How can I connect 1 Switch to 2 different networks ?

Discussion in 'Cisco' started by Sako, Apr 23, 2007.

  1. Sako

    Sako Guest

    Hi gents ! My problem is difficult to explain, but i hope you can
    understand.

    I want to make a new VLAN in a switch, connecting this VLAN to a other
    switch and I want those VLAN ports to act as if they where part of the
    other switch, how should switch ports be configured ?

    Explain :

    We have moved to a old building where we had a existing network, and
    my current network design is this:

    I have 2 networks connected to a cisco 3745, I'll call Main=
    192.211. Old=192.233. , son main and old networks are connected to the
    router. In the main network I have 2 DMZ placed in 2 different VLANS,
    those VLANS do trunking over the switches, the old network is a single
    broadcast network .

    So I want to have a Switch connected to the 192.221. network as
    VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    connected to four interfaces. I can connect main and old networks to
    the same switch fisically so I don't need the traffic to pass throught
    the router. I don't need to access Old network from the Main one I
    only want to place in my computer room 3 machines that ONLY will be
    working in the Old network and for this purpose I don't want to waste
    a full switch.

    So I thought making a new VLAN in the Main network router which was
    connected with a cross-over cable to a Old network switchport. How do
    i have to config switchports / trunking?

    The switch is a 2960G, now I have 2 2950 doing the job. this are
    the configs :

    version 12.1
    no service pad
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname swCPD-1
    !
    logging buffered informational
    aaa new-model
    ##
    ##
    clock timezone GMT+1 1
    clock summer-time GMT+1 recurring
    ip subnet-zero
    no ip finger
    !
    !
    spanning-tree portfast bpduguard
    !
    !
    interface FastEthernet0/1 // I want this interface to be in the old
    network
    !
    interface FastEthernet0/2// I want this interface to be in the old
    network
    !
    interface FastEthernet0/3
    switchport mode access
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    description CRUZADO AL CSS-1
    switchport access vlan 2
    switchport mode access
    !
    interface FastEthernet0/10
    switchport access vlan 2
    switchport mode access
    !
    interface FastEthernet0/11
    switchport access vlan 2
    switchport mode access
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/14
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/15
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/16
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/17
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/18
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/19
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/22
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/23
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet0/24
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface GigabitEthernet0/1
    switchport mode trunk
    !
    interface GigabitEthernet0/2
    switchport mode trunk
    !
    interface Vlan1
    ip address 192.221.7.12 255.255.0.0
    no ip route-cache
    !
    ip default-gateway 192.221.1.1

    end
     
    Sako, Apr 23, 2007
    #1
    1. Advertising

  2. Sako

    Trendkill Guest

    On Apr 23, 3:41 am, Sako <> wrote:
    > Hi gents ! My problem is difficult to explain, but i hope you can
    > understand.
    >
    > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > switch and I want those VLAN ports to act as if they where part of the
    > other switch, how should switch ports be configured ?
    >
    > Explain :
    >
    > We have moved to a old building where we had a existing network, and
    > my current network design is this:
    >
    > I have 2 networks connected to a cisco 3745, I'll call Main=
    > 192.211. Old=192.233. , son main and old networks are connected to the
    > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > those VLANS do trunking over the switches, the old network is a single
    > broadcast network .
    >
    > So I want to have a Switch connected to the 192.221. network as
    > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > connected to four interfaces. I can connect main and old networks to
    > the same switch fisically so I don't need the traffic to pass throught
    > the router. I don't need to access Old network from the Main one I
    > only want to place in my computer room 3 machines that ONLY will be
    > working in the Old network and for this purpose I don't want to waste
    > a full switch.
    >
    > So I thought making a new VLAN in the Main network router which was
    > connected with a cross-over cable to a Old network switchport. How do
    > i have to config switchports / trunking?
    >
    > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > the configs :
    >
    > version 12.1
    > no service pad
    > service timestamps debug datetime localtime
    > service timestamps log datetime localtime
    > service password-encryption
    > !
    > hostname swCPD-1
    > !
    > logging buffered informational
    > aaa new-model
    > ##
    > ##
    > clock timezone GMT+1 1
    > clock summer-time GMT+1 recurring
    > ip subnet-zero
    > no ip finger
    > !
    > !
    > spanning-tree portfast bpduguard
    > !
    > !
    > interface FastEthernet0/1 // I want this interface to be in the old
    > network
    > !
    > interface FastEthernet0/2// I want this interface to be in the old
    > network
    > !
    > interface FastEthernet0/3
    > switchport mode access
    > !
    > interface FastEthernet0/4
    > !
    > interface FastEthernet0/5
    > !
    > interface FastEthernet0/6
    > !
    > interface FastEthernet0/7
    > !
    > interface FastEthernet0/8
    > !
    > interface FastEthernet0/9
    > description CRUZADO AL CSS-1
    > switchport access vlan 2
    > switchport mode access
    > !
    > interface FastEthernet0/10
    > switchport access vlan 2
    > switchport mode access
    > !
    > interface FastEthernet0/11
    > switchport access vlan 2
    > switchport mode access
    > !
    > interface FastEthernet0/12
    > !
    > interface FastEthernet0/13
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/14
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/15
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/16
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/17
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/18
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/19
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/20
    > !
    > interface FastEthernet0/21
    > switchport access vlan 5
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/22
    > switchport access vlan 5
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/23
    > switchport access vlan 5
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface FastEthernet0/24
    > switchport access vlan 5
    > switchport mode access
    > spanning-tree portfast
    > !
    > interface GigabitEthernet0/1
    > switchport mode trunk
    > !
    > interface GigabitEthernet0/2
    > switchport mode trunk
    > !
    > interface Vlan1
    > ip address 192.221.7.12 255.255.0.0
    > no ip route-cache
    > !
    > ip default-gateway 192.221.1.1
    >
    > end


    If you are using a crossover, you can just set both ports as access
    ports and make sure the vlan is created on both sides. As an example,
    lets say you have two different core networks, on is 1.1.0.0 and the
    other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    the second core. Provided you don't already have a vlan with the same
    number (if so, just move it to a number that is unused), you can just
    run a crossover between the two and bridge the VLAN over. This way
    you don't need to turn up 1.1.100.x interfaces on the second core, but
    you'll simply have an extension over.

    The only time you would need trunking is if you have more than one
    vlan you are doing that for. From your perspective, you don't seem to
    care about layer 3 interfaces, you just want layer 2 connectivity on
    an existing switch. I would run a copper crossover in whatever this
    vlan is (as an access port on both sides), and put the three access
    ports for your servers in that same vlan.

