SRW224P VLAN setup question

I want to setup a VLAN to segment a subnet for security reasons.
The difficulty is I want both VLANs to use the same gateway. How do I do this?
I thought I would just create the 2nd VLAN and then assign the port of the gateway both VLANs (PVID); have the two VLANs use the same port for the gateway, but I do not see a way to assign more than 1 VLAN to a port. (multihome the gateway) If that is not the case please let me know how to accomplish this.
So ... I thought maybe I would phyically connect the gateway with 2 ports, but that doesn't work. The VLAN 2 doesn't communicate with the gateway. (I think this is because the MAC address of the gateway is in the switch, and the switch is sending the return traffic on the other port, so maybe I create a LAG with both ports, but that seems over engineered for what I want to do.)
What am I missing here, please help
Bedrock

It is not possible what you want to do. If you want to connect both VLANs through a gateway (i.e. a router) you must use a VLAN router, i.e. a router which supports multiple VLANs and 802.1q. With a VLAN router you can route between VLANs. But for this to work you must use different subnets on each VLAN, e.g. 192.168.10.0/24 and 192.168.20.0/24. Of course, each VLAN subnet has it's own gateway IP address inside the subnet which will point to the same router. So this kind of setup only depends on the capabilities of your router. If it is a VLAN router, set up a trunk port and add all necessary VLANs tagged to this trunk port. Make the same setup on the VLAN router and configure your inter-VLAN routing and filtering.
If you want to use the identical subnet in both VLANs and use the identical gateway IP address in both VLANs then you need something like a transparent L2 bridge/firewall which you would have to configure how to forward traffic between each segment. The bridge would only pass traffic from each VLAN to the gateway and not to the other VLAN. But here again, the detailed setup depends on the device you put in.
Bottom line: the SRW224P is a L2 managed switch. You can set up VLANs but each VLAN is fully separated unless you add another device which manages the interconnection.

Similar Messages

LoginModule with JAAS, setup question for Frank Nimphius

Hi Frank,
i am trying to use a custom LoginModule in conjuction with the setup procedure in your "J2EE Security in Oracle ADF Web Applications" white paper. Have you done this before? can you provide roadmap for additional/alternate setup steps needed to use a LoginModule?
this is my original post from early this week:
JAAS Setup question
thanks,
brenden

Brenden,
please refer to the OC4J security documentation which si a part of the Oracle Application Server documentation that can be looked up online here on OTN. Custom LoginModule configurations require OC4J 9.0.4. In addition, this feature also only works with the jazn-data.xml provider and not with OID.
From the perspective of this whitepaper, the LoginModule will be used by the OC4J container to authenticate users and thus should not require any change in teh paper.
I haven't yet had the time created an example and document that showcases how to do this. Hopefully christmas will give me some rest to look into this.
Frank

VLAN setup at home

I'm definitely out of my comfort zone here...but after reading a bit, I think a VLAN setup is what I'm after. I'd like 2 networks at my house sharing the internet connection. One network for my computers, One network for my kids. The purpose is security...my kids have been bringing home biological virus' since they were tiny...I'm certain they're the ones who'll let something in the house now as well.
I have a WRVS4400N small business router with VLAN capability. I've explored the setup pages and can't make heads or tails of what I'd need to do there. I've set up 2 BSSID's and isolated them, next I'd like to set up the vlans and assign the bssids to them. Can someone look at this setup pic and walk me through this? I appreciate the education!
Alternatively, if vlan is not the solution for my purpose, I'm open to suggestions. Thank you for your consideration.
-Scott

These might help.
https://www.myciscocommunity.com/message/36120;jsessionid=31011407BD6D879C90AF5B18540D3634.node0
https://www.myciscocommunity.com/thread/7996;jsessionid=8844A249A148FC7E71732CEBFA84EE42.node0?tstart=-1
http://www.cisco.com/en/US/docs/routers/csbr/wrvs4400n/administration/guide/WVRS4400N_Admin_Guide_v2.pdf
Shell.

