Creating VLANS on 6500 IOS 12.2

Discussion in 'Cisco' started by essenz, Feb 15, 2008.

  1. essenz

    essenz Guest

    I have done VLANs on IOS 12.0 on Cisco switch like a 3524XL, but not
    on a 6509 Sup2-MSFC2-PFC2.

    How do you just create a basic VLAN for a few ports so the devices in
    that VLAN can all talk to each other via the same netmask, i.e. just a
    non-routed private net.

    The followup to that is VLANs where a default gateway IP address is
    specified for routing out to the internet.

    When I provision a port with its own public IP subnet, I do something
    like:

    interface FastEthernet 7/1
    ip address 4.4.4.1 netmask 255.255.255.248

    Then I plug a cable into port 7/1 and hand it over to somebody - and
    they use 4.4.4.1 as the default gateway. Sometimes that somebody
    doesn't have a switch, so they want me to give them two ports of the
    6509, both working with that same public IP subnet. I assume you have
    to make a VLAN for the two ports, but where do you put the IP?

    This is all new to me. Before I used to put all my public subnets over
    a single ethernet port off a 7206, then connected that handoff into a
    3524XL, where all ports are on the default VLAN - so I would just plug
    everybody into that 3524.

    thanks
    john
     
    essenz, Feb 15, 2008
    #1
    1. Advertisements

  2. 2 ways, through IOS config or through the "Old" VLAN database. I am used to
    the old form so here is the explanation.

    Usually VLANs are transparent, this meaning the VLANs created on the 6509,
    needs to be created on the 3524 as well.

    Thanks to VTP we can end this. With VTP you designate a server, make a VTP
    domain and VTP password. This would preferably be done on the 6509. On the
    3524 you then set them i client mode, add in the VTP domain and password
    created and they will automatically get VLANs created from the server.

    So to begin with, on the 6509 enter

    vlan database (this accesses the VLAN configuration part)
    vtp server (To make the 6509 VTP server)
    vtp domain <domain> (Sets the VTP domain name)
    vtp password <password> (Sets the VTP password for the domain)

    and then we add the VLANs:

    vlan <VLAN 1-1005> (creates vlan 1-1005, remember additional switches can
    be made after VLAN number)

    Does not quite understand, but my guess is you ask to do this for VLANs
    instead of physical ports?

    On the 6509 you would enter the VLAN interface instead of the physical, so:

    interface vlan 5
    ip address 4.4.4.1 netmask 255.255.255.248
     
    Bjarke Andersen, Feb 15, 2008
    #2
    1. Advertisements

  3. essenz

    M Guest

    And just to add. Use 'switchport' on the ports you want as Layer 2.
     
    M, Feb 15, 2008
    #3
  4. essenz

    briggs Guest

    Here's a couple of simple examples that may help.

    On a Cisco layer-3 capable switch running IOS there are two ways to
    configure a layer 3 interface. You can put the IP address on a
    virtual interface associated with a VLAN. Those virtual interfaces
    are sometimes called SVIs.

    Or you can put the IP address directly on a switch port that is
    configured as "no switchport".

    By default, all switch ports on a 6509 are configured as "switchport".


    Example, putting 4 ports into VLAN 123 and giving the switch an
    SVI on VLAN 123.

    interface range FastEthernet7/1 - 4
    switchport
    switchport mode access
    switchport access vlan 123

    interface vlan123
    description This is the SVI for VLAN 123
    ip address 4.4.4.1 255.255.255.248

    Now you can give 4.4.4.x addresses to the equipment plugged into
    FastEthernet7/1 through 7/4. At layer 2, the switch will forward
    traffic within the VLAN. At layer 3, the switch will route IP packets
    in and out of the VLAN using its gateway address of 4.4.4.1


    Example, using a single port as a layer 3 interface

    interface FastEthernet1/1
    no switchport
    description This interface runs at layer 3.
    ip address 5.5.5.1 255.255.255.248

    ip route 0.0.0.0 0.0.0.0 5.5.5.2

    Now you can plug an ISP router into FastEthernet1/1 and route
    between 4.4.4.x and the Internet.


    If your Cisco switch were not layer 3 capable, you could still create
    VLANx interfaces. But the switch wouldn't route packets through.
    It would just let you route packets to or from the switch itself so
    that you could manage it via telnet, ssh, http, snmp or whatever.
     
    briggs, Feb 15, 2008
    #4
  5. essenz

    essenz Guest

    Ahh, thats it. Thats what I figured, but didn't know the syntax. Put
    the ports in a vlan, the give the VLAN an IP.

    I'll test it this afternoon.

    One followup. I have one user that runs snort. So on his 2-port VLAN,
    one port will be his live uplink for traffic which he then plugs into
    his own switch with all his servers, the other port needs to be a
    mirror or trunk port to monitor all TX and RX off the uplink port for
    IDS purposes. I did this on the 3524XL, would the syntax be the same
    on the 6509 in this vlan setup?


    -john
     
    essenz, Feb 15, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.