Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VLAN Questions

Reply
Thread Tools

VLAN Questions

 
 
Bob Simon
Guest
Posts: n/a
 
      01-09-2007
In a previous job a few years ago I needed to create two isolated
VLANs on a 2900 with no connectivity between them. One other port on
the switch had to be a member of both VLANs. I used the switchport
mode multi command to accomplish this design and did not configure any
ports as trunk.

Now I need to do something equivalent on a 2950 but it appears that
switchport mode multi is not supported (IOS 12.1). Do I have to
configure a 2950 port as a trunk to accept packets from either VLAN?
Is there another way to do this?

Is dot1q encapsulation pretty much always used these days instead of
ISL just because it's a standard?

VLAN 1 on the 2950 has an IP address, which is how I reach the switch
to manage it. Does VLAN 2 need one too? If so, why?

The switch port that will become a trunk is now connected to a 3745
router. Do I need to define two subinterfaces on this router each
configured with dot1q encapsulation and an IP address for VLAN1 and
VLAN2?

I don't want traffic to route between the two VLANs. I presume that
since the two subinterfaces are directly connected to the router, it
will automatically route between them. Right?

Is the best way to prevent this an access list?

ip access-list extended no_route
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any any

int f0/0
ip access-group no_route in

 
Reply With Quote
 
 
 
 
www.BradReese.Com
Guest
Posts: n/a
 
      01-10-2007
Hi Bob,

You may wish to investigate the Cisco Catalyst 2950 Config Wizard:

http://www.ifm.net.nz/cookbooks/2950wizard.html

Sincerely,

Brad Reese
http://www.BradReese.Com

 
Reply With Quote
 
 
 
 
BernieM
Guest
Posts: n/a
 
      01-10-2007

"Bob Simon" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> In a previous job a few years ago I needed to create two isolated
> VLANs on a 2900 with no connectivity between them. One other port on
> the switch had to be a member of both VLANs. I used the switchport
> mode multi command to accomplish this design and did not configure any
> ports as trunk.
>
> Now I need to do something equivalent on a 2950 but it appears that
> switchport mode multi is not supported (IOS 12.1). Do I have to
> configure a 2950 port as a trunk to accept packets from either VLAN?
> Is there another way to do this?


It's one easy way.

>
> Is dot1q encapsulation pretty much always used these days instead of
> ISL just because it's a standard?


Yes.

>
> VLAN 1 on the 2950 has an IP address, which is how I reach the switch
> to manage it. Does VLAN 2 need one too? If so, why?


No.

>
> The switch port that will become a trunk is now connected to a 3745
> router. Do I need to define two subinterfaces on this router each
> configured with dot1q encapsulation and an IP address for VLAN1 and
> VLAN2?


Yes.

>
> I don't want traffic to route between the two VLANs. I presume that
> since the two subinterfaces are directly connected to the router, it
> will automatically route between them. Right?


does vlan 2 exist anywhere else? do the hosts in vlan 2 need to get out?
if not then don't trunk it to the 3750.

>
> Is the best way to prevent this an access list?
>
> ip access-list extended no_route
> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
> permit ip any any
>
> int f0/0
> ip access-group no_route in
>



 
Reply With Quote
 
Bob Simon
Guest
Posts: n/a
 
      01-10-2007
On Wed, 10 Jan 2007 08:38:15 GMT, "BernieM" <(E-Mail Removed)>
wrote:

>
>"Bob Simon" <(E-Mail Removed)> wrote in message
>news(E-Mail Removed).. .
>> In a previous job a few years ago I needed to create two isolated
>> VLANs on a 2900 with no connectivity between them. One other port on
>> the switch had to be a member of both VLANs. I used the switchport
>> mode multi command to accomplish this design and did not configure any
>> ports as trunk.
>>
>> Now I need to do something equivalent on a 2950 but it appears that
>> switchport mode multi is not supported (IOS 12.1). Do I have to
>> configure a 2950 port as a trunk to accept packets from either VLAN?
>> Is there another way to do this?

>
>It's one easy way.
>
>>
>> Is dot1q encapsulation pretty much always used these days instead of
>> ISL just because it's a standard?

