Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN Assistance

Bear_2
Advisor

VLAN Assistance

Greetings All,

I need some VLAN assistance please. I would like to be able to make some ports on switch 3 members of the DO_Admin VLAN which resides on switch 2. Switch 1 physically resides between switches 2 and 3. Is it simply a matter of adding the DO_Admin VLAN to switches 1 and 3, or is there a better way? Please give configuration examples. All three switches are layer 3, switch 3 does support OSPF. Any assistance would be greatly appreciated!


Switch 1 (5308)

vlan 8
name "DHS_To_DSE"
untagged A3
ip address 10.37.28.1 255.255.255.0
exit
vlan 4
name "DHS_to_Tech"
untagged F3
ip address 10.37.24.1 255.255.255.0
exit
vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
ip route 10.37.25.0 255.255.255.0 10.37.24.2
ip route 0.0.0.0 0.0.0.0 10.37.29.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 2 (5308)

vlan 41
name "DO_Admin"
untagged A2
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.37.81.15
exit
vlan 8
name "DHS_to_DSE"
untagged A1
ip address 10.37.28.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.28.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 3 (2824)

vlan 4
name "DHS_to_Tech"
untagged 24
ip address 10.37.24.2 255.255.255.0
exit
vlan 60
name "Tech_Office"
untagged 1-22
ip address 10.37.25.1 255.255.255.0
ip helper-address 10.37.25.60
exit
ip route 0.0.0.0 0.0.0.0 10.37.24.1
28 REPLIES
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

hi john
you can create on each switch Do_Amin vlan
assign untag port on switches for Do_Admin vlan member port
after all uplik port(between switches)you make tagged port Do_Admin vlan

cenk

Switch 1 (5308)

vlan 8
name "DHS_To_DSE"
untagged A3
ip address 10.37.28.1 255.255.255.0
exit
vlan 4
name "DHS_to_Tech"
untagged F3
ip address 10.37.24.1 255.255.255.0
exit
vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
ip route 10.37.25.0 255.255.255.0 10.37.24.2
ip route 0.0.0.0 0.0.0.0 10.37.29.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit
vlan 41
name "DO_Admin"
untagged A2(this port must be Do Admin vlan member port)****
tag F4(this port must be other switch uplink port)*********
exit







Switch 2 (5308)

vlan 41
name "DO_Admin"
untagged A2
tagget A3,A4 (this ports must be uplik ports for other switch )******************
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.37.81.15
exit
vlan 8
name "DHS_to_DSE"
untagged A1
ip address 10.37.28.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.28.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 3 (2824)

vlan 4
name "DHS_to_Tech"
untagged 24
ip address 10.37.24.2 255.255.255.0
exit
vlan 60
name "Tech_Office"
untagged 1-22
ip address 10.37.25.1 255.255.255.0
ip helper-address 10.37.25.60
exit
vlan 41
name "DO_Admin"
untagged A2(this port must be Do Admin vlan member port)**
tag F4(this port must be other switch uplink port)****
exit






ip route 0.0.0.0 0.0.0.0 10.37.24.1
cenk

Bear_2
Advisor

Re: VLAN Assistance

Thank you for your help.

However,

I'm still unable to connect. Does an IP need to be assigned to the VLAN on each switch?
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

hi john

please check

1-can you create each switch vlan 41
2-can you assing tree switch between uplink port
vlan 41 tagged port
3-can you create untag port on each switch
4-when connect pc vlan 41 all pc (anyone switch)default must be gateway address 10.37.64.1


john vlan's working L2 operations
I want make each switch create same vlan and use 802.1q protocol (for vlan carrying)between switches upling port .
cenk

cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

plese send me sh run print and network layout
last config

cenk
cenk

Bear_2
Advisor

Re: VLAN Assistance

Hi Cenk,

hi john

please check

1-can you create each switch vlan 41
Yes- I have created the vlan on each switch

2-can you assing tree switch between uplink port vlan 41 tagged port

I'm sorry, I'm not sure what your asking. I have tagged the interfaces that connect the three switches.

3-can you create untag port on each switch

Yes- aminimum of one untagged port for VLAN 41 exists on each switch

4-when connect pc vlan 41 all pc (anyone switch)default must be gateway address 10.37.64.1

Yes - the PC I attempted to connect with has the gateway set at 10.37.64.1

Please see configurations below:

Switch 1 (5308)

vlan 8
name "DHS_To_DSE"
untagged A3
ip address 10.37.28.1 255.255.255.0
exit
vlan 4
name "DHS_to_Tech"
untagged F3
ip address 10.37.24.1 255.255.255.0
exit
vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged F1
tagged A3,F3
exit
ip route 10.37.25.0 255.255.255.0 10.37.24.2
ip route 0.0.0.0 0.0.0.0 10.37.29.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 2 (5308)

vlan 41
name "DO_Admin"
untagged A2
tagged A1
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.37.81.15
exit
vlan 8
name "DHS_to_DSE"
untagged A1
ip address 10.37.28.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.28.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 3 (2824)

vlan 4
name "DHS_to_Tech"
untagged 24
ip address 10.37.24.2 255.255.255.0
exit
vlan 60
name "Tech_Office"
untagged 1-22
ip address 10.37.25.1 255.255.255.0
ip helper-address 10.37.25.60
exit
vlan 41
name "DO_Admin"
untagged 22
tagged 24
exit
ip route 0.0.0.0 0.0.0.0 10.37.24.1

