SGE2010 VLAN howto's

Similar Messages

• SGE2010 switches, VLAN's and a blocked port in spanning-tree

  Folks,
  I have 2 switch groups.
  2 SGE2010's with VLAN's defined as 10,20 and 30
  Vlan 10 is the management VLAN, and it uplinks to our border router.
  Vlan 20 is the workstation VLAN, and all workstations point to the switch as their default GW
  Vlan 30 is the ip phone VLAN, and all phones use this as their gateway.
  I would like to put a LAG between said switches, we have some servers on the ip phone switch that need to be accessed by the workstation clients, and the single 100mb link through the router is probably not going to be enough.
  As I understand it, because the switches have different networks on them, a simple lag will not work. I did create a lag, and assign ip addresses to each side, however in that mode, it doesn't appear I can block vlan 10 from transiting the LAG, and with out that block I will end up with a logical loop, and spanning-tree will block one of the uplinks, or the LAG itself.
  I have attached an image with a diagram of our current set up.
  Any help/advice would be much appreciated.

  Tom,
  I remember our conversation a few weeks ago. I did not get a chance to have a go at MSTP, mainly because I have no expierence with it, and looking at the configuration properities, it looks a little daunting.
  It has also been a very busy few weeks with the deployment of 200+ phones across several sites, and the system is functioning great with out the LAG trunk, I am just trying to plan for the future.
  I made a few postings a few weeks ago, one here and one on the Cisco forums on reddit, and a user there gave me some advice I have been unable to make work (I think it's just wrong), but I would love to go this route if it is in fact possible.
  Here is the thread : http://www.reddit.com/r/Cisco/comments/x91tc/vlan_trunks_spanning_tree_and_a_port_blocked/c5kskch
  This user implies it's possible to block a VLAN across the LAG which would end the logical loop problems.
  It looks like his advice is to make the LAG into a trunk, and then block specific VLAN's from transiting it, but in trunk mode, I can't assign it an IP, so I am sorta wondering how exactly you transport packets across it.
  Can you confirm that his advice is in fact incorrect?
  If MSTP is my only route, then I suppose it's time to dig into the docs and see If I cant get it up and running.

• SGE2010 - Autentication Mac with radius(rada) and assign in VLAN.

  Hi all
  I need to create two VLANs with authentication radius.
  and through its radius assign VLANs to the client.
  What is the model SGE2010 can do this thing, because the manual none understandable

  I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
  I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
  Hope this helps

• SGE2010, cant set ip on vlan/port

  Hi
  I have an SGE2010 L3 switch.
  I'm trying to set IP on vlans and ports. But with no luck.
  Switch is crashing every time I'm trying. Been using webgui, telnet, and CLI over telnet.
  Last time I cleaned all config. And logged in webgui, went to "IP Adressing -> IPv4 interface and pushed "add".
  Entered an IP, netmask for port48. (I'm connected on port 1).
  And everyting freezes.
  If I try telnet, I get disconnected. And same if I try CLI over telnet.
  I haven't tried console, because I have wrong console cable to my PC.
  So can anyone please help me?

  Hi Torbjoern, the answer above is correct. This is a classic "problem" and has been persistent for years (it's not a bug). If you need assistance to set vlan IP addresses you can call the small business support. If you're out of warranty for phone support, we can set up a teamviewer and I will help you.
  -Tom
  Please mark answered for helpful posts

• Introducing SGE2010 into existing VLAN

  Hello,
  I have 3750 L3 and two 2960S L2 switches. VLANs are configured on these switches and in production. There is windows DHCP as well which gives IP addresses to all host in different VLANs.
  Now I want to introduce L2 SGE2010 switch into existing setup but there are limited scopes of doing VLAN settings through web based on SGE2010 and the options are also confusing. Please suggest me how to configure VLAN on SGE2010 so that windows DHCP also listen to this switch and allocate IP addresses to host on SGE2010 switch.
  Please let me know if any information needed.
  Thanks in advance.
  Vijay.

  Okay, I understand what you guys are saying and I've setup something similar.  I downloaded all past updates for all Microsoft products we have in use.  I broke these up by year so as to avoid any deployment package limits, so I placed these updates
  in software groups named "All 2010 Updates", "All 2011 Updates", etc. with corresponding deployment packages.  I'm not separating anything by product as I'm just letting the ConfigMgr client handle what a client needs.  I then deployed these groups
  to all of my workstations, and will leave them deployed to the collection for the foreseeable future or until everything gets caught up.  Does this sound okay?  
  Now here's another question.  I noticed for this month's patch Tuesday that there were quite a few revised updates that were originally released in 2011.  My ADR grabbed all updates released or revised in the past 1 month.  These updates now
  exist in both my "2014 08 August" and "All 2011 Updates" software update groups (as well as my "2011" and "2014-2" deployment packages).  So basically it appears I now have duplicate updates.  I thought if an update was revised they would expire
  the original update.  Is this not always the case?
  I appreciate the responses guys.

