Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > How can I connect 1 Switch to 2 different networks ?

Reply
Thread Tools

How can I connect 1 Switch to 2 different networks ?

 
 
Sako
Guest
Posts: n/a
 
      04-23-2007
Hi gents ! My problem is difficult to explain, but i hope you can
understand.

I want to make a new VLAN in a switch, connecting this VLAN to a other
switch and I want those VLAN ports to act as if they where part of the
other switch, how should switch ports be configured ?

Explain :

We have moved to a old building where we had a existing network, and
my current network design is this:

I have 2 networks connected to a cisco 3745, I'll call Main=
192.211. Old=192.233. , son main and old networks are connected to the
router. In the main network I have 2 DMZ placed in 2 different VLANS,
those VLANS do trunking over the switches, the old network is a single
broadcast network .

So I want to have a Switch connected to the 192.221. network as
VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
connected to four interfaces. I can connect main and old networks to
the same switch fisically so I don't need the traffic to pass throught
the router. I don't need to access Old network from the Main one I
only want to place in my computer room 3 machines that ONLY will be
working in the Old network and for this purpose I don't want to waste
a full switch.

So I thought making a new VLAN in the Main network router which was
connected with a cross-over cable to a Old network switchport. How do
i have to config switchports / trunking?

The switch is a 2960G, now I have 2 2950 doing the job. this are
the configs :

version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname swCPD-1
!
logging buffered informational
aaa new-model
##
##
clock timezone GMT+1 1
clock summer-time GMT+1 recurring
ip subnet-zero
no ip finger
!
!
spanning-tree portfast bpduguard
!
!
interface FastEthernet0/1 // I want this interface to be in the old
network
!
interface FastEthernet0/2// I want this interface to be in the old
network
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
description CRUZADO AL CSS-1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/14
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/15
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
!
interface FastEthernet0/21
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
ip address 192.221.7.12 255.255.0.0
no ip route-cache
!
ip default-gateway 192.221.1.1

end

 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      04-23-2007
On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:
> Hi gents ! My problem is difficult to explain, but i hope you can
> understand.
>
> I want to make a new VLAN in a switch, connecting this VLAN to a other
> switch and I want those VLAN ports to act as if they where part of the
> other switch, how should switch ports be configured ?
>
> Explain :
>
> We have moved to a old building where we had a existing network, and
> my current network design is this:
>
> I have 2 networks connected to a cisco 3745, I'll call Main=
> 192.211. Old=192.233. , son main and old networks are connected to the
> router. In the main network I have 2 DMZ placed in 2 different VLANS,
> those VLANS do trunking over the switches, the old network is a single
> broadcast network .
>
> So I want to have a Switch connected to the 192.221. network as
> VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> connected to four interfaces. I can connect main and old networks to
> the same switch fisically so I don't need the traffic to pass throught
> the router. I don't need to access Old network from the Main one I
> only want to place in my computer room 3 machines that ONLY will be
> working in the Old network and for this purpose I don't want to waste
> a full switch.
>
> So I thought making a new VLAN in the Main network router which was
> connected with a cross-over cable to a Old network switchport. How do
> i have to config switchports / trunking?
>
> The switch is a 2960G, now I have 2 2950 doing the job. this are
> the configs :
>
> version 12.1
> no service pad
> service timestamps debug datetime localtime
> service timestamps log datetime localtime
> service password-encryption
> !
> hostname swCPD-1
> !
> logging buffered informational
> aaa new-model
> ##
> ##
> clock timezone GMT+1 1
> clock summer-time GMT+1 recurring
> ip subnet-zero
> no ip finger
> !
> !
> spanning-tree portfast bpduguard
> !
> !
> interface FastEthernet0/1 // I want this interface to be in the old
> network
> !
> interface FastEthernet0/2// I want this interface to be in the old
> network
> !
> interface FastEthernet0/3
> switchport mode access
> !
> interface FastEthernet0/4
> !
> interface FastEthernet0/5
> !
> interface FastEthernet0/6
> !
> interface FastEthernet0/7
> !
> interface FastEthernet0/8
> !
> interface FastEthernet0/9
> description CRUZADO AL CSS-1
> switchport access vlan 2
> switchport mode access
> !
> interface FastEthernet0/10
> switchport access vlan 2
> switchport mode access
> !
> interface FastEthernet0/11
> switchport access vlan 2
> switchport mode access
> !
> interface FastEthernet0/12
> !
> interface FastEthernet0/13
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/14
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/15
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/16
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/17
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/18
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/19
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/20
> !
> interface FastEthernet0/21
> switchport access vlan 5
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/22
> switchport access vlan 5
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/23
> switchport access vlan 5
> switchport mode access
> spanning-tree portfast
> !
> interface FastEthernet0/24
> switchport access vlan 5
> switchport mode access
> spanning-tree portfast
> !
> interface GigabitEthernet0/1
> switchport mode trunk
> !
> interface GigabitEthernet0/2
> switchport mode trunk
> !
> interface Vlan1
> ip address 192.221.7.12 255.255.0.0
> no ip route-cache
> !
> ip default-gateway 192.221.1.1
>
> end


If you are using a crossover, you can just set both ports as access
ports and make sure the vlan is created on both sides. As an example,
lets say you have two different core networks, on is 1.1.0.0 and the
other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
The second has the same but 2.2.x.x. You want 1.1.100.0 available on
the second core. Provided you don't already have a vlan with the same
number (if so, just move it to a number that is unused), you can just
run a crossover between the two and bridge the VLAN over. This way
you don't need to turn up 1.1.100.x interfaces on the second core, but
you'll simply have an extension over.

The only time you would need trunking is if you have more than one
vlan you are doing that for. From your perspective, you don't seem to
care about layer 3 interfaces, you just want layer 2 connectivity on
an existing switch. I would run a copper crossover in whatever this
vlan is (as an access port on both sides), and put the three access
ports for your servers in that same vlan.

If I've missed a requirement, let me know and Ill do my best to
respond quickly.

 
Reply With Quote
 
 
 
 
Sako
Guest
Posts: n/a
 
      04-23-2007
Ok, I forgot to mention that the VLAN I want to create in the Switch
Main doesn't exist in Switch Old, because the whole Old network is in
a default vlan.

You've got the point I don't have problems in layer 3. My problem is
that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
of Old switches .