SLM 2024 vlans setup

Hi,
I purchased the SLM2024 switch recently, but still not able to get it works in vlans setup. Appreciate if someone can help me on this.
I have configured my router to have two vlans in two interfaces. Each vlan will serve as dhcp server with subnet .10 and .20. I would like to segregate my switch into 2 different vlans, then connect the dhcp interface from my router to each one of the vlan on my switch. So I can have two vlans on switch serve two subnets. How can I do it? I'm new to cisco product, hope someone can guide me thru the setup.
Thanks,
Jim

Hi Ishal, disconnect the switch from all network elements. Reboot the switch. Attach 1 computer to the switch and assign a static IP address on the 192.168.1.x subnet and try to access the switch. Ensure you do not have any wireless connection active on the computer you're using.
-Tom
Please mark answered for helpful posts

VLAN setup on SF302-08P switch

I have the following setup using two SF302-08P PoE switches:
1st floor
=========
Switch #1 <-------> private network
<-------> public network
2nd floor
=========
Switch #2 <-------> private network
.... public network (visible but devices can't connect)
I have tried to make the config in switch #2 identical to switch #1, but something is still wrong.
Is this most likely a VLAN setup problem, or what?
Thanks.
Ken Watkins

Tom,
Thanks so much for your help. In my case, the second VLAN is VLAN 50. Here are the pics of what I think you are talking about through the web interface. Do these look like what you are suggesting?
Thanks again.
Ken

WRVS4400N VLAN trunking question

Hi all,
I just got a SRW224G4 today my main objective is to trunk 30 VLAN(s) to my WRVS4400N for interVLAN communication. So far I set G1 on my SRW as a trunk port and linked it to port 2 on my WRVS4400N (which is also set as a trunk).
So far no good when I go into LAN settings I do not see an option wheree I can set DHCP addresses or gateways for these VLAN(s). Is this even possible with the WRVS4400N I meen if Linksys is going to provide a small business solution atleast their equipment should support VLAN trunking with each other.
If anybody knows the solution to this please let me know.
Cheers

From what I know, although the WRVS4400N has support for port based VLAN setup, it does not give you the option to set different DHCP addresses for each of the 4 VLANS.

VLan setup for a 2950 and 2611

Im trying to setup a real basic VLan setup for 1 2950 switch. I would like to have 3 Vlans on it including the default Vlan. So my understanding is that for all 3 of the VLans to talk to each other I will need a router to be the layer 3 device that routes the Vlans.
On my 2611 it looks like this:
interface Ethernet0/0
no ip address
full-duplex
interface Ethernet0/0.1
encapsulation dot1Q 1 native
ip address 172.16.10.1 255.255.255.0
no snmp trap link-status
interface Ethernet0/0.2
encapsulation dot1Q 2
ip address 172.16.20.1 255.255.255.0
no snmp trap link-status
interface Ethernet0/0.3
encapsulation dot1Q 3
ip address 172.16.30.1 255.255.255.0
no snmp trap link-status
Then my 2950 looks like this:
interface FastEthernet0/1
description Connection to router
switchport mode trunk
speed 10
duplex full
interface FastEthernet0/2
switchport access vlan 2
interface FastEthernet0/3
switchport access vlan 3
interface Vlan1
ip address 172.16.10.2 255.255.255.0
no ip route-cache
ip default-gateway 172.16.10.1
Ok so as it currently stands the switch and router will not talk to each other at all. From the switch I can not ping the router and vice a versa. If I plug a laptop into one of the ports using VLan1 I can ping the switch IP 172.16.10.2 but obviously can not ping the default gateway which is the router...
I didnt think this looked very hard but for some reason it does not want to work for me at all...
Any ideas?
LR

I have two things you might try. First set your trunking interface on your switch to auto.
interface fastethernet 0/1
speed auto
duplex auto
This will help to make sure that the ethernet on the 2611 will negotiate the duplex with the switch. I've had issues with 2611's trying to do full duplex on there ethernet ports.
Another Option turn on CDP on your router and switch and do a show cdp neighbor to make sure there plugged into the right ports.
Three you could move the vlan 1 ip address on the 2611 to the main interface. Example below. Then try pinging the switch. Your other tagged vlans should still work at that point. Also if you have multiple switches make sure to setup Vlan Trunk Protocol see NOTE A.
no interface Ethernet0/0.1
no encapsulation dot1Q 1 native
no ip address 172.16.10.1 255.255.255.0
no snmp trap link-status
interface Ethernet0/0
ip address 172.16.10.1 255.255.255.0
NOTE A
Add the following commands to each switch to setup your Vlan Trunk Protocol. These are pretty much the minimum amount of commands you can use to setup VTP.
vtp domain CISCO1
vtp version 2

SA540 VLAN Configuration Question

I need to connect 2 internal LANs to the SA540 but cannot work out how to set the IP addresses for the 2 VLANs on this device. Does anyone know how to setup the relevant IP addresses for the 2 VLANs? Example: VLAN 2 IP = 192.168.5.10 and the second VLAN IP = 192.168.10.10The WAN port will connect to a single Internet device. Any help will be greatly appreciated.

