VLAN Help - LRT214

Similar Messages

• Native VLAN on LRT214

  hi,
  the native vlan of my trunks ports is not the default vlan 1. so how do you set a native vlan id different then 1 on the LRT214 router?
  thx,
  stef
  Solved!
  Go to Solution.

  AFAIK you can't. The native VLAN must be VLAN1.
  Please remember to Kudo those that help you.
  Linksys
  Communities Technical Support

• Adsl and vlan help

  hello, im new to ccna .
  please any expert help me in this sinario,
  router 1721 with one wic-1adsl ,i have adsl conection with irb static ip.
  the router connect with mannaged switch through a trunk port.
  the switch has 2 vlans one for the static IPs and the other for private lan.
  i need the private lan to be able to go to internet please any ideas.
  the router configuration is as follows:
  Building configuration...
  Current configuration : 1272 bytes
  ! Last configuration change at 16:50:18 pc Fri May 10 2013 by admin
  version 12.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname BELCO
  boot system tftp c1700-k9o3sy7-mz.122-15.T17.bin 62.x.x.7x
  logging queue-limit 100
  username admin privilege 15 password 0 HES2010
  clock timezone pc 0
  ip subnet-zero
  ip cef
  bridge irb
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  pvc 0/35
    encapsulation aal5snap
  dsl operating-mode auto
  bridge-group 1
  interface ATM1
  no ip address
  shutdown
  no atm ilmi-keepalive
  dsl operating-mode auto
  interface FastEthernet0
  no ip address
  speed auto
  interface FastEthernet0.1
  description LAN
  encapsulation dot1Q 1 native
  ip address 192.168.1.10 255.255.255.0
  interface FastEthernet0.2
  description WAN
  encapsulation dot1Q 2
  ip address 62.x.x.7x 255.255.255.248
  interface BVI1
  mac-address 0000.0cc9.fa98
  ip address 10.186.10.106 255.255.255.252
  ip classless
  ip route 0.0.0.0 0.0.0.0 BVI1
  ip http server
  ip http authentication local
  bridge 1 protocol ieee
  bridge 1 route ip
  line con 0
  speed 115200
  line aux 0
  line vty 0 4
  privilege level 15
  login local
  transport input telnet
  no scheduler allocate
  end
  so vlan2 can go to internet because it has the same subnet with provider but vlan 1 canot go internet.
  so how i can make all vlans go internet(the router has only 1 fastethernet port)
  thanks in advanced for any help.

  OK, so you need to take IP from your public range and assign it to loopback interface.
  OR you can use on both subinterfaces private addresses and entire public range use for PAT, statc NAT or what ever, it depends on your reqiurements. How many devices do you have on 62.135.115.72/29 subnet?
  If I were you, I would choose second option because in first option you have to lower subnet mask on Fa0.2 from / 29 to /30 which leaves you with only 1 host on this LAN segment!!!
  This configuration will ensure that subnet 192.168.1.0/24 will access internet with public IP 62.135.115.72 and subnet 192.168.2.0/24 will access internet with public IP 62.135.115.73.
  And you still have 6 more free public IPs for what ever you will need them (static NAT, static portforward. VPN,....)
  interface Loopback 72
  ip add 62.135.115.72 255.255.255.255
  ip nat outside
  interface Loopback 73
  ip add 62.135.115.73 255.255.255.255
  ip nat outside
  interface Loopback 74
  ip add 62.135.115.74 255.255.255.255
  ip nat outside
  interface Loopback 75
  ip add 62.135.115.75 255.255.255.255
  ip nat outside
  interface Loopback 76
  ip add 62.135.115.76 255.255.255.255
  ip nat outside
  interface Loopback 77
  ip add 62.135.115.77 255.255.255.255
  ip nat outside
  interface Loopback 78
  ip add 62.135.115.78 255.255.255.255
  ip nat outside
  interface Loopback 79
  ip add 62.135.115.79 255.255.255.255
  ip nat outside
  interface FastEthernet0.1
    description LAN
    encapsulation dot1Q 1 native
    ip nat inside
    ip address 192.168.1.10 255.255.255.0
  interface FastEthernet0.2
    description WAN
    encapsulation dot1Q 2
    ip nat inside
    ip address 192.168.2.10 255.255.255.0
  ip access-list extend NAT_ACL_1
    deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
    permit ip 192.168.1.0 0.0.0.255 any
    deny ip any any
  ip access-list extend NAT_ACL_2
    deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
    permit ip 192.168.2.0 0.0.0.255 any
    deny ip any any
  route-map NAT_MAP_1
    match ip address NAT_ACL_1
  route-map NAT_MAP_2
    match ip address NAT_ACL_2
  ip nat inside source route-map NAT_MAP_1 interface Loopback72 overload
  ip nat inside source route-map NAT_MAP_2 interface Loopback73 overload
  Best Regards
  Please rate all helpful posts and close solved questions

