VLAN Configuration
I just wanted to ask a question about how other organizations have their VLAN setup. With my organization, we have each of our different VLANS. If we want to lets say a server be able to access all the VLANs, then we have to trunk the port the server is connected to and enable VLAN support on the NIC. In other words we have VLAN 1,2 set on the port, and then we create VLANS with our NIC software for VLAN 1,2. So the NIC has VLAN 1,2 with an ip address for each VLAN. Correct me if Im wrong, but you have to have an ip address for each VLAN your server or computer is connected to? In other words, I couldn't just enable trunking on the port and then set up the server NIC with an ip address that is a VLAN1 IP address?
My question is more of what other companies use in their VLAN setup. Every single person I talk to said that our setup is unique. When they open up out network connections for one of our servers, and see 8 differenent virtual connections (VLANs), they dont understand why we do this. Thats why Im asking? If this is unique, how do other companies set up their vlans on their servers. If they want their server to be able to talk to every vlan, then how do other companies implement this. Like I said, we trunk it on the port and then set up VLANS using the nic software for each of the vlans we added to the trunk. So, each server has a virtual connection (ip address,SM, DG for that network (VLAN)). This doesnt seem to be the norm from other network prof. Ive talked to. So...do other companies just attach their server to one vlan (no trunking on the switch port and no nic multiple VLAN setup on the sever) and then enable inter-vlan routing. This then enables servers to talk to any vlan that is enabled through inter-vlan routing?
Similar Messages
-
Application Administrators can't see VLAN configuration on VMs in VMM 2012 R2
Hi, I have the following issue on my VMM 2012 R2 infrastructure.
I have created a cloud with a Hyper-V Cluster in it. Configured a Application Administrator Role (Self Service) and assigned all permissions related to this cloud and Hyper-V Cluster, including a couple of VM Templates and a VM Network.
They users can see the VMs, create VMs but they cannot configure the VLAN inside the VM.
If I go to the VM settings using the full VMM admin, I can do it, select the VM Network and then select the appropiate VLAN, but when I try to do this using the Application Administrator account I configured specifically to this Cloud and Cluster, I can
select the same VM Network but can't see any options related to VLAN configuration.
What am I missing? Is this the default behavior? Do I need an additional permission? Where?
Thank you for your responses.
Regards.
Eduardo RojasThat is correct.
Application Admins 'consume' resources (compute and storage) and have no insight into the physical part. Especially if you are using the cloud abstraction. "Administrators" manage the physical layer of things - that is why you can see
/ set the VLAN ID directly.
I believe that you would need to create your Virtual Networks with the proper VLANs and the application admins can then choose based on the Virtual Network.
The worst case is that you define a Virtual Network per VLAN so that your application admins can select an item that correlates to a specific VLAN configuration.
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat. -
VLAN Configuration for Internal and Guest Wireless
Hello,
We are using the following hardware…
SG300-52MP switch -- latest firmware
ASA 5512-X firewall -- 9.1
Aironet AP1131AG WAP
We have the following networks…
10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
Relevant parts of the WAP configuration are…
dot11 ssid GUEST
vlan 6
dot11 ssid SECURE
vlan 1
interface Dot11Radio0
no ip address
ssid GUEST
ssid SECURE
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface Dot11Radio1
no ip address
no ip route-cache
ssid GUEST
ssid SECURE
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio1.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface FastEthernet0
no ip address
no ip route-cache
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface FastEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface BVI1
ip address 10.252.4.4 255.255.255.0
no ip route-cache
ip default-gateway 10.252.4.1
We can manage the WAP through it’s Internal IP address (10.252.4.4).
And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02). [Note: the VOIP DHCP and network access also works correctly.]
The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
[Note: connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.]
While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
I have a feeling that I have configured the VLANs on the ports incorrectly.