So... do i have to configure it? In all of the ports of all of the
switches? Is there a way so that the switch understands that vlan 7 in
the other switch is its default broadcast domain?

Thanks in advance.

On 23 abr, 13:32, Trendkill <(E-Mail Removed)> wrote:
> On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:
>
>
>
>
>
> > Hi gents ! My problem is difficult to explain, but i hope you can
> > understand.

>
> > I want to make a new VLAN in a switch, connecting this VLAN to a other
> > switch and I want those VLAN ports to act as if they where part of the
> > other switch, how should switch ports be configured ?

>
> > Explain :

>
> > We have moved to a old building where we had a existing network, and
> > my current network design is this:

>
> > I have 2 networks connected to a cisco 3745, I'll call Main=
> > 192.211. Old=192.233. , son main and old networks are connected to the
> > router. In the main network I have 2 DMZ placed in 2 different VLANS,
> > those VLANS do trunking over the switches, the old network is a single
> > broadcast network .

>
> > So I want to have a Switch connected to the 192.221. network as
> > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> > connected to four interfaces. I can connect main and old networks to
> > the same switch fisically so I don't need the traffic to pass throught
> > the router. I don't need to access Old network from the Main one I
> > only want to place in my computer room 3 machines that ONLY will be
> > working in the Old network and for this purpose I don't want to waste
> > a full switch.

>
> > So I thought making a new VLAN in the Main network router which was
> > connected with a cross-over cable to a Old network switchport. How do
> > i have to config switchports / trunking?

>
> > The switch is a 2960G, now I have 2 2950 doing the job. this are
> > the configs :

>
> > version 12.1
> > no service pad
> > service timestamps debug datetime localtime
> > service timestamps log datetime localtime
> > service password-encryption
> > !
> > hostname swCPD-1
> > !
> > logging buffered informational
> > aaa new-model
> > ##
> > ##
> > clock timezone GMT+1 1
> > clock summer-time GMT+1 recurring
> > ip subnet-zero
> > no ip finger
> > !
> > !
> > spanning-tree portfast bpduguard
> > !
> > !
> > interface FastEthernet0/1 // I want this interface to be in the old
> > network
> > !
> > interface FastEthernet0/2// I want this interface to be in the old
> > network
> > !
> > interface FastEthernet0/3
> > switchport mode access
> > !
> > interface FastEthernet0/4
> > !
> > interface FastEthernet0/5
> > !
> > interface FastEthernet0/6
> > !
> > interface FastEthernet0/7
> > !
> > interface FastEthernet0/8
> > !
> > interface FastEthernet0/9
> > description CRUZADO AL CSS-1
> > switchport access vlan 2
> > switchport mode access
> > !
> > interface FastEthernet0/10
> > switchport access vlan 2
> > switchport mode access
> > !
> > interface FastEthernet0/11
> > switchport access vlan 2
> > switchport mode access
> > !
> > interface FastEthernet0/12
> > !
> > interface FastEthernet0/13
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/14
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/15
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/16
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/17
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/18
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/19
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/20
> > !
> > interface FastEthernet0/21
> > switchport access vlan 5
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/22
> > switchport access vlan 5
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/23
> > switchport access vlan 5
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface FastEthernet0/24
> > switchport access vlan 5
> > switchport mode access
> > spanning-tree portfast
> > !
> > interface GigabitEthernet0/1
> > switchport mode trunk
> > !
> > interface GigabitEthernet0/2
> > switchport mode trunk
> > !
> > interface Vlan1
> > ip address 192.221.7.12 255.255.0.0
> > no ip route-cache
> > !
> > ip default-gateway 192.221.1.1

>
> > end

>
> If you are using a crossover, you can just set both ports as access
> ports and make sure the vlan is created on both sides. As an example,
> lets say you have two different core networks, on is 1.1.0.0 and the
> other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
> The second has the same but 2.2.x.x. You want 1.1.100.0 available on
> the second core. Provided you don't already have a vlan with the same
> number (if so, just move it to a number that is unused), you can just
> run a crossover between the two and bridge the VLAN over. This way
> you don't need to turn up 1.1.100.x interfaces on the second core, but
> you'll simply have an extension over.
>
> The only time you would need trunking is if you have more than one
> vlan you are doing that for. From your perspective, you don't seem to
> care about layer 3 interfaces, you just want layer 2 connectivity on
> an existing switch. I would run a copper crossover in whatever this
> vlan is (as an access port on both sides), and put the three access
> ports for your servers in that same vlan.
>
> If I've missed a requirement, let me know and Ill do my best to
> respond quickly.- Ocultar texto de la cita -
>
> - Mostrar texto de la cita -



 
Reply With Quote
 
Trendkill
Guest
Posts: n/a
 
      04-23-2007
On Apr 23, 7:43 am, Sako <(E-Mail Removed)> wrote:
> Ok, I forgot to mention that the VLAN I want to create in the Switch
> Main doesn't exist in Switch Old, because the whole Old network is in
> a default vlan.
>
> You've got the point I don't have problems in layer 3. My problem is
> that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
> of Old switches .
>
> So... do i have to configure it? In all of the ports of all of the
> switches? Is there a way so that the switch understands that vlan 7 in
> the other switch is its default broadcast domain?
>
> Thanks in advance.
>
> On 23 abr, 13:32, Trendkill <(E-Mail Removed)> wrote:
>
> > On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:

>
> > > Hi gents ! My problem is difficult to explain, but i hope you can
> > > understand.

>
> > > I want to make a new VLAN in a switch, connecting this VLAN to a other
> > > switch and I want those VLAN ports to act as if they where part of the
> > > other switch, how should switch ports be configured ?

>
> > > Explain :

>
> > > We have moved to a old building where we had a existing network, and
> > > my current network design is this:

>
> > > I have 2 networks connected to a cisco 3745, I'll call Main=
> > > 192.211. Old=192.233. , son main and old networks are connected to the
> > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
> > > those VLANS do trunking over the switches, the old network is a single
> > > broadcast network .

>
> > > So I want to have a Switch connected to the 192.221. network as
> > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> > > connected to four interfaces. I can connect main and old networks to
> > > the same switch fisically so I don't need the traffic to pass throught
> > > the router. I don't need to access Old network from the Main one I
> > > only want to place in my computer room 3 machines that ONLY will be
> > > working in the Old network and for this purpose I don't want to waste
> > > a full switch.