• SGE2010 and VLAN's

  Afternoon, folks...    
  We just switch over to two SGE2010 switches from old Cajun routers. Many things worked out just fine... but as always, there were some issues.
  We run 4 VLAN's on this network as follows:
  10.20.1.x default
  10.20.20.x
  10.20.30.x
  10.20.100.x
  The .1 is exclusively for switches and a firewall.
  The .20 is general business workstations.
  The .30 is an automation network (for computer-controlled machinery in our plant)
  The .100 is for servers and some high-level devices.
  OK... here's the problem. We have several Intermec WAP's our automation department uses to troubleshoot and repair equipment on the plant floor. These WAP's also are used by handheld portable scanners the dock folks and materials handlers use to track parts movement throughout the facility.
  The WAP's are on the .100 VLAN, as are the scanners. This all works well.
  However, the automation people need wireless access from their laptops to equipment on the .30 VLAN, and I've been unsuccessful (so far) making that happen. I've tried static addresses on a laptop to the WAP's on the .20, .30, and .100 VLANS. As of now, the only connectivity I get is the result of assigning a static on the .100 VLAN. However, when I do that, I can reach the Internet and other servers on .100 but nothing on .20 or .30.
  Can anyone make any suggestions? All help is appreciated!
  Thanks,
  John

  Hi john,
  No problem.  You are most likely  great at what you do, I am ok at what I do.  So don't feel bad about not knowing how multicast work.
  The bottom line is that multicast packets do not normally route or jump between vlans.  Multicast packets usually a limited to the vlan they are in.
  You have to enable a process within a switch or router to enable the multicast IP packets to, excuse the terms,  jump over from one vlan to another vlan.
  If you are having trouble with getting these multicasts to jump over from one VLAN  to another VLAN, you have some options. 
  Re-engineer the network so that the multicasting process control devices are in the same network or VLAN as the Human Management Interfaces.
  (These  Human Management Interfaces (PC's)  i guess are monitoring the process control equipment and controlling accordingly.)
  I must admit, that's a big ask .  So the other option would be to get those multicast packets to jump over to other vlans.
  I just checked your machine and it is covered by the following warranty;
  Why not give the Small Business Support Center a call  and ask them for some advice on enabling multicast forwarding  that may help you forward multicasts over VLAN boundries.
  regards Dave

• SGE2010 and IPv6 configuration

  Dear sirs,
  I own a /48 ipv6 address block , and i'd like to cut it in /64 blocks with a SGE2010 switch .
  Layer 3 and IPv4 configuration works well : IP configuration on vlans and IP routing between vlans.
  MachineA (172.18.10.200)    <====> (172.18.10.253/24) switch (172.18.255.1/24)   <=====> MachineB (172.18.255.100)
  I'd like to do the same configuration in ipv6 : but i experience problems :
  When i want to add an ipv6 interface, it doesn't add it, but replaces the already defined ipv6 interface.
  I first thought of a problem with web administration interface , so i tried to define a configuration file like this :
  vlan database
  vlan 2,255
  default-vlan vlan 10
  exit
  interface ethernet 1/g6
  switchport access vlan 2
  exit
  interface ethernet 1/g47
  switchport access vlan 255
  exit
  interface vlan 2
  name Wan
  ip address 172.18.1.253 255.255.255.0
  ipv6 enable
  ipv6 nd dad attempts 0
  ipv6 address 2001:7a8:5a90:1::60/64
  exit
  interface vlan 255
  name Admin
  ip address 172.18.255.1 255.255.255.0
  ipv6 enable
  ipv6 nd dad attempts 0
  ipv6 address 2001:7a8:5a90:255::1/64
  exit
  interface vlan 10
  ip address 172.18.10.253 255.255.254.0
  ipv6 enable
  ipv6 nd dad attempts 0
  ipv6 address 2001:7a8:5a90:1000::2/64
  exit
  hostname sw-48-1g
  clock timezone 2
  And i uploaded it through the web interface , replacing the startup-config.
  After rebooting the device : only the vlan2 ipv6 configuration is used ... all other vlans only respond in IPv4 .
  Did I made something wrong ?
  Regards.

