Switches 2950 with private-vlan

Hi experts!
Do you know if switches 2950 suport private-vlan? I upgrade IOS and try to configure PVLAN, but this switch model dont have the interface mode command "switchport private-vlan".
best regards,
Rodrigo A.

See the below matix:-
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
HTH>

Similar Messages

Multi-VRF CE with Private VLANs

Does anyone know if you can implement a VRF instance on a private vlan? I would assume so, and will lab it out as time permits, but was curious if anyone had tried it/knows one way or the other.

Since both the platforms support VRF lite and MPLS VPN, you can use Frame-Relay as the encapsulation for sub interfaces with local DLCI switching.
As the VRF configuration is not media dependent.
HTH-Cheers,
Swaroop
Router 1
interface Serial0/0
no ip address
encapsulation frame-relay
no keepalive
!--- This command disables LMI processing.
interface Serial0/0.1 point-to-point
!--- A point-to-point subinterface has been created.
ip address 172.16.120.105 255.255.255.0
ip vrf forwarding xxx
frame-relay interface-dlci 101
!--- DLCI 101 has been assigned to this interface
Router 2
interface Serial0/0
no ip address
encapsulation frame-relay
no keepalive
!--- This command disables LMI processing.
interface Serial0/0.1 point-to-point
!--- A point-to-point subinterface has been created.
ip vrf forwarding xxx
ip address 172.16.120.120 255.255.255.0
frame-relay interface-dlci 101
!--- DLCI 101 has been assigned to this interface

Port-channel with Private VLANs on Nexus1000v

Hi all,
It says that private vlans are not supported on port-channel ports ont Nexus 1000v L2 Switching Guide.
AFAIK, if you have two ports between ESX VEM and physical switch and both these ports are configured as 802.1Q and carrying the same VLANs, when the port which carries the traffic at the moment fails, the other port do not failover automatically. This is mentioned in "Nexus 1000v Deployment Guide version 2" as ,
"Individual Uplinks : A standard uplink is an uplink that is not a member of a PortChannel from the VEM to a physical switch. It provides
no capability to load balance across multiple standard uplink links and no high-availability characteristics. When a standard uplink fails, no secondary link exists to take over. Defining two standard uplinks to carry the same VLAN involves the risk of creating loops within the environment and is an unsupported configuration. Cisco NX-OS will post warnings when such a condition occurs. "
Does anyone have any idea in order for the attached topology to work. Do I have to forward each and every VLAN from different ports ? If I do that how am I going to manage different VLANs and still have that hosts in the same primary VLAN with same IP subnet ?
Thanks in advance.
Dumlu

Hi,
You can't have M and F ports in single port channel irrespective what code version you are running , it will throw error on you..
nor you can have m1 port channel one side and another f port channel other side , port channel

Private vlans and 2960 and 3560 switch

Hi, I have a 3560 switch that supports private vlans. There are few computers connected to it and private vlans work fine. Now I need to connect a 2960 switch to 3560 switch. 2960 seems to have no private vlan configuration options but it can be private vlan edge? What is private vlan edge? If I put the computers on 2960 to a vlan that is isolated vlan in 3560 will the computers be able to communicate with themselves in layer2 on 2960 switch?

Example: I have network 10.0.0.0/24. Networks primary vlan is 2001, isolated is 2002 and community is 2003. These settings are on 3560. So if I put computers on 2960 switch to vlan 2002 and make the ports protected ports they will act as isolated ports and they can't communicate with ports that are on isolated vlan 2002 on 3560???
Can I also use the community vlan on 2960? is this possible because vlans 2002 and 2003 would be on the same network???