>
> > > So I thought making a new VLAN in the Main network router which was
> > > connected with a cross-over cable to a Old network switchport. How do
> > > i have to config switchports / trunking?

>
> > > The switch is a 2960G, now I have 2 2950 doing the job. this are
> > > the configs :

>
> > > version 12.1
> > > no service pad
> > > service timestamps debug datetime localtime
> > > service timestamps log datetime localtime
> > > service password-encryption
> > > !
> > > hostname swCPD-1
> > > !
> > > logging buffered informational
> > > aaa new-model
> > > ##
> > > ##
> > > clock timezone GMT+1 1
> > > clock summer-time GMT+1 recurring
> > > ip subnet-zero
> > > no ip finger
> > > !
> > > !
> > > spanning-tree portfast bpduguard
> > > !
> > > !
> > > interface FastEthernet0/1 // I want this interface to be in the old
> > > network
> > > !
> > > interface FastEthernet0/2// I want this interface to be in the old
> > > network
> > > !
> > > interface FastEthernet0/3
> > > switchport mode access
> > > !
> > > interface FastEthernet0/4
> > > !
> > > interface FastEthernet0/5
> > > !
> > > interface FastEthernet0/6
> > > !
> > > interface FastEthernet0/7
> > > !
> > > interface FastEthernet0/8
> > > !
> > > interface FastEthernet0/9
> > > description CRUZADO AL CSS-1
> > > switchport access vlan 2
> > > switchport mode access
> > > !
> > > interface FastEthernet0/10
> > > switchport access vlan 2
> > > switchport mode access
> > > !
> > > interface FastEthernet0/11
> > > switchport access vlan 2
> > > switchport mode access
> > > !
> > > interface FastEthernet0/12
> > > !
> > > interface FastEthernet0/13
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/14
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/15
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/16
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/17
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/18
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/19
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/20
> > > !
> > > interface FastEthernet0/21
> > > switchport access vlan 5
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/22
> > > switchport access vlan 5
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/23
> > > switchport access vlan 5
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/24
> > > switchport access vlan 5
> > > switchport mode access
> > > spanning-tree portfast
> > > !
> > > interface GigabitEthernet0/1
> > > switchport mode trunk
> > > !
> > > interface GigabitEthernet0/2
> > > switchport mode trunk
> > > !
> > > interface Vlan1
> > > ip address 192.221.7.12 255.255.0.0
> > > no ip route-cache
> > > !
> > > ip default-gateway 192.221.1.1

>
> > > end

>
> > If you are using a crossover, you can just set both ports as access
> > ports and make sure the vlan is created on both sides. As an example,
> > lets say you have two different core networks, on is 1.1.0.0 and the
> > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
> > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
> > the second core. Provided you don't already have a vlan with the same
> > number (if so, just move it to a number that is unused), you can just
> > run a crossover between the two and bridge the VLAN over. This way
> > you don't need to turn up 1.1.100.x interfaces on the second core, but
> > you'll simply have an extension over.

>
> > The only time you would need trunking is if you have more than one
> > vlan you are doing that for. From your perspective, you don't seem to
> > care about layer 3 interfaces, you just want layer 2 connectivity on
> > an existing switch. I would run a copper crossover in whatever this
> > vlan is (as an access port on both sides), and put the three access
> > ports for your servers in that same vlan.

>
> > If I've missed a requirement, let me know and Ill do my best to
> > respond quickly.- Ocultar texto de la cita -

>
> > - Mostrar texto de la cita -


I'm not sure I understood that part. A router somewhere has to own
that vlan, and by own, I mean there has a be layer 3 interface
somewhere for routing. You can turn up vlan 7 on the switch, trunk or
crossover it over to the switch where ports are needed, and so long as
VLAN 7 goes back to a router somewhere, and is advertised out, you
should be ok. I know you seem to be focused on layer 2, but where
will VLAN 7's router interface be? Do both your networks (old vs.
new) have core routers or MSFCs? Are they separate or does one set of
routers own layer 3 for both networks? Perhaps a small diagram would
do best.

If you are saying that you want to turn up VLAN 7 on one switch, and
that will be VLAN 1 on your old switches, I've never tried that and
would not be surprised if that didnt work. Frames are tagged with
VLAN, and there would most likely be a mismatch, but I suppose it
could work...just never been there myself. Is there a reason you
can't turn up a new subnet in the new network, put the servers there,
and ACL it off to only be able to talk to old network devices and vice
versa?

 
Reply With Quote
 
Sako
Guest
Posts: n/a
 
      04-23-2007
Ok so I'll have to try a different approach.

Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
are connected to cisco 3745 Fa0/0 , so I have on both sides different
default broadcast domains, and that is my problem. They used to be
connected by 2 routers because we where on a different building, but
now we moved all to the same building, so layer 3 translations are
done on the same 3745 router (different int.)

.... so if tagget frames have to go to the 3745 to translate to default
vlan ... other approach could better my experiment.

On 23 abr, 13:54, Trendkill <(E-Mail Removed)> wrote:
> On Apr 23, 7:43 am, Sako <(E-Mail Removed)> wrote:
>
>
>
>
>
> > Ok, I forgot to mention that the VLAN I want to create in the Switch
> > Main doesn't exist in Switch Old, because the whole Old network is in
> > a default vlan.

>
> > You've got the point I don't have problems in layer 3. My problem is
> > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
> > of Old switches .

>
> > So... do i have to configure it? In all of the ports of all of the
> > switches? Is there a way so that the switch understands that vlan 7 in
> > the other switch is its default broadcast domain?

>
> > Thanks in advance.

>
> > On 23 abr, 13:32, Trendkill <(E-Mail Removed)> wrote:

>
> > > On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:

>
> > > > Hi gents ! My problem is difficult to explain, but i hope you can
> > > > understand.

>
> > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
> > > > switch and I want those VLAN ports to act as if they where part of the
> > > > other switch, how should switch ports be configured ?

>
> > > > Explain :

>
> > > > We have moved to a old building where we had a existing network, and
> > > > my current network design is this:

>
> > > > I have 2 networks connected to a cisco 3745, I'll call Main=
> > > > 192.211. Old=192.233. , son main and old networks are connected to the
> > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
> > > > those VLANS do trunking over the switches, the old network is a single
> > > > broadcast network .

