Two VLANs on one switch port?

Similar Messages

• How to search/Scan Vlan of cisco switch ports

  Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
  Consider this scenario as i have no access to switch and i want to know below things:
  1-Vlans created on switch?
  2-which switch port belongs to which vlan id?
  Thanks

  Hi,
  You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
  Regards,
  Aleksandra

• Two VLANs on same Switch with NAT problem.

  Hello all.
  I have few cisco devices at home that i am using to study from. I am using for now on this little setup a 2620XM and a 3500XL Switch. I have two vlans setup on the switch VLan10 and VLan20 using router on a stick. I have setup the inside and outside interfaces. I have the fa1/0 as my outside with a dhcp address of 192.168.1.10. I have also setup my internet router to see networks 172.20.0.0/24 and 172.20.1.0/24. I am able to ping back and forth from 192.168.1.0/24 to both networks. The issue comes when i try to apply NAT. I have tried two different setups and both have failed. I have two ping windows open on my PC on the 192.168.1.0/24 side both hitting vlan 10 and 20. Once i applied either Nat solution i lose ping on one vlan while still pinging the other, but both vlans can't go out to the internet. Below is the NAT solutions i have tried below. Also running config for both router and switch. If anybody can i assist i would really appreciate it.
  NAT Solution 1
  ip nat pool INET 192.168.1.10 192.168.1.10 netmask 255.255.255.0
  ip nat inside source list 1 pool INET overload
  access-list 1 permit any
  NAT Solution 2
  ip nat inside source list 100 interface fa1/0 overload
  access-list 100 permit ip any any
  Router config
  R1#sh run
  Building configuration...
  Current configuration : 1470 bytes
  version 12.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname R1
  boot-start-marker
  boot-end-marker
  enable secret
  no aaa new-model
  ip subnet-zero
  ip cef
  interface FastEthernet0/0
   no ip address
   duplex auto
   speed auto
  interface FastEthernet0/0.5
   encapsulation dot1Q 5 native
   ip address 172.16.1.6 255.255.255.248
  interface FastEthernet0/0.10
   encapsulation dot1Q 10
   ip address 172.20.0.254 255.255.255.0
   ip nat inside
  interface FastEthernet0/0.20
   encapsulation dot1Q 20
   ip address 172.20.1.254 255.255.255.0
   ip nat inside
  interface Serial0/0
   no ip address
   shutdown
  interface Serial0/1
   no ip address
   shutdown
  interface Serial0/2
   no ip address
   shutdown
  interface Serial0/3
   no ip address
   shutdown
  interface FastEthernet1/0
   ip address dhcp
   ip nat outside
   duplex auto
   speed auto
   no cdp enable
  router ospf 1
   log-adjacency-changes
   network 172.16.1.0 0.0.0.7 area 0
   network 172.20.0.0 0.0.0.255 area 0
   network 172.20.1.0 0.0.0.255 area 0
   network 192.168.1.0 0.0.0.255 area 0
  no ip http server
  ip classless
  line con 0
   exec-timeout 0 0
   password
   logging synchronous
   login
  line aux 0
  line vty 0 4
   exec-timeout 0 0
   password
   logging synchronous
   login
  line vty 5 181
   exec-timeout 0 0
   password
   logging synchronous
   login
  end
  Switch Config
  SW1#sh run
  Building configuration...
  Current configuration:
  version 12.0
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname SW1
  ip subnet-zero
  interface FastEthernet0/1
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 5
   switchport trunk allowed vlan 1,5,10,20,1002-1005
   switchport mode trunk
  interface FastEthernet0/2
  interface FastEthernet0/3
  interface FastEthernet0/4
   switchport access vlan 10
  interface FastEthernet0/5
   switchport access vlan 10
  interface FastEthernet0/6
   switchport access vlan 10
  interface FastEthernet0/7
   switchport access vlan 10
  interface FastEthernet0/8
   switchport access vlan 10
  interface FastEthernet0/9
   switchport access vlan 10
  interface FastEthernet0/10
   switchport access vlan 10
  interface FastEthernet0/11
   switchport access vlan 10
  interface FastEthernet0/12
   switchport access vlan 20
  interface FastEthernet0/13
   switchport access vlan 20
  interface FastEthernet0/14
   switchport access vlan 20
  interface FastEthernet0/15
   switchport access vlan 20
  interface FastEthernet0/16
   switchport access vlan 20
  interface FastEthernet0/17
   switchport access vlan 20
  interface FastEthernet0/18
   switchport access vlan 20
  interface FastEthernet0/19
   switchport access vlan 20
  interface FastEthernet0/20
   switchport access vlan 20
  interface FastEthernet0/21
   switchport access vlan 20
  interface FastEthernet0/22
   switchport access vlan 20
  interface FastEthernet0/23
   shutdown
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface FastEthernet0/24
   shutdown
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface GigabitEthernet0/1
  interface GigabitEthernet0/2
  interface VLAN1
   no ip address
   no ip directed-broadcast
   no ip route-cache
   shutdown
  interface VLAN5
   ip address 172.16.1.1 255.255.255.248
   no ip directed-broadcast
   no ip route-cache
  ip default-gateway 172.16.1.6
  line con 0
   transport input none
   stopbits 1
  line vty 0 4
   login
  line vty 5 15
   login
  end