Private vlan with MVR or any related solution

I would like to enable MVR on C4507R+E on trunk port. Actually my current network setup is connecting two uplink from this switch to aggregation router as layer 2. And CPE is connected down this switch with private vlan configuration. I have attached interface configurations with this.
I have to apply “mvr vlan 101 receiver vlan 104” in gig 1/1 interface to map the MVR vlan. But that is not supporting when the link is configured as “switchport mode private-vlan trunk”. Only this command is allowing if I configured as “swithport mode trunk”. But if it is normal trunk, private vlan services are not working. Please suggest your solution for this problem.
According to cisco we can’t enable MVR in private vlan trunk port. Is there any other solution for this than ACL to block the stream from CPE to upwards at 4507 switch?
(mvr working, but private vlan is not working)
interface GigabitEthernet1/1
switchport private-vlan trunk allowed vlan 101-104
switchport private-vlan association trunk 200 102
switchport private-vlan association trunk 300 101
switchport mode trunk
mvr type source
mvr vlan 101 receiver vlan 104
mvr immediate
spanning-tree guard loop
end
(private vlan working, but mvr is not working)
interface GigabitEthernet1/2
description "connected to CPE"
switchport private-vlan trunk allowed vlan 101-104
switchport private-vlan association trunk 200 102
switchport private-vlan association trunk 300 101
switchport mode private-vlan trunk
mvr type receiver
mvr immediate
spanning-tree guard loop
end

Hey,
Correct, only one Isolated primary vlan is associated with Primary private vlan. Snippet from configuration guide:
"A primary VLAN can have one isolated VLAN and multiple community VLANs associated with it. An isolated or community VLAN can have only one primary VLAN associated with it."
HTH.
Regards,
RS

Configure Private VLAN on 3750 & 2960

Hi All,
( R ) ------ [ 3750 ] ------- [ 2960 A ]
|------------ [ 2960 B ]
I had these VLAN on the 3750 & 2960:
- Vlan 8 (mgnt Vlan), Vlan 17, Vlan 34, Vlan 35
Basically I had already configure switchport protected on all the port on the 2960 except the uplink to 3750.
2960 Configure
On uplink to 3750
switchport mode trunk
On end device port
switchport trunk native vlan 35
switchport trunk allowed vlan 34,35
switchport mode trunk
switchport protected
spanning-tree portfast
How do I go about configure private VLAN on the 3750?
3750 Configure
On downlink to 2960
switchport mode trunk
Interface vlan8
ip address 10.8.0.1 255.255.255.0
Interface vlan17
ip address 10.17.0.1 255.255.255.0
Interface vlan34
ip address 10.34.0.1 255.255.255.0
Interface vlan35
ip address 10.35.0.1 255.255.255.0
What I want to achieve is to send all the VLAN 8, 17, 34, 35 from 2960 to 3750 and 3750 to 2960. But at the same time prevent 2960 A client from talking to 2960 B client on VLAN 35?

I believe that if both devices you want no to speak with each other are on 2960 the "switchport protected" should work.
But you can configure with private vlan.
let's say client A is in port f0/1 and client B in port f0/2
Parent (main) VLAN is 100 and child is 999
You would configure the VLANs in ALL switches.
vlan 999
private-vlan isolated
vlan 100
private-vlan primary
private-vlan association 999
Now you would need to configure the ports.
int range f0/1 - 2
switchport mode private-vlan host
switchport private-vlan host-association 100 999
If the interfaces will talk to other VLANs, you need to configure the SVI to understand it will serve the private VLANs.
interface vlan 100
private-vlan mapping 999
That's it, but notice that now interface f0/1 will not talk to f0/2 and to any other interface inside vlan 100, if you want a port to communicate to f0/1 or f0/2 this new port would need to be configured as a promiscuous one (In case it needs to talk to both of them) or create a community private-vlan and configure the ports desired on it. (F0/1 and F0/2 can't be on the same community VLAN or they'll be able to talk to each other).
If the intention is to prevent one specific port from talking to all the others, you can put only this interface in the private VLAN instead of both.
wrote too much, if this answers your question let me know, or we can create a practical scenario for it.