>
> > > > So I want to have a Switch connected to the 192.221. network as
> > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> > > > connected to four interfaces. I can connect main and old networks to
> > > > the same switch fisically so I don't need the traffic to pass throught
> > > > the router. I don't need to access Old network from the Main one I
> > > > only want to place in my computer room 3 machines that ONLY will be
> > > > working in the Old network and for this purpose I don't want to waste
> > > > a full switch.

>
> > > > So I thought making a new VLAN in the Main network router which was
> > > > connected with a cross-over cable to a Old network switchport. How do
> > > > i have to config switchports / trunking?

>
> > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
> > > > the configs :

>
> > > > version 12.1
> > > > no service pad
> > > > service timestamps debug datetime localtime
> > > > service timestamps log datetime localtime
> > > > service password-encryption
> > > > !
> > > > hostname swCPD-1
> > > > !
> > > > logging buffered informational
> > > > aaa new-model
> > > > ##
> > > > ##
> > > > clock timezone GMT+1 1
> > > > clock summer-time GMT+1 recurring
> > > > ip subnet-zero
> > > > no ip finger
> > > > !
> > > > !
> > > > spanning-tree portfast bpduguard
> > > > !
> > > > !
> > > > interface FastEthernet0/1 // I want this interface to be in the old
> > > > network
> > > > !
> > > > interface FastEthernet0/2// I want this interface to be in the old
> > > > network
> > > > !
> > > > interface FastEthernet0/3
> > > > switchport mode access
> > > > !
> > > > interface FastEthernet0/4
> > > > !
> > > > interface FastEthernet0/5
> > > > !
> > > > interface FastEthernet0/6
> > > > !
> > > > interface FastEthernet0/7
> > > > !
> > > > interface FastEthernet0/8
> > > > !
> > > > interface FastEthernet0/9
> > > > description CRUZADO AL CSS-1
> > > > switchport access vlan 2
> > > > switchport mode access
> > > > !
> > > > interface FastEthernet0/10
> > > > switchport access vlan 2
> > > > switchport mode access
> > > > !
> > > > interface FastEthernet0/11
> > > > switchport access vlan 2
> > > > switchport mode access
> > > > !
> > > > interface FastEthernet0/12
> > > > !
> > > > interface FastEthernet0/13
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/14
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/15
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/16
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/17
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/18
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/19
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/20
> > > > !
> > > > interface FastEthernet0/21
> > > > switchport access vlan 5
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/22
> > > > switchport access vlan 5
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/23
> > > > switchport access vlan 5
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface FastEthernet0/24
> > > > switchport access vlan 5
> > > > switchport mode access
> > > > spanning-tree portfast
> > > > !
> > > > interface GigabitEthernet0/1
> > > > switchport mode trunk
> > > > !
> > > > interface GigabitEthernet0/2
> > > > switchport mode trunk
> > > > !
> > > > interface Vlan1
> > > > ip address 192.221.7.12 255.255.0.0
> > > > no ip route-cache
> > > > !
> > > > ip default-gateway 192.221.1.1

>
> > > > end

>
> > > If you are using a crossover, you can just set both ports as access
> > > ports and make sure the vlan is created on both sides. As an example,
> > > lets say you have two different core networks, on is 1.1.0.0 and the
> > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
> > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
> > > the second core. Provided you don't already have a vlan with the same
> > > number (if so, just move it to a number that is unused), you can just
> > > run a crossover between the two and bridge the VLAN over. This way
> > > you don't need to turn up 1.1.100.x interfaces on the second core, but
> > > you'll simply have an extension over.

>
> > > The only time you would need trunking is if you have more than one
> > > vlan you are doing that for. From your perspective, you don't seem to
> > > care about layer 3 interfaces, you just want layer 2 connectivity on
> > > an existing switch. I would run a copper crossover in whatever this
> > > vlan is (as an access port on both sides), and put the three access
> > > ports for your servers in that same vlan.

>
> > > If I've missed a requirement, let me know and Ill do my best to
> > > respond quickly.- Ocultar texto de la cita -

>
> > > - Mostrar texto de la cita -

>
> I'm not sure I understood that part. A router somewhere has to own
> that vlan, and by own, I mean there has a be layer 3 interface
> somewhere for routing. You can turn up vlan 7 on the switch, trunk or
> crossover it over to the switch where ports are needed, and so long as
> VLAN 7 goes back to a router somewhere, and is advertised out, you
> should be ok. I know you seem to be focused on layer 2, but where
> will VLAN 7's router interface be? Do both your networks (old vs.
> new) have core routers or MSFCs? Are they separate or does one set of
> routers own layer 3 for both networks? Perhaps a small diagram would
> do best.
>
> If you are saying that you want to turn up VLAN 7 on one switch, and
> that will be VLAN 1 on your old switches, I've never tried that and
> would not be surprised if that didnt work. Frames are tagged with
> VLAN, and there would most likely be a mismatch, but I suppose it
> could work...just never been there myself. Is there a reason you
> can't turn up a new subnet in the new network, put the servers there,
> and ACL it off to only be able to talk to old network devices and vice
> versa?- Ocultar texto de la cita -
>
> - Mostrar texto de la cita -



 
Reply With Quote
 
Trendkill
Guest
Posts: n/a
 
      04-23-2007
On Apr 23, 8:03 am, Sako <(E-Mail Removed)> wrote:
> Ok so I'll have to try a different approach.
>
> Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
> are connected to cisco 3745 Fa0/0 , so I have on both sides different
> default broadcast domains, and that is my problem. They used to be
> connected by 2 routers because we where on a different building, but
> now we moved all to the same building, so layer 3 translations are
> done on the same 3745 router (different int.)
>
> ... so if tagget frames have to go to the 3745 to translate to default
> vlan ... other approach could better my experiment.
>
> On 23 abr, 13:54, Trendkill <(E-Mail Removed)> wrote:
>
> > On Apr 23, 7:43 am, Sako <(E-Mail Removed)> wrote:

>
> > > Ok, I forgot to mention that the VLAN I want to create in the Switch
> > > Main doesn't exist in Switch Old, because the whole Old network is in
> > > a default vlan.

>
> > > You've got the point I don't have problems in layer 3. My problem is
> > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
> > > of Old switches .

>
> > > So... do i have to configure it? In all of the ports of all of the
> > > switches? Is there a way so that the switch understands that vlan 7 in
> > > the other switch is its default broadcast domain?

>
> > > Thanks in advance.

