[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Assinging ip address range to Vlan100 on a catalyst 4948

Posted on 2010-08-24
12
Medium Priority
?
900 Views
Last Modified: 2013-12-01
Assigning ip address range to Vlan100 on a catalyst 4948

thanks to Kvistofta (Expert)

I have been able to configure a vlan however now it is
time to assign ports and ip addresses I have included the
configuration here:

cisco4948noca#show running-config
Building configuration...

Current configuration : 2719 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname cisco4948noca
!
enable secret 5 $1$Wy6.$hSSst1riu.j1bDejhKisR/
!
vtp mode transparent
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 2
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/3
 switchport access vlan 101
 switchport mode access
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface Vlan1
 ip address 10.1.98.3 255.255.0.0
!
interface Vlan100
 description subnet 100
 no ip address
 ip access-group 2100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
!
interface Vlan101
 description subnet 101
 no ip address
 ip access-group 2101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
!
ip route 0.0.0.0 0.0.0.0 10.1.2.1
ip http server
!
!
!
access-list 2100 remark subnet 100
access-list 2100 permit ip 192.168.100.0 0.0.0.255 any
access-list 2100 remark subnet 101
access-list 2100 permit ip 192.168.101.0 0.0.0.255 any
!
!
!
line con 0
 stopbits 1
line vty 0 4
 password XXXXXXX
 login
!
end

My goal is to use a range of ports on this device 20-30
and according to the config file I believe the Ip addresses
need to be in the 192.168.100.0 range. The configuration also shows Vlan100
in a "shutdown" state and no ip assigned. The purpose of this Vlan is to create a space where
2 servers using 2 of their 4 nics each, so that is a total of 4 for redundancy to
communicate with a SAN head in gigabit mode (full throttle fast as I can)
the San head also has 2 nic cards that I want to connect to this vlan
In a perfect world this configuration will resemble a hub where all communication
will stay within the vlan so as not to create a potential security risk. And since
each server has a total of 4 nics the other 2 nics on the servers will be
using vlan1. Will setting Vlan100 as a community do the trick?
A step by step scenario given the above configuration would be much appreciated.

Thanks!
0
Comment
Question by:cp361
  • 6
  • 6
12 Comments
 

Author Comment

by:cp361
ID: 33516203
I corrected the line "access-list 2100 remark subnet 101
access-list 2100 permit ip 192.168.101.0 0.0.0.255 any"
and changed it to "access-list 2101 remark subnet 101
access-list 2101 permit ip 192.168.101.0 0.0.0.255 any"
0
 
LVL 1

Expert Comment

by:namoom
ID: 33516755
do you want vlan 100 or 101 to be segregated? (or both?)
0
 

Author Comment

by:cp361
ID: 33516902
for the moment (testing) vlan 100
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:namoom
ID: 33517162
do not create a vlan interface for vlan 100.  simply add the ports you want to vlan 100 and they will not be able to communicate with other vlans.  This is called an unrouted VLAN.  i have a few commands below that can help you, most have to be entered in config mode

make sure you already have a vlan 100 by typing this command in privileged exec mode:
show vlan
and look for vlan 100.  if it has not been created add it by typing:
vlan 100
name (name)

remove your current vlan 100 interface with this command:
no int vlan 100

to add ports to vlan 100 do the following:
int g1/(port)
switchport mode access
switchport access vlan 100

0
 

Author Comment

by:cp361
ID: 33517430
Ok so that I understand...
remove current reference to vlan 100
then add it back in with the additional parameters you listed (example)

login to cli interface

enable
password (my password)
vlan 100
name (variable name)
int g1/(port)
switchport mode access
switchport access vlan 100

and for every additional port i wish to include in vlan 100
repeat:
int g1/(port)
switchport mode access
switchport access vlan 100

right?



0
 

Author Comment

by:cp361
ID: 33517456
Just one other thing ... will the devices connected to that port get an IP address
and will it be a 192.168.x.x or 10.0.x.x ?
or will I have to static IP them and can I static ip them
(management may not like a dhcp kind of IP so I want to be prepared for the question)

Thanks
0
 
LVL 1

Expert Comment

by:namoom
ID: 33517575
must be static IP addressing, you could set up dhcp on the switch but i would NOT recommend it
0
 

Author Comment

by:cp361
ID: 33517734
OK but what ip range 10.0.0.x or 192.168.1.x ?

Thanks
0
 

Accepted Solution

by:
cp361 earned 0 total points
ID: 33524390
Ok for who ever may come across this thread at a later date. I was able to determine what happens insofar as the ip adress of the newly created Vlan 100. It reverts to default 192.168.1.x
gateway 192.168.1.1 subnetmask 255.255.255.0 so assigning an ip address to whatever is plugged into the ports 20-30 using that subnet will allow communication between devices on this newly created vlan 100.
0
 
LVL 1

Expert Comment

by:namoom
ID: 33524874
NOTE:  The hardware my default to that IP address scheme, but that is NOT and industry standard by any means.

Because these vlans are unrouted you can use any IP address range.  It's not recommended but you could even use IP addresses that are in use elsewhere on your network because the traffic in the unrouted vlan can NOT leave that vlan
0
 
LVL 1

Expert Comment

by:namoom
ID: 33524885
Check my bold addition below, but that will work great

login to cli interface

enable
password (my password)
conf t
vlan 100
name (variable name)
int g1/(port)
switchport mode access
switchport access vlan 100

and for every additional port i wish to include in vlan 100
repeat:
int g1/(port)
switchport mode access
switchport access vlan 100
0
 
LVL 1

Expert Comment

by:namoom
ID: 33524892
also add to the end of those commands:
no interface vlan 100
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
"Any files you do not have backed up in at least two [other] places are files you do not care about."
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question