VLAN Configuration

I just wanted to ask a question about how other organizations have their VLAN setup. With my organization, we have each of our different VLANS. If we want to lets say a server be able to access all the VLANs, then we have to trunk the port the server is connected to and enable VLAN support on the NIC. In other words we have VLAN 1,2 set on the port, and then we create VLANS with our NIC software for VLAN 1,2. So the NIC has VLAN 1,2 with an ip address for each VLAN. Correct me if Im wrong, but you have to have an ip address for each VLAN your server or computer is connected to? In other words, I couldn't just enable trunking on the port and then set up the server NIC with an ip address that is a VLAN1 IP address?

My question is more of what other companies use in their VLAN setup. Every single person I talk to said that our setup is unique. When they open up out network connections for one of our servers, and see 8 differenent virtual connections (VLANs), they dont understand why we do this. Thats why Im asking? If this is unique, how do other companies set up their vlans on their servers. If they want their server to be able to talk to every vlan, then how do other companies implement this. Like I said, we trunk it on the port and then set up VLANS using the nic software for each of the vlans we added to the trunk. So, each server has a virtual connection (ip address,SM, DG for that network (VLAN)). This doesnt seem to be the norm from other network prof. Ive talked to. So...do other companies just attach their server to one vlan (no trunking on the switch port and no nic multiple VLAN setup on the sever) and then enable inter-vlan routing. This then enables servers to talk to any vlan that is enabled through inter-vlan routing?

Similar Messages

  • Application Administrators can't see VLAN configuration on VMs in VMM 2012 R2

    Hi, I have the following issue on my VMM 2012 R2 infrastructure.
    I have created a cloud with a Hyper-V Cluster in it. Configured a Application Administrator Role (Self Service) and assigned all permissions related to this cloud and Hyper-V Cluster, including a couple of VM Templates and a VM Network.
    They users can see the VMs, create VMs but they cannot configure the VLAN inside the VM.
    If I go to the VM settings using the full VMM admin, I can do it, select the VM Network and then select the appropiate VLAN, but when I try to do this using the Application Administrator account I configured specifically to this Cloud and Cluster, I can
    select the same VM Network but can't see any options related to VLAN configuration.
    What am I missing? Is this the default behavior? Do I need an additional permission? Where?
    Thank you for your responses.
    Regards.
    Eduardo Rojas

    That is correct.
    Application Admins 'consume' resources (compute and storage) and have no insight into the physical part.  Especially if you are using the cloud abstraction.  "Administrators" manage the physical layer of things - that is why you can see
    / set the VLAN ID directly.
    I believe that you would need to create your Virtual Networks with the proper VLANs and the application admins can then choose based on the Virtual Network.
    The worst case is that you define a Virtual Network per VLAN so that your application admins can select an item that correlates to a specific VLAN configuration.
    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

