Spanning vlans across access switches in distribution block.... please help

Similar Messages

• Span VLANs across switches

  VLANs are new to me so please forgive me -
  We have 5 Cisco sg500x switches. We need to create two vlans across some or all of the switches.
  I have been successful in creating vlan1 on one switch and excluding and including ports to segregate traffic. My problem is I can’t get the other switches to see vlan1 that was created on the original switch. I have enabled gvrp on all switches and ports assigned to the vlan but no luck in getting vlan1 devices to communicate across switches. How do I make this work? I think my main problem is creating uplink ports between the switches to carry the vlan across.
  How do I go about spanning vlans across the switches?
  Many thanks

  Thanks Robert I think that has got me a bit further in that I'm not getting VLAN MISMATCH error any more. I believe it was because the trunk ports were marked as untagged.  I still don't feel I understand the NATIVE VLAN concept or how to set it. If I have the default VLAN(1) and I have the VLAN I am trying to span across two switches (VLAN2) do I then need a 3rd VLAN to be the native for either end of the trunk between the two switches? Anyway this what I've done in more detail -
  On Switch 1
  Create VLAN 2: VLAN ID 2
  Set port 2 as follows: Default VLAN1 = forbidden, VAN2 = trunk, tagged
  Set port 3 as follows: Default VLAN1 = forbidden, VAN2 = access, untagged
  On Switch 2
  Create VLAN 2: VLAN ID 2
  Set port 2 as follows: Default VLAN1 = forbidden, VAN2 = trunk, tagged
  Set port 3 as follows: Default VLAN1 = forbidden, VAN2 = access, untagged
  With rj45 connect port 2 on both switches to each other. Clients connected to port 3 on both switches cannot ping each other across the trunk.
  Seeing this in the logs:
  Warning: %STP-W-PORTSTATUS:gi1/1/2: STP status Forwarding
  IP info:
  Default VLAN1 on 172.16.1.0/21
  VLAN2 on 172.16.40.0/21
  Any suggestions or areas to investigate would be helpful however obvious they may seem to anyone as this is my first effort with a Cisco. Thanks

• Creating multiple vlans across multiple switches

  Hi All,
  How should I create multiple vlans across multiple switches?
  For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP?  Just trying to practice and learn.. Any help will be greatly appreciated:)
  VLAN 100: [DHCP-workstations]
  172.26.4.0/24
  172.26.5.0/24
  VLAN 200: [Servers]
  172.16.1.0/24
  172.16.2.0/24
  VLAN 300: [Printers]
  192.168.129.0/24
  192.168.130.0/24
  VLAN 800: [Management for switches/routers]
  10.160.1.0/24

  Hi
  You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
  Thanks
  Ankur
  "Please rate the post if found useful"

• I bought  new iphone 5s locked  after i unlocked my iphone5s . when I switch on my phone it says enter your apple id but i forgot my icloud username. I cant access anything in my iphone. please help me? what shall i do .

  I bought  new iphone 5s locked  after i unlocked my iphone5s . when I switch on my phone it says enter your apple id but i forgot my icloud username. I cant access anything in my iphone. please help me? what shall i do .

  kitan47 wrote:
  I bought  new iphone 5s locked  after i unlocked my iphone5s
  Was it Officially Unlocked by the Carrier it was locked to...?
  If so... who is the carrier..?

• I'm having trouble with my macbook pro, I have only had it for three months, when I plugged a camera sd card into the sd slot it isn't appearing anywhere on the computer and i can not access my photographs. can somebody please help me?

  I'm having trouble with my macbook pro, I have only had it for three months, when I plugged a camera sd card into the sd slot it isn't appearing anywhere on the computer and i can not access my photographs. can somebody please help me?