• VLAN help SG300

  I've successfully setup a VLAN but....
  From 192.168.1.x I can ping everything on 192.168.50.x
  Inside of VLAN 50 ports 5&6 both the laptop and the nas server can talk to 192.168.50.1.
  From 192.168.1.x I can access all of the 192.168.50.1 resources.
  Inside VLAN 50 I can ping 192.168.50.1 but cannot access anything else inside the VLAN or out.
  From the laptop 192.168.50.100 I cannot ping 192.168.50.50 (NAS) but I can ping the 192.168.50.1 gateway. I cannot ping any internet addresses.
  New guy learning VLANS here. Any ideas why this is happening?

  Hello,
  Im glad that you were able to get it to work.
  In regards to your questions:
  1- How do I benefit doing this layer 2 as you suggest as opposed to doing it layer 3? It depends on your configuration, the switch, even on layer 3 won't do NAT so it won't be able to take PC's out to the internet, which means that you have to do a lo more configuration than if you just use a router and the switches on layer 2.
  2- My understanding is that layer 3 is more efficient than layer 2 unless that is wrong. I don't know. Again, this is not a "One size fits all" type of configuration, depending on the amount of traffic, you may want to keep the local traffic restricted to the switch, which usually is more powerful than the router and just send the internet traffic (more lightweight) to the router.
  3-If I was using a 3rd party firewall that doesn't have the Inter VLAN setting and does not support VLANS wouldn't I be suck going layer 3 to make all of this work? Yes, if you have a router that is not VLAN capable, then you will definitely have to configure your switch on layer 3 to route the VLANS and only use the router as your Gateway to the internet.
  I hope this was helpful.
  Please remember to mark an answer as correct if it was helpful to you so that other members can benefit from it.

• VLAN Help!!! Please

  Hello,
  I have 2 cisco 3550 switches. I have 2 vlans, VLAn1 & VLAN3. I have 3 ports on vlan 3 & all others on vlan 1. I need to grant access to 2 ports that currently are on vlan1 access to vlan 3. In essence, I need to know the CLI commands to grant 3 ports access to vlan 1 & vlan 3. Can someone help me. Thanks in advance.

  First, you need inter-VLAN connectivity (routing). You would typically do this by creating Switched Virtual Interfaces (SVIs) on one of the 3550's. If you want to restrict access between the VLANs then you could apply access-lists to the SVIs.
  int vlan 1
  ip add 192.168.1.1 255.255.255.0
  no shut
  int vlan 3
  ip add 192.168.2.1 255.255.255.0
  no shut

• RV220W - VLAN help required

  Hi,
  I am having an issue with a new vlan on this router. The router is using the default firmware 1.0.0.26 as I cannot use 1.0.1.0 as we have a DSL connection which required PPPoE.
  VLAN1 is for the our work PC's and our SBS which also acts as the DHCP server. The router is set with a static address and has the DHCP disabled.
  VLAN5 is for a group of PC's which are only to have access to the Internet and nothing else on the network. I have done some screenshots of the settings.
  When I connect a PC to port 4, a valid IP is not recieved from the DHCP set up for VLAN5, instead the PC recieves an IP address from SBS which is on VLAN1, it also shows that I am connected to the local domain on VLAN1. Am I missing something, is there anything else which needs settings. I can't figure out why I am not getting a 192.168.5.0 address.
  My wireless secure VLAN10 works fine, and recieves the correct IP address.
  Any help would be appreciated.
  Michael.

  Michael,
  Well have been reviewing your posts and also set similar configuration in our lab. Note that i did have some trouble; no trouble with the RV220W but rather the switch was shutting down one of the connected ports to RV220W. So i went into SG-302 switch and disabled STP on that port and everything started working fine. So, this is most likely similar in your case as well. Also if the netgear is a fully managed switch why don't you just truck both vlan's on the same port. This will free up two ports in your network. you mentioned that you were getting an ip address from vlan 1 when you were connected to vlan 10, even with your configuration file i did not experience anything like this. On the wireless side you might want to reconnect to each SSID and test. When testing you want to make sure you do a (ipconfig /release) and (ipconfig /renew) your IP stack might be keeping settings from your pervious connected network.
  Thanks,
  Jason Bryant
  Cisco Support Engineer
  .:|:.:|:.