  You need to change your acl because NAT doesn't usually work with "any" as the source.
  I tend to use extended acls so -
  access-list 101 permit 172.20.0.0 255.255.255.0 any
  access-list 101 permit 172.20.1.0 255.255.255.0 any
  and then use your second solution ie. overload on the interface.
  If you find you cannot ping between your vlans then you need to modify the above acl to deny traffic between the vlans/IP subnets then permit any as above but it should work without doing that.
  Jon

• Running two displays from one DVI port...time to put my ADC down

  Hi Guys,
  I have a G5 dual with a GeForce FX 5200 which has 1 each of DVI+ADC ports. Until recently the 17" Apple display has been my only monitor. As I have a recording/mix studio I need to move the G5 base unit far away from any recording as it makes quite a lot of noise. I have been unable to do this as I have been having trouble finding either a Dr Bott or Griffin ADC extension. I have been searching off and on for over a year with no success.
  Recently I purchased a cheap reconditioned NEC monitor which I am running from the DVI port and am thinking perhaps now is the time to get rid of my apple display due to the ADC connection troubles.
  Is it possible to run two monitors from the one DVI port? I need to run a mirrored image so that I have one monitor to my side so that I can do close editing work and then one further away behind my analogue mixing desk, they need to show exactly the same thing.
  Will splitting the DVI port degrade signal or is there a way around this. I also want to get some long cables 6m+ so that I can place the base unit outside of the control room, will this be a problem?
  I would really appreciate some help on this matter.
  Thanks,
  Iwan

  Thanks BSteely, Would you happen to know of a box to recommend? I guess something like this would be more suitable:
  http://www.amazon.co.uk/StarTech-com-Port-DVI-Video-Splitter/dp/B000MPL5ZC/ref=s r129?ie=UTF8&s=electronics&qid=1272121514&sr=1-29
  Than this:
  http://www.amazon.co.uk/Ex-Pro-Premium-Female-splitter-connections/dp/B003HE91CE /ref=sr140?ie=UTF8&s=electronics&qid=1272121514&sr=1-40
  Thanks,
  Iwan

• Connect 2 phones to one switch port

  Could anyone tell me if it is possible to connect two phones (7911 and 7940) on the same switch port(2950)?
  Thank you

  it will work. just remember that both phones will share that port. Plug another switch into the 2950 port and put both phones in the new switch.
  Or plug 7940 into the 2950 (powered locally using power cord). Daisy chain the 7940 to the 7911 using a cross cable. (7911 powered locally using power cord)
  Again these type of connections are not recommended.

• 802.1x - Authenticating users from two domains on one switch

  Hi
  Trying to figure out if there is a way to have a switch authenticate devices from two different domains
  For example   Computer A is in Domain A  Computer B is Domain B
  Computer A is connected to f0/1 computer B is connected to F0/2
  I am thinking that i have to configure multiple Radius server entries  One for domain A and one for domain B and reduce the timeout if possible
  Any ideas or solutions?
  Thank you for your help..

  What's your RADIUS server?
  ISE 1.3 allows you to join it to multiple domains.
  Even with ISE 1.2, you could join one AD domain and also use the identities from a second one via LDAP.
  Multiple RADIUS server entries won't normally try the second one as long as the primary is responsive - a failed authentication counts as a legitimate response. You can setup round robin or least outstanding methods but that still doesn't give you the "check both to see if one gives me a good authentication" result.

