[NEWBIE-Q]Small 2950, VLANs and plugging it into "big bad" network

Sorry for the newbie question, but I want to double check something,
before getting busted by my network guys: I have a need for a small 2950
(-12) in my office, which I VLAN-ed as follows:
- management VLAN called <something>, with a gw of 192.168.1.1, and 5
ports associated with a DHCP server and 4 systems, all in the
192.168.1.0/24 network. The switch - itself - has the IP from this pool,
of course (this is what "management VLAN" means, right?)
- VLAN1 left alone, for the rest of the ports, of which one would be
plugged into the "real" network, on a 172.30.0.0/16 net, and one other
into another device of mine

I need to plug this switch into the existing network (4000s and 6500s),
which was setup by my network group (as far as I understand it) with one
6500 as VTP server, and the rest clients.

My purpose is to avoid any problems when plugging in my little 2950, so I
have setup VTP in client mode, and have done nothing else to it (except
for the VLAN above) - would it be safe to plug it, in one of the VLAN1
ports? Would there be a better way to configure this?

To give you the whole picture - I have, in fact, a little Linux-based
firewall, and I am using the 2950 - half to host my systems "behind" the
firewall (on the so-called management VLAN), and two ports to plug the
connection to the rest of the network, and the second to plug the external
interface of my firewall (I hope it is clear now why I wanted the
management VLAN to be on the "other" network). My FW is also the DHCP
serve for the systems on the "mgmt" VLAN ...

Sorry for the lenghty message - any comments?!? Does it matter that my VTP
domain will not match the rest of the network (besides some errors in the
logs, I assume?!?)? Would the port plugged into the rest of the network be
regarded as "trunk", even if I did not define it as such?

TIA,
C

 

You might still get 'busted.'

[snip]

[snip]

Your uplink switch will complain about vtp domains not matching and
native vlan mismatches.


--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************

 

Thanks for replying - so, what would be the 'right' way to do this, and
not fill the logs with vtp domain and vlan mismatching warnings? I could
try to sniff the traffic on one of my valid ports, to see if I can capture
domain name and password, then plugging it into my configuration, but i am
not sure what I could do about the native vlan mismatch?!?

C

 

The right way to do it would be to talk to your network administrator and
have him assist you with confguring the switch properly. Obviously you're
trying to do this on the sly, and any administrator with any skills will
bust you withing days if not hours. It's not your infrastructure to be
mucking with, someone else is responsible for it, let them do it correctly.

 

On Wed, 23 Mar 2005 10:16:17 -0500, Brian V wrote:

<snip>

Thank you very much to all. I ended up doing a native VLAN different than
1, for my "private" pool, then shutting down the trunk on the port
associated with the uplink connection (which was left in VLAN1), and also
removing my other VLAN (#switchport trunk allowed vlan remove <my-native>)
from the trunk (just in case), and also putting the VTP in transparent
mode - which - in turn - trigerred only one complaint about the domain
mismatch, and only on my switch, and no "noise" outside my box (checked
the syslog server where the uplink switch dumps its info) ... so clean and
functional.

C

 

the right way is to get buy in from your network staff. There are
other signs that a switch/hub is in use behind a particular switch.


--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************