VLAN with the range command.....let the current DHCP lease expire and then they would get an ip from new Pool? Should we lower the lease time on old pool? ...I think it is currenty set to 24hr (default)
Please include IOS commands
Much appreciated!

Hello,
Create the new DHCP pool on your DHCP server, and lower the lease time of old pool, after pcs are get the new ip addresses, create a new vlan and assign the ports to this vlan.
ip dhcp pool OLDPOOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
ip dhcp pool NEWPOOL
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
interface range f0/1 - 24
switchport mode access
switchport access vlan 1

SG500 in L3-Mode: new VLAN Interface won't create route

Similar Messages

Maybe you are looking for