Cisco 2950 - 3550 multi vlan config

Thanks Don,

My problem is I have I fw which hangs from the 3550, this fw is the gateway for 10 different class C which hang from 4 2950, and have no vlans or oder, so on one server I have ips from different class C.

What I need to do is remove the firewall and have a 2950 instead, and set the 10 ips for gateway on the 3550, the problem I find at the moment is that the vlan only accepts 8 ips.


I have added to urls with a basic picture of what I have now, and how I would like to change it, at the moment the only solutions I have found is to create 2 vlans in 2 different ports and have to cables connecting to the 2950, but I think it would be much better to have everything on 1 gb connecting both switches.

http://www.imagehoster.com/pic.php?u=738OvqmU&i=2695

http://www.imagehoster.com/pic.php?u=738OvqmU&i=2696


Thanks
Fernando

If the interrfaces of the firewall support trunking, you could do that. Build a trunk from the the 2950 to the firewall that carries the VLAN's on that switch.

"I find at the moment is that the vlan only accepts 8 ips."

I'm not sure what you mean.

But if you remove the firewall, just build trunks from all the 2950's to the 3550. Create VLAN interfaces on the 3550 for each of the VLAN's and assign an IP address to each VLAN interface on the 3550. The IP addresses on the 3550 will be the default gateway for the devices on the 2950's.

-Don

Hi Don,

"I find at the moment is that the vlan only accepts 8 ips." I get a limit of 8ips for a vlan, so I though of creating 2 vlans and add both of them to the same port, but that is multi vlan which is not supported anymore.


"But if you remove the firewall, just build trunks from all the 2950's to the 3550. Create VLAN interfaces on the 3550 for each of the VLAN's and assign an IP address to each VLAN interface on the 3550. The IP addresses on the 3550 will be the default gateway for the devices on the 2950's."

with this could I use just one port to connect the 3550 to 1 main 2950 and then all other 2950s to this one? and the servers would use the vlans created as their ips?

Thanks

Fernando

"I get a limit of 8ips for a vlan, so I though of creating 2 vlans and add both of them to the same port, but that is multi vlan which is not supported anymore."

I still don't understand. What is limiting you? Where are you trying to assign the IP addresses?

"with this could I use just one port to connect the 3550 to 1 main 2950 and then all other 2950s to this one? and the servers would use the vlans created as their ips? "

Yes.

Do I have to configure anything on the 2950 port which will connect to the 3550?

If I do is there anything else I have to do so that all the traffic from the servers goes through this port?

Thanks

If the default configuration for the port on the 2950 and 3550 hasn't been changed, no. DTP will build the trunk.

Otherwise:

3550
int g0/1
switchport trunk encap dot1q
switchport mode trunk

2950
int f0/1
switchport mode trunk

-Don

Sorry for the delay Don, I will try it today and let you know if I manage to get it running.

Thanks

Don, it's not running. One detail I didn't mention is that I'm running VTP on the 3550. Could this be a problem?

Thanks
Fernando

Hi again Don,

please find below the show run output performed on both switches...

C3550#
C3550#
C3550#
C3550#sh run
Building configuration...

Current configuration : 3766 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C3550
!
!
no aaa new-model
ip subnet-zero
!
vtp domain cisco
vtp mode transparent
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 500
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/47
 switchport mode dynamic desirable
!
interface FastEthernet0/48
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan500
 ip address 80.231.170.249 255.255.255.248
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
!
end

C3550#




NOW THE OTHER ONE...


C2924XL#
C2924XL#
C2924XL#sh run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C2924XL
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface VLAN1
 no ip directed-broadcast
 no ip route-cache
!
!
line con 0
 transport input none
 stopbits 1
line vty 5 15
!
end

C2924XL#

Hope this helps, cause is still nt working.... I also thought about an IOS issue...

Thanks in advance Don
Fernando

When you say it's not working, what specifically are you referring to?

Which port on the 3550 connects to which port on the 2924?

-Don

Don,
     the 3550 and the 2924 are both connected through their ports #1, where the trunk is built (see the configs above)

On the 3550 the interface vlan 500 is up/up, ip address 80.231.170.249 255.255.255.248 pingable from the 3550 itself.

Now, on the 2924 I've laptop connected, port #22, with ip address 80.231.170.250 255.255.255.248
When I say it's not working, I mean from the laptop I'm not able to ping the interface Vlan500.

Fernando

   

C3550#
C3550#sh int vlan500
Vlan500 is up, line protocol is up
  Hardware is EtherSVI, address is 0016.476b.6d00 (bia 0016.476b.6d00)
  Internet address is 80.231.170.249/29
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
C3550#
C3550#
C3550#ping 80.231.170.249

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 80.231.170.249, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
C3550#
C3550#
C3550#sh run int f0/1
Building configuration...

Current configuration : 94 bytes
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
end

C3550#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Fa0/25
                                                Fa0/26, Fa0/27, Fa0/28, Fa0/29
                                                Fa0/30, Fa0/31, Fa0/32, Fa0/33
                                                Fa0/34, Fa0/35, Fa0/36, Fa0/37
                                                Fa0/38, Fa0/39, Fa0/40, Fa0/41
                                                Fa0/42, Fa0/43, Fa0/44, Fa0/45
                                                Fa0/46, Fa0/47, Fa0/48, Gi0/1
                                                Gi0/2
500  VLAN0500                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
500  enet  100500     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

C3550#

I'm going to guess that it's because port f0/22 on the 2924XL is not a member of VLAN500.

Verify by using the "show VLAN brief" command on the 2924XL.

-Don

Don,
     you're absolutelly right!! the reason why is because that port doesn't belong to vlan500.
What I thought is that it wasn't necessary to assign previously to any vlan as per you suggested above.  In one of your answers above you suggest to just build a trunk and leave  the rest in  default  config...

Fernando

I must have made an incorrect assumption.

The two devices will only be able to communicate directly if they're in the same VLAN.

OK Don,
 
that's something I already stated.... thought you knew a different way to do it.

Fernando