  Shootist007 wrote:
  Clifton I must disagree with you on the above statement. It is my opinion and experience that you should never connect the camera directly to any computer, Mac Windows Whatever.
  It is always best to Remove the memory card from the camera and put it in a card reader, whether an external reader or one built into the computer, to copy images from the card.
  Hi Shootist. I would be interested in hearing some reasoning on this. I almost always use a USB cable to connect my camera to the MBP for transferring pictures, and have moved about 30,000 this way over the last 6 years since my photography went digital. Recently, on the rare occassions when I have only a few to transfer and I was too lazy to go for the cable, I have used the card reader; about half those times I have difficulty getting the MBP to recognise the card. I find I have to press the card very hard into the slot for it to be recognised.
  My rationale is quite possibly wrong, but I feel that the USB connectors are more robust and hard-wearing than the flimsy connectors on an SD card. Also, I haven't measured it, but I think the data transfer is faster with the cable. (I just came across this test, which reports noticeably faster transfer for cable than built-in card reader, but the computer was a PC)
  Chiara, sorry for hijacking your thread.

• My ipad mini does not restart when i press and hold the home and power buttons for a minute or more. what do i do? i really need to access some information on it. please help.

  my ipad mini does not restart when i press and hold the home and power buttons for a minute or more. what do i do? i really need to access some information on it. please help.

  You need to connect to iTunes and restore.
  iOS: Not responding or does not turn on
  You may need to put the device into recovery mode, this is covered in the link on this page.
  Did you back up the device?

• Iphone linked with old owner's account. Don't have access to old owner. Please help.

  IPhone linked with old owner's account. Don't have access to old owner. Please help.

  If you are trying to activate an iPad or iPhone and it is asking for a previous owners Apple ID and password, you have encountered the Activation Lock. This is a security feature that prevents thieves from setting up and using a stolen or lost iPad or iPhone. You have no alternative. You must contact the previous owner to get permission to use the device. If you cannot contact the previous owner return the device to where you bought it and get a refund. You will never be able to activate the device and no one can help you do it.

• Helo , my secret question and apple id was blocked, please help me repair my apple id , i want to keep using this my apple id

  dear ...
  please help meeee.... my my secret question and apple id was blocked, please help me repair my apple id , i want to keep using this my apple id.
  please helppppp meeeeeee......
  <E-mail Edited by Host>

  Dendyhebatz wrote:
  dear ...
  please help meeee.... my my secret question and apple id was blocked, please help me repair my apple id , i want to keep using this my apple id.
  please helppppp meeeeeee......my email & apple id XXXXXXX
  Try changing your Apple ID password at iforgot.apple.com first.
  Also:
  How to reset your Apple ID security questions.
  Go to appleid.apple.com, click on the blue button that says 'Manage Your Apple ID'.
  Log in with your Apple ID and password. (If you have forgotten your Apple ID password, go to iforgot.apple.com first to reset your password with a password recovery email)
  Go to the Password & Security section on the left side, and click on the link underneath the security questions that says 'Forgot your answers? Send reset security info email to [email]'.  This will generate an automated e-mail that will allow you to reset your security questions.
  If that doesn't work, or  there is no rescue email link available, then click on 'Temporary Support PIN' that is in the bottom left side, and generate a 4-digit PIN for the Apple Account Security Advisor you will be contacting later.
  Next, go to https://getsupport.apple.com
  (If you see a message that says 'There are no products registered to this Apple ID, simply click on 'See all products and services')
  Choose 'More Products & Services', then 'Apple ID'.
  A new page will open.
  Choose 'Other Apple ID Topics', then 'Forgotten Apple ID Security Questions'.
  Click the blue 'Continue' button.
  Select the contact option that suits your needs best.

• My iphone in the evening yesterday vibrated continuously and went off am charging is not charging the phone is not switching on again. Please help me

  My iphone in the evening yesterday vibrated continuously and went off am charging is not charging the phone is not switching on again. Please help me

  well in thatcase, i need another help .
  thanks for your instant reply.
  i have currently bought a new laptop (windows 8) and my iphone is not being recognized by itunes.
  because i have no backup on my previous laptop, i downloaded touchcopy but even touch copy is not recognizing my iphone.