    If I've missed a requirement, let me know and Ill do my best to
    respond quickly.
     
    Trendkill, Apr 23, 2007
    #2
    1. Advertising

  3. Sako

    Sako Guest

    Ok, I forgot to mention that the VLAN I want to create in the Switch
    Main doesn't exist in Switch Old, because the whole Old network is in
    a default vlan.

    You've got the point I don't have problems in layer 3. My problem is
    that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
    of Old switches .

    So... do i have to configure it? In all of the ports of all of the
    switches? Is there a way so that the switch understands that vlan 7 in
    the other switch is its default broadcast domain?

    Thanks in advance.

    On 23 abr, 13:32, Trendkill <> wrote:
    > On Apr 23, 3:41 am, Sako <> wrote:
    >
    >
    >
    >
    >
    > > Hi gents ! My problem is difficult to explain, but i hope you can
    > > understand.

    >
    > > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > > switch and I want those VLAN ports to act as if they where part of the
    > > other switch, how should switch ports be configured ?

    >
    > > Explain :

    >
    > > We have moved to a old building where we had a existing network, and
    > > my current network design is this:

    >
    > > I have 2 networks connected to a cisco 3745, I'll call Main=
    > > 192.211. Old=192.233. , son main and old networks are connected to the
    > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > > those VLANS do trunking over the switches, the old network is a single
    > > broadcast network .

    >
    > > So I want to have a Switch connected to the 192.221. network as
    > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > > connected to four interfaces. I can connect main and old networks to
    > > the same switch fisically so I don't need the traffic to pass throught
    > > the router. I don't need to access Old network from the Main one I
    > > only want to place in my computer room 3 machines that ONLY will be
    > > working in the Old network and for this purpose I don't want to waste
    > > a full switch.

    >
    > > So I thought making a new VLAN in the Main network router which was
    > > connected with a cross-over cable to a Old network switchport. How do
    > > i have to config switchports / trunking?

    >
    > > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > > the configs :

    >
    > > version 12.1
    > > no service pad
    > > service timestamps debug datetime localtime
    > > service timestamps log datetime localtime
    > > service password-encryption
    > > !
    > > hostname swCPD-1
    > > !
    > > logging buffered informational
    > > aaa new-model
    > > ##
    > > ##
    > > clock timezone GMT+1 1
    > > clock summer-time GMT+1 recurring
    > > ip subnet-zero
    > > no ip finger
    > > !
    > > !
    > > spanning-tree portfast bpduguard
    > > !
    > > !
    > > interface FastEthernet0/1 // I want this interface to be in the old
    > > network
    > > !
    > > interface FastEthernet0/2// I want this interface to be in the old
    > > network
    > > !
    > > interface FastEthernet0/3
    > > switchport mode access
    > > !
    > > interface FastEthernet0/4
    > > !
    > > interface FastEthernet0/5
    > > !
    > > interface FastEthernet0/6
    > > !
    > > interface FastEthernet0/7
    > > !
    > > interface FastEthernet0/8
    > > !
    > > interface FastEthernet0/9
    > > description CRUZADO AL CSS-1
    > > switchport access vlan 2
    > > switchport mode access
    > > !
    > > interface FastEthernet0/10
    > > switchport access vlan 2
    > > switchport mode access
    > > !
    > > interface FastEthernet0/11
    > > switchport access vlan 2
    > > switchport mode access
    > > !
    > > interface FastEthernet0/12
    > > !
    > > interface FastEthernet0/13
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/14
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/15
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/16
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/17
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/18
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/19
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/20
    > > !
    > > interface FastEthernet0/21
    > > switchport access vlan 5
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/22
    > > switchport access vlan 5
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/23
    > > switchport access vlan 5
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface FastEthernet0/24
    > > switchport access vlan 5
    > > switchport mode access
    > > spanning-tree portfast
    > > !
    > > interface GigabitEthernet0/1
    > > switchport mode trunk
    > > !
    > > interface GigabitEthernet0/2
    > > switchport mode trunk
    > > !
    > > interface Vlan1
    > > ip address 192.221.7.12 255.255.0.0
    > > no ip route-cache
    > > !
    > > ip default-gateway 192.221.1.1

    >
    > > end

    >
    > If you are using a crossover, you can just set both ports as access
    > ports and make sure the vlan is created on both sides. As an example,
    > lets say you have two different core networks, on is 1.1.0.0 and the
    > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    > the second core. Provided you don't already have a vlan with the same
    > number (if so, just move it to a number that is unused), you can just
    > run a crossover between the two and bridge the VLAN over. This way
    > you don't need to turn up 1.1.100.x interfaces on the second core, but
    > you'll simply have an extension over.
    >
    > The only time you would need trunking is if you have more than one
    > vlan you are doing that for. From your perspective, you don't seem to
    > care about layer 3 interfaces, you just want layer 2 connectivity on
    > an existing switch. I would run a copper crossover in whatever this
    > vlan is (as an access port on both sides), and put the three access
    > ports for your servers in that same vlan.
    >
    > If I've missed a requirement, let me know and Ill do my best to
    > respond quickly.- Ocultar texto de la cita -
    >
    > - Mostrar texto de la cita -
     
    Sako, Apr 23, 2007
    #3
  4. Sako

    Trendkill Guest

    On Apr 23, 7:43 am, Sako <> wrote:
    > Ok, I forgot to mention that the VLAN I want to create in the Switch
    > Main doesn't exist in Switch Old, because the whole Old network is in
    > a default vlan.
    >
    > You've got the point I don't have problems in layer 3. My problem is
    > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
    > of Old switches .
    >
    > So... do i have to configure it? In all of the ports of all of the
    > switches? Is there a way so that the switch understands that vlan 7 in
    > the other switch is its default broadcast domain?
    >
    > Thanks in advance.
    >
    > On 23 abr, 13:32, Trendkill <> wrote:
    >
    > > On Apr 23, 3:41 am, Sako <> wrote:

    >
    > > > Hi gents ! My problem is difficult to explain, but i hope you can
    > > > understand.

    >
    > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > > > switch and I want those VLAN ports to act as if they where part of the
    > > > other switch, how should switch ports be configured ?

    >
    > > > Explain :

    >
    > > > We have moved to a old building where we had a existing network, and
    > > > my current network design is this:

    >
    > > > I have 2 networks connected to a cisco 3745, I'll call Main=
    > > > 192.211. Old=192.233. , son main and old networks are connected to the
    > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > > > those VLANS do trunking over the switches, the old network is a single
    > > > broadcast network .

