«

Hello all,

We're trying to come up with a basic setup for hooking up colocation
customers at our NOC. Normally, we would just plug them into our
switch, but recently we ran into a DHCP server flake-out when a
customer hooked up a Windows 2000 server with Active Directory. and
the DHCP server decided to see it as "the boss". Anyhow, in short, we
need to do this differently.

I figured VLAN's were the way to do things, but I'm having some
trouble with our 3550 (compare to our older 2950). The customer in
question just needs one port, so I'd like to give him one port on our
switch, and have it in it's own little VLAN. However, I obviously
need to have him talking to the router that sits on port 1 as well.
Previously, I had done this using 'switchport access multi' on the
2950, but there seems to be no equivalent command on the 3550. As far
as I can tell, I will use trunking instead, but I'm pretty fuzzy on
what that entails on the router attached to port 1. It sounds like
(on the switch) I need to configure port 1 to be a trunk port that
will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
do I tell the router's ethernet port that it will be hearing traffic
with VLAN stuff in it? Or does it just automatically know how to
handle that stuff?

Here's a simple diagram of the above situation...
(hopefully you folks are running fixed-width)

3550
Switch
| | |
| | \----Customer
| | Computer
| \
| \---DHCP
| Server
7206
Router

Thanks,

Rick Kunkel

Rick Kunkel wrote:

> will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
> do I tell the router's ethernet port that it will be hearing traffic
> with VLAN stuff in it? Or does it just automatically know how to
> handle that stuff?

Think subinterfaces and 'encapsulation dot1q <vlan no.>':
http://www.cisco.com/univercd/cc/td/...6/xcfvl80q.htm

Regards,

Marco.

Rick Kunkel <kunkel(nospam)@w-link.net> writes:
....
>Previously, I had done this using 'switchport access multi' on the
>2950, but there seems to be no equivalent command on the 3550. As far
>as I can tell, I will use trunking instead, but I'm pretty fuzzy on
>what that entails on the router attached to port 1. It sounds like
>(on the switch) I need to configure port 1 to be a trunk port that
>will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
>do I tell the router's ethernet port that it will be hearing traffic
>with VLAN stuff in it? Or does it just automatically know how to
>handle that stuff?
....

It can still do 'switchport access multi', but that mode is pretty
much an either-or with trunking mode.. (although I still want a
specific trunk/multi setup to be allowed, but I can live without it).

Once you configure your uplink to be trunked, you need to configure
your router to handle the VLAN trunking. Since you say its a 3550, it
must only do dot1q trunking. Inside the router, on the gig or faste
interface, normal practice is that you'd setup subinterfaces with the
VLAN trunk encapsulation commands (ie.

int gig 0/0/0
no ip addr
int gig 0/0/0.1
ip addr 10.20.31.254 255.255.255.0
encapsulation dot1q 1
int gig 0/0/0.2
ip addr 10.20.32.254 255.255.255.0
encapsulation dot1q 2
int gig 0/0/0.3
ip addr 10.20.33.254 255.255.255.0
encapsulation dot1q 3

etc. etc. with anything else you have going on. VLAN 1 is normally
your native VLAN on the switch too. Depending on IOS version, you
might need to move your native VLAN to the main interface instead of
the 1st subinterface.

--
Doug McIntyre
Network Engineer/Jack of All Trades
Vector Internet Services, Inc.

Hello, Rick!
You wrote on Mon, 07 Jul 2003 10:12:43 -0700:

RK> We're trying to come up with a basic setup for hooking up colocation
RK> customers at our NOC. Normally, we would just plug them into our
RK> switch, but recently we ran into a DHCP server flake-out when a customer
RK> hooked up a Windows 2000 server with Active Directory. and the DHCP
RK> server decided to see it as "the boss". Anyhow, in short, we need to do
RK> this differently.

I believe PVLAN is the answer you are looking for. Here is the link -

http://www.cisco.com/en/US/products/...figuration_gui
de_chapter09186a00800c6f41.html#xtocid6

Keep in mind that 3550 doesn't support full-blown Private VLAN though. So no
Community VLAN yet.

With best regards,
Andrey.

Thanks. I was having a heck of time finging the router end of the
info on Cisco's site.

Rick


On Mon, 07 Jul 2003 19:22:43 +0200, "M.C. van den Bovenkamp"
<> wrote:

>Rick Kunkel wrote:
>
>> will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
>> do I tell the router's ethernet port that it will be hearing traffic
>> with VLAN stuff in it? Or does it just automatically know how to
>> handle that stuff?
>
>Think subinterfaces and 'encapsulation dot1q <vlan no.>':
>http://www.cisco.com/univercd/cc/td/...6/xcfvl80q.htm
>
> Regards,
>
> Marco.