>
> > > On 23 abr, 13:32, Trendkill <(E-Mail Removed)> wrote:

>
> > > > On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:

>
> > > > > Hi gents ! My problem is difficult to explain, but i hope you can
> > > > > understand.

>
> > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
> > > > > switch and I want those VLAN ports to act as if they where part of the
> > > > > other switch, how should switch ports be configured ?

>
> > > > > Explain :

>
> > > > > We have moved to a old building where we had a existing network, and
> > > > > my current network design is this:

>
> > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
> > > > > 192.211. Old=192.233. , son main and old networks are connected to the
> > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
> > > > > those VLANS do trunking over the switches, the old network is a single
> > > > > broadcast network .

>
> > > > > So I want to have a Switch connected to the 192.221. network as
> > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> > > > > connected to four interfaces. I can connect main and old networks to
> > > > > the same switch fisically so I don't need the traffic to pass throught
> > > > > the router. I don't need to access Old network from the Main one I
> > > > > only want to place in my computer room 3 machines that ONLY will be
> > > > > working in the Old network and for this purpose I don't want to waste
> > > > > a full switch.

>
> > > > > So I thought making a new VLAN in the Main network router which was
> > > > > connected with a cross-over cable to a Old network switchport. How do
> > > > > i have to config switchports / trunking?

>
> > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
> > > > > the configs :

>
> > > > > version 12.1
> > > > > no service pad
> > > > > service timestamps debug datetime localtime
> > > > > service timestamps log datetime localtime
> > > > > service password-encryption
> > > > > !
> > > > > hostname swCPD-1
> > > > > !
> > > > > logging buffered informational
> > > > > aaa new-model
> > > > > ##
> > > > > ##
> > > > > clock timezone GMT+1 1
> > > > > clock summer-time GMT+1 recurring
> > > > > ip subnet-zero
> > > > > no ip finger
> > > > > !
> > > > > !
> > > > > spanning-tree portfast bpduguard
> > > > > !
> > > > > !
> > > > > interface FastEthernet0/1 // I want this interface to be in the old
> > > > > network
> > > > > !
> > > > > interface FastEthernet0/2// I want this interface to be in the old
> > > > > network
> > > > > !
> > > > > interface FastEthernet0/3
> > > > > switchport mode access
> > > > > !
> > > > > interface FastEthernet0/4
> > > > > !
> > > > > interface FastEthernet0/5
> > > > > !
> > > > > interface FastEthernet0/6
> > > > > !
> > > > > interface FastEthernet0/7
> > > > > !
> > > > > interface FastEthernet0/8
> > > > > !
> > > > > interface FastEthernet0/9
> > > > > description CRUZADO AL CSS-1
> > > > > switchport access vlan 2
> > > > > switchport mode access
> > > > > !
> > > > > interface FastEthernet0/10
> > > > > switchport access vlan 2
> > > > > switchport mode access
> > > > > !
> > > > > interface FastEthernet0/11
> > > > > switchport access vlan 2
> > > > > switchport mode access
> > > > > !
> > > > > interface FastEthernet0/12
> > > > > !
> > > > > interface FastEthernet0/13
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/14
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/15
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/16
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/17
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/18
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/19
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/20
> > > > > !
> > > > > interface FastEthernet0/21
> > > > > switchport access vlan 5
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/22
> > > > > switchport access vlan 5
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/23
> > > > > switchport access vlan 5
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface FastEthernet0/24
> > > > > switchport access vlan 5
> > > > > switchport mode access
> > > > > spanning-tree portfast
> > > > > !
> > > > > interface GigabitEthernet0/1
> > > > > switchport mode trunk
> > > > > !
> > > > > interface GigabitEthernet0/2
> > > > > switchport mode trunk
> > > > > !
> > > > > interface Vlan1
> > > > > ip address 192.221.7.12 255.255.0.0
> > > > > no ip route-cache
> > > > > !
> > > > > ip default-gateway 192.221.1.1

>
> > > > > end

>
> > > > If you are using a crossover, you can just set both ports as access
> > > > ports and make sure the vlan is created on both sides. As an example,
> > > > lets say you have two different core networks, on is 1.1.0.0 and the
> > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
> > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
> > > > the second core. Provided you don't already have a vlan with the same
> > > > number (if so, just move it to a number that is unused), you can just
> > > > run a crossover between the two and bridge the VLAN over. This way
> > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
> > > > you'll simply have an extension over.

>
> > > > The only time you would need trunking is if you have more than one
> > > > vlan you are doing that for. From your perspective, you don't seem to
> > > > care about layer 3 interfaces, you just want layer 2 connectivity on
> > > > an existing switch. I would run a copper crossover in whatever this
> > > > vlan is (as an access port on both sides), and put the three access
> > > > ports for your servers in that same vlan.

>
> > > > If I've missed a requirement, let me know and Ill do my best to
> > > > respond quickly.- Ocultar texto de la cita -

>
> > > > - Mostrar texto de la cita -

>
> > I'm not sure I understood that part. A router somewhere has to own
> > that vlan, and by own, I mean there has a be layer 3 interface
> > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
> > crossover it over to the switch where ports are needed, and so long as
> > VLAN 7 goes back to a router somewhere, and is advertised out, you
> > should be ok. I know you seem to be focused on layer 2, but where
> > will VLAN 7's router interface be? Do both your networks (old vs.
> > new) have core routers or MSFCs? Are they separate or does one set of
> > routers own layer 3 for both networks? Perhaps a small diagram would
> > do best.

>
> > If you are saying that you want to turn up VLAN 7 on one switch, and
> > that will be VLAN 1 on your old switches, I've never tried that and
> > would not be surprised if that didnt work. Frames are tagged with
> > VLAN, and there would most likely be a mismatch, but I suppose it
> > could work...just never been there myself. Is there a reason you
> > can't turn up a new subnet in the new network, put the servers there,
> > and ACL it off to only be able to talk to old network devices and vice
> > versa?- Ocultar texto de la cita -

>
> > - Mostrar texto de la cita -


No layer 3 switches? If not, why not plan a migration and get all the
vlans turned up on one of the 3745 interfaces? If you still have the
2nd router, turn up the same interfaces but one IP address up and get
HSRP up for redundancy. It may be a decent amount of switches to go
touch and move vlan access ports, but I would get to a single core as
quickly as possible to save confusion, sustainability, and future
growth. If you do have layer 3 switches, this could be made a lot
easier by turning the vlans up on a set and use the router only for
WAN/Internet. Lots of options here....but if you are in a bind on the
3 server thing, I'd consider putting them in the new network and use
ACLs to protect the networks....or just leave them open if this is a
high speed network.......