  • VLAN Configuration for Internal and Guest Wireless

    Hello,
    We are using the following hardware…
    SG300-52MP switch -- latest firmware
    ASA 5512-X firewall -- 9.1
    Aironet AP1131AG WAP
    We have the following networks…
    10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
    10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
    10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
    The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
    Relevant parts of the WAP configuration are…
    dot11 ssid GUEST
       vlan 6
    dot11 ssid SECURE
       vlan 1
    interface Dot11Radio0
    no ip address
    ssid GUEST
    ssid SECURE
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface Dot11Radio0.6
    encapsulation dot1Q 6
    no ip route-cache
    bridge-group 255
    interface Dot11Radio1
    no ip address
    no ip route-cache
    ssid GUEST
    ssid SECURE
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface Dot11Radio1.6
    encapsulation dot1Q 6
    no ip route-cache
    bridge-group 255
    interface FastEthernet0
    no ip address
    no ip route-cache
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface FastEthernet0.6
    encapsulation dot1Q 6
    no ip route-cache
    bridge-group 255
    interface BVI1
    ip address 10.252.4.4 255.255.255.0
    no ip route-cache
    ip default-gateway 10.252.4.1
    We can manage the WAP through it’s Internal IP address (10.252.4.4).
    And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02).  [Note:  the VOIP DHCP and network access also works correctly.]
    The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
    [Note:  connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.] 
    While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
    I have a feeling that I have configured the VLANs on the ports incorrectly.
    Relevant parts of the SG300 configuration are...
    v1.3.0.62 / R750_NIK_1_3_647_260
    vlan database
    vlan 3,6
    ip dhcp snooping
    ip dhcp relay address 10.252.4.1
    ip dhcp relay enable
    bonjour interface range vlan 1
    interface vlan 1
    ip address 10.252.4.2 255.255.255.0
    no ip address dhcp
    interface vlan 3
    name VOIP
    interface vlan 6
    name Guest
    interface gigabitethernet45 -- Access mode, Untagged VLAN6
    description ASA-Guest
    ip dhcp snooping trust
    switchport mode access
    switchport access vlan 6
    interface gigabitethernet46 -- Access mode, Untagged VLAN3
    description ASA-VOIP
    ip dhcp snooping trust
    switchport mode access
    switchport access vlan 3
    interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
    description WAP1
    switchport trunk allowed vlan add 6
    interface gigabitethernet48 -- Trunk mode
    description ASA-Internal
    ip dhcp snooping trust
    ip dhcp relay enable
    Can someone who understands this switch better than I do please confirm the VLAN configuration?  THANK YOU!

    Welcome to the discussion area!
    +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
    I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
    This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
    FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

  • Fwsm - active/standby - "Vlan configuration mismatch between peers"

    Hi,
    A FWSM pair fall in to active active sittuation due to a vlan configuration mismatch. What would be the best way to synchronize configurations and return to the normal active/standbay? There is a new vlan on the primary fwsm and at present both are in active state.
    Thank you in advance.
    Zdravko

    Hi,
    To my understanding the FWSMs (even though both active) have identical configurations?
    Have you perhaps done so that on the core switch you have only issued the "firewall vlan-group only on the primary core device (to which the FWSM is attached) and not the secondary core device?
    The only time I have witnessed the same situation is when configuring a new customer link and I have only configured the primary unit (and about to configure the same on the standby unit)
    Hope it helps, not sure if the above was what you meant.
    - Jouni

  • CiscoWorks: VLAN creation failed via CM-VLAN Configuration

    Hi,
    I have trying to create VLAN on single switch via CM-VLAN Configuration and getting below message, although switch is configured with correct snmp and I can backup same device via RME and also delopy config to it via Netconfig.
    Please advice. Thanks
    I am using LMS 3.2.1; CM 5.2.2; RME 4.3.2
    Creation of VLAN failed
    "There were some errors during operation."
    Failed to perform the operation on 10.*.*.* Cause:An error occured while performing SNMP operation.
    Action:Examine and save the server log file and report the error to the product administrator for further action.

    The credentials can be changed under Common Services > Device and Credentials > Device Management.  Select the devices and click the Edit Credentials button.  Fill in the correct username and password for these devices.

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • EA6500 - VPN interface and VLan configuration feature?

    Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??

    This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here

  • Getting past "Fetch VLAN configuration - Command failed" errors in Cisco Prime Infrastructure 2.0 - How?

    I've got a handful of devices in Cisco Prime Infrastructure 2.0 which show up in the "Archive Failed Devices" view.  The "Failure Reason" is some variation of "Fetch VLAN configuration - Command failed" sometimes including "TELNET: Failed to establish TELNET connection to x.x.x.x".  What does this mean?  How do I overcome this?  In all cases, the device is configured to use SSH and has valid SSH credentials.  In all cases, I can SSH from the command line of the NCS appliance to the devices listed in the "Archive Failed Devices" view.

    Hi
    I was able to fix the "Fetch VLAN configuration - Command failed" by allowing tftp from the device to PI server in firewall. See if this can help.