Mainly, I'm interested in keeping broadcasts from creeping from one
VLAN into another, since the weirdness I'm dealing with is caused by
DHCP broadcasts to 255.255.255.255. Normal VLANs should do this,
shouldn't they? What are PVLANs?

(The link you gave me came up as 404 not found)

Thanks,

Rick Kunkel


On Mon, 7 Jul 2003 17:58:08 -0700, "Andrey Tarasov" <>
wrote:

>Hello, Rick!
>You wrote on Mon, 07 Jul 2003 10:12:43 -0700:
>
> RK> We're trying to come up with a basic setup for hooking up colocation
> RK> customers at our NOC. Normally, we would just plug them into our
> RK> switch, but recently we ran into a DHCP server flake-out when a customer
> RK> hooked up a Windows 2000 server with Active Directory. and the DHCP
> RK> server decided to see it as "the boss". Anyhow, in short, we need to do
> RK> this differently.
>
>I believe PVLAN is the answer you are looking for. Here is the link -
>
>http://www.cisco.com/en/US/products/...figuration_gui
>de_chapter09186a00800c6f41.html#xtocid6
>
>Keep in mind that 3550 doesn't support full-blown Private VLAN though. So no
>Community VLAN yet.
>
>With best regards,
>Andrey.

At the bottom of your message, you mention the "native" VLAN. I've
seen a lot of talk and config things pertaining to the "native" VLAN,
but I'm a little mystified as to what the significance is. Also, it
seems that the native VLAN is not tagged.

Here are a few questions that I can't seem to find answers to on
Cisco's web site. (They're very good at configuration help, but they
seem to assume that you know WHY you'd use certain technologies or
configuration styles, and very often that's the bit I can't find on
their site, or elsewhere.)

What is the purpose of the native VLAN?

Is VLAN 1 normally the default native VLAN?

(Somewhat related) I've seen a few suggestions to avoid using VLAN 1.
They suggest that VLAN 1 is used internally by the system, despite
whether you useit for traffic or not, and that it's best to let VLAN 1
be and start your VLANs with another number. Sounds reasonable?

How is a native VLAN related to the above concept above, if at all?

Thanks much,

Rick Kunkel




On 07 Jul 2003 17:32:01 GMT, Doug McIntyre <> wrote:

>Rick Kunkel <kunkel(nospam)@w-link.net> writes:
>...
>>Previously, I had done this using 'switchport access multi' on the
>>2950, but there seems to be no equivalent command on the 3550. As far
>>as I can tell, I will use trunking instead, but I'm pretty fuzzy on
>>what that entails on the router attached to port 1. It sounds like
>>(on the switch) I need to configure port 1 to be a trunk port that
>>will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
>>do I tell the router's ethernet port that it will be hearing traffic
>>with VLAN stuff in it? Or does it just automatically know how to
>>handle that stuff?
>...
>
>It can still do 'switchport access multi', but that mode is pretty
>much an either-or with trunking mode.. (although I still want a
>specific trunk/multi setup to be allowed, but I can live without it).
>
>Once you configure your uplink to be trunked, you need to configure
>your router to handle the VLAN trunking. Since you say its a 3550, it
>must only do dot1q trunking. Inside the router, on the gig or faste
>interface, normal practice is that you'd setup subinterfaces with the
>VLAN trunk encapsulation commands (ie.
>
>int gig 0/0/0
> no ip addr
>int gig 0/0/0.1
> ip addr 10.20.31.254 255.255.255.0
> encapsulation dot1q 1
>int gig 0/0/0.2
> ip addr 10.20.32.254 255.255.255.0
> encapsulation dot1q 2
>int gig 0/0/0.3
> ip addr 10.20.33.254 255.255.255.0
> encapsulation dot1q 3
>
>etc. etc. with anything else you have going on. VLAN 1 is normally
>your native VLAN on the switch too. Depending on IOS version, you
>might need to move your native VLAN to the main interface instead of
>the 1st subinterface.

Hello, Rick!
You wrote on Tue, 08 Jul 2003 08:42:38 -0700:

RK> Mainly, I'm interested in keeping broadcasts from creeping from one
RK> VLAN into another, since the weirdness I'm dealing with is caused by
RK> DHCP broadcasts to 255.255.255.255. Normal VLANs should do this,
RK> shouldn't they? What are PVLANs?

Yes, normal VLAN do this just fine. The problem with normal VLAN in colo
environment is that you will end up splitting your IP range in many many small
sub-nets, wasting IP addresses and making complex configuration.

Let say you have 100 customers, you will need 100 sub-nets, 100 sub-interfaces
on your router, 298 IP addresses will be wasted for brodcast, network and
gateway IP's.

RK> (The link you gave me came up as 404 not found)

I just checked it again - it's working. Make sure that you copied it correctly.
You can also search cisco.com with the following keywords - 3550 private vlan -
click on first link "Cisco Catalyst 6000 Series Switches - Private VLAN Catalyst
Switch Support Matrix", scroll down to the table and in Catalyst platform column
click on "Catalist 3550" - that will give you the same document.