• WRVS4400n VLAN Help

  I have just received a Cisco WRVS4400N v2.0.0.7 Router & trying to configure it like this:
  2 VLANs & 2 wireless SSIDs
  VLAN1 default (Port 1 on Router)
  VLAN2 for Office (Port 2 on Router) &
  VLAN3 for Client/Guest (Port 3 on Router) no access to VLAN2
  I would also like one of the wireless SSIDs to be on the same network as VLAN2 & have access to VLAN2
  Also want VLAN2 to be network 192.168.2.0
  I have accomblished all except I cannot get either wireless SSID to commnicate with VLAN2
  VLAN DHCP creates scopes of 192.168.3.0 & 5.0 (I need to 192.168.2.0 to match my current office network)
  I know I can change the router network to 192.168.2.0 but that would mean I would have my Office network on VLAN1 (Port 1 of Router), I thought
  Port 1 was for the default VLAN used for Admin stuff.
  Can anyone give me some suggestions on this?
  Thanks for your help in advance.
  Wayne

  Hi HC-Ralph and welcome to the Cisco Home Community!
  The WRVS4400N is now being handled by the Cisco Small Business Support Community.
  For discussions about this product, please go here.
  OnnagokorO

• Voice VLAN Help Please

  My customer has 2 SG300-52P and 5 SG300-28P. We installed a VoIP phone system earlier this year. At the time of install we placed the phone system on the native VLAN 1. Now they want to move the phone system to a new VLAN because their class C subnet is running out of addresses. DHCP is handled by their Active Directory and their router/firewall is an Untangle Box. The SG300 switches have a basic configuration only.
  To move the phone system to a new VLAN I created VLAN 20 on every switch. I then turned Auto Voice VLAN on. I have every port on every switch set to trunk. Computers are plugged into back of phones. I then created a virtual interface on the Untangle Box for VLAN 20. The Untangle Box is also handling DHCP for the new VLAN. Active Directory is still handling DHCP for native VLAN.
  From each switch I can ping the gateway of the new VLAN. From each computer I can ping the gateway and the phone system on the new VLAN. However, the phones will not grab an address on the VLAN and when they are set to static, they cannot communicate with other devices on the VLAN.
  Any help would be highly appreciated. I am not sure what I am overlooking.

  Here is an example of part of a working switch config with Zultys phones where voice VLAN is 100 and data VLAN is 10:
  vlan database
  vlan 10,20,100 
  exit
  voice vlan id 100 
  interface fastethernet1
   description "RCP and Voice"
   switchport trunk allowed vlan add 100 
   switchport trunk native vlan 10 
  interface fastethernet2
   description "RCP and Voice"
   switchport trunk allowed vlan add 100 
   switchport trunk native vlan 10 
  In your case you need a trunk port with VLAN 20 tagged on your firewall (or an access port to a separate physical port on VLAN 20.  The default gateway served to the phone (or put there statically) should be the interface on the IP.  Then you may also want to allow inter-vlan routing for admin access or MXIE if you are using it.
  One thing to note on Zultys is by default I think the device profile disables LLDP, but on the phones it is enabled out of the box.  So the first time a phone downloads its config from the Zultys it may turn of LLDP unless you checked the box to keep it on.

• VLAN Help

  I'm trying to set up two VLANs on my 1230B AP. One VLAN is configured to do static 128 bit WEP, the other VLAN is configured to do 802.1x authentication (WPA optional). The problem is with the 802.1x VLAN - the Radius server never sees anything from the AP. Thoughts?

  Check whether the port connected to Radius server belongs to both VLAN.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080417993.html
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080419702.html#wp1038739

• VLAN Help needed ...

  Hii Everybody,
  I am new to the VLANS , so i would like to have suggestions from you people .
  I have a 10 MB Internet >> connected to Firewall >> connected to L3 Switch >> There are about 40 L2 switches beneath this L3 Switch with no STP as the physical design itself was not done for switch to switch redundancy .
  And for your information I have Windows DHCP Server which assigns IPs to the clients . As of now I haven't created any VLANS . My clarifications are :
  1>> How can I create VLANS here ? Do I need to create the same in L3 switch ?
  2>> If i am assigning different subnets to different VLANS how would the clients get IP from DHCP ?
  3>> If possible can anyone here provide some basic configuration here to give me the idea ?
  Thanks in Advance,
  Max

  Please use one thread for your question.
  I have answered you on the other thread, so we can continue using that one. Please delete this one.
  Thanks
  Victor

• Private Vlan help

  I have read the documentation (http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a44.html). Still need a bit more clarification. The concept of Primary vs isolated? Is the Private-Vlan primary command run at the Core, intermediate and edge switches or is the isolated setting at the edge device only.