• How to span vlans across core layer in core/distribution/access campus design?

  Hi,
  I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.
  Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
  Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
  In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
  So using the same vlan in different buildings seems not to be supported?
  Best Regards,
  Thorsten

  Thorsten
  Just to add to Joseph's post.
  It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.
  Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.
  Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)
  As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.
  If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.
  But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.
  There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).
  What you do really depends on just how many vlans you actually need to extend between sites.
  Jon

• ISE to dynamiclly push Private Vlans on Access switch deployments

                     Hi all,
  is there a way to push PVLAN configuration via ISE to Access switches.
  Currently I'm thinking about an authoration profile with an attribute setting PVLAN.
  Has anyone an idea how to push Private VLan configs dynamiclly to Access Ports on Switches.
  Thanks for your comments

  Try looking into using switch macros, you should be able to create a custom macro that changes the config of the port in question to make it part of a pvlan community/isolated port or whatever you need and then trigger this macro from ISE with your authorization result. It's used for the feature cisco call NEAT, try searching for that and you should find some examples.

• Configure VLANs across multiple switches

  Hi.
  I'm trying to configure a segregated network using a VLAN. There are 5 switches on the site (all SG200). A router with 2 interfaces - one for the normal network and for the segregated network - is connected and located at switch 1. The network which needs to be segregated and the PCs on it are connected to a port on switch 5. Switch 1 is connected to switch 2, 2 to 3, 3 to 4 and 4 to 5.
  I have created a VLAN but can't get the network to talk to the first switch over the link. I have created a VLAN ID 10 on each switch. Do the switches have to be linked together logically in some way to get this to work.
  Thanks.

  Hi,
  Try to create the VLAN 5 in all switches.I have assumed that Management VLAN for all switches are VLAN 1.Kindly configure Trunk between switch 1 to S2 ,S2 to S3,S3 to S4,S4 to S5, S5 to S1.Allow the VLAN's 1U,10T.
  regards
  Moorthy

• How to setup the trunk for private vlans across 2 switches (Both are SF300-24)

  Dear All,
  I have 2 switches which are SF300-24.
  Switch 1 is connected to Internet Router for all clients on swith1 and switch 2.
  The clients on switch 1 & switch 2 don’t communicate each other.
  Port1~Port24 on switch 1 & switch 2 are isolated ports.
  Gigaport1 on switch1 is connected to gigaport1 on switch2.  
  Gigaport2 on switch2 is connected to Internet Router.
  The VLAN 100 is for isolated ports.
  The native VLAN is 1.
  Please help me how to configure the case. Thanks for your help.

  I think he's just looking for PVE.  You can enabled 'protected port' on a port by port basis.
  Here's the excerpt from the admin guide.
  Protected Port
  —Select to make this a protected port. (A protected port is
  also referred as a Private VLAN Edge (PVE).) The features of a protected port
  are as follows:
  Protected Ports provide Layer 2 isolation between interfaces (Ethernet
  ports and LAGs) that share the same VLAN.
  Packets received from protected ports can be forwarded only to
  unprotected egress ports. Protected port filtering rules are also applied
  to packets that are forwarded by software, such as snooping
  applications.
  Port protection is not subject to VLAN membership. Devices connected
  to protected ports are not allowed to communicate with each other, even
  if they are members of the same VLAN.