• HP 3800 switch port-security one mac in two VLAN for Cisco IP Phone

  Hellow all!
  I'm want use port-security for ports on my HP 3800. But PC connected
  to network via PC port on Cisco ip phone. For phone used 10 voice VLAN,
  for data - 1 VLAN (native). Cisco phone add self mac-address in these
  two VLAN. On Cisco Switch 2960 i resolve this for 4 command:
  switchport port-security maximum 3
  switchport port-security mac-address pc_mac
  switchport port-security mac-address ip_phone_mac
  switchport port-security mac-address ip_phone_mac vlan voice
  How i can add one mac in two VLAN's on HP 3800 Switch?
  Sorry for my English, please ^_^
  This topic first appeared in the Spiceworks Community

  Hi Kuarzo, please reference the following;
  https://supportforums.cisco.com/document/116426/how-configure-dynamic-mac-port-security-sx300
  https://supportforums.cisco.com/document/116256/how-configure-static-mac-port-security-sx300

• Use one IPS port to create tunnel to two remote MDS switches?

  is it possible to use one gigabit port on MDS IPS 14+2 linecard to create FCIP tunnels between two other remote MDS switches?
  each tunnel will  allow a different VSAN. this is kindda crude but gotta do it, if it can be done

  yes it can be done, make 1 FCIP profile defining the Ip address of the GE interface.  Then create 2 different FCIP interfaces ( tunnels )  each one will use the same profile, but have different peers.

• Two VLAN's port forwarding to one, problem

  Hi all
  This is my first ever Cisco router for forgive me, if this is a simple matter, but I have spent the entire weekend trying to figure this out - with no luck.
  My employer has provided me with a Cisco 871W router for my homeoffice.
  The router is pre-configured with two VLANs and BVIs; VLAN1 (BVI1) and VLAN2 (BVI2) for home and office connection on two different subnets (192.168.1.0 and 192.168.0.0).
  My office connection is secured with IPSec or something similar - I have not that much insight in that aspect.
  The configuration works for normal internet access (www, mail etc) on both networks, and the tunneling to my workplace works fint too.
  My problem is that I would like to open up some ports for gaming etc. on the "home"-part of the configuration, but I cannot seems to get that to work.
  The attached configuration is my current running configuration, which contains some of my trials on getting this to work, so it might look a bit odd.
  If anyone could help me, I would appreciate it.
  Regards
  Jesper Lauridsen

  Hi,
  By the looks of it, you have an extended access list called 'outside_access_in' applied to your outside interface fa4.
  You would have to add a rule to this access list allowing the port in question.
  You would then need a static NAT entry that would map the port to the internal host.
  For instance, if you had a rule to allow port 80 like this:
  permit tcp any any eq www
  You would also need a NAT entry like this:
  ip nat inside source static tcp 192.168.0.10 80 interface FastEthernet4 80
  Assuming that 192.168.0.10 was the client PC.

• Multiple VLAN's and relaying DHCP on two stacked SGE2000-G5 Switches

  We have been set the task of securing a small managed office system which is currently set up with a standard switch allowing each of the offices (containing different companies) to see each other, and in some cases, access each others documents across the network.
  Obviously this is a far from adequate set up and our aim is to isolate each office using VLAN's but share a common internet connection provided by the managed offices.  We have two Cisco SGE2000-G5 layer 3 switches but we are new to Cisco equipment and VLAN's so we are not quite sure on how to implement this.  DHCP would need to be provided by a Router, there is no Server.  We are open to suggestions on the Router as we have yet to purchase one.
  I hope someone can be of assistance.
  Many thanks,
  Jim

  We will be using the SGE2000-G5 switch which supports Layer3.  You suggested the following routers the other day, do these support Option 82?
  wireless
  RV120W - good feature set wireless
  WRVS4400N - has gigabit speed ports as well as simplied webGUI
  RV220W - most features with gigabit spped ports
  wired
  RV042 - dual WAN with port-based vlans
  RVS4000 - Gigabit speed ports
  Thanks,
  Jim

• Set-VMNetworkAdapterVlan throws Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' error

  Hi,
  I'm following this
  guide I'm getting an error when running the below command:
  Set-VMNetworkAdapterVlan -vmname PurpleVM1 -Isolated -PrimaryVlanId 2 –SecondaryVlanId 4
  Generates the following error:
  Set-VMNetworkAdapterVlan : The operation failed.
  Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' on switch 'New Virtual Switch': One or
  more arguments are invalid (0x80070057).
  A parameter that is not valid was passed to the operation.
  Does anyone know why this is happening?
  ta

  Hi TomG101,
  It seems that there is a configuration conflict on the virtual switch port .
  Also I tested the command on my lab , it works .
  For troubleshooting please  create a new virtual switch then try to configure again .
  Any further information please feel free to let us know .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• AP-1131AG: 2 VLANs/SSIDs, switch port configuration?