Switch 1 resides betwenn Switch 2 and Switch 3

Thank you gor all your help!
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

please you can say which ports connect tree switch
sw 1 :which port connect to sw2
which port connect to sw3
sw 2:which port connect to sw 1
sw 3:which port connect to sw 1
cenk

cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

please you can say which ports connect tree switch
sw 1 :which port connect to sw2
which port connect to sw3
sw 2: which port connect to sw 1
sw 3: which port connect to sw 1
cenk

Bear_2
Advisor

Re: VLAN Assistance

Cenk,

please you can say which ports connect tree switch
sw 1 :which port connect to sw2: A3
which port connect to sw3: F3
sw 2:which port connect to sw 1: A1
sw 3:which port connect to sw 1: 24
Bear_2
Advisor

Re: VLAN Assistance

Cenk,

sw 1 :which port connect to sw2: A3
which port connect to sw3: F3
sw 2:which port connect to sw 1: A1
sw 3:which port connect to sw 1: 24
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

you can take few minute
I want all switch erease-startup config:))
I send new config all switch
cenk

Bear_2
Advisor

Re: VLAN Assistance

Please send the configs and I will try them.

Thank you so much for your help.
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

hi I ask few questions

why you can assign vlan 8 and vlan 4
I understand only routing between switch

this true..
cenk

Bear_2
Advisor

Re: VLAN Assistance

At the time, I thought it would reduce broadcast traffic between the two switches. They could be eliminated if you think it they are not needed.
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

hi I ask few questions

why you can assign vlan 8 and vlan 4
I understand only routing between switch

is this true ?

how much internet router (for internet connection )on network

your vlans 837,41,4,60 for user or server or internet router
is this true ?
cenk

Bear_2
Advisor

Re: VLAN Assistance

your vlans 837,41,4,60 for user or server or internet router
is this true ?

I did not include the complete configurations for the three switches, only the portion of the configuration that I thought were needed to understand what I am trying to do.

VLAN 837 connects to a cisco switch which takes all district traffic to the Internet

VLAN 4 connects the High School to my office,

VLAN 60 users in my office

Vlan 41 users and servers in the District Office



cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

ok John
can you working tomorrow ?
I can send new config all switch tomorrow for you

we make change all architecture networking
don't panic
same ip address
same vlan id
same working for user

ok...
cenk

Bear_2
Advisor

Re: VLAN Assistance

That sounds great!

Thank you so much!
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

can you wroking tomorrow??
cenk

Bear_2
Advisor

Re: VLAN Assistance

Yes I am.
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

ok

Ican work in night for your case and make new config for you

se you tomorrow
cenk

cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

hi john I create new config for you
please be carefully check config and my layout
you can write my config
for the frist time all switch startup config backup

good luck..

**********ALL SWITCH CONFIG*****************

********************************************
Switch 1 (5308)
ip routing
vlan 1 xnotexxxnotexxxnotexxx this vlan only managemet for security vlan 1 default vlan
name "managemet"
untag A1-A24,B21-24,C1-C24,D1-D24,E1-E24,F1-F24xxxnotexxx for example untagged port ,any vlan not member ports
default vlan 1 member.xxx important:A3 and F3 must be vlan 1 untag port
no untag B1-B20
ip address 10.0.0.1 255.255.255.0
exit

vlan 41
name "DO_Admin"
untagged B1-B10
tagged A3,F3
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.35.25.60
exit

vlan 60
name "Tech_Office"
untagged B11-B20
tagged A3,F3
ip address 10.37.25.1 255.255.255.0
exit

vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.29.1

**********************************************
Switch 2 (5308)
vlan 1
name "managemet"
untag A1,A21-A24,B1-B24........
no untagged A2-A20
ip address 10.0.0.2 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged A2-A10
tagged A1
exit
vlan 60
name "Tech_Office"
untagged A11-A20
tagged A1
***********************************************

***********************************************
Switch 3 (2824)

vlan 1
name "managemet"
untag 21-24
no untag 1-20
ip address 10.0.0.3 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged 1-15
tagged 24
exit
vlan 60
name "Tech_Office"
untagged 16-20
tagged 24
*************************************************


***INTERNET ROUTER/SWÄ°TCH IP ROUTÄ°NG CONFÄ°G******
you can write internet switch (cisco)ip routing command

#ip route 10.37.64.0 255.255.252.0 10.37.29.254
#ip route 10.37.25.0 255.255.255.0 10.37.29.254


************DHCP SERVER CONFIG For microsoft******************
dhcp server nic address
ip address 10.37.25.60
subnet mask 255.255.255.0
default gateway 10.37.25.1

****scobe config
scobe 1
scobe name vlan41
ip pool 10.37.64.20.....10.37.68.250(for example)
subnet mask 255.255.255.0
default gateway 10.37.64.1

scobe 2
scobe name vlan60
ip pool 10.37.25.5----10.37.25.55
subnet mask 255.255.255.0
default gateway 10.37.25.1
cenk

Bear_2
Advisor

Re: VLAN Assistance

Must I use the Default VLAN (VLAN 1) for the ports that connect the three switches, or do they just need to be untagged members of the same VLAN?
cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

ok no problem
vlan 1 must be untag member all uplink port

cenk
cenk

cenk sasmaztin
Honored Contributor

Re: VLAN Assistance

in this way very strong vlan design for your network and one router running on network other all edge switch possible only running L2 switching operation
seperate broadcast domain between users group
central managemet on network core
easy config edge switch
more security for device managemet with managemet vlan

please test and say me result

cenk
cenk