• All Emails Sent to Verizon Email Addresses Are Blocked - Please Help

  Hello,
  Email messages that our company sends to Verizon recipients are being blocked by the anti-spam system. I have copied a sample failure message below. I have submitted whitelist requests several times, but get automated messages in return saying the IP is dynamically assigned (see below). Our IP address is static, not dynamically assigned. No spam is going out from the system, and we are not on any of the blacklists. Our emails to [email protected] and [email protected] are also being blocked, so I have found nowhere else to turn for assistance.
  Can you please help or assign an agent to help us in this matter? We have many customers who are not receiving their online purchases or responses to their requests for assistance from us because Verizon is blocking all emails to them from our servers. We certainly don't want to have to post to our online store that we cannot sell to or assist anyone with a Verizon email address.
  The mail server in question is: *******
  IP address: ******
  Your help would be greatly appreciated.
  Thank you,
  TraciG
  MailEnable: Message Delivery Failure.
  Reason: ME-E0193: [629A7226243B4A9D90F818B13EEF69C2.MAI] Message Delivery Failure.
  Your message addressed to the target domain (verizon.net) could not be delivered because the mail server responsible for this domain returned a permanent error.
  The server returned:
  571 Email from ****** is currently blocked by Verizon Online's anti-spam system. The email sender or Email Service Provider may visit http://www.verizon.net/whitelist and request removal of the block. 141223
  After investigation, Verizon Online Security has determined that e-mail from your IP address will not be allowed access to the Verizon Online e-mail domain due to one or more of the following reasons:
  Your IP has been blocked because of spam issues or because your ISP indicates that it is dynamically assigned
  Once you have addressed any security-related issues on your network, you should  contact Verizon Online Security via this form. At that time, we will work with you to restore normal e-mail traffic or to take other action as we deem appropriate.
  Sincerely,
  Verizon Online Security
  http://www2.verizon.net/policies
  [email protected]
  Solved!
  Go to Solution.

  Hi TraciG,
  Your issue has been escalated to a Verizon agent. Before the agent can begin assisting you, they will need to collect further information from you. Please go to your profile page for the forum and look at the top of the middle column where you will find an area titled "My Support Cases". You can reach your profile page by clicking on your name beside your post, or at the top left of this page underneath the title of the board.
  Under "My Support Cases" you will find a link to the private board where you and the agent may exchange information. The title of your post is the link. This should be checked on a frequent basis, as the agent may be waiting for information from you before they can proceed with any actions. To ensure you know when they have responded to you, at the top of your support case there is a drop down menu for support case options. Open that and choose "subscribe". Please keep all correspondence regarding your issue in the private support portal.

• Is it possible to switch my internet? Please help

  Right now I am using iCab Web Browser and its a shareware. It's very slow, and can't access some websites. I have OSX 9. Is it possible to switch to Internet Explorer or Windows? I really would like to switch and I am not a computer person whatsoever. Please help me.

  There are other older choices from which to experiment, such as Classilla 9.2.1 browser,
  which is newer than the much older WaMcom mozilla derivative...
  These would all have some issues, and one of them is the lack of correct Java support
  along with any Flash player or other important parts whose update has ceased to happen.
  Classilla:
  http://www.floodgap.com/software/classilla/releases/
  Older browsers, such as very early (Mac OS) Mozilla and Netscape 7 or before may be OK
  if you can find them as downloads; but each will be lacking in some important area. For those
  who may hope to use the email function in some, that may not work. It may in another, if the
  technical specs for email haven't changed too much, or if the Internet provider allows access.
  http://code.google.com/p/classilla/wiki/AAATheFAQ
  MRJ and Flash 7 are supported to some limited extent, from what I've read; but for issues
  including security and performance, it is 'forced-off' and should only be turned on to see if
  a web page supports it, or in known-secure web sites. Classillia should be read into further.
  Some models of older computer hardware predating OS X 10.2 may require a Firmware
  update version to be installed in the older OS9 software, running in the computer, to be
  able to safely consider running 10.2 or later, in the computer. So if you consider that, do
  look into available or necessary firmware updates and install one as needed. Then, to run
  an OS X, the computer may require other hardware updates, more RAM, larger HDD, etc.
  Or be on the look-out for a newer build Macintosh which supports later OS systems; you
  can find info in MacTracker.ca or everymac.com on what hardware supports which OS.
  PS: if your older 'colors' G3 iBook were a 'dual-USB' model (white, 500MHz+) it would be
  able to run up to Panther 10.3.9 and OS 9.2.2, without additional firmware update; limited
  by the size of the hard disk drive, graphic processor, limited RAM upgrade, bus speed, etc.
  Good luck & happy computing!