Relevant parts of the SG300 configuration are...
v1.3.0.62 / R750_NIK_1_3_647_260
vlan database
vlan 3,6
ip dhcp snooping
ip dhcp relay address 10.252.4.1
ip dhcp relay enable
bonjour interface range vlan 1
interface vlan 1
ip address 10.252.4.2 255.255.255.0
no ip address dhcp
interface vlan 3
name VOIP
interface vlan 6
name Guest
interface gigabitethernet45 -- Access mode, Untagged VLAN6
description ASA-Guest
ip dhcp snooping trust
switchport mode access
switchport access vlan 6
interface gigabitethernet46 -- Access mode, Untagged VLAN3
description ASA-VOIP
ip dhcp snooping trust
switchport mode access
switchport access vlan 3
interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
description WAP1
switchport trunk allowed vlan add 6
interface gigabitethernet48 -- Trunk mode
description ASA-Internal
ip dhcp snooping trust
ip dhcp relay enable
Can someone who understands this switch better than I do please confirm the VLAN configuration? THANK YOU!Welcome to the discussion area!
+PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration. -
Fwsm - active/standby - "Vlan configuration mismatch between peers"
Hi,
A FWSM pair fall in to active active sittuation due to a vlan configuration mismatch. What would be the best way to synchronize configurations and return to the normal active/standbay? There is a new vlan on the primary fwsm and at present both are in active state.
Thank you in advance.
ZdravkoHi,
To my understanding the FWSMs (even though both active) have identical configurations?
Have you perhaps done so that on the core switch you have only issued the "firewall vlan-group only on the primary core device (to which the FWSM is attached) and not the secondary core device?
The only time I have witnessed the same situation is when configuring a new customer link and I have only configured the primary unit (and about to configure the same on the standby unit)
Hope it helps, not sure if the above was what you meant.
- Jouni -
CiscoWorks: VLAN creation failed via CM-VLAN Configuration
Hi,
I have trying to create VLAN on single switch via CM-VLAN Configuration and getting below message, although switch is configured with correct snmp and I can backup same device via RME and also delopy config to it via Netconfig.
Please advice. Thanks
I am using LMS 3.2.1; CM 5.2.2; RME 4.3.2
Creation of VLAN failed
"There were some errors during operation."
Failed to perform the operation on 10.*.*.* Cause:An error occured while performing SNMP operation.
Action:Examine and save the server log file and report the error to the product administrator for further action.The credentials can be changed under Common Services > Device and Credentials > Device Management. Select the devices and click the Edit Credentials button. Fill in the correct username and password for these devices.
-
Hi Surendra,
I was just given this task to see how i can configure a second ssid for guest access in our environment.
this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
My AP config is attached below.
Please tell me what am I doing wrong.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
Does the access point need to be aware of the voice vlan?
Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
I will greatly appreciate your urgent response.
Thanks in advanced.Hi,
As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
int vlan 20
ip helper-address 192.168.33.xxx
int vlan 60
ip helper-address 130.20.1.xxx
I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
Modify the AP config as below since you are using data vlan as the native vlan
interface Dot11Radio0.20
encapsulation dot1Q 20 native
interface FastEthernet0.20
encapsulation dot1Q 20 native
Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface FastEthernet0.60
encapsulation dot1Q 60
no ip route-cache
bridge-group 60
no bridge-group 60 source-learning
bridge-group 60 spanning-disabled
Hope this helps.
Regards
Najaf -
EA6500 - VPN interface and VLan configuration feature?
Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??
This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here
-
I've got a handful of devices in Cisco Prime Infrastructure 2.0 which show up in the "Archive Failed Devices" view. The "Failure Reason" is some variation of "Fetch VLAN configuration - Command failed" sometimes including "TELNET: Failed to establish TELNET connection to x.x.x.x". What does this mean? How do I overcome this? In all cases, the device is configured to use SSH and has valid SSH credentials. In all cases, I can SSH from the command line of the NCS appliance to the devices listed in the "Archive Failed Devices" view.