Hi Ratan,
The following steps apply to latest MR Firmware version 2.1.18.
1) The first thing you need is to enable VLAN (Networking ->LAN -> VLAN Configuration -> Enable VLAN? {check this}).
2) Next you have to create the second VLAN (Networking ->LAN ->Available VLANs ->Add...) Name it and use the ID to associate the VLAN to (2). If you want inter VLAN Routing to be enabled leave the box checked, otherwise uncheck it.
3) Next we specify/edit the subnet that your new vlan will use. (Networking ->LAN -> Multiple VLAN Subnets) Look for the VLAN ID created above (2), and Click the Edit button. Modify the subnet parameters as needed.
4) Finally we assign the SA 500 ports to use the VLANS. (Networking ->LAN ->Port VLAN) Setup the port's Mode as Access, General, or Trunk, and assign VLAN membership as well.
See screenshots for clarity. If you need to create more VLANs, repeat steps 2-4 as needed.
Hope this helps,
Julio

VMWare WLC setup question with dual VLAN at sites

Multisite in same town design.
VMWare WLC deployed at main site runs all remotes. (7 sites). Sites are around town and not on same campus. Flexconnect local deployed on Cisco 2702e APs. Setup for two SSID's, one for data connections, other for Cisco 7921g wireless phones. Each site has its own DHCP scope.
I tried to setup 2 seperate WLAN ID for each site however it does not like the reused SSID name. I do not want to have to setup 7 profiles on everyones laptop to go between buildings. Seen a post mentioning to use AP groups however the video link was removed so it went into a deadend.

Thanks Scott,
so what I had setup before was under each WLAN, was each the interfce pull down to the interface vlan. I have now changed that to management and setup AP groups, each with the site's data and voice vlan defined under the AP group WLAN tab. So instead of the multiple SSID listed, now only two are listed.
I will have to take my test AP out to one of the other sites and move it to one of the new AP groups but this appears to be working on my current group I am testing from.

Two quick VLAN routing questions

lets say I have a L3 switch routing 4 VLANs
VLAN 1 is 192.168.10.0/24, the switch's virtual interface is 192.168.10.254 inside this vlan
VLAN 2 is 192.168.20.0/24, the switch's virtual interface is 192.168.20.254 inside this vlan
VLAN 3 is 192.168.30.0/24, the switch's virtual interface is 192.168.30.254 inside this vlan
VLAN 4 is 192.168.40.0/24, the switch's virtual interface is 192.168.40.254 inside this vlan
there is only one router going out from this switch to the net, and lets say it is in VLAN 1 and it's address is 192.168.10.1
first question-- inside of the L3 switch I will need to add a default route of 0.0.0.0 0.0.0.0 192.168.10.1
so that all traffic not corresponding to a 192.168.x.x address knows where to get out to the net, correct?
secondly- when configuring that router, is there a difference if I use the following static route:
192.168.20.0 255.255.255.0 192.168.10.254
instead of
192.168.20.0 255.255.255.0 192.168.20.254
either way, the packet gets to the L3 switch, but in one case it gets there via the VLAN interface inside of VLAN 1, and in the other case, it gets there via the VLAN interface inside of the VLAN for which the traffic is destined anyway. what im trying to figure out is, will this make any difference at all? especially in terms of broadcast packets?
if it makes no difference, then is it safe to say that the following static route would be optimal?
192.168.0.0 255.255.0.0 192.168.10.254
Solved!
Go to Solution.

Re "firstly". Correct. The L3 switch will route traffic according to its routing table. By default it knows all IP subnets to which it is directly connected to, i.e. all the VLAN subnets. If you have to add a default route manually or not depends on the exact implementation. It may well be that the L3 switch will use the any default gateway for routing which you use for the IP settings of the switch itself (if there is an option in the web interface to set a default gateway). If you cannot define a default gateway on the L3 switch you probably have to add a static route manually. The easiest way should be to check the current routing table and see if there is a default gateway or not.
Re "secondly". A router can only forward packets to the next hop router. The next hop router must be connected to that router. The route "192.168.20.0 255.255.255.0 192.168.10.254" is correct for a router with IP address 192.168.10.1 and subnet mask 255.255.255.0 as 192.168.10.254 is connected to the router. "192.168.20.0 255.255.255.0 192.168.20.254" is not correct. The router cannot learn the path to a specific subnet 192.168.20.0/255.255.255.0 by using a gateway in that subnet. It is not correct to use that kind of a route and you should not use it even if it might even work (because the router does a plain ARP request to find the MAC address of 192.168.20.254 and your L3 switch will respond to the ARP request even if it is on the internet of 192.168.10.254). The very moment when there would be another router between the 10 and 20 subnets it would not work anymore...
Re your conclusion: I would recommend to keep four static routes for the existing subnets on the L3 switch instead of putting everything into a larger single subnet which includes a lot of addresses which are not connected there. Technically it works if you only use working IP addresses. But you will see some loops if you send something to 192.168.55.50 or similar. The gateway router will send it to the L3 switch which will send it back to the gateway. They should figure it's a loop but still I would not recommend this kind of setup... Add routes for each of the L3 switch subnet...

