Solved

VLAN question (making a port a member of more than one VLAN)

Posted on 2004-10-05
14
938 Views
Last Modified: 2008-01-09
I think you can make a port a member of more than one VLAN with the multiport command right?
Let's say you have 3 VLANs on your switch.
VLAN1 (default) 192.168.1.0
VLAN2 192.168.2.0
VLAN3 192.168.3.0

If I assign port number 5 to be part of VLAN2 and VLAN3, can I choose what IP address to assign the computer plugged into port number 5? I'm assuming I can assign it an IP of either VLAN2 or VLAN3 addressing scheme?

Thanks
0
Comment
Question by:dissolved
  • 5
  • 2
  • 2
  • +5
14 Comments
 
LVL 7

Assisted Solution

by:NicBrey
NicBrey earned 100 total points
Comment Utility
Only trunk ports can be assigned to more than one vlan. On the other side you will either have another trunk port on a different switch, or a router interface with sub-interfaces for each vlan's ip range.

Access ports can be configured with only one vlan
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 100 total points
Comment Utility
The multiport command will allow you to make a port a member of more than one vlan but Cisco does not recommend its use. I also read a while back that the command would be removed from the IOS at some point. I haven't tried the command lately so I don't know if it's still available.

Another thing to keep in mind is that if you configure one port with the multi command you will not be able to configure trunking on any other port.

-Don
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
Comment Utility
You can use the Private VLAN concept to put a port into more than one VLAN
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a008017acad.shtml

I'm not sure that is what you are wanting to know? What switch are you using?
0
 

Author Comment

by:dissolved
Comment Utility
Thanks Nick.
Don:  Thanks. At home I'm running a 2920 catalyst w/enterprise.  There are 3 vlans on the switch and everything is working great. Port 24 is trunked to a 2600 router.

Port 3 is an access port, as well as a multi port. And my trunk link still works on port 24. Is this possible?

Here is  a sh run
spanning-tree vlan 1 hello-time 10
spanning-tree vlan 3 hello-time 10
ip subnet-zero
!
!
!
interface FastEthernet0/1
port security max-mac-count 1
!
interface FastEthernet0/2
switchport multi vlan 1,3
!
interface FastEthernet0/3
switchport access vlan 3
switchport multi vlan 1,3
!
interface FastEthernet0/4
switchport access vlan 2
!

Cut off the rest  
0
 

Author Comment

by:dissolved
Comment Utility
lrmoore:  At work we are using 2980g switches (connected via fiber) and they all connect to the core (catalyst 4000).


Also, I read in a CCNA book...that you can make a server part of 2 vlans. That way clients dont have to cross a layer 3 device to reach it.  This doesnt make sense to me . Are you supposed to put two nics in the server (one on each vlan). Or are you supposed to use the multi vlan command?

I will check out that link you provided
thanks
0
 
LVL 11

Assisted Solution

by:PennGwyn
PennGwyn earned 100 total points
Comment Utility
> Also, I read in a CCNA book...that you can make a server part of 2 vlans. That way clients dont have to cross a layer 3
> device to reach it.  This doesnt make sense to me . Are you supposed to put two nics in the server (one on each vlan). Or
> are you supposed to use the multi vlan command?

Most people put two NICs in the server, or a trunk-capable NIC, or something like an ATM interface.  I've never seen anyone use multi for this; to use it on a server, you'd need a NIC/OS that allows secondary IP addresses since you want it to be reachable on the various VLANs.





0
 

Author Comment

by:dissolved
Comment Utility
You know what penngwyn. I think you're right. A special nic is required to do this in your server. I have to go back into my book to see. Thanks
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Not necessarily. Windows will let you assign up to 5 IP addresses to most any NIC and they do not have to be in the same subnet at all...
0
 
LVL 13

Accepted Solution

by:
Dr-IP earned 100 total points
Comment Utility
If what you are trying to do is have a server with a native IP addresses on multiple VLAN’s to reduce the traffic across the router between VLAN’s, I have a better way of doing that. What I do is set the port on the switch for 802.1Q trunking, and then configure the NIC on the server for trunking and VLAN’s. Not all NIC’s can do it, but most NIC’s that come in servers have drivers and software that can.

When you are done, to the OS it will appear to it that the server has multiple NIC’s, each of which can be configured individually. Just make sure you get the correct address on the virtual NIC to match the VLAN it’s set to and it should work like a champ.    
0
 

Author Comment

by:dissolved
Comment Utility
thanks guys. Thanks DR ip
0
 

Author Comment

by:dissolved
Comment Utility
Is this why servers ship with several network cards built in???  A few of our servers at work have more than one network card.  Is it for this purpose for connecting each interface to different networks?


Also, supposedly Dell's new server has a couple nics on board and you can assign both nics the same IP (they are viewed as one physical interface).  What advantage does this have?

Thanks
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
There are many reasons a second NIC can be handy, and since it’s so cheep to do on the manufacturing level, a lot of servers come with two now days. For the small office, you can hook one up to your DLS line and the other one to the local LAN, and use it for internet connection sharing and as a firewall for the clients. Or as I have seen done, use one to connect to the internet for web severing, and the second one to a private LAN for management purposes. Also on a heavily loaded server, you can do load sharing across the two cards if you have a switch that supports it, effectively doubling throughput for what was once a fraction of the cost of going gigabit, but as we all know gigabit switch prices have fallen though the floor lately. So you might start seeing secondary NIC’s being dropped on a lot of servers, or as I have seen on a few, get one gigabit copper, and a 10-100. Besides that, when you trunk a gigabit interface, it’s like having 10 100 meg adaptors, so the need for a second one kind of goes out the door so long as you have a switch that supports trunking and VLAN’s.    
0
 
LVL 1

Expert Comment

by:tevens
Comment Utility
Dissolved,

First, you have to use ‘switchport mode multi’ for the multi vlan option to work.

Second, it's only the 2900XL/3500XL series switches that support that type of configuration.  You'll be without that option on any of the other switches.  In fact, the XL series switches let you get away with a lot of things that the others don’t.  Therefore it’s bad practice to lock yourself into a specific switch type.

Third, it's a cleaner solution to have more NIC's, but you can use a single nic.  If you are using a single NIC, make sure that you specific default gateways for each of those IP's that you assign to the single NIC.  Otherwise you will have unpredictable results.  Not to mention security impacts, where most people are starting to use RPF as a way to stop spoofing...

--Tim
0
 

Expert Comment

by:garronal
Comment Utility
RE comment from Trevens

I may get shot down in flames here, but my undertanding is that you only specify 1 default gateway, and add routes to the server routing table for the other Vlans.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now