  • Prime Infrastructure 2.1 - Fetch VLAN Configuration - command failed

    Hi,
    i am installing the system on a customer's site.
    i've noticed that most of the devices configured on the PI have resulted in error in the Configuration Archive with this error:
    Fetch VLAN Configuration - command failed.
    i checked that the tftp service on the PI is enabled.
    i tried manually executing from a device: copy flash:vlan.dat tftp://PI_IP and couldnt manage to do so.
    i also tried manually to do it to another tftp server and it worked.
    i dont see any FW drops.
    does anyone have any idea how to troubleshoot this?
    thanks in advance!

    As to get the VLAN information, the file in Cisco devices Flash : Vlan.dat is fetced, and if PI fails to do so, it gives this error. As it is a file in flash, PI needs to send it over to Server itself using TFTP.
    If TFPT is somehow not working between Server and devices, it may throw this error.
    Is it happening with all the devices or some perticular platform?
    If with all the device, you need to check if there is any Firewall blocking TFTP access to devices.
    Also, you can check if TFTP service on CPI is working properly by command ncs status.
    If service is affected, try to restart service - service tftp restart Or you can restart the PI Machine itself.
    -Thanks
    Vinod
    **Encourage Contributors. RATE Them.**

  • SA540 VLAN Configuration Question

    I need to connect 2 internal LANs to the SA540 but cannot work out how to set the IP addresses for the 2 VLANs on this device.  Does anyone know how to setup the relevant IP addresses for the 2 VLANs? Example: VLAN 2 IP = 192.168.5.10 and the second VLAN IP = 192.168.10.10The WAN port will connect to a single Internet device.  Any help will be greatly appreciated.

    Hi Ratan,
    The following steps apply to latest MR Firmware version 2.1.18.
    1) The first thing you need is to enable VLAN (Networking ->LAN -> VLAN Configuration -> Enable VLAN? {check this}).
    2) Next you have to create the second VLAN (Networking ->LAN ->Available VLANs ->Add...)  Name it and use the ID to associate the VLAN to (2).  If you want inter VLAN Routing to be enabled leave the box checked, otherwise uncheck it.
    3) Next we specify/edit the subnet that your new vlan will use.  (Networking ->LAN -> Multiple VLAN Subnets)  Look for the VLAN ID created above (2), and Click the Edit button.  Modify the subnet parameters as needed.
    4) Finally we assign the SA 500 ports to use the VLANS.  (Networking ->LAN ->Port VLAN)  Setup the port's Mode as Access, General, or Trunk, and assign VLAN membership as well.
    See screenshots for clarity.  If you need to create more VLANs, repeat steps 2-4 as needed.
    Hope this helps,
    Julio

  • HREAP VLAN configuration

    For no apparent reason hreap access point loses it vlan configuration in vlan mapping. Has anyonr see this?

    Enter the Detail page of the desired access point, select the H REAP tag again, and click VLAN Mapping in order to configure the 802.1Q tagging per locally switched WLAN.

  • RV110W VLAN Configuration

    I am trying to create a simple 2-VLAN configuration on an RV110W.  After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
    On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3.  I want VLAN 4 associated with port 4 only.  I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
    The VLAN Membership page looks like this:
    VLANs Setting Table
    Select
    VLAN ID
    Description
    Port 1
    Port 2
    Port 3
    Port 4
    1
    Default
    Untagged
    Untagged
    Untagged
    Untagged
    3
    WEI
    Tagged
    Tagged
    Tagged
    Excluded
    4
    JEM
    Excluded
    Excluded
    Excluded
    Tagged
    Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN.  What do I need to change?  (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .)