Tough Switch and UAP Vlan Setup

Similar thread question in this community discussion:
http://community.spiceworks.com/topic/1080225-isolate-guest-network-by-vlan?page=1#entry-4846326
This discussions goes into great detail about tagging and untagging and pvid.

This seems to be a theme this week.First you need to confirm that your AP supports multiple SSIDs. If it does then the typical process is to create your multiple SSIDs and connect them to a defined vlan. In most installations your business (private) SSID will be connected to your native vlan (typ VLID 1) and your guest SSID will be connected to some other vlan ( VLID 200 ?)Inside your switch you will need to create vlan 200, and then on the port that goes to your AP you will need to setup the PVID to VLID 1 (should be already set), make vlan 200 a member of that port and set it up for tagging. So the port going to the AP will have VLID 1 untagged (native vlan) and VLID 200 tagged.From there you say you have two routers. Your current primary router you will leave as is, but for you guest network router you will take port 8 and set the...

RVL200 and SRW2008 VLAN setup

I have the RVL200 as my internet gateway and i have 3 VLAN's configured. i have set port 4 as my trunk and added all VLAN's to that port as tagged. I have setup a subnet for each of the VLAN's.
My question is what do i need to do on the SRW2008 so that all VLAN's are configured and have access to the internet

The IP's are being handed out by the DHCP correctly and clients in a VLAN can communicate with others in that VLAN.
As for my configuration i thought i would upload pictures of each of my settings on both devices. if you need more let me know.
The Port settings on the RVL200
The VLAN membership on the RVL200
The Port settings on the SRW2008
Ports to VLAN settings on the SRW2008
the VLAN to Ports settings on the SRW2008

Multi site, multi vlan configuration question

Hi Brian,Good questions.If the router connects to the switch on a VLAN 1 access port then it is a non-issue since the packets are not tagged.If there is a trunk between the router and the switch with tagged traffic, then I would recommend using inside and outside VLANs on the switch. Essentially this is just two VLANs, one for each Wanos interface so that it sits in the middle of the traffic flow. For example the gateway would say be in a VLAN 100 sub-interface on the router. Wanos wan0 would be in VLAN 100 and the lan0 interface remain in VLAN 1 along with the devices. The only way to the gateway is through the bridge. The bridge deployment is almost always the simplest way to get going, but where it is not possible, router mode is also available.Express will be ok for one remote location and if either direction across the WAN is...

Ok, I'm getting ready to setup Wanos for a test run at one of our remote locations. I'm seeing packet loss on the circuit to this specific site and I want to test the packet loss recovery capability of Wanos. Our network topology is point to multipoint with MPLS connections between our main location and each of our 7 remote offices. So at our main location if I read correctly I would have to add a bypass rule for all the other offices that do not have a Wan optimization device.I have to preface my question with this... we have VLAN tagging going on at the remote locations for data and voice. The switch is ultimately responsible for the tagging of the packets. The IP phones and computers are both on completely different networks. The devices are assigned their IP's from the router through DHCP with the data VLAN 1 as the default. The...
This topic first appeared in the Spiceworks Community

WRVS4400N 801.Q intra-vlan routing question

Hi all,
I have a question in regards to the 802.1Q intervlan feature on the WRVS4400N. My goal is to setup a test network with atleast 10 departmental VLAN(s). By reading the WRVS4400N's data sheet I know that it supports up to 4 VLAN(s). I decided to purchase a Linksys SRW224G4 since it can create more than 4 VLAN(s).
With my previous Cisco experience I used to configure VLAN(s) on a Catalyst 2940 and trunk them to a Cisco 2501 series router by configuring trunk ports on the Catalyst and sub interfaces with 802.1q tagging on the routers.
I was wondering if I could trunk 10 VLAN(s) from my SRW224G4 to my WRVS4400N?
This is what I have tried to do so far
On the SRW224G4 I configured 10 VLAN(s) and set port G1 as a trunk port to port 1 on my WRVS4400N.
On my WRVS4400N I configured port 1 as a trunk port that accepts all frames.
When I look at the LAN settings on my WRVS4400N it doesn't give me the option to configure gateways for my VLAN(s). Does this router only support 4 VLAN(s)? if it does is there another router I can look into that has the ability to support more than 4?
I purchased the Linksys/Cisco small business series thinking that it can provide me with the basics to create a small network. I never thought the WRVS4400N would have a 4 VLAN limitation even when I trunk VLAN(s) from a switch.
Thanks for the input guys
Cheers