 
Reply With Quote
 
Sako
Guest
Posts: n/a
 
      04-23-2007
Thank you, I'll have to find an alternative, I'll try to convince to
buy layer 3 switches.
For my problem I'll put a small router dedicated to that network.


On 23 abr, 14:08, Trendkill <(E-Mail Removed)> wrote:
> On Apr 23, 8:03 am, Sako <(E-Mail Removed)> wrote:
>
>
>
>
>
> > Ok so I'll have to try a different approach.

>
> > Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
> > are connected to cisco 3745 Fa0/0 , so I have on both sides different
> > default broadcast domains, and that is my problem. They used to be
> > connected by 2 routers because we where on a different building, but
> > now we moved all to the same building, so layer 3 translations are
> > done on the same 3745 router (different int.)

>
> > ... so if tagget frames have to go to the 3745 to translate to default
> > vlan ... other approach could better my experiment.

>
> > On 23 abr, 13:54, Trendkill <(E-Mail Removed)> wrote:

>
> > > On Apr 23, 7:43 am, Sako <(E-Mail Removed)> wrote:

>
> > > > Ok, I forgot to mention that the VLAN I want to create in the Switch
> > > > Main doesn't exist in Switch Old, because the whole Old network is in
> > > > a default vlan.

>
> > > > You've got the point I don't have problems in layer 3. My problem is
> > > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
> > > > of Old switches .

>
> > > > So... do i have to configure it? In all of the ports of all of the
> > > > switches? Is there a way so that the switch understands that vlan 7 in
> > > > the other switch is its default broadcast domain?

>
> > > > Thanks in advance.

>
> > > > On 23 abr, 13:32, Trendkill <(E-Mail Removed)> wrote:

>
> > > > > On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:

>
> > > > > > Hi gents ! My problem is difficult to explain, but i hope you can
> > > > > > understand.

>
> > > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
> > > > > > switch and I want those VLAN ports to act as if they where part of the
> > > > > > other switch, how should switch ports be configured ?

>
> > > > > > Explain :

>
> > > > > > We have moved to a old building where we had a existing network, and
> > > > > > my current network design is this:

>
> > > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
> > > > > > 192.211. Old=192.233. , son main and old networks are connected to the
> > > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
> > > > > > those VLANS do trunking over the switches, the old network is a single
> > > > > > broadcast network .

>
> > > > > > So I want to have a Switch connected to the 192.221. network as
> > > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> > > > > > connected to four interfaces. I can connect main and old networks to
> > > > > > the same switch fisically so I don't need the traffic to pass throught
> > > > > > the router. I don't need to access Old network from the Main one I
> > > > > > only want to place in my computer room 3 machines that ONLY will be
> > > > > > working in the Old network and for this purpose I don't want to waste
> > > > > > a full switch.

>
> > > > > > So I thought making a new VLAN in the Main network router which was
> > > > > > connected with a cross-over cable to a Old network switchport. How do
> > > > > > i have to config switchports / trunking?

>
> > > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
> > > > > > the configs :

>
> > > > > > version 12.1
> > > > > > no service pad
> > > > > > service timestamps debug datetime localtime
> > > > > > service timestamps log datetime localtime
> > > > > > service password-encryption
> > > > > > !
> > > > > > hostname swCPD-1
> > > > > > !
> > > > > > logging buffered informational
> > > > > > aaa new-model
> > > > > > ##
> > > > > > ##
> > > > > > clock timezone GMT+1 1
> > > > > > clock summer-time GMT+1 recurring
> > > > > > ip subnet-zero
> > > > > > no ip finger
> > > > > > !
> > > > > > !
> > > > > > spanning-tree portfast bpduguard
> > > > > > !
> > > > > > !
> > > > > > interface FastEthernet0/1 // I want this interface to be in the old
> > > > > > network
> > > > > > !
> > > > > > interface FastEthernet0/2// I want this interface to be in the old
> > > > > > network
> > > > > > !
> > > > > > interface FastEthernet0/3
> > > > > > switchport mode access
> > > > > > !
> > > > > > interface FastEthernet0/4
> > > > > > !
> > > > > > interface FastEthernet0/5
> > > > > > !
> > > > > > interface FastEthernet0/6
> > > > > > !
> > > > > > interface FastEthernet0/7
> > > > > > !
> > > > > > interface FastEthernet0/8
> > > > > > !
> > > > > > interface FastEthernet0/9
> > > > > > description CRUZADO AL CSS-1
> > > > > > switchport access vlan 2
> > > > > > switchport mode access
> > > > > > !
> > > > > > interface FastEthernet0/10
> > > > > > switchport access vlan 2
> > > > > > switchport mode access
> > > > > > !
> > > > > > interface FastEthernet0/11
> > > > > > switchport access vlan 2
> > > > > > switchport mode access
> > > > > > !
> > > > > > interface FastEthernet0/12
> > > > > > !
> > > > > > interface FastEthernet0/13
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/14
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/15
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/16
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/17
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/18
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/19
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/20
> > > > > > !
> > > > > > interface FastEthernet0/21
> > > > > > switchport access vlan 5
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/22
> > > > > > switchport access vlan 5
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/23
> > > > > > switchport access vlan 5
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface FastEthernet0/24
> > > > > > switchport access vlan 5
> > > > > > switchport mode access
> > > > > > spanning-tree portfast
> > > > > > !
> > > > > > interface GigabitEthernet0/1
> > > > > > switchport mode trunk
> > > > > > !
> > > > > > interface GigabitEthernet0/2
> > > > > > switchport mode trunk
> > > > > > !
> > > > > > interface Vlan1
> > > > > > ip address 192.221.7.12 255.255.0.0
> > > > > > no ip route-cache
> > > > > > !
> > > > > > ip default-gateway 192.221.1.1

>
> > > > > > end

>
> > > > > If you are using a crossover, you can just set both ports as access
> > > > > ports and make sure the vlan is created on both sides. As an example,
> > > > > lets say you have two different core networks, on is 1.1.0.0 and the
> > > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
> > > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
> > > > > the second core. Provided you don't already have a vlan with the same
> > > > > number (if so, just move it to a number that is unused), you can just
> > > > > run a crossover between the two and bridge the VLAN over. This way
> > > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
> > > > > you'll simply have an extension over.