  Supported with Cisco CUCM, phones, etc. if that is your question. Described in SRND.
  Chris

• New SGE2010 - Can't access GUI

  Hi
  With allot of excitement i decided to purchase a SGE2010 48x port  10/100/1000 Ethernet for our company in order to get the internal DHCP,  DNS and general net administration on metal.
  I was under the impression that the initial setup was plug and playable,  but the reality was completely different. I started connecting the  switch to our existing infrastructure without luck. After that i tried  connecting to the GUI to see if the configuration was off, but was  unable to connect (used the default 192.168.1.254).  After that i  disconnected the switch from our network, did a factory reset, and  connected a single computer to the switch (tried various port), and  still i couldn't connect.
  In the end i had to dust off an old machine with serial port and connect  to the switch through the console port to see what was going on.  Configuration options on the console were to say at least very minimal,  but i could see that both http and https were enabled, the device ip was  192.168.1.254, DHCP disabled, VLAN id 1, default system parameters like  stacking mode was on stackable (tried standalone without luck), and  layer 2 was on.
  I am very surprised that i can't connect to the webgui through a  nettbrowser to the switch, since that is like what Step 2 in the  management manual. There it is stated that you should be able to connect  using any of the 48 ports.
  For those who are wondering then there are no firewalls enabled on the  client, and this is a fresh install windows xp machine i am using to  connect, and ie6. Firmware on the switch is 3.0.0.18 which is the latest  one.
  I would appreciate all the help i can get since i've run out of options. Am i missing something or is the switch faulty ?

  Hi rafn,
  Refer to ; http://www.cisco.com/en/US/docs/switches/lan/csbms/sfe2000/quick_start/guide/SFE-SGE2xxx_QuickStart.pdf
  The Quick start guide does state;
  STEP 1 Connect a PC to any of the non-stacking ethernet ports with an Ethernet cable.
  STEP 2 Open a web browser. Cisco recommends Internet Explorer version 7
  or later, or FireFox version 3.  If you are prompted to install an Active-X plugin when connecting to the switch, follow the prompts to accept the
  plugin.
  STEP 3 Enter the IP address of the switch in the address bar and press Enter. For example, if the switch is using the default IP address, enter http://
  192.168.1.254. The Login Page opens.
  STEP 4 Enter a user name and password. Passwords are both case sensitive and alpha-numeric.
  STEP 5 Click Login. The Switch Configuration Utility System Dashboard Window appears.
  Check out the quick start guide  and try upgrading the browser you are using to IE7
  regards Dave

• Tacacs+ and dynamic vlans

  Hi,
  Is there a good howto or tutorial that shows what settings are required to have dynamic vlan functionality . Using tacacs+ 802.1x/peap I can get a domain user authenticated but I don't follow how the vlan setup / switching should be done. I want all users that fail domain authentication to be put in vlan xxx and if the user does authenticate to be put into vlan yyy (I am using 802.1x PEAP and server side cert only). I am using ACS v3.3, W2k-AD, winXP supplicant , cat5000. Thx in adv.

  Yes, you can get the proper documentation at " target="_blank">www.cisco.com/techsupport--------> Products --------> Security ----------> select appropriately to go to Tacacs and click on view all.

• RV180W as access point to multiple existing VLans

  The company that initially built our network setup sold us two RV180W as accesspoints for internal/Guest WLan provision. In the end they never properly installed them, so I am stuck with solving the riddle …
  Q: Is it possible to connect an RV180W with two network ports to two existing VLans on a CISCO 2960 with the following funtionality
  - VLAN 100 internal, authentification via Windows2012/Radius
  - VLAN 101 guest access to CISCO ASA 5510 direct to Internet
  and how am I going to configure this?
  I am kind of lost, as I did not find a way to set up different IP ranges on VLAN tagged LAN ports on the RV180W, nor did I find a howto either in the manual nor on the web.
  thanks in advance
  Michael