SUP WS-X45-SUP6-E & private-vlan community

All,
I tried to upgrade Cisco 6500 from Sup-2 to Sup-6 running IOS cat4500e-entservicesk9-mz.122-40.SG.bin.
After upgrade everything came back up normal , no problem with hardaware.
Except with private VLAN community.
After this upgrade I can not configure "Private VLAN comunity" on this switch.
AUNN00RS_XXXXX(config-vlan)#private-vlan community
% Invalid input detected at '^' marker.
AUNN00RS_MGMT1(config-vlan)#private-vlan     ?
association Configure association between private VLANs
isolated     Configure the VLAN as an isolated private VLAN
primary      Configure the VLAN as a primary private VLAN
It works absolutely fine with Sup-2 running same IOS.
AUAN00RS_XXX(config-vlan)#private-vlan ?
association Configure association between private VLANs
community    Configure the VLAN as a community private VLAN
isolated     Configure the VLAN as an isolated private VLAN
primary      Configure the VLAN as a primary private VLAN
Regards
Sachin

I just checked the command reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/40sg/command/reference/cmdref.html
And it should be there....I couldn't find any related bugs.
Do you have the option of upgrading the IOS? The latest is 12.2(53) SG3
Regards,
Ian

Private Vlan, Etherchannel and Isolated Trunk on Nexus 5010

I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration. Any help would be appreciated.

Hello Emcmanamy, Bruce,
Thanks for your feedback.
Just like you, I have been facing the same problematic last months with my customer.
Regarding PVLAN on FEX, and as concluded in Bruce’s previous posts I understand :
You can configure a host interface as an isolated or community access port only.
We can configure “isolated trunk port” as well on a host interface. Maybe this specific point could be updated in the documentation.
This ability is documented here =>
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_N2_1/b_Cisco_n5k_layer2_config_gd_rel_513_N2_1_chapter_0101.html#task_1170903
You cannot configure a host interface as a promiscuous port.
You cannot configure a host interface as a private VLAN trunk port.
Indeed a pvlan is not allowed on a trunk defined on a FEX host interface.
However since NxOS 5.1(3)N2(1), the feature 'PVLAN on FEX trunk' is supported. But a command has to be activated before => system private-vlan fex trunk . When entered a warning about the presence of ‘FEX isolated trunks’ is prompted.
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_N2_1/b_Cisco_n5k_layer2_config_gd_rel_513_N2_1_chapter_0101.html#task_16C0869F1B0C4A68AFC3452721909705
All these conditions are not met on a N5K interface.
Best regards.
Karim

Private vlan trouble?

I have the following private vlan configuration:
What do I have to do in order for the networks sitting behind router1 and router2
to talk to each other.
I have verified that both routers have the correct routes on their routing table
vlan 116
name primary
private-vlan primary
private-vlan association 117-122
vlan 119
name torouter2
private-vlan community
vlan 121
name torouter1
private-vlan community
interface GigabitEthernet2/16
description Connection to router2
switchport
switchport private-vlan host-association 116 119
switchport mode private-vlan host
no ip address
speed 100
duplex full
spanning-tree portfast
interface GigabitEthernet1/4
description Connection to router1
switchport
switchport private-vlan host-association 116 121
switchport mode private-vlan host
no ip address
speed nonegotiate
spanning-tree portfast
thank you very much,
Alban

Vlad,
From networks connected behind router1 need to reach networks connected behind router2
------[router1]--------------gig1/4[vdmz]gig2/16----------------[router2]-------
gig1/4 is community vlan 121
gig2/16 is in community vlan 119
Primary vlan is Vlan116
VDMZ is our 6503 configured with private vlans.
some more of the config is this (and I do have a 6503 with an mscf daughter card):
interface Vlan116
description vendor-dmz public/private primary vlan
ip address 10.248.15.2 255.255.255.128 secondary
ip address 211.121.108.66 255.255.255.192
ip access-group 140 in (this one has a permit any any at the end)
no ip redirects
no ip unreachables
private-vlan mapping 117-122
ip route 10.82.35.0 255.255.255.0 211.121.108.96
(where 211.121.108.96 is address of router1)
I have a bgp peering with 211.121.108.90 which is router2.
in router1 they can see the routes advertised via bgp and also in router2 they
can see the route for 10.82.35.0 that I advertise to them via bgp.
I really appreciate your help,
Alban