Hello,
i'm new here and planning to do something similar to what you suggest.
I also have a slm2024 on which i plan to create more than 4 vlans. I'm looking for a gigabit router to route all my network and act as dhcp server. I will connect the switch to the router by a trunk.
In my setup only 4 of my vlans will need a dhcp server. So if my understanding is correct, the integrated dhcp will be able to serve those 4 vlans if they are created on the router. Is it correct ? In this guide http://www.cisco.com/en/US/docs/routers/csbr/wrvs4400n/administration/guide/WVRS4400N_Admin_Guide_v2.pdf page 60, there is an illustration of dhcp configuration but i don't see anything allowing to select the vlan. How does it work in fact ?
In my ideal setup, i would like to distribute a different subnet by vlan. Ex : 192.168.2.0 for vlan 2; 192.168.3.0 for vlan 3; etc...
For the other vlans i would affect static IPs.
Is this setup possible with this router ? If it's not, which other cisco router would you suggest me ?
Thanks in advance for your answer.

New UCS and VMware setup Questions

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
We are currently in the process of migrating out vmware infrastructure from HP to UCS. We are utilizing the Virtual Connect Adapters for the project. With the migration we also plan on implementing the cisco nexus v1000 in our environment. I have demo equipment setup and have had a chance to install a test environment, but still have a few design questions.
When implementing the new setup, what is a good base setup for the virtual connect adapters with the v1000? How many Nics should I dedicate? Right now I run 6 nics per server (2 console, 2 Virtual Machines, and 2 Vmotion). Is this a setup I should continue with going forward? The only other thing I am looking to implement is another set of nics for nfs access. In a previous setup at a different job, we had 10 nics per server (2 console, 4 virtual machines, 2 vmotion and 2 iSCSI). Is there any kind of standard for this setup?
The reason I am asking is I want to get the most out of my vmware environment as we will be looking to migrate Tier 1 app servers once we get everything up and running.
Thanks for the help!

Tim,
Migrating from HP Virtual Connect (VC) -> UCS might change your network design slightly, for the better of course . Not sure if you're using 1G or 10G VC modules but I'll respond as if you've using 10G modules because this is what UCS will provide. VC modules provide a 10G interface that you can logically chop up into a max of 4 host vNIC interfaces totaling 10G. Though it's handy to divide a single 10G interfaces into virtual NICs for Service Console, VMotion, iSCSI etc, this creates the opportunity for wasted bandwidth. The logical NICs VC creates provides a max limit of bandwidth to the adapter. For example if create a 2GB interface for your host to use for vMotion, then 2G of your 10G pipe is wastes when there's no vMotions taking place!
UCS & 1000v offer a different solution in terms of bandwidth utilization by means of QoS. We feel it's more appropriate to specifiy a "minimum" bandwidth guarantee rather than a hard upper limit - leading to wasted pipe. Depending on which UCS blade and mezz card option you have, the # of adapters you can present to the Host varies. B200 blades can support one mezz card (with 2 x 10G interfaces) while the B250 and B440 are full width blades and support 2 Mezz cards. In terms of Mezz cards now, there's the Intel/Emulex/Qlogic/Broamcom/Cisco VIC options. In my opinion the M81KR (VIC) is best suited for virtualized environments as you can present up to 56 virtual interfaces to the host, each having various levels of QoS applied. When you roll the 1000v into the mix you have a lethal combination of adding some of the new QoS features that automatically match traffic types such as Service Console, iSCSI, VMotion etc. See this thread for a list/explanation of new features coming in the next verison of 1000v due out in a couple weeks https://www.myciscocommunity.com/message/61580#61580
Before you think about design too much, tell us what blades & adapters you're using and we can offer some suggestions for setting them up in the best configuration for your virtual infrastructure.
Regards,
Robert
BTW - Here's a couple Best Practice Guides with UCS & 1000v that you might find useful.

SRW224P VLAN setup question

Similar Messages

Maybe you are looking for