    I am trying to create a simple 2-VLAN configuration on an RV110W.  After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
    On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3.  I want VLAN 4 associated with port 4 only.  I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
    The VLAN Membership page looks like this:
    VLANs Setting Table
    Select
    VLAN ID
    Description
    Port 1
    Port 2
    Port 3
    Port 4
    1
    Default
    Untagged
    Untagged
    Untagged
    Untagged
    3
    WEI
    Tagged
    Tagged
    Tagged
    Excluded
    4
    JEM
    Excluded
    Excluded
    Excluded
    Tagged
    Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN.  What do I need to change?  (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .)

  • WRT160N - does it support multiple vLan configurations?

    I'm trying to find more detailed tech. specifications of this thing (WRT160N), but unfortunatelly I get only some basic marketing messages... I need to understand if this router supports vLAN configuration, as I'm thinking to have IPtv and internet on the same. My provider does integrates the IPtv into separate vLAN, but their HW is not too good in other perspectives... So I'm thinking about linksys.
     So does it support multiple vLAN configuration (i.e. dedication of separate vLAN to exact port)?

    No. VLANs are not supported in Linksys devices. You'll have to look at Cisco Small Business or better.

  • FCoE Native VLAN Configuration

    Hi
    One question about FCoE Configuration
    Is better to permit the Native VLAN (FIP VLAN) in the allowed trunk vlans or just left it in the native vlan configuration
    Here the two choices showing my doubt
    VLAN 1197
    name FIP_VLAN
    VLAN 1198
    name FCOE_VLAN
    fcoe vsan XX
    01)
    interface EthernetX/X
    switchport
    switchport mode trunk
    switchport trunk native vlan 1197
    switchport trunk allowed vlan 1197,1198
    spanning-tree port type edge trunk
    or
    02)
    interface EthernetX/X
    switchport
    switchport mode trunk
    switchport trunk native vlan 1197
    switchport trunk allowed vlan 1198
    spanning-tree port type edge trunk

    Hi,
    Usually when you add it to the trunk as native, you don't to add again.  So, option-2
    HTH

  • VLAN configuration of LAP in H-REAP WLC Setup

    Hello,
    I have a setup configured fairly simple, I think. We have a 4402 WLC at our corporate office. We also have 6 1131's split into two deployments at different offices. We have a common SSID structure across all of them (corporate and guest). Corporate works properly authenticating against Active Directory, and guest authenticates properly via the guest database. The thing I cannot get my mind around is the proper method for configuring these two SSID's to be on separate VLAN's. If it were all local, I think I'd have no problems. Do I need to configure a virtual interface on the controller? Do I need a separate one for each office? The VLAN won't exist in the corporate office (unless it needs to). My goal is to isolate guest access into it's own subnet and run it straight out to the Internet without touching the local satellite network. Thanks!
    Sean

    Ok, think I figured it out. I changed the VLAN mappings via each AP edit page and all seems well. Originally I was going to try and push the VLAN configurations for both offices via the "guest" WLAN policy, which is where I think my confusion arose. By doing that, I needed to assign the configuration through an Interface (I'm guessing). If anyone has a better suggestion, please let me know. Thanks!

  • Hardware Configuration tab doesn't show Vlan Configuration of VM

    In SCVMM 2012 R2 I can go into the properties of a VM and set the VLAN and it saves and correctly sets the VLAN on the machine.
    If I then go back into the properties the VLAN option is unchecked.  If I make a change to any other setting and save it then removes the VLAN from the machine, disconnecting it.  
    On SCVMM 2012 SP1 it worked fine, on SCVMM 2012 R2 the Hardware configuration is always missing the VLAN information.  
    Can somebody else confirm that they are having the same issue with SCVMM 2012 R2?

    Yes - I confirm that I am having the same/similar issue with SCVMM 2012 r2. In my case, I am trying to assign a different VLAN after deployment. In SCVMM, I don't see the existing VLAN information, however, VLAN ID is correct on HyperV Manager. If I change
    the VLAN ID, the change reflects in the VM however it will be missing on SCVMM.  Seems like a bug. I am also opening a case with Microsoft support.
    Cheers ! Shaba

Maybe you are looking for