Hi
I was able to fix the "Fetch VLAN configuration - Command failed" by allowing tftp from the device to PI server in firewall. See if this can help. -
Prime Infrastructure 2.1 - Fetch VLAN Configuration - command failed
Hi,
i am installing the system on a customer's site.
i've noticed that most of the devices configured on the PI have resulted in error in the Configuration Archive with this error:
Fetch VLAN Configuration - command failed.
i checked that the tftp service on the PI is enabled.
i tried manually executing from a device: copy flash:vlan.dat tftp://PI_IP and couldnt manage to do so.
i also tried manually to do it to another tftp server and it worked.
i dont see any FW drops.
does anyone have any idea how to troubleshoot this?
thanks in advance!As to get the VLAN information, the file in Cisco devices Flash : Vlan.dat is fetced, and if PI fails to do so, it gives this error. As it is a file in flash, PI needs to send it over to Server itself using TFTP.
If TFPT is somehow not working between Server and devices, it may throw this error.
Is it happening with all the devices or some perticular platform?
If with all the device, you need to check if there is any Firewall blocking TFTP access to devices.
Also, you can check if TFTP service on CPI is working properly by command ncs status.
If service is affected, try to restart service - service tftp restart Or you can restart the PI Machine itself.
-Thanks
Vinod
**Encourage Contributors. RATE Them.** -
SA540 VLAN Configuration Question
I need to connect 2 internal LANs to the SA540 but cannot work out how to set the IP addresses for the 2 VLANs on this device. Does anyone know how to setup the relevant IP addresses for the 2 VLANs? Example: VLAN 2 IP = 192.168.5.10 and the second VLAN IP = 192.168.10.10The WAN port will connect to a single Internet device. Any help will be greatly appreciated.
Hi Ratan,
The following steps apply to latest MR Firmware version 2.1.18.
1) The first thing you need is to enable VLAN (Networking ->LAN -> VLAN Configuration -> Enable VLAN? {check this}).
2) Next you have to create the second VLAN (Networking ->LAN ->Available VLANs ->Add...) Name it and use the ID to associate the VLAN to (2). If you want inter VLAN Routing to be enabled leave the box checked, otherwise uncheck it.
3) Next we specify/edit the subnet that your new vlan will use. (Networking ->LAN -> Multiple VLAN Subnets) Look for the VLAN ID created above (2), and Click the Edit button. Modify the subnet parameters as needed.
4) Finally we assign the SA 500 ports to use the VLANS. (Networking ->LAN ->Port VLAN) Setup the port's Mode as Access, General, or Trunk, and assign VLAN membership as well.
See screenshots for clarity. If you need to create more VLANs, repeat steps 2-4 as needed.
Hope this helps,
Julio -
For no apparent reason hreap access point loses it vlan configuration in vlan mapping. Has anyonr see this?
Enter the Detail page of the desired access point, select the H REAP tag again, and click VLAN Mapping in order to configure the 802.1Q tagging per locally switched WLAN.
-
I am trying to create a simple 2-VLAN configuration on an RV110W. After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3. I want VLAN 4 associated with port 4 only. I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
The VLAN Membership page looks like this:
VLANs Setting Table
Select
VLAN ID
Description
Port 1
Port 2
Port 3
Port 4
1
Default
Untagged
Untagged
Untagged
Untagged
3
WEI
Tagged
Tagged
Tagged
Excluded
4
JEM
Excluded
Excluded
Excluded
Tagged
Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN. What do I need to change? (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .)I am trying to create a simple 2-VLAN configuration on an RV110W. After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3. I want VLAN 4 associated with port 4 only. I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
The VLAN Membership page looks like this:
VLANs Setting Table
Select
VLAN ID
Description
Port 1
Port 2
Port 3
Port 4
1
Default
Untagged
Untagged
Untagged
Untagged
3
WEI
Tagged
Tagged
Tagged
Excluded
4
JEM
Excluded
Excluded
Excluded
Tagged
Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN. What do I need to change? (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .) -
WRT160N - does it support multiple vLan configurations?
I'm trying to find more detailed tech. specifications of this thing (WRT160N), but unfortunatelly I get only some basic marketing messages... I need to understand if this router supports vLAN configuration, as I'm thinking to have IPtv and internet on the same. My provider does integrates the IPtv into separate vLAN, but their HW is not too good in other perspectives... So I'm thinking about linksys.
So does it support multiple vLAN configuration (i.e. dedication of separate vLAN to exact port)?No. VLANs are not supported in Linksys devices. You'll have to look at Cisco Small Business or better.