    >
    > > > So I want to have a Switch connected to the 192.221. network as
    > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > > > connected to four interfaces. I can connect main and old networks to
    > > > the same switch fisically so I don't need the traffic to pass throught
    > > > the router. I don't need to access Old network from the Main one I
    > > > only want to place in my computer room 3 machines that ONLY will be
    > > > working in the Old network and for this purpose I don't want to waste
    > > > a full switch.

    >
    > > > So I thought making a new VLAN in the Main network router which was
    > > > connected with a cross-over cable to a Old network switchport. How do
    > > > i have to config switchports / trunking?

    >
    > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > > > the configs :

    >
    > > > version 12.1
    > > > no service pad
    > > > service timestamps debug datetime localtime
    > > > service timestamps log datetime localtime
    > > > service password-encryption
    > > > !
    > > > hostname swCPD-1
    > > > !
    > > > logging buffered informational
    > > > aaa new-model
    > > > ##
    > > > ##
    > > > clock timezone GMT+1 1
    > > > clock summer-time GMT+1 recurring
    > > > ip subnet-zero
    > > > no ip finger
    > > > !
    > > > !
    > > > spanning-tree portfast bpduguard
    > > > !
    > > > !
    > > > interface FastEthernet0/1 // I want this interface to be in the old
    > > > network
    > > > !
    > > > interface FastEthernet0/2// I want this interface to be in the old
    > > > network
    > > > !
    > > > interface FastEthernet0/3
    > > > switchport mode access
    > > > !
    > > > interface FastEthernet0/4
    > > > !
    > > > interface FastEthernet0/5
    > > > !
    > > > interface FastEthernet0/6
    > > > !
    > > > interface FastEthernet0/7
    > > > !
    > > > interface FastEthernet0/8
    > > > !
    > > > interface FastEthernet0/9
    > > > description CRUZADO AL CSS-1
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > !
    > > > interface FastEthernet0/10
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > !
    > > > interface FastEthernet0/11
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > !
    > > > interface FastEthernet0/12
    > > > !
    > > > interface FastEthernet0/13
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/14
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/15
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/16
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/17
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/18
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/19
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/20
    > > > !
    > > > interface FastEthernet0/21
    > > > switchport access vlan 5
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/22
    > > > switchport access vlan 5
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/23
    > > > switchport access vlan 5
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface FastEthernet0/24
    > > > switchport access vlan 5
    > > > switchport mode access
    > > > spanning-tree portfast
    > > > !
    > > > interface GigabitEthernet0/1
    > > > switchport mode trunk
    > > > !
    > > > interface GigabitEthernet0/2
    > > > switchport mode trunk
    > > > !
    > > > interface Vlan1
    > > > ip address 192.221.7.12 255.255.0.0
    > > > no ip route-cache
    > > > !
    > > > ip default-gateway 192.221.1.1

    >
    > > > end

    >
    > > If you are using a crossover, you can just set both ports as access
    > > ports and make sure the vlan is created on both sides. As an example,
    > > lets say you have two different core networks, on is 1.1.0.0 and the
    > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    > > the second core. Provided you don't already have a vlan with the same
    > > number (if so, just move it to a number that is unused), you can just
    > > run a crossover between the two and bridge the VLAN over. This way
    > > you don't need to turn up 1.1.100.x interfaces on the second core, but
    > > you'll simply have an extension over.

    >
    > > The only time you would need trunking is if you have more than one
    > > vlan you are doing that for. From your perspective, you don't seem to
    > > care about layer 3 interfaces, you just want layer 2 connectivity on
    > > an existing switch. I would run a copper crossover in whatever this
    > > vlan is (as an access port on both sides), and put the three access
    > > ports for your servers in that same vlan.

    >
    > > If I've missed a requirement, let me know and Ill do my best to
    > > respond quickly.- Ocultar texto de la cita -

    >
    > > - Mostrar texto de la cita -


    I'm not sure I understood that part. A router somewhere has to own
    that vlan, and by own, I mean there has a be layer 3 interface
    somewhere for routing. You can turn up vlan 7 on the switch, trunk or
    crossover it over to the switch where ports are needed, and so long as
    VLAN 7 goes back to a router somewhere, and is advertised out, you
    should be ok. I know you seem to be focused on layer 2, but where
    will VLAN 7's router interface be? Do both your networks (old vs.
    new) have core routers or MSFCs? Are they separate or does one set of
    routers own layer 3 for both networks? Perhaps a small diagram would
    do best.

    If you are saying that you want to turn up VLAN 7 on one switch, and
    that will be VLAN 1 on your old switches, I've never tried that and
    would not be surprised if that didnt work. Frames are tagged with
    VLAN, and there would most likely be a mismatch, but I suppose it
    could work...just never been there myself. Is there a reason you
    can't turn up a new subnet in the new network, put the servers there,
    and ACL it off to only be able to talk to old network devices and vice
    versa?
     
    Trendkill, Apr 23, 2007
    #4
  5. Sako

    Sako Guest

    Ok so I'll have to try a different approach.

    Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
    are connected to cisco 3745 Fa0/0 , so I have on both sides different
    default broadcast domains, and that is my problem. They used to be
    connected by 2 routers because we where on a different building, but
    now we moved all to the same building, so layer 3 translations are
    done on the same 3745 router (different int.)

    .... so if tagget frames have to go to the 3745 to translate to default
    vlan ... other approach could better my experiment.

    On 23 abr, 13:54, Trendkill <> wrote:
    > On Apr 23, 7:43 am, Sako <> wrote:
    >
    >
    >
    >
    >
    > > Ok, I forgot to mention that the VLAN I want to create in the Switch
    > > Main doesn't exist in Switch Old, because the whole Old network is in
    > > a default vlan.

    >
    > > You've got the point I don't have problems in layer 3. My problem is
    > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
    > > of Old switches .

    >
    > > So... do i have to configure it? In all of the ports of all of the
    > > switches? Is there a way so that the switch understands that vlan 7 in
    > > the other switch is its default broadcast domain?

    >
    > > Thanks in advance.

    >
    > > On 23 abr, 13:32, Trendkill <> wrote:

    >
    > > > On Apr 23, 3:41 am, Sako <> wrote:

    >
    > > > > Hi gents ! My problem is difficult to explain, but i hope you can
    > > > > understand.

    >
    > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > > > > switch and I want those VLAN ports to act as if they where part of the
    > > > > other switch, how should switch ports be configured ?