>
> > > > > The only time you would need trunking is if you have more than one
> > > > > vlan you are doing that for. From your perspective, you don't seem to
> > > > > care about layer 3 interfaces, you just want layer 2 connectivity on
> > > > > an existing switch. I would run a copper crossover in whatever this
> > > > > vlan is (as an access port on both sides), and put the three access
> > > > > ports for your servers in that same vlan.

>
> > > > > If I've missed a requirement, let me know and Ill do my best to
> > > > > respond quickly.- Ocultar texto de la cita -

>
> > > > > - Mostrar texto de la cita -

>
> > > I'm not sure I understood that part. A router somewhere has to own
> > > that vlan, and by own, I mean there has a be layer 3 interface
> > > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
> > > crossover it over to the switch where ports are needed, and so long as
> > > VLAN 7 goes back to a router somewhere, and is advertised out, you
> > > should be ok. I know you seem to be focused on layer 2, but where
> > > will VLAN 7's router interface be? Do both your networks (old vs.
> > > new) have core routers or MSFCs? Are they separate or does one set of
> > > routers own layer 3 for both networks? Perhaps a small diagram would
> > > do best.

>
> > > If you are saying that you want to turn up VLAN 7 on one switch, and
> > > that will be VLAN 1 on your old switches, I've never tried that and
> > > would not be surprised if that didnt work. Frames are tagged with
> > > VLAN, and there would most likely be a mismatch, but I suppose it
> > > could work...just never been there myself. Is there a reason you
> > > can't turn up a new subnet in the new network, put the servers there,
> > > and ACL it off to only be able to talk to old network devices and vice
> > > versa?- Ocultar texto de la cita -

>
> > > - Mostrar texto de la cita -

>
> No layer 3 switches? If not, why not plan a migration and get all the
> vlans turned up on one of the 3745 interfaces? If you still have the
> 2nd router, turn up the same interfaces but one IP address up and get
> HSRP up for redundancy. It may be a decent amount of switches to go
> touch and move vlan access ports, but I would get to a single core as
> quickly as possible to save confusion, sustainability, and future
> growth. If you do have layer 3 switches, this could be made a lot
> easier by turning the vlans up on a set and use the router only for
> WAN/Internet. Lots of options here....but if you are in a bind on the
> 3 server thing, I'd consider putting them in the new network and use
> ACLs to protect the networks....or just leave them open if this is a
> high speed network.......- Ocultar texto de la cita -
>
> - Mostrar texto de la cita -



 
Reply With Quote
 
Sako
Guest
Posts: n/a
 
      04-23-2007
I ment dedicated switch

On 23 abr, 16:03, Sako <(E-Mail Removed)> wrote:
> Thank you, I'll have to find an alternative, I'll try to convince to
> buy layer 3 switches.
> For my problem I'll put a small router dedicated to that network.
>
> On 23 abr, 14:08, Trendkill <(E-Mail Removed)> wrote:
>
>
>
> > On Apr 23, 8:03 am, Sako <(E-Mail Removed)> wrote:

>
> > > Ok so I'll have to try a different approach.

>
> > > Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
> > > are connected to cisco 3745 Fa0/0 , so I have on both sides different
> > > default broadcast domains, and that is my problem. They used to be
> > > connected by 2 routers because we where on a different building, but
> > > now we moved all to the same building, so layer 3 translations are
> > > done on the same 3745 router (different int.)

>
> > > ... so if tagget frames have to go to the 3745 to translate to default
> > > vlan ... other approach could better my experiment.

>
> > > On 23 abr, 13:54, Trendkill <(E-Mail Removed)> wrote:

>
> > > > On Apr 23, 7:43 am, Sako <(E-Mail Removed)> wrote:

>
> > > > > Ok, I forgot to mention that the VLAN I want to create in the Switch
> > > > > Main doesn't exist in Switch Old, because the whole Old network is in
> > > > > a default vlan.

>
> > > > > You've got the point I don't have problems in layer 3. My problem is
> > > > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
> > > > > of Old switches .

>
> > > > > So... do i have to configure it? In all of the ports of all of the
> > > > > switches? Is there a way so that the switch understands that vlan 7 in
> > > > > the other switch is its default broadcast domain?

>
> > > > > Thanks in advance.

>
> > > > > On 23 abr, 13:32, Trendkill <(E-Mail Removed)> wrote:

>
> > > > > > On Apr 23, 3:41 am, Sako <(E-Mail Removed)> wrote:

>
> > > > > > > Hi gents ! My problem is difficult to explain, but i hope you can
> > > > > > > understand.

>
> > > > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
> > > > > > > switch and I want those VLAN ports to act as if they where part of the
> > > > > > > other switch, how should switch ports be configured ?

>
> > > > > > > Explain :

>
> > > > > > > We have moved to a old building where we had a existing network, and
> > > > > > > my current network design is this:

>
> > > > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
> > > > > > > 192.211. Old=192.233. , son main and old networks are connected to the
> > > > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
> > > > > > > those VLANS do trunking over the switches, the old network is a single
> > > > > > > broadcast network .

>
> > > > > > > So I want to have a Switch connected to the 192.221. network as
> > > > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
> > > > > > > connected to four interfaces. I can connect main and old networks to
> > > > > > > the same switch fisically so I don't need the traffic to pass throught
> > > > > > > the router. I don't need to access Old network from the Main one I
> > > > > > > only want to place in my computer room 3 machines that ONLY will be
> > > > > > > working in the Old network and for this purpose I don't want to waste
> > > > > > > a full switch.

>
> > > > > > > So I thought making a new VLAN in the Main network router which was
> > > > > > > connected with a cross-over cable to a Old network switchport.. How do
> > > > > > > i have to config switchports / trunking?