  already toyed around with the router in AP mode. What I understood so far:
  - do not use VLan Numbers set up on corresponding ports of other CISCO equipment – the router does not care (understand?) about that,
  - do not tag VLans,
  - only use VLans to separate port/WLan combinations on the RV180W from each other,
  then
  - VLans will be separated,
  - the AP will offer different WLans,
  - even offer DHCP address leases, though I did not find a way to manipulate IP-ranges or gateway settings in AP mode …
  Will have a go next week and try to use routing functionality for our planned external network
  - to route the external VLan directly to our ASA Firewall,
  - connect the internal VLan to our Win2012 DHCP Server,
  - enable Radius authentification on the internal VLan.
  Toying around was rather easy with trial and error, but
  - reset, reboot and config is sluggish,
  - which makes the needed trial and error approach a pita,
  - documentation is really bad, it’s even missing the gaps,
  - interoperability with business products is neither logical nor reasonably documented.
  I run several ten year old linksys APs that are better documented and more straightforward to config.
  If this is technical advance I want the developer’s money back …
  accept my apologies for the rant
  Michael
  PS and last edit: the thing seems awesome, especially at its pricepoint, but the documentation is absolutely subterranean compared to what the router really offers …

• DHCP relay for SGE2010

  hi
  I have SGE2010 switch in layer 3 mode and im unable to assign IP addresses in second VLAN 2.
  My setup
  Port 1: TRUNK , VLAN 1 and VLAN 2 --> connected to Cisco 887 FE3 Trunk with  VLAn 1 and VLAN 2 and DHCP pool for VLAN2
  Port 2: TRUNK , VALN1 and WLAN2 --> Cisco Aironet 1040 LAN WIFI VLAN 1 and Guest WIFI VLAN2
  Port 3: Access , VLAN1 Windows DHCP server for VLAN 1 subnet
  My LAN WIFI clients can get IP from Windows DHCP server for VLAN 1
  My Guest WIFI clients on VLAN 2 cant get an IP from the Cisco 887 router on VLAN 2.
  I did try turning on DHCP relay etc but didnt make  any difference.
  Can anyone give me some pointers on wat im missing ?
  Thank you

  Hi, if the symptom is that when you assign an IP address to vlan 2 the switch "locks up" then the reason is because the vlan 1 did not have an IP address assigned by user.
  To fix that, you'd need to add an IP address for vlan 1 as you like then try to make an IP for the additional vlans.
  -Tom
  Please mark answered for helpful posts

• Sge2010p switch with polycom 335 how to VLAN or voip

  Hello guys,
  We just purchased one of Linksys SGE2010P for upcoming plan for VOIP in our office.
  And ony 1 port per each cubicle is available through gigabit wiring.
  So people will hookup this ip phone to their port and then PC.
  Using L2 switch, there is no way to separate voice and data through VLAN and this is why we purchased SGE2010P which is L3 fuctional switch.
  With this L3 switch - SGE2010P - what would be a best practise to make a voip to work?
  Sorry for very little information but will appreciate any advice,
  Thanks
  Charlie

  Are you looking to setup vlans on the switch or do layer three switching on the sge2010?  If layer three, you could do the vlans on the switch and do a default route to the router.  Then setup a route back from the router to the switch for the networks included in the vlans.
  If in layer 2, just create the vlans on the switch and configure the switch as a trunk with data and voice on the trunk.

• Shared office Vlan setup on ESW switches

  Hi,
  I wonder if you can give me a bit of a sanity check on the following design for a shared office. We are somewhat restricted by the buildings cabling, the actual design is a bit larger.
  What we require is all IP phones (not Cisco) to be able to talk to each other and Company A's server, Company A's server and PCs to be able to communicate together and Company B's Router and the network behind it to be able to access a shared printer and the internet. Anything without a Cisco part no next to it isn't cisco and must be assumed to be dumb.
  I'm not after a detailed howto - I just want to check that in theory this is possible, I'll work bench the equipment if it will work.
  Thanks,
  Adam

  Hello and good afternoon,
  You have the phones in the same VLAN, vlan 3. This is good.
  You have company B's router, the printer and server in the same vlan, vlan 5.
  You have company A's PCs, the server, and the 'router' to the Internet in the same vlan, vlan 1. The server appears in multiple vlans ... will it have multiple interface cards or dot.1q trunking?
  Do I have this right?
  I think this is fine overall, and do please let me ask a few questions to make sure I understand your approach and design.
  Company B's router will perform security to restrict company A's PCs from access it.  This router can actually run a firewall and then protect this second company.  Shared resources like the server and printer's specific IP addresses will be allowed into company B's network; you will need to make sure you allow bi-directional access.  
  Company A's PCs can access the printer in vlan 5 by being routed there by the Internet router; inter-vlan routing.  Security on this router will keep company B's network from accessing company A's PCs / network. 
  I suppose you will employ some security on the router for the printer and server so that only Company A and B can access the these shared devices.  Unless you plan on open access to these shared resources and then just simple inter-vlan routing is needed.
  All in all I do not see any problems with this, the switches can perform vlans and trunking just fine.
  Having an internal firewall and or a second router for a second company is not that rare (it's a good idea) and it does well to 'hide' or protect the second company.
  You will likely need to spend a little extra time in the lab to make sure you have all the configs right ... and I can imagine this getting confusing when you are configuring the Internet router.
  Do please respond with any follow up questions and or comments.  Many thanks 
  Andrew Lissitz