    >
    > > > > Explain :

    >
    > > > > We have moved to a old building where we had a existing network, and
    > > > > my current network design is this:

    >
    > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
    > > > > 192.211. Old=192.233. , son main and old networks are connected to the
    > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > > > > those VLANS do trunking over the switches, the old network is a single
    > > > > broadcast network .

    >
    > > > > So I want to have a Switch connected to the 192.221. network as
    > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > > > > connected to four interfaces. I can connect main and old networks to
    > > > > the same switch fisically so I don't need the traffic to pass throught
    > > > > the router. I don't need to access Old network from the Main one I
    > > > > only want to place in my computer room 3 machines that ONLY will be
    > > > > working in the Old network and for this purpose I don't want to waste
    > > > > a full switch.

    >
    > > > > So I thought making a new VLAN in the Main network router which was
    > > > > connected with a cross-over cable to a Old network switchport. How do
    > > > > i have to config switchports / trunking?

    >
    > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > > > > the configs :

    >
    > > > > version 12.1
    > > > > no service pad
    > > > > service timestamps debug datetime localtime
    > > > > service timestamps log datetime localtime
    > > > > service password-encryption
    > > > > !
    > > > > hostname swCPD-1
    > > > > !
    > > > > logging buffered informational
    > > > > aaa new-model
    > > > > ##
    > > > > ##
    > > > > clock timezone GMT+1 1
    > > > > clock summer-time GMT+1 recurring
    > > > > ip subnet-zero
    > > > > no ip finger
    > > > > !
    > > > > !
    > > > > spanning-tree portfast bpduguard
    > > > > !
    > > > > !
    > > > > interface FastEthernet0/1 // I want this interface to be in the old
    > > > > network
    > > > > !
    > > > > interface FastEthernet0/2// I want this interface to be in the old
    > > > > network
    > > > > !
    > > > > interface FastEthernet0/3
    > > > > switchport mode access
    > > > > !
    > > > > interface FastEthernet0/4
    > > > > !
    > > > > interface FastEthernet0/5
    > > > > !
    > > > > interface FastEthernet0/6
    > > > > !
    > > > > interface FastEthernet0/7
    > > > > !
    > > > > interface FastEthernet0/8
    > > > > !
    > > > > interface FastEthernet0/9
    > > > > description CRUZADO AL CSS-1
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > !
    > > > > interface FastEthernet0/10
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > !
    > > > > interface FastEthernet0/11
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > !
    > > > > interface FastEthernet0/12
    > > > > !
    > > > > interface FastEthernet0/13
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/14
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/15
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/16
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/17
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/18
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/19
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/20
    > > > > !
    > > > > interface FastEthernet0/21
    > > > > switchport access vlan 5
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/22
    > > > > switchport access vlan 5
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/23
    > > > > switchport access vlan 5
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface FastEthernet0/24
    > > > > switchport access vlan 5
    > > > > switchport mode access
    > > > > spanning-tree portfast
    > > > > !
    > > > > interface GigabitEthernet0/1
    > > > > switchport mode trunk
    > > > > !
    > > > > interface GigabitEthernet0/2
    > > > > switchport mode trunk
    > > > > !
    > > > > interface Vlan1
    > > > > ip address 192.221.7.12 255.255.0.0
    > > > > no ip route-cache
    > > > > !
    > > > > ip default-gateway 192.221.1.1

    >
    > > > > end

    >
    > > > If you are using a crossover, you can just set both ports as access
    > > > ports and make sure the vlan is created on both sides. As an example,
    > > > lets say you have two different core networks, on is 1.1.0.0 and the
    > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    > > > the second core. Provided you don't already have a vlan with the same
    > > > number (if so, just move it to a number that is unused), you can just
    > > > run a crossover between the two and bridge the VLAN over. This way
    > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
    > > > you'll simply have an extension over.

    >
    > > > The only time you would need trunking is if you have more than one
    > > > vlan you are doing that for. From your perspective, you don't seem to
    > > > care about layer 3 interfaces, you just want layer 2 connectivity on
    > > > an existing switch. I would run a copper crossover in whatever this
    > > > vlan is (as an access port on both sides), and put the three access
    > > > ports for your servers in that same vlan.

    >
    > > > If I've missed a requirement, let me know and Ill do my best to
    > > > respond quickly.- Ocultar texto de la cita -

    >
    > > > - Mostrar texto de la cita -

    >
    > I'm not sure I understood that part. A router somewhere has to own
    > that vlan, and by own, I mean there has a be layer 3 interface
    > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
    > crossover it over to the switch where ports are needed, and so long as
    > VLAN 7 goes back to a router somewhere, and is advertised out, you
    > should be ok. I know you seem to be focused on layer 2, but where
    > will VLAN 7's router interface be? Do both your networks (old vs.
    > new) have core routers or MSFCs? Are they separate or does one set of
    > routers own layer 3 for both networks? Perhaps a small diagram would
    > do best.
    >
    > If you are saying that you want to turn up VLAN 7 on one switch, and
    > that will be VLAN 1 on your old switches, I've never tried that and
    > would not be surprised if that didnt work. Frames are tagged with
    > VLAN, and there would most likely be a mismatch, but I suppose it
    > could work...just never been there myself. Is there a reason you
    > can't turn up a new subnet in the new network, put the servers there,
    > and ACL it off to only be able to talk to old network devices and vice
    > versa?- Ocultar texto de la cita -
    >
    > - Mostrar texto de la cita -
     
    Sako, Apr 23, 2007
    #5
  6. Sako

    Trendkill Guest

    On Apr 23, 8:03 am, Sako <> wrote:
    > Ok so I'll have to try a different approach.
    >
    > Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
    > are connected to cisco 3745 Fa0/0 , so I have on both sides different
    > default broadcast domains, and that is my problem. They used to be
    > connected by 2 routers because we where on a different building, but
    > now we moved all to the same building, so layer 3 translations are
    > done on the same 3745 router (different int.)
    >
    > ... so if tagget frames have to go to the 3745 to translate to default
    > vlan ... other approach could better my experiment.
    >
    > On 23 abr, 13:54, Trendkill <> wrote:
    >
    > > On Apr 23, 7:43 am, Sako <> wrote:

    >
    > > > Ok, I forgot to mention that the VLAN I want to create in the Switch
    > > > Main doesn't exist in Switch Old, because the whole Old network is in
    > > > a default vlan.

    >
    > > > You've got the point I don't have problems in layer 3. My problem is
    > > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
    > > > of Old switches .

    >
    > > > So... do i have to configure it? In all of the ports of all of the
    > > > switches? Is there a way so that the switch understands that vlan 7 in
    > > > the other switch is its default broadcast domain?