Double Private VLAN

I want to ask if my Vswitch on the VM ware has using 1st time Private VLAN and at the N5K can I use apply second time Private VLAN?
VM Servers <--- Trunk---> N5K
First VM has primary vlan say 100
First VM secondary vlan say 101,102,103
Second VM has primary vlan say 200
Second VM secondary vlan say 201,202,203
So will N5K able to has following PVLAN config
Primary VLAN 300
Secondary VLAN say 100,200

Vlad,
From networks connected behind router1 need to reach networks connected behind router2
------[router1]--------------gig1/4[vdmz]gig2/16----------------[router2]-------
gig1/4 is community vlan 121
gig2/16 is in community vlan 119
Primary vlan is Vlan116
VDMZ is our 6503 configured with private vlans.
some more of the config is this (and I do have a 6503 with an mscf daughter card):
interface Vlan116
description vendor-dmz public/private primary vlan
ip address 10.248.15.2 255.255.255.128 secondary
ip address 211.121.108.66 255.255.255.192
ip access-group 140 in (this one has a permit any any at the end)
no ip redirects
no ip unreachables
private-vlan mapping 117-122
ip route 10.82.35.0 255.255.255.0 211.121.108.96
(where 211.121.108.96 is address of router1)
I have a bgp peering with 211.121.108.90 which is router2.
in router1 they can see the routes advertised via bgp and also in router2 they
can see the route for 10.82.35.0 that I advertise to them via bgp.
I really appreciate your help,
Alban

ISE to dynamiclly push Private Vlans on Access switch deployments

Hi all,
is there a way to push PVLAN configuration via ISE to Access switches.
Currently I'm thinking about an authoration profile with an attribute setting PVLAN.
Has anyone an idea how to push Private VLan configs dynamiclly to Access Ports on Switches.
Thanks for your comments

Try looking into using switch macros, you should be able to create a custom macro that changes the config of the port in question to make it part of a pvlan community/isolated port or whatever you need and then trigger this macro from ISE with your authorization result. It's used for the feature cisco call NEAT, try searching for that and you should find some examples.

Private VLAN Promiscuous Trunk Port - Switches which support this function

Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks

4500x Yes
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
Nexus 5k Yes
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
3850s
They dont support pvs at all yet
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
Private VLANs are not supported on the switch.
You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

How to setup the trunk for private vlans across 2 switches (Both are SF300-24)

Dear All,
I have 2 switches which are SF300-24.
Switch 1 is connected to Internet Router for all clients on swith1 and switch 2.
The clients on switch 1 & switch 2 don’t communicate each other.
Port1~Port24 on switch 1 & switch 2 are isolated ports.
Gigaport1 on switch1 is connected to gigaport1 on switch2.
Gigaport2 on switch2 is connected to Internet Router.
The VLAN 100 is for isolated ports.
The native VLAN is 1.
Please help me how to configure the case. Thanks for your help.

I think he's just looking for PVE. You can enabled 'protected port' on a port by port basis.
Here's the excerpt from the admin guide.
Protected Port
—Select to make this a protected port. (A protected port is
also referred as a Private VLAN Edge (PVE).) The features of a protected port
are as follows:
Protected Ports provide Layer 2 isolation between interfaces (Ethernet
ports and LAGs) that share the same VLAN.
Packets received from protected ports can be forwarded only to
unprotected egress ports. Protected port filtering rules are also applied
to packets that are forwarded by software, such as snooping
applications.
Port protection is not subject to VLAN membership. Devices connected
to protected ports are not allowed to communicate with each other, even
if they are members of the same VLAN.