>
> > > > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
> > > > > > > the configs :

>
> > > > > > > version 12.1
> > > > > > > no service pad
> > > > > > > service timestamps debug datetime localtime
> > > > > > > service timestamps log datetime localtime
> > > > > > > service password-encryption
> > > > > > > !
> > > > > > > hostname swCPD-1
> > > > > > > !
> > > > > > > logging buffered informational
> > > > > > > aaa new-model
> > > > > > > ##
> > > > > > > ##
> > > > > > > clock timezone GMT+1 1
> > > > > > > clock summer-time GMT+1 recurring
> > > > > > > ip subnet-zero
> > > > > > > no ip finger
> > > > > > > !
> > > > > > > !
> > > > > > > spanning-tree portfast bpduguard
> > > > > > > !
> > > > > > > !
> > > > > > > interface FastEthernet0/1 // I want this interface to be in the old
> > > > > > > network
> > > > > > > !
> > > > > > > interface FastEthernet0/2// I want this interface to be in the old
> > > > > > > network
> > > > > > > !
> > > > > > > interface FastEthernet0/3
> > > > > > > switchport mode access
> > > > > > > !
> > > > > > > interface FastEthernet0/4
> > > > > > > !
> > > > > > > interface FastEthernet0/5
> > > > > > > !
> > > > > > > interface FastEthernet0/6
> > > > > > > !
> > > > > > > interface FastEthernet0/7
> > > > > > > !
> > > > > > > interface FastEthernet0/8
> > > > > > > !
> > > > > > > interface FastEthernet0/9
> > > > > > > description CRUZADO AL CSS-1
> > > > > > > switchport access vlan 2
> > > > > > > switchport mode access
> > > > > > > !
> > > > > > > interface FastEthernet0/10
> > > > > > > switchport access vlan 2
> > > > > > > switchport mode access
> > > > > > > !
> > > > > > > interface FastEthernet0/11
> > > > > > > switchport access vlan 2
> > > > > > > switchport mode access
> > > > > > > !
> > > > > > > interface FastEthernet0/12
> > > > > > > !
> > > > > > > interface FastEthernet0/13
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/14
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/15
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/16
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/17
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/18
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/19
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/20
> > > > > > > !
> > > > > > > interface FastEthernet0/21
> > > > > > > switchport access vlan 5
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/22
> > > > > > > switchport access vlan 5
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/23
> > > > > > > switchport access vlan 5
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface FastEthernet0/24
> > > > > > > switchport access vlan 5
> > > > > > > switchport mode access
> > > > > > > spanning-tree portfast
> > > > > > > !
> > > > > > > interface GigabitEthernet0/1
> > > > > > > switchport mode trunk
> > > > > > > !
> > > > > > > interface GigabitEthernet0/2
> > > > > > > switchport mode trunk
> > > > > > > !
> > > > > > > interface Vlan1
> > > > > > > ip address 192.221.7.12 255.255.0.0
> > > > > > > no ip route-cache
> > > > > > > !
> > > > > > > ip default-gateway 192.221.1.1

>
> > > > > > > end

>
> > > > > > If you are using a crossover, you can just set both ports as access
> > > > > > ports and make sure the vlan is created on both sides. As an example,
> > > > > > lets say you have two different core networks, on is 1.1.0.0 and the
> > > > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
> > > > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
> > > > > > the second core. Provided you don't already have a vlan with the same
> > > > > > number (if so, just move it to a number that is unused), you can just
> > > > > > run a crossover between the two and bridge the VLAN over. This way
> > > > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
> > > > > > you'll simply have an extension over.

>
> > > > > > The only time you would need trunking is if you have more than one
> > > > > > vlan you are doing that for. From your perspective, you don't seem to
> > > > > > care about layer 3 interfaces, you just want layer 2 connectivity on
> > > > > > an existing switch. I would run a copper crossover in whatever this
> > > > > > vlan is (as an access port on both sides), and put the three access
> > > > > > ports for your servers in that same vlan.

>
> > > > > > If I've missed a requirement, let me know and Ill do my best to
> > > > > > respond quickly.- Ocultar texto de la cita -

>
> > > > > > - Mostrar texto de la cita -

>
> > > > I'm not sure I understood that part. A router somewhere has to own
> > > > that vlan, and by own, I mean there has a be layer 3 interface
> > > > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
> > > > crossover it over to the switch where ports are needed, and so long as
> > > > VLAN 7 goes back to a router somewhere, and is advertised out, you
> > > > should be ok. I know you seem to be focused on layer 2, but where
> > > > will VLAN 7's router interface be? Do both your networks (old vs.
> > > > new) have core routers or MSFCs? Are they separate or does one set of
> > > > routers own layer 3 for both networks? Perhaps a small diagram would
> > > > do best.

>
> > > > If you are saying that you want to turn up VLAN 7 on one switch, and
> > > > that will be VLAN 1 on your old switches, I've never tried that and
> > > > would not be surprised if that didnt work. Frames are tagged with
> > > > VLAN, and there would most likely be a mismatch, but I suppose it
> > > > could work...just never been there myself. Is there a reason you
> > > > can't turn up a new subnet in the new network, put the servers there,
> > > > and ACL it off to only be able to talk to old network devices and vice
> > > > versa?- Ocultar texto de la cita -

>
> > > > - Mostrar texto de la cita -

>
> > No layer 3 switches? If not, why not plan a migration and get all the
> > vlans turned up on one of the 3745 interfaces? If you still have the
> > 2nd router, turn up the same interfaces but one IP address up and

>
> ...
>
> leer más »- Ocultar texto de la cita -
>
> - Mostrar texto de la cita -



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
WE BUY used, new and refurbed Cisco, Lucent, Nortel, Alcatel, Sun,3com, IBM, HP, Compaq, Dell, Madge, Cabletron, Juniper Networks, Bintec,Siemens, Foundry, Networks, Extreme Networks, Fore/Marconi, TellabsLucent/Avaya/Ascend, Xylogics, Brocade, Int Mike Cisco 0 12-09-2007 09:43 PM
WE BUY used, new and refurbed Sun, Cisco, Lucent, Nortel, Alcatel,3com, IBM, HP, Compaq, Dell, Madge, Cabletron, Juniper Networks, Bintec,Siemens, Foundry, Networks, Extreme Networks, Fore/Marconi, TellabsLucent/Avaya/Ascend, Xylogics, Brocade, Int buyonet@hotmail.com Computer Information 0 11-18-2007 04:18 PM
one laptop, two completely different networks, how to connect to e =?Utf-8?B?RWR3YXJkIExldGVuZHJl?= Wireless Networking 3 10-18-2007 08:47 AM
My laptop won't connect to my home wireless network, but it will connect to other wireless networks. david_beede@yahoo.com Wireless Networking 1 05-24-2007 06:11 PM



Advertisments