    >
    > > > Thanks in advance.

    >
    > > > On 23 abr, 13:32, Trendkill <> wrote:

    >
    > > > > On Apr 23, 3:41 am, Sako <> wrote:

    >
    > > > > > Hi gents ! My problem is difficult to explain, but i hope you can
    > > > > > understand.

    >
    > > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > > > > > switch and I want those VLAN ports to act as if they where part of the
    > > > > > other switch, how should switch ports be configured ?

    >
    > > > > > Explain :

    >
    > > > > > We have moved to a old building where we had a existing network, and
    > > > > > my current network design is this:

    >
    > > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
    > > > > > 192.211. Old=192.233. , son main and old networks are connected to the
    > > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > > > > > those VLANS do trunking over the switches, the old network is a single
    > > > > > broadcast network .

    >
    > > > > > So I want to have a Switch connected to the 192.221. network as
    > > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > > > > > connected to four interfaces. I can connect main and old networks to
    > > > > > the same switch fisically so I don't need the traffic to pass throught
    > > > > > the router. I don't need to access Old network from the Main one I
    > > > > > only want to place in my computer room 3 machines that ONLY will be
    > > > > > working in the Old network and for this purpose I don't want to waste
    > > > > > a full switch.

    >
    > > > > > So I thought making a new VLAN in the Main network router which was
    > > > > > connected with a cross-over cable to a Old network switchport. How do
    > > > > > i have to config switchports / trunking?

    >
    > > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > > > > > the configs :

    >
    > > > > > version 12.1
    > > > > > no service pad
    > > > > > service timestamps debug datetime localtime
    > > > > > service timestamps log datetime localtime
    > > > > > service password-encryption
    > > > > > !
    > > > > > hostname swCPD-1
    > > > > > !
    > > > > > logging buffered informational
    > > > > > aaa new-model
    > > > > > ##
    > > > > > ##
    > > > > > clock timezone GMT+1 1
    > > > > > clock summer-time GMT+1 recurring
    > > > > > ip subnet-zero
    > > > > > no ip finger
    > > > > > !
    > > > > > !
    > > > > > spanning-tree portfast bpduguard
    > > > > > !
    > > > > > !
    > > > > > interface FastEthernet0/1 // I want this interface to be in the old
    > > > > > network
    > > > > > !
    > > > > > interface FastEthernet0/2// I want this interface to be in the old
    > > > > > network
    > > > > > !
    > > > > > interface FastEthernet0/3
    > > > > > switchport mode access
    > > > > > !
    > > > > > interface FastEthernet0/4
    > > > > > !
    > > > > > interface FastEthernet0/5
    > > > > > !
    > > > > > interface FastEthernet0/6
    > > > > > !
    > > > > > interface FastEthernet0/7
    > > > > > !
    > > > > > interface FastEthernet0/8
    > > > > > !
    > > > > > interface FastEthernet0/9
    > > > > > description CRUZADO AL CSS-1
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > !
    > > > > > interface FastEthernet0/10
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > !
    > > > > > interface FastEthernet0/11
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > !
    > > > > > interface FastEthernet0/12
    > > > > > !
    > > > > > interface FastEthernet0/13
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/14
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/15
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/16
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/17
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/18
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/19
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/20
    > > > > > !
    > > > > > interface FastEthernet0/21
    > > > > > switchport access vlan 5
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/22
    > > > > > switchport access vlan 5
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/23
    > > > > > switchport access vlan 5
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface FastEthernet0/24
    > > > > > switchport access vlan 5
    > > > > > switchport mode access
    > > > > > spanning-tree portfast
    > > > > > !
    > > > > > interface GigabitEthernet0/1
    > > > > > switchport mode trunk
    > > > > > !
    > > > > > interface GigabitEthernet0/2
    > > > > > switchport mode trunk
    > > > > > !
    > > > > > interface Vlan1
    > > > > > ip address 192.221.7.12 255.255.0.0
    > > > > > no ip route-cache
    > > > > > !
    > > > > > ip default-gateway 192.221.1.1

    >
    > > > > > end

    >
    > > > > If you are using a crossover, you can just set both ports as access
    > > > > ports and make sure the vlan is created on both sides. As an example,
    > > > > lets say you have two different core networks, on is 1.1.0.0 and the
    > > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    > > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    > > > > the second core. Provided you don't already have a vlan with the same
    > > > > number (if so, just move it to a number that is unused), you can just
    > > > > run a crossover between the two and bridge the VLAN over. This way
    > > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
    > > > > you'll simply have an extension over.

    >
    > > > > The only time you would need trunking is if you have more than one
    > > > > vlan you are doing that for. From your perspective, you don't seem to
    > > > > care about layer 3 interfaces, you just want layer 2 connectivity on
    > > > > an existing switch. I would run a copper crossover in whatever this
    > > > > vlan is (as an access port on both sides), and put the three access
    > > > > ports for your servers in that same vlan.

    >
    > > > > If I've missed a requirement, let me know and Ill do my best to
    > > > > respond quickly.- Ocultar texto de la cita -

    >
    > > > > - Mostrar texto de la cita -

    >
    > > I'm not sure I understood that part. A router somewhere has to own
    > > that vlan, and by own, I mean there has a be layer 3 interface
    > > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
    > > crossover it over to the switch where ports are needed, and so long as
    > > VLAN 7 goes back to a router somewhere, and is advertised out, you
    > > should be ok. I know you seem to be focused on layer 2, but where
    > > will VLAN 7's router interface be? Do both your networks (old vs.
    > > new) have core routers or MSFCs? Are they separate or does one set of
    > > routers own layer 3 for both networks? Perhaps a small diagram would
    > > do best.

    >
    > > If you are saying that you want to turn up VLAN 7 on one switch, and
    > > that will be VLAN 1 on your old switches, I've never tried that and
    > > would not be surprised if that didnt work. Frames are tagged with
    > > VLAN, and there would most likely be a mismatch, but I suppose it
    > > could work...just never been there myself. Is there a reason you
    > > can't turn up a new subnet in the new network, put the servers there,
    > > and ACL it off to only be able to talk to old network devices and vice
    > > versa?- Ocultar texto de la cita -

    >
    > > - Mostrar texto de la cita -


    No layer 3 switches? If not, why not plan a migration and get all the
    vlans turned up on one of the 3745 interfaces? If you still have the
    2nd router, turn up the same interfaces but one IP address up and get
    HSRP up for redundancy. It may be a decent amount of switches to go
    touch and move vlan access ports, but I would get to a single core as
    quickly as possible to save confusion, sustainability, and future
    growth. If you do have layer 3 switches, this could be made a lot
    easier by turning the vlans up on a set and use the router only for
    WAN/Internet. Lots of options here....but if you are in a bind on the
    3 server thing, I'd consider putting them in the new network and use
    ACLs to protect the networks....or just leave them open if this is a
    high speed network.......
     