Regards,
Andrey.

RK> On Mon, 7 Jul 2003 17:58:08 -0700, "Andrey Tarasov" <>
RK> wrote:

>> Hello, Rick!
>> You wrote on Mon, 07 Jul 2003 10:12:43 -0700:

RK>>> We're trying to come up with a basic setup for hooking up colocation
RK>>> customers at our NOC. Normally, we would just plug them into our
RK>>> switch, but recently we ran into a DHCP server flake-out when a
RK>>> customer hooked up a Windows 2000 server with Active Directory. and
RK>>> the DHCP server decided to see it as "the boss". Anyhow, in short, we
RK>>> need to do this differently.

>> I believe PVLAN is the answer you are looking for. Here is the link -

>> http://www.cisco.com/en/US/products/...s646/products_
>> configuration_gui de_chapter09186a00800c6f41.html#xtocid6

>> Keep in mind that 3550 doesn't support full-blown Private VLAN though. So
>> no
>> Community VLAN yet.

>> With best regards,
>> Andrey.

With best regards,

In article <>, NOSPAM-
says...
> At the bottom of your message, you mention the "native" VLAN. I've
> seen a lot of talk and config things pertaining to the "native" VLAN,
> but I'm a little mystified as to what the significance is. Also, it
> seems that the native VLAN is not tagged.
>
> Here are a few questions that I can't seem to find answers to on
> Cisco's web site. (They're very good at configuration help, but they
> seem to assume that you know WHY you'd use certain technologies or
> configuration styles, and very often that's the bit I can't find on
> their site, or elsewhere.)

That is true about Cisco's website. They do have explanations, but you
have to ferret them out!


> What is the purpose of the native VLAN?
> Is VLAN 1 normally the default native VLAN?

For switches, VLAN 1 is the default native VLAN. Native VLAN comes into
play when you trunk a port. If that trunk should fail, the only VLAN
that can use the link is the native vlan. So whatever VLAN was assigned
to the port when you created the trunk...becomes the native VLAN.
Normally, VLAN 1 is the default hence it becomes a native VLAN. BUt you
can certainly assign something else to the port before you make it a
trunked port.

Also, Cisco chose not to tag the native VLAN. This can come into play
at different times. But newer CatOS/IOS code has the option of tagging
the native vlan as well.

> (Somewhat related) I've seen a few suggestions to avoid using VLAN 1.
> They suggest that VLAN 1 is used internally by the system, despite
> whether you useit for traffic or not, and that it's best to let VLAN 1
> be and start your VLANs with another number. Sounds reasonable?

It's generally recommended by Cisco to avoid putting user traffic on
VLAN 1.

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************

hi

a switched environment is imho not really a good solution for colocation. -
think of arp-poisoning or problems you had (dhcp)
so a layer3-based separation is the way to go

one solution is (as others here supposed to do) to have a trunk (dot1q)
between the router and the switch.

another one would be, using the 3550 (if it's running an emi-software) as
the layer3-device

....or another solution: get a used 2948G-L3 on ebay
(or two of them - running hsrp and giving the customers the option having
redundant connection)

regards, curtis


"Rick Kunkel" <kunkel(nospam)@w-link.net> schrieb im Newsbeitrag
news:...
> Hello all,
>
> We're trying to come up with a basic setup for hooking up colocation
> customers at our NOC. Normally, we would just plug them into our
> switch, but recently we ran into a DHCP server flake-out when a
> customer hooked up a Windows 2000 server with Active Directory. and
> the DHCP server decided to see it as "the boss". Anyhow, in short, we
> need to do this differently.
>
> I figured VLAN's were the way to do things, but I'm having some
> trouble with our 3550 (compare to our older 2950). The customer in
> question just needs one port, so I'd like to give him one port on our
> switch, and have it in it's own little VLAN. However, I obviously
> need to have him talking to the router that sits on port 1 as well.
> Previously, I had done this using 'switchport access multi' on the
> 2950, but there seems to be no equivalent command on the 3550. As far
> as I can tell, I will use trunking instead, but I'm pretty fuzzy on
> what that entails on the router attached to port 1. It sounds like
> (on the switch) I need to configure port 1 to be a trunk port that
> will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
> do I tell the router's ethernet port that it will be hearing traffic
> with VLAN stuff in it? Or does it just automatically know how to
> handle that stuff?
>
> Here's a simple diagram of the above situation...
> (hopefully you folks are running fixed-width)
>
> 3550
> Switch
> | | |
> | | \----Customer
> | | Computer
> | \
> | \---DHCP
> | Server
> 7206
> Router
>
> Thanks,
>
> Rick Kunkel
>