>
>Yes.
>
>>
>> VLAN 1 on the 2950 has an IP address, which is how I reach the switch
>> to manage it. Does VLAN 2 need one too? If so, why?

>
>No.
>
>>
>> The switch port that will become a trunk is now connected to a 3745
>> router. Do I need to define two subinterfaces on this router each
>> configured with dot1q encapsulation and an IP address for VLAN1 and
>> VLAN2?

>
>Yes.
>
>>
>> I don't want traffic to route between the two VLANs. I presume that
>> since the two subinterfaces are directly connected to the router, it
>> will automatically route between them. Right?

>
>does vlan 2 exist anywhere else?

No.
> do the hosts in vlan 2 need to get out? if not then don't trunk it to the 3750.

Yes.

I thought of another possible solution. Can VLAN 2 be untagged? Or
when I set up port 1 of the 2950 as a trunk, is there a way to NOT
encapsulate in 802.1q? After all, I don't need the 3745 to recognize
the "color" of the VLAN.
 
Reply With Quote
 
BernieM
Guest
Posts: n/a
 
      01-10-2007

"Bob Simon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 10 Jan 2007 08:38:15 GMT, "BernieM" <(E-Mail Removed)>
> wrote:
>
>>
>>"Bob Simon" <(E-Mail Removed)> wrote in message
>>news(E-Mail Removed). ..
>>> In a previous job a few years ago I needed to create two isolated
>>> VLANs on a 2900 with no connectivity between them. One other port on
>>> the switch had to be a member of both VLANs. I used the switchport
>>> mode multi command to accomplish this design and did not configure any
>>> ports as trunk.
>>>
>>> Now I need to do something equivalent on a 2950 but it appears that
>>> switchport mode multi is not supported (IOS 12.1). Do I have to
>>> configure a 2950 port as a trunk to accept packets from either VLAN?
>>> Is there another way to do this?

>>
>>It's one easy way.
>>
>>>
>>> Is dot1q encapsulation pretty much always used these days instead of
>>> ISL just because it's a standard?

>>
>>Yes.
>>
>>>
>>> VLAN 1 on the 2950 has an IP address, which is how I reach the switch
>>> to manage it. Does VLAN 2 need one too? If so, why?

>>
>>No.
>>
>>>
>>> The switch port that will become a trunk is now connected to a 3745
>>> router. Do I need to define two subinterfaces on this router each
>>> configured with dot1q encapsulation and an IP address for VLAN1 and
>>> VLAN2?

>>
>>Yes.
>>
>>>
>>> I don't want traffic to route between the two VLANs. I presume that
>>> since the two subinterfaces are directly connected to the router, it
>>> will automatically route between them. Right?

>>
>>does vlan 2 exist anywhere else?

> No.
>> do the hosts in vlan 2 need to get out? if not then don't trunk it to
>> the 3750.

> Yes.
>
> I thought of another possible solution. Can VLAN 2 be untagged? Or
> when I set up port 1 of the 2950 as a trunk, is there a way to NOT
> encapsulate in 802.1q? After all, I don't need the 3745 to recognize
> the "color" of the VLAN.


Configure it as the 'native vlan' to have it untagged ... "switchport trunk
native vlan 2"

Another two ways ... don't configure a vlan 2 interface on the 3745, or
don't configure a default gateway hosts in vlan 2 and don't configure proxy
arp on the 3745.

The ACL solution is fine if you need to access vlan 2 hosts across the
network for management / administrative reasons but if it's a truly isolated
vlan than there's a few options available.

BernieM


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VLan OR NO VLan rahul_hotin Cisco 1 04-27-2005 04:38 AM
native vlan mismatch on 2 2924 switches w/ only 1 vlan defined (same on both switches) avraham shir-el Cisco 4 07-20-2004 08:08 AM
HI, I have some question about native vlan and default vlan. PS2 gamer Cisco 1 05-28-2004 11:47 AM
Auxiliary VLAN V VLan Neil Rowland Cisco 1 04-14-2004 02:03 PM
VLAN or Not to VLAN Paul Cisco 0 10-27-2003 06:16 PM



Advertisments