  ok
  here goes
  private vlans are designed to protect traffic right?
  there are several concepts here
  isolated-can only talk out through the promiscuous port I.E. to it's default gateway
  community ports-these are ports where say 2 devices on same l2 network should be allowed to talk to each other and then out to promiscuous port.
  So you can have multiple community ports isolated ports and such within a private vlan.
  Real world example
  I have l3 network
  10.1.1.X
  machine 1-should not be able to talk to anyone on same switch, only out to internet.
  gets an isolated port
  Mmachines 2-3 need to talk to each other cause they do db replication but no one else and are on same vlan.
  these get a community port.
  HTH
  Chris

• Sg200-sg300 vlan help

  I am experimenting with a setup carrying vlan's to other parts of a building through switches.
  My current config doesn't work. Anyone care to lend some brainpower?
  Here is a crude drawing. https://dl.dropboxusercontent.com/u/45775353/nc-vlan-lab.pdf
  Basically I want to give devices access to Vlan's 10,20, and 30 on another side of the building. We have LAG groups tagged with each vlan going to each switch. On the final switch we are using general instead of trunk port settings for the last mile to the wap.
  I tried it with access, and ingress filtering on/off. Nothing worked.
  I am obviously missing something.

  It would be nice if they showed you all the memberships in the same screen. It does look like that for the LAG group.

• Some VLAN help

  I used this documentation to setup my WLC in a lab for testing.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
  Vlan 1 = 10.5.32.1 255.255.248.0
  Vlan 200 = 10.5.40.1 255.255.248.0
  I have two vlans 1 and 200. I created a vlan 200 interface just like in the documentation on the WLC. The ap is plugged into a port on vlan 200 and can associate with the WLC (and grab a dhcp address) from a dhcp server which is on VLAN 10.
  I have no secuirty set up on the wireless ap as im just playing around with things. I can ping the wireless interface i made on the WLC from the WLC but i cant ping it from any other device. Is that normal? Reading the documentation it sounds like i should be able to ping the wireless interface from any device on the network (i cant ping the wireless interface from the ap either)
  Also i think this is cause the problem where the laptop tries to associate with the ap it cant get an ip address.
  I have a 3560 running a layer 3 IOS for this lab. With the WLC on a port that allows multiple vlans do i need to setup a static route of some sort to allow communication? Or maybe im just in over my head lol
  Any information you need dont hesitate to ask! Thanks!!!

  I think this is the same problem im having
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1de022be

• Cisco 3750 ping failures after stack upgrade

  I just updated my 4 stack of 3750X switches from 12.x IOS to 15.0.2 IOS. Only 2 of them updated correctly the first time, I had to manually update to the other 2. After getting all of them upgrade I restarted the entire stack.
  After that I cannot get PCs not on my default VLAN to talk to their DHCP servers or ping anywhere in the network. I get a "PING: transmit failed. General failure". I can however, ping into my default vlan from the switch and ping out to other locations from the switch.
  I've tried the following:
  Checking firewall status on several (WIN 7) pc's, it's off
  Changing ports on switch (no change)
  Restarting the PC (no change)
  Release/renew ipconfig (no change)
  flushdns (no change)
  clear ARP table on switch
  set un-set spanning-tree portfast (no change)
  check interface status (up and up)
  check vlan interface status (up and up)
  changed vlans (no change)
  checked VLAN help addresses (still there)
  Any help at this point is appreciated as my network is entirely down right now.

  I can set my laptop statically to a VLAN address, and I can ping out, get to the internet, ping between VLANs, etc. But if I just set a port (or leave it in the default VLAN) it will give me the “PING: transmit failed. General failure.” DHCP requests still aren’t getting fulfilled and even pings won’t go through if there’s not a statically set address. Nothing changed on my server configs and I even restarted my DHCP servers after encountered this problem. My guess is this is a new feature that’s turned on by default in the new IOS that needs to be disabled. Any help is appreciated.

• DCHP snooping requirement on 5760 controller

  To All;
  I like to know if DHCP snooping is a requirement in a centralized deployment where there is one 5760 and 5508 for guest access.
  In "Converged-Access-White Paper" page 31 states DHCP snooping is required in the Converged Access deployment and I am not clear if this requirement is for deployments with 3850 switches which is not my case.
  Thanks;

  I am  not referring to AP IP addresses, but client IP (Yes it is a good practice to keep AP IP  in DHCP so it is more flexible from operation point of view).
  I like to know if DHCP and DCHP snooping are REQUIREMENT for roaming when the APs are associated to a 5760 instead of 3850
  No, it is not specific to 5760 instead of 3850. It is a best practice configuration in Converged Access where enabling DHCP snooping on wireless vlans help to build different client database tables & helping wireless client to get IP addresses much quicker.
  HTH
  Rasika
  **** Pls rate all useful responses ****