    Trendkill, Apr 23, 2007
    #6
  7. Sako

    Sako Guest

    Thank you, I'll have to find an alternative, I'll try to convince to
    buy layer 3 switches.
    For my problem I'll put a small router dedicated to that network.


    On 23 abr, 14:08, Trendkill <> wrote:
    > On Apr 23, 8:03 am, Sako <> wrote:
    >
    >
    >
    >
    >
    > > Ok so I'll have to try a different approach.

    >
    > > Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
    > > are connected to cisco 3745 Fa0/0 , so I have on both sides different
    > > default broadcast domains, and that is my problem. They used to be
    > > connected by 2 routers because we where on a different building, but
    > > now we moved all to the same building, so layer 3 translations are
    > > done on the same 3745 router (different int.)

    >
    > > ... so if tagget frames have to go to the 3745 to translate to default
    > > vlan ... other approach could better my experiment.

    >
    > > On 23 abr, 13:54, Trendkill <> wrote:

    >
    > > > On Apr 23, 7:43 am, Sako <> wrote:

    >
    > > > > Ok, I forgot to mention that the VLAN I want to create in the Switch
    > > > > Main doesn't exist in Switch Old, because the whole Old network is in
    > > > > a default vlan.

    >
    > > > > You've got the point I don't have problems in layer 3. My problem is
    > > > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
    > > > > of Old switches .

    >
    > > > > So... do i have to configure it? In all of the ports of all of the
    > > > > switches? Is there a way so that the switch understands that vlan 7 in
    > > > > the other switch is its default broadcast domain?

    >
    > > > > Thanks in advance.

    >
    > > > > On 23 abr, 13:32, Trendkill <> wrote:

    >
    > > > > > On Apr 23, 3:41 am, Sako <> wrote:

    >
    > > > > > > Hi gents ! My problem is difficult to explain, but i hope you can
    > > > > > > understand.

    >
    > > > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > > > > > > switch and I want those VLAN ports to act as if they where part of the
    > > > > > > other switch, how should switch ports be configured ?

    >
    > > > > > > Explain :

    >
    > > > > > > We have moved to a old building where we had a existing network, and
    > > > > > > my current network design is this:

    >
    > > > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
    > > > > > > 192.211. Old=192.233. , son main and old networks are connected to the
    > > > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > > > > > > those VLANS do trunking over the switches, the old network is a single
    > > > > > > broadcast network .

    >
    > > > > > > So I want to have a Switch connected to the 192.221. network as
    > > > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > > > > > > connected to four interfaces. I can connect main and old networks to
    > > > > > > the same switch fisically so I don't need the traffic to pass throught
    > > > > > > the router. I don't need to access Old network from the Main one I
    > > > > > > only want to place in my computer room 3 machines that ONLY will be
    > > > > > > working in the Old network and for this purpose I don't want to waste
    > > > > > > a full switch.

    >
    > > > > > > So I thought making a new VLAN in the Main network router which was
    > > > > > > connected with a cross-over cable to a Old network switchport. How do
    > > > > > > i have to config switchports / trunking?

    >
    > > > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > > > > > > the configs :

    >
    > > > > > > version 12.1
    > > > > > > no service pad
    > > > > > > service timestamps debug datetime localtime
    > > > > > > service timestamps log datetime localtime
    > > > > > > service password-encryption
    > > > > > > !
    > > > > > > hostname swCPD-1
    > > > > > > !
    > > > > > > logging buffered informational
    > > > > > > aaa new-model
    > > > > > > ##
    > > > > > > ##
    > > > > > > clock timezone GMT+1 1
    > > > > > > clock summer-time GMT+1 recurring
    > > > > > > ip subnet-zero
    > > > > > > no ip finger
    > > > > > > !
    > > > > > > !
    > > > > > > spanning-tree portfast bpduguard
    > > > > > > !
    > > > > > > !
    > > > > > > interface FastEthernet0/1 // I want this interface to be in the old
    > > > > > > network
    > > > > > > !
    > > > > > > interface FastEthernet0/2// I want this interface to be in the old
    > > > > > > network
    > > > > > > !
    > > > > > > interface FastEthernet0/3
    > > > > > > switchport mode access
    > > > > > > !
    > > > > > > interface FastEthernet0/4
    > > > > > > !
    > > > > > > interface FastEthernet0/5
    > > > > > > !
    > > > > > > interface FastEthernet0/6
    > > > > > > !
    > > > > > > interface FastEthernet0/7
    > > > > > > !
    > > > > > > interface FastEthernet0/8
    > > > > > > !
    > > > > > > interface FastEthernet0/9
    > > > > > > description CRUZADO AL CSS-1
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > !
    > > > > > > interface FastEthernet0/10
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > !
    > > > > > > interface FastEthernet0/11
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > !
    > > > > > > interface FastEthernet0/12
    > > > > > > !
    > > > > > > interface FastEthernet0/13
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/14
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/15
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/16
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/17
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/18
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/19
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/20
    > > > > > > !
    > > > > > > interface FastEthernet0/21
    > > > > > > switchport access vlan 5
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/22
    > > > > > > switchport access vlan 5
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/23
    > > > > > > switchport access vlan 5
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface FastEthernet0/24
    > > > > > > switchport access vlan 5
    > > > > > > switchport mode access
    > > > > > > spanning-tree portfast
    > > > > > > !
    > > > > > > interface GigabitEthernet0/1
    > > > > > > switchport mode trunk
    > > > > > > !
    > > > > > > interface GigabitEthernet0/2
    > > > > > > switchport mode trunk
    > > > > > > !
    > > > > > > interface Vlan1
    > > > > > > ip address 192.221.7.12 255.255.0.0
    > > > > > > no ip route-cache
    > > > > > > !
    > > > > > > ip default-gateway 192.221.1.1

    >
    > > > > > > end

    >
    > > > > > If you are using a crossover, you can just set both ports as access
    > > > > > ports and make sure the vlan is created on both sides. As an example,
    > > > > > lets say you have two different core networks, on is 1.1.0.0 and the
    > > > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    > > > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    > > > > > the second core. Provided you don't already have a vlan with the same
    > > > > > number (if so, just move it to a number that is unused), you can just
    > > > > > run a crossover between the two and bridge the VLAN over. This way
    > > > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
    > > > > > you'll simply have an extension over.