• QoS setup on SGE2010 to support VoIP trunks between PBXs

  Folks, I'm stumped on how to configure QoS on my SGE2010 to support my Toshiba CIX PBX VoIP trunks.  The infrastructure is straight forward:
  PBX(1)<==>SGE2010(1)<==>SGE2010(2)<==>SGE2010(3)<==>PBX(2)
  where PBX(1) and PBX(2) are connected through three SGE2010's that are trunked via fiber between buildings.  I don't have VoIP handsets and the PBX's are on their own VLAN.  Everything else has been a breeze in these switches but I have no experience with QoS and the admin guide doesn't help.
  Jim

  Tom,
  I found this Cisco doc http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/qos.pdf which helped me understand what you were saying and yes, that did clarify things.  So here is what I did:
  1) I reverted my config back to before I started messing around with QoS settings.
  2) I verified QoS was in Basic mode.
  3) I set the ports on each switch to CoS 5 which equates to DSCP 46.
  4) Didn't touch Queue and left Strict Priority in place.
  5) CoS to Queue defaulted CoS 5 to Queue 3.
  6) DSCP 46 is in fact assigned to queue 3 by default in the switch, as you stated, so no mismatches.
  7) No Bandwidth or VLAN Rate Limits were set.
  The result of these settings should be ingress traffic from ports with CoS of 5 to receive strict priority and allocated first for egress.  As long as my QoS settings are identical for all switches between the PBX's, my VoIP traffic should have priority across the switch trunks.  Am I missing anything?

• SGE2010 Private Cloud networking = complexity

  I've been tasked by 4 medical practices to move their servers into a colocation facility, connect their remote offices using high-speed fiber (10-100Mb) and still keep each practice separate.  They are sharing the colo and SAN to reduce their individual cost.  Basically I'm setting up a private cloud with a twist - keeping them separate.  I worked all afternoon yesterday and through the night until 5am with no luck getting anything to work.  Please help.  I'm sure there is something obvious that I'm overlooking.
  Here is where I'm currently at.  I'm a server administrator that knows enough networking to be dangerous.  Here is what I have so far.
  All switches have been changed to Layer 3
  Practice 1
  Colo network & 32nd St Office
  I was able to connect these two locations with the high-speed fiber using a flat network (VLAN 1).  I will need to break them into different subnets.
  2 - SGE2010s stacked
  IP: 192.1.1.38 /24 (It was already like this.  I'll need to migrate them to 10.13.2.1)
  VLAN: 132
  VLAN IP: 192.168.13.2 /24
  VLAN: 1013
  Port 48 changed to General, admit all (Fiber connection)
  Routing
  192.1.35.0 /24 -> 192.168.13.3
  0.0.0.0 /0 -> 192.1.1.38
  CG office
  1 - SGE2010
  IP: 192.1.35.254 /24 (will migrate later to 10.13.3.1)
  VLAN: 133
  VLAN IP: 192.168.13.3 /24
  VLAN: 1013
  Port 48 changed to General, admit all (Fiber connection)
  Routing
  192.1.1.0 /24 -> 192.168.13.1
  I can't see the remote CG office.  What am I missing?  Once I get this basic setup I'm going to use it as a template for the remaing 9 offices.
  Thanks!

  "is there any other way i can just create a two node fail over in vmware workstation without having to use physical servers "
  Absolutely!  You will need at least three VMs.  One VM will be your Active Directory domain controller and your shared storage server (not a best practice, but it seems like you are creating a lab, so it will work).  Then you will need two
  to be the nodes of the cluster.  On the first machine you will need to set up either iSCSI or SMB - SMB is a lot easier.
  http://blogs.technet.com/b/josebda/archive/2013/08/16/3587652.aspx provides a step by step guide for setting up a configuration that is more complex than you want, but it should
  help you get started.  He uses a three node cluster, but two will do.  And, he is doing things under Hyper-V, so some things will have to be translated to the VMware environment.  Of course, if you use Hyper-V on a Windows 8.1 system instead
  of VMware workstation, more will apply.
  . : | : . : | : . tim