[NEWBIE-Q]Small 2950, VLANs and plugging it into "big bad" network

Discussion in 'Cisco' started by Castravete, Mar 23, 2005.

  1. Castravete

    Castravete Guest

    Sorry for the newbie question, but I want to double check something,
    before getting busted by my network guys: I have a need for a small 2950
    (-12) in my office, which I VLAN-ed as follows:
    - management VLAN called <something>, with a gw of 192.168.1.1, and 5
    ports associated with a DHCP server and 4 systems, all in the
    192.168.1.0/24 network. The switch - itself - has the IP from this pool,
    of course (this is what "management VLAN" means, right?)
    - VLAN1 left alone, for the rest of the ports, of which one would be
    plugged into the "real" network, on a 172.30.0.0/16 net, and one other
    into another device of mine

    I need to plug this switch into the existing network (4000s and 6500s),
    which was setup by my network group (as far as I understand it) with one
    6500 as VTP server, and the rest clients.

    My purpose is to avoid any problems when plugging in my little 2950, so I
    have setup VTP in client mode, and have done nothing else to it (except
    for the VLAN above) - would it be safe to plug it, in one of the VLAN1
    ports? Would there be a better way to configure this?

    To give you the whole picture - I have, in fact, a little Linux-based
    firewall, and I am using the 2950 - half to host my systems "behind" the
    firewall (on the so-called management VLAN), and two ports to plug the
    connection to the rest of the network, and the second to plug the external
    interface of my firewall (I hope it is clear now why I wanted the
    management VLAN to be on the "other" network). My FW is also the DHCP
    serve for the systems on the "mgmt" VLAN ...

    Sorry for the lenghty message - any comments?!? Does it matter that my VTP
    domain will not match the rest of the network (besides some errors in the
    logs, I assume?!?)? Would the port plugged into the rest of the network be
    regarded as "trunk", even if I did not define it as such?

    TIA,
    C
     
    Castravete, Mar 23, 2005
    #1
    1. Advertisements

  2. Castravete

    Hansang Bae Guest

    You might still get 'busted.'

    [snip]
    [snip]

    Your uplink switch will complain about vtp domains not matching and
    native vlan mismatches.


    --

    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Mar 23, 2005
    #2
    1. Advertisements

  3. Castravete

    Castravete Guest

    Thanks for replying - so, what would be the 'right' way to do this, and
    not fill the logs with vtp domain and vlan mismatching warnings? I could
    try to sniff the traffic on one of my valid ports, to see if I can capture
    domain name and password, then plugging it into my configuration, but i am
    not sure what I could do about the native vlan mismatch?!?

    C
     
    Castravete, Mar 23, 2005
    #3
  4. Castravete

    Brian V Guest

    The right way to do it would be to talk to your network administrator and
    have him assist you with confguring the switch properly. Obviously you're
    trying to do this on the sly, and any administrator with any skills will
    bust you withing days if not hours. It's not your infrastructure to be
    mucking with, someone else is responsible for it, let them do it correctly.
     
    Brian V, Mar 23, 2005
    #4
  5. Castravete

    Castravete Guest

    On Wed, 23 Mar 2005 10:16:17 -0500, Brian V wrote:

    <snip>

    Thank you very much to all. I ended up doing a native VLAN different than
    1, for my "private" pool, then shutting down the trunk on the port
    associated with the uplink connection (which was left in VLAN1), and also
    removing my other VLAN (#switchport trunk allowed vlan remove <my-native>)
    from the trunk (just in case), and also putting the VTP in transparent
    mode - which - in turn - trigerred only one complaint about the domain
    mismatch, and only on my switch, and no "noise" outside my box (checked
    the syslog server where the uplink switch dumps its info) ... so clean and
    functional.

    C
     
    Castravete, Mar 23, 2005
    #5
  6. Castravete

    Hansang Bae Guest

    the right way is to get buy in from your network staff. There are
    other signs that a switch/hub is in use behind a particular switch.


    --

    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Mar 24, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.