    >
    > > > > > The only time you would need trunking is if you have more than one
    > > > > > vlan you are doing that for. From your perspective, you don't seem to
    > > > > > care about layer 3 interfaces, you just want layer 2 connectivity on
    > > > > > an existing switch. I would run a copper crossover in whatever this
    > > > > > vlan is (as an access port on both sides), and put the three access
    > > > > > ports for your servers in that same vlan.

    >
    > > > > > If I've missed a requirement, let me know and Ill do my best to
    > > > > > respond quickly.- Ocultar texto de la cita -

    >
    > > > > > - Mostrar texto de la cita -

    >
    > > > I'm not sure I understood that part. A router somewhere has to own
    > > > that vlan, and by own, I mean there has a be layer 3 interface
    > > > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
    > > > crossover it over to the switch where ports are needed, and so long as
    > > > VLAN 7 goes back to a router somewhere, and is advertised out, you
    > > > should be ok. I know you seem to be focused on layer 2, but where
    > > > will VLAN 7's router interface be? Do both your networks (old vs.
    > > > new) have core routers or MSFCs? Are they separate or does one set of
    > > > routers own layer 3 for both networks? Perhaps a small diagram would
    > > > do best.

    >
    > > > If you are saying that you want to turn up VLAN 7 on one switch, and
    > > > that will be VLAN 1 on your old switches, I've never tried that and
    > > > would not be surprised if that didnt work. Frames are tagged with
    > > > VLAN, and there would most likely be a mismatch, but I suppose it
    > > > could work...just never been there myself. Is there a reason you
    > > > can't turn up a new subnet in the new network, put the servers there,
    > > > and ACL it off to only be able to talk to old network devices and vice
    > > > versa?- Ocultar texto de la cita -

    >
    > > > - Mostrar texto de la cita -

    >
    > No layer 3 switches? If not, why not plan a migration and get all the
    > vlans turned up on one of the 3745 interfaces? If you still have the
    > 2nd router, turn up the same interfaces but one IP address up and get
    > HSRP up for redundancy. It may be a decent amount of switches to go
    > touch and move vlan access ports, but I would get to a single core as
    > quickly as possible to save confusion, sustainability, and future
    > growth. If you do have layer 3 switches, this could be made a lot
    > easier by turning the vlans up on a set and use the router only for
    > WAN/Internet. Lots of options here....but if you are in a bind on the
    > 3 server thing, I'd consider putting them in the new network and use
    > ACLs to protect the networks....or just leave them open if this is a
    > high speed network.......- Ocultar texto de la cita -
    >
    > - Mostrar texto de la cita -
     
    Sako, Apr 23, 2007
    #7
  8. Sako

    Sako Guest

    I ment dedicated switch

    On 23 abr, 16:03, Sako <> wrote:
    > Thank you, I'll have to find an alternative, I'll try to convince to
    > buy layer 3 switches.
    > For my problem I'll put a small router dedicated to that network.
    >
    > On 23 abr, 14:08, Trendkill <> wrote:
    >
    >
    >
    > > On Apr 23, 8:03 am, Sako <> wrote:

    >
    > > > Ok so I'll have to try a different approach.

    >
    > > > Switches on Main are connected to a cisco 3745 Fa0/1 Switches on Old
    > > > are connected to cisco 3745 Fa0/0 , so I have on both sides different
    > > > default broadcast domains, and that is my problem. They used to be
    > > > connected by 2 routers because we where on a different building, but
    > > > now we moved all to the same building, so layer 3 translations are
    > > > done on the same 3745 router (different int.)

    >
    > > > ... so if tagget frames have to go to the 3745 to translate to default
    > > > vlan ... other approach could better my experiment.

    >
    > > > On 23 abr, 13:54, Trendkill <> wrote:

    >
    > > > > On Apr 23, 7:43 am, Sako <> wrote:

    >
    > > > > > Ok, I forgot to mention that the VLAN I want to create in the Switch
    > > > > > Main doesn't exist in Switch Old, because the whole Old network is in
    > > > > > a default vlan.

    >
    > > > > > You've got the point I don't have problems in layer 3. My problem is
    > > > > > that a VLAN f.e. Vlan 7 in Main switch won't be configured in the rest
    > > > > > of Old switches .

    >
    > > > > > So... do i have to configure it? In all of the ports of all of the
    > > > > > switches? Is there a way so that the switch understands that vlan 7 in
    > > > > > the other switch is its default broadcast domain?

    >
    > > > > > Thanks in advance.

    >
    > > > > > On 23 abr, 13:32, Trendkill <> wrote:

    >
    > > > > > > On Apr 23, 3:41 am, Sako <> wrote:

    >
    > > > > > > > Hi gents ! My problem is difficult to explain, but i hope you can
    > > > > > > > understand.

    >
    > > > > > > > I want to make a new VLAN in a switch, connecting this VLAN to a other
    > > > > > > > switch and I want those VLAN ports to act as if they where part of the
    > > > > > > > other switch, how should switch ports be configured ?

    >
    > > > > > > > Explain :

    >
    > > > > > > > We have moved to a old building where we had a existing network, and
    > > > > > > > my current network design is this:

    >
    > > > > > > > I have 2 networks connected to a cisco 3745, I'll call Main=
    > > > > > > > 192.211. Old=192.233. , son main and old networks are connected to the
    > > > > > > > router. In the main network I have 2 DMZ placed in 2 different VLANS,
    > > > > > > > those VLANS do trunking over the switches, the old network is a single
    > > > > > > > broadcast network .

    >
    > > > > > > > So I want to have a Switch connected to the 192.221. network as
    > > > > > > > VLAN1 , Main_DMZ1 and Main_DMZ2 connected, and Old 192.233. network
    > > > > > > > connected to four interfaces. I can connect main and old networks to
    > > > > > > > the same switch fisically so I don't need the traffic to pass throught
    > > > > > > > the router. I don't need to access Old network from the Main one I
    > > > > > > > only want to place in my computer room 3 machines that ONLY will be
    > > > > > > > working in the Old network and for this purpose I don't want to waste
    > > > > > > > a full switch.

    >
    > > > > > > > So I thought making a new VLAN in the Main network router which was
    > > > > > > > connected with a cross-over cable to a Old network switchport.. How do
    > > > > > > > i have to config switchports / trunking?