Problems setting up public/private vlans on sg300-52 switches

A real beginner here with a problem on how to setup 3 SG300-52 (in L2 mode) as per this diagram:
Port 1 on all switches should be able to talk to each other and access the blob at the right.
The ports 25 on the other hand should only be able to talk among themselves in their own
private vlan. They are to carry sensitive traffic.
So I created 3 vlans, vlan 78 for ports gi1, gi51 and vlan 10 for port25,49,50 and a dummy vlan: 666
with the intent of segratating vlan 10 from vlan 78.
My attempts so far have failed.
ports gi49-50 are configured as trunk ports and gi1,gi51 as access ports as the following
cli output (excerpts of the startup config):
vlan database
vlan 10,78,666
exit
interface vlan 1
ip address 172.16.10.11 255.255.255.0
no ip address dhcp
interface gigabitethernet1
switchport mode access
switchport access vlan 78
interface gigabitethernet25
switchport mode access
switchport access vlan 10
interface gigabitethernet49
switchport trunk allowed vlan add 10,78
switchport trunk native vlan 666
switchport default-vlan tagged
interface gigabitethernet50
switchport trunk allowed vlan add 10,78
switchport trunk native vlan 666
switchport default-vlan tagged
interface gigabitethernet51
switchport mode access
switchport access vlan 78
Ports gi1 can talk to each other and access the blob but ports 25 refuse to talk to each other. But as soon as I remove
the access links to the blob they can! Obviously, at that point port gi1 lose access.
Is such a topology feasable or even advisable?
Thanks,
jf

Hi Jean,
Here's a pretty picture
Now I will explain.
The layer 3 switch is going to service as your core switch.
Vlan 78 looks like your BLOB connection.
Vlan 10 and 666 look like they don't belong on the BLOB.
So how to configure this-
You will want to configure the switch that connects directly to the BLOB as the layer 3 switch depicted in my diagram.
Layer 3 switch, follow this document
https://supportforums.cisco.com/docs/DOC-27038
Bear with me, I am making up random numbers since I don't know what you want or will use.
So VLAN 78 looks like the BLOB and 10 and 666 are staying out of the BLOB.
config t
vlan database
vlan 10, 78, 666
int vlan 1
ip address 192.168.1.254 /24
int vlan 10
ip address 192.168.2.254 /24
int vlan 78
ip address 192.168.3.254 /24
int vlan 666
ip address 192.168.4.254 /24
Configure the port you want to go to the BLOB, I am assuming vlan 78.
config t
int gi01
switchport mode access
switchport access vlan 78 (that 3750, what is the native vlan of the port it is connecting to??)
Next, configure the downlink port to connect the layer 2 switch
config t
int gi0/2
switchport mode trunk
switchport trunk allowed vlan add 10, 78, 666 (this will make the port native vlan 1 untagged, rest ports tagged)
On the downstream switch you need to configure an uplink and downlink with the respective vlans. It will remain layer 2 mode.
config t
vlan database
vlan 10, 78, 666
int gi0/1
switchport mode trunk
switchport trunk allowed vlan add 10, 78, 666
int gi0/2
switchport mode trunk
switchport trunk allowed vlan add 10, 78, 666
Same thing for the last switch, it will remain layer 2 mode
config t
vlan database
vlan 10, 78, 666
int gi0/1
switchport mode trunk
switchport trunk allowed vlan add 10, 78, 666
int gi0/2
switchport mode trunk
switchport trunk allowed vlan add 10, 78, 666
Let me know if this works out or if it is not logical for you.
-Tom
Please mark answered for helpful posts

SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
-          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
-          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
-          I created two vlans, in switch, Data and Voice.
-          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
-          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
-          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
-          Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
-          Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
-          Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
            - enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server

Switches 2950 with private-vlan

Similar Messages

Maybe you are looking for