-
FCoE Native VLAN Configuration
Hi
One question about FCoE Configuration
Is better to permit the Native VLAN (FIP VLAN) in the allowed trunk vlans or just left it in the native vlan configuration
Here the two choices showing my doubt
VLAN 1197
name FIP_VLAN
VLAN 1198
name FCOE_VLAN
fcoe vsan XX
01)
interface EthernetX/X
switchport
switchport mode trunk
switchport trunk native vlan 1197
switchport trunk allowed vlan 1197,1198
spanning-tree port type edge trunk
or
02)
interface EthernetX/X
switchport
switchport mode trunk
switchport trunk native vlan 1197
switchport trunk allowed vlan 1198
spanning-tree port type edge trunkHi,
Usually when you add it to the trunk as native, you don't to add again. So, option-2
HTH -
VLAN configuration of LAP in H-REAP WLC Setup
Hello,
I have a setup configured fairly simple, I think. We have a 4402 WLC at our corporate office. We also have 6 1131's split into two deployments at different offices. We have a common SSID structure across all of them (corporate and guest). Corporate works properly authenticating against Active Directory, and guest authenticates properly via the guest database. The thing I cannot get my mind around is the proper method for configuring these two SSID's to be on separate VLAN's. If it were all local, I think I'd have no problems. Do I need to configure a virtual interface on the controller? Do I need a separate one for each office? The VLAN won't exist in the corporate office (unless it needs to). My goal is to isolate guest access into it's own subnet and run it straight out to the Internet without touching the local satellite network. Thanks!
SeanOk, think I figured it out. I changed the VLAN mappings via each AP edit page and all seems well. Originally I was going to try and push the VLAN configurations for both offices via the "guest" WLAN policy, which is where I think my confusion arose. By doing that, I needed to assign the configuration through an Interface (I'm guessing). If anyone has a better suggestion, please let me know. Thanks!
-
Hardware Configuration tab doesn't show Vlan Configuration of VM
In SCVMM 2012 R2 I can go into the properties of a VM and set the VLAN and it saves and correctly sets the VLAN on the machine.
If I then go back into the properties the VLAN option is unchecked. If I make a change to any other setting and save it then removes the VLAN from the machine, disconnecting it.
On SCVMM 2012 SP1 it worked fine, on SCVMM 2012 R2 the Hardware configuration is always missing the VLAN information.
Can somebody else confirm that they are having the same issue with SCVMM 2012 R2?Yes - I confirm that I am having the same/similar issue with SCVMM 2012 r2. In my case, I am trying to assign a different VLAN after deployment. In SCVMM, I don't see the existing VLAN information, however, VLAN ID is correct on HyperV Manager. If I change
the VLAN ID, the change reflects in the VM however it will be missing on SCVMM. Seems like a bug. I am also opening a case with Microsoft support.
Cheers ! Shaba
Maybe you are looking for
-
DBIF_REPO_SQL_ERROR short dumps while activating data in ODS
Hi All, We are using BW3.5 with Oracle 9.2 on AIX 5.3 box, from the past few days we are getting DBIF_REPO_SQL_ERROR short dumps frequently while activating data in ODS. Runtime Error DBIF_REPO_SQL_ERROR Date and Time 08.01.2008 13:
-
HT1879 i tried find music from the movie HOW THE WEST WAS WON?
I am new to Itunes. How can I search for music. There is so much stuff on the pages it is confusing., I want to be le to search for music and preview tghen buy
-
ICal Sync preference dropdown in ITunes refusing to budge
In the iPhone Info tab in iTunes, the preference that defines where to categorize new events created on the iPhone does not allow a selection anymore. The dropdown function appears to work properly, but once you make a new selection it doesn't actual
-
8600 printer is it compatible with windows 8 and 64 bit progran
I purchased a new tower last night that operates with Windows 8 and has a 64 bit program. Will the cd's I have for the 8600 printer work. I presently have windows XP.
-
Restriction on nodes in a query
Hi Gurus, Can you tell me if can restrict a node in a Hierarchy in a BW query?? If so, tell me how?? Because i tried using the "restrict option" but the exclude option is greyed out. Thanks, S.