  We're setting up a (seemingly) simple deployment of some APs, and want 2 SSIDs...one will have Pre-Shared WEP and one will be open and broadcast (with access-lists on the router). My question is how to set up the switch port to match my AP, in order for it to pass both VLANs (in this case I've setup WLAN100=VLAN100 and WLAN101=VLAN101)...Do I have to configure trunking on that switchport? Thanks for any links or answers on this!!!

  Hi Vince,
  Here is a great doc that goes over this concept in detail. You will need to configure Trunking on the switchport. Have a look at what yours might look like;
  switchport mode trunk
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 1
  switchport trunk allowed vlan 1,100,101
  From this excellent doc;
  Using VLANs with Cisco Aironet Wireless Equipment
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#clic2935xl
  Hope this helps!
  Rob

• Switch Port Trunk allowed Vlan

  Hi Guys
  Request your help on my query :
  I have a distribution switch  and access switch and port channel between them.
  Dist switch is the VTP server
  lets assum I have 25 vlan
  when I do show vlan brief on the access switch I can see all 25 vlans listed now
  no when I configure switch port trunk allowed vlan (ex : permitting 10 vlans )on the link connecting to access switch at Dist switch
  Dist switch po1 -- connecting to - po Access switch
  Dist switch #
  int po1
  switch port trunk alllowed vlan x,x,x,x,x,x,x,x,x,
  After permitting 10 vlan through trunk allowed vlan and then when I do show vlan brief on the access switch , I should see only the 10 vlan whcih I have permiited right ?
  Thanks in advance  

  Hi,
  John is absolutely correct - even if you do not permit a VLAN on a trunk, it can still provide communication among local ports on a switch that are all assigned to the same VLAN.
  I have a feeling that your original question was focused on a different aspect, though: You probably expected that if you exclude some VLANs from trunks, these VLANs will not be propagated via VTP to surrounding switches. Sadly, this is not the case. The switchport trunk allowed vlan command only affects data traffic in individual VLANs but it has no impact on the operation of VTP protocol. The VTP still advertises all VLANs, regardless of which VLANs are allowed on a trunk. To put it plainly, in a VTP domain, all server/client switches will know about all VLANs. THere is no legal possibility of having a single VTP domain consisting of server/client switch and yet have the switches differ in their VLAN database contents. It's as easy as that: one VTP domain = one big common VLAN database.
  Best regards,
  Peter

• How one Switch identify the Native vlan mismatch

  Dear All,
  I am using two cisco L2 switches. Both are connected by a trunk link. Unfortunately I configured different native vlan between two switches. Suddenly I got an error that native vlan mismatch. When I changed the configuration Now it's working fine. My question is that how one switch identify that native vlan mismatch(either by Bpdu, cdp or packet). Please mention which of the following used by switch to identify native Vlan mismatch.
  Regards,
  Sanjib

  Sanjib, Karsten,
  It's CDP.
  Yes, and STP as well if you run a trunk between the two switches. PVST+ and RPVST+ BPDUs have a TLV in their trailer that carries the VLAN number for which the BPDU was originated. If the BPDU is received in a different VLAN (caused by a native VLAN mismatch), the receiving switch will be able to detect it.
  Wireshark 1.12.x will be capable of displaying this TLV field in captured PVST+ and RPVST+ BPDUs. Until 1.12.x is released, you may want to try daily builds from:
  http://www.wireshark.org/download/automated/
  They already incorporate the enhancement.
  Best regards,
  Peter

• UC520 SNMP change fast ethernet switch port vlan

  Hi,
  I've a UC520 running with uc500-advipservicesk9-mz.151-4.M5. I try to change VLAN on the switchport using snmp however look like the UC520 doesn't support "vmVlan".
  snmpwalk -v 1 -c private 10.1.1.1 ifDescr
  IF-MIB::ifDescr.4 = STRING: FastEthernet0/1/1
  snmpset -v 1 -c private 10.1.1.1 1.3.6.1.4.1.9.9.68.1.2.2.1.2.4 integer 151
  Error in packet.
  Reason: (noSuchName) There is no such variable name in this MIB.
  Failed object: SNMPv2-SMI::enterprises.9.9.68.1.2.2.1.2.4
  Does anyone know what is the MIB for change switch port vlan ?
  Rg,
  Gerald.

  What do you mean by dumb siwthc? What model/make/company is that switch?
  Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?