    >
    > > > > > > > The switch is a 2960G, now I have 2 2950 doing the job. this are
    > > > > > > > the configs :

    >
    > > > > > > > version 12.1
    > > > > > > > no service pad
    > > > > > > > service timestamps debug datetime localtime
    > > > > > > > service timestamps log datetime localtime
    > > > > > > > service password-encryption
    > > > > > > > !
    > > > > > > > hostname swCPD-1
    > > > > > > > !
    > > > > > > > logging buffered informational
    > > > > > > > aaa new-model
    > > > > > > > ##
    > > > > > > > ##
    > > > > > > > clock timezone GMT+1 1
    > > > > > > > clock summer-time GMT+1 recurring
    > > > > > > > ip subnet-zero
    > > > > > > > no ip finger
    > > > > > > > !
    > > > > > > > !
    > > > > > > > spanning-tree portfast bpduguard
    > > > > > > > !
    > > > > > > > !
    > > > > > > > interface FastEthernet0/1 // I want this interface to be in the old
    > > > > > > > network
    > > > > > > > !
    > > > > > > > interface FastEthernet0/2// I want this interface to be in the old
    > > > > > > > network
    > > > > > > > !
    > > > > > > > interface FastEthernet0/3
    > > > > > > > switchport mode access
    > > > > > > > !
    > > > > > > > interface FastEthernet0/4
    > > > > > > > !
    > > > > > > > interface FastEthernet0/5
    > > > > > > > !
    > > > > > > > interface FastEthernet0/6
    > > > > > > > !
    > > > > > > > interface FastEthernet0/7
    > > > > > > > !
    > > > > > > > interface FastEthernet0/8
    > > > > > > > !
    > > > > > > > interface FastEthernet0/9
    > > > > > > > description CRUZADO AL CSS-1
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > !
    > > > > > > > interface FastEthernet0/10
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > !
    > > > > > > > interface FastEthernet0/11
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > !
    > > > > > > > interface FastEthernet0/12
    > > > > > > > !
    > > > > > > > interface FastEthernet0/13
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/14
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/15
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/16
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/17
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/18
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/19
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/20
    > > > > > > > !
    > > > > > > > interface FastEthernet0/21
    > > > > > > > switchport access vlan 5
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/22
    > > > > > > > switchport access vlan 5
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/23
    > > > > > > > switchport access vlan 5
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface FastEthernet0/24
    > > > > > > > switchport access vlan 5
    > > > > > > > switchport mode access
    > > > > > > > spanning-tree portfast
    > > > > > > > !
    > > > > > > > interface GigabitEthernet0/1
    > > > > > > > switchport mode trunk
    > > > > > > > !
    > > > > > > > interface GigabitEthernet0/2
    > > > > > > > switchport mode trunk
    > > > > > > > !
    > > > > > > > interface Vlan1
    > > > > > > > ip address 192.221.7.12 255.255.0.0
    > > > > > > > no ip route-cache
    > > > > > > > !
    > > > > > > > ip default-gateway 192.221.1.1

    >
    > > > > > > > end

    >
    > > > > > > If you are using a crossover, you can just set both ports as access
    > > > > > > ports and make sure the vlan is created on both sides. As an example,
    > > > > > > lets say you have two different core networks, on is 1.1.0.0 and the
    > > > > > > other is 2.2.0.0. The first has 255 vlans, 1.1.0.0 - 1.1.255.255.
    > > > > > > The second has the same but 2.2.x.x. You want 1.1.100.0 available on
    > > > > > > the second core. Provided you don't already have a vlan with the same
    > > > > > > number (if so, just move it to a number that is unused), you can just
    > > > > > > run a crossover between the two and bridge the VLAN over. This way
    > > > > > > you don't need to turn up 1.1.100.x interfaces on the second core, but
    > > > > > > you'll simply have an extension over.

    >
    > > > > > > The only time you would need trunking is if you have more than one
    > > > > > > vlan you are doing that for. From your perspective, you don't seem to
    > > > > > > care about layer 3 interfaces, you just want layer 2 connectivity on
    > > > > > > an existing switch. I would run a copper crossover in whatever this
    > > > > > > vlan is (as an access port on both sides), and put the three access
    > > > > > > ports for your servers in that same vlan.

    >
    > > > > > > If I've missed a requirement, let me know and Ill do my best to
    > > > > > > respond quickly.- Ocultar texto de la cita -

    >
    > > > > > > - Mostrar texto de la cita -

    >
    > > > > I'm not sure I understood that part. A router somewhere has to own
    > > > > that vlan, and by own, I mean there has a be layer 3 interface
    > > > > somewhere for routing. You can turn up vlan 7 on the switch, trunk or
    > > > > crossover it over to the switch where ports are needed, and so long as
    > > > > VLAN 7 goes back to a router somewhere, and is advertised out, you
    > > > > should be ok. I know you seem to be focused on layer 2, but where
    > > > > will VLAN 7's router interface be? Do both your networks (old vs.
    > > > > new) have core routers or MSFCs? Are they separate or does one set of
    > > > > routers own layer 3 for both networks? Perhaps a small diagram would
    > > > > do best.

    >
    > > > > If you are saying that you want to turn up VLAN 7 on one switch, and
    > > > > that will be VLAN 1 on your old switches, I've never tried that and
    > > > > would not be surprised if that didnt work. Frames are tagged with
    > > > > VLAN, and there would most likely be a mismatch, but I suppose it
    > > > > could work...just never been there myself. Is there a reason you
    > > > > can't turn up a new subnet in the new network, put the servers there,
    > > > > and ACL it off to only be able to talk to old network devices and vice
    > > > > versa?- Ocultar texto de la cita -

    >
    > > > > - Mostrar texto de la cita -

    >
    > > No layer 3 switches? If not, why not plan a migration and get all the
    > > vlans turned up on one of the 3745 interfaces? If you still have the
    > > 2nd router, turn up the same interfaces but one IP address up and

    >
    > ...
    >
    > leer más »- Ocultar texto de la cita -
    >
    > - Mostrar texto de la cita -
     
    Sako, Apr 23, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lucy
    Replies:
    0
    Views:
    869
  2. Lucy
    Replies:
    0
    Views:
    807
  3. Replies:
    1
    Views:
    2,765
  4. =?Utf-8?B?RWR3YXJkIExldGVuZHJl?=

    one laptop, two completely different networks, how to connect to e

    =?Utf-8?B?RWR3YXJkIExldGVuZHJl?=, Oct 17, 2007, in forum: Wireless Networking
    Replies:
    3
    Views:
    752
    Barb Bowman
    Oct 18, 2007
  5. Tony
    Replies:
    0
    Views:
    511
Loading...

Share This Page