Configuring 3 vlans on a Cisco Catalyst 2950 Switch

Hey all.

I have a Cisco Catalyst 2950 and I want to learn how to create 3 vlans on it.

Vlans, if configured correctly, can make it act like 3 separate switches, right?

So right now I have FastEthernet 0/22 hooked up to a 871W router that has DHCP enabled, the port is part of vlan1 which has an address of 192.168.3.75 and if it matters the router's address is 192.168.3.1.

I currently have put Ports 1-8 in Vlan3, Ports 9-16 in Vlan2, and Ports 17-24 are in the default Vlan1.

I want to divide it up between the 3 vlans so that I can isolate each of these network segments. The only way I want them to be connected is when I take a cable from a port in vlan1 to a port in vlan2, or vlan2 to vlan3, etc.

I don't know where to go from here. I read the guide at cisco's website but it doesn't really help me, just confused me.

I want to be able to plug vlan1 into vlan2, then vlan2 into vlan3, then take an ethernet cable between a port in vlan3 to my laptop and have it receive a DHCP address from the router. I want the vlan interface addresses to be static, but for it to pass DHCP through to the ports I hook computers up to. That makes sense, right?

And the reason I'm doing it is for practice, just in case it doesn't seem practical to you guys - I want to learn this stuff.

Thanks.
LVL 8
MaestroDTAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
RunningGagConnect With a Mentor Commented:
Maybe this will help (router on a stick):

http://www.youtube.com/watch?v=bO6nbkza008
0
 
linrafCommented:
The idea of vlans is separating ports on the same physical switch into separate logical netowork and/or combining ports from mulitple physical switches into one logical network.

With cisco vlans you need a router or something acting as a router to allow separate vlans lans to communicate with each other.

You usually would configure the  separate vlans and then you configure a port as a trunk.

This trunk allows traffic from all the vlans to, but this traffic is encapsulated so that it stays as vlan traffic.

You would configure your router with a different sub interface for each vlan.
The subinterfaces on the router can talk to each other (with proper access lists).

So all traffic from one vlan to another has to pass through its own interface on the router  through the processing center, then back out the 2nd vlan's interface in order to communicate with each other.

DHCp would generally be handed out ateach of the subinterfaces on the router for each vlan.

Instead of using a trunk and subinterfaces, it is possible to use a physical cable from each vlan to it's own router interface, but the same concept still applies.'

Some cisco switches do have layeer 3 routing capabilites, but I do not believe that is true of the 2950.

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a008009478e.shtml#confthevlancat
0
 
CaptnassarCommented:
though am not sure if there was any value behind this, but if you hooked a cable from each vlan to another and had DHCP server configured on the router and your laptop accepting dhcp, you can get an IP and connect to network, make sure onlty that the dhcp subnet is the same as the one on ithe interface vlan1, otherwise you'd need to configure ip helper address
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
MaestroDTAuthor Commented:
What about the Catalyst 3500XL, does it have layer 3?
I also have an MC3810 router, are you saying I'll need to hook a router up to accomplish this?

Or are you saying I can't do what I described.
0
 
MaestroDTAuthor Commented:
And if I can't do this, what sort of setup can I work out where I learn how to use/configure vlans?
0
 
MaestroDTAuthor Commented:
Captnassar, how do I configure the IPs on each of the vlans? Do they all need their own interface address or something?
0
 
ambatihpCommented:
First:
Your 0/22 should be part of all the three VLAN's otherwise the switching does not happen. Make sure that you are creating three VLAN's even in the cisco 841.

Here is how Def. for 1-8 should look like.
interface FastEthernet1/0/1
 switchport access vlan 1
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet1/0/22
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 macro description cisco-switch
 spanning-tree link-type point-to-point
!

interface Vlan1
 ip address 192.168.3.1 255.255.255.0
!
interface Vlan2
 ip address 192.168.4.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.5.1 255.255.255.0
!

interface Vlan4
 ip address 192.168.46.2 255.255.255.0
!
ip default-gateway 192.168.3.1
0
 
CaptnassarCommented:
if your switch is a 2950, you can't have the above configuration, SVI (interface VLAN is not possible on the switch) , for a 3500 yes you can do the above

what i understood from you that your topology looks like the following:

R-SW{Vlan1]-SW{Vlan2]-SW{Vlan3]-laptop

on Router R, configure a DHCP server of the same subnet that you'd expect your laptop to be at, you don't need helper address, if the router was configured for DHCP server,
on the switches, configure VLAN 1, 2 and 3 and assign the ports you liked to them, then make sure there is physical cable between ports of each vlan.
0
 
MaestroDTAuthor Commented:
where did vlan4 come from?

also, Ports 1-8 are in vlan 3, did you mean to type vlan 1 in the code (2nd line)?

Vlan3 = Ports 1-8
Vlan2 = Ports 9-16
Vlan1 = Ports 17-24

I was reading on Cisco's website that I needed to use the command switchport mode multi and that I can't use the multi command on the 2950, but that the multi command was the only way to make one port available to all vlans... idk i'm confused, can you clarify?
0
 
MaestroDTAuthor Commented:
captnassar, I think I kind of get what you're saying. just so we're clear, yes the topology is like this:

Router1 -> Switch1 (vlan1) -> Switch 1 (vlan2) -> Switch 1 (vlan3) -> Laptop

Router1: 192.168.3.1
---DHCP Pool: 192.168.1.150-175
Switch1: 192.168.3.75

On my Catalyst 2950 (which is Switch1), I added ports to vlans but idk what else to do... currently my laptop will get an IP if I take a cable from a port in vlan1, but if I plug it into vlan2 (with a cable connecting ports from vlan1 to vlan2) it doesn't get anything.
0
 
RunningGagCommented:
Maestro,

The way it works is that you set up the three VLANS to segment your network into three broadcast domains.  Once you do this, information coming in from VLAN 1 will not be broadcast out to VLANs 2 and 3.  This means that in order for the VLANs to communicate with each other, and out of your network, you need to set up InterVLAN routing using a router.  

The router connects to a port on your switch that is configured as a trunk, meaning that it handles traffic from all VLANs.  On the router's side, the interface is set up with sub-interfaces and is configured to route traffic between the VLANs.  Each sub-interface an appropriate network entry is made in your routing table.


This is the document that you want (note the picture):

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml#conf
50a.jpg
0
 
MaestroDTAuthor Commented:
what i needed
0
All Courses

From novice to tech pro — start learning today.