Solved

Assinging ip address range to Vlan100 on a catalyst 4948

Posted on 2010-08-24
12
888 Views
Last Modified: 2013-12-01
Assigning ip address range to Vlan100 on a catalyst 4948

thanks to Kvistofta (Expert)

I have been able to configure a vlan however now it is
time to assign ports and ip addresses I have included the
configuration here:

cisco4948noca#show running-config
Building configuration...

Current configuration : 2719 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname cisco4948noca
!
enable secret 5 $1$Wy6.$hSSst1riu.j1bDejhKisR/
!
vtp mode transparent
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 2
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/3
 switchport access vlan 101
 switchport mode access
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface Vlan1
 ip address 10.1.98.3 255.255.0.0
!
interface Vlan100
 description subnet 100
 no ip address
 ip access-group 2100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
!
interface Vlan101
 description subnet 101
 no ip address
 ip access-group 2101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
!
ip route 0.0.0.0 0.0.0.0 10.1.2.1
ip http server
!
!
!
access-list 2100 remark subnet 100
access-list 2100 permit ip 192.168.100.0 0.0.0.255 any
access-list 2100 remark subnet 101
access-list 2100 permit ip 192.168.101.0 0.0.0.255 any
!
!
!
line con 0
 stopbits 1
line vty 0 4
 password XXXXXXX
 login
!
end

My goal is to use a range of ports on this device 20-30
and according to the config file I believe the Ip addresses
need to be in the 192.168.100.0 range. The configuration also shows Vlan100
in a "shutdown" state and no ip assigned. The purpose of this Vlan is to create a space where
2 servers using 2 of their 4 nics each, so that is a total of 4 for redundancy to
communicate with a SAN head in gigabit mode (full throttle fast as I can)
the San head also has 2 nic cards that I want to connect to this vlan
In a perfect world this configuration will resemble a hub where all communication
will stay within the vlan so as not to create a potential security risk. And since
each server has a total of 4 nics the other 2 nics on the servers will be
using vlan1. Will setting Vlan100 as a community do the trick?
A step by step scenario given the above configuration would be much appreciated.

Thanks!
0
Comment
Question by:cp361
  • 6
  • 6
12 Comments
 

Author Comment

by:cp361
Comment Utility
I corrected the line "access-list 2100 remark subnet 101
access-list 2100 permit ip 192.168.101.0 0.0.0.255 any"
and changed it to "access-list 2101 remark subnet 101
access-list 2101 permit ip 192.168.101.0 0.0.0.255 any"
0
 
LVL 1

Expert Comment

by:namoom
Comment Utility
do you want vlan 100 or 101 to be segregated? (or both?)
0
 

Author Comment

by:cp361
Comment Utility
for the moment (testing) vlan 100
0
 
LVL 1

Expert Comment

by:namoom
Comment Utility
do not create a vlan interface for vlan 100.  simply add the ports you want to vlan 100 and they will not be able to communicate with other vlans.  This is called an unrouted VLAN.  i have a few commands below that can help you, most have to be entered in config mode

make sure you already have a vlan 100 by typing this command in privileged exec mode:
show vlan
and look for vlan 100.  if it has not been created add it by typing:
vlan 100
name (name)

remove your current vlan 100 interface with this command:
no int vlan 100

to add ports to vlan 100 do the following:
int g1/(port)
switchport mode access
switchport access vlan 100

0
 

Author Comment

by:cp361
Comment Utility
Ok so that I understand...
remove current reference to vlan 100
then add it back in with the additional parameters you listed (example)

login to cli interface

enable
password (my password)
vlan 100
name (variable name)
int g1/(port)
switchport mode access
switchport access vlan 100

and for every additional port i wish to include in vlan 100
repeat:
int g1/(port)
switchport mode access
switchport access vlan 100

right?



0
 

Author Comment

by:cp361
Comment Utility
Just one other thing ... will the devices connected to that port get an IP address
and will it be a 192.168.x.x or 10.0.x.x ?
or will I have to static IP them and can I static ip them
(management may not like a dhcp kind of IP so I want to be prepared for the question)

Thanks
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Expert Comment

by:namoom
Comment Utility
must be static IP addressing, you could set up dhcp on the switch but i would NOT recommend it
0
 

Author Comment

by:cp361
Comment Utility
OK but what ip range 10.0.0.x or 192.168.1.x ?

Thanks
0
 

Accepted Solution

by:
cp361 earned 0 total points
Comment Utility
Ok for who ever may come across this thread at a later date. I was able to determine what happens insofar as the ip adress of the newly created Vlan 100. It reverts to default 192.168.1.x
gateway 192.168.1.1 subnetmask 255.255.255.0 so assigning an ip address to whatever is plugged into the ports 20-30 using that subnet will allow communication between devices on this newly created vlan 100.
0
 
LVL 1

Expert Comment

by:namoom
Comment Utility
NOTE:  The hardware my default to that IP address scheme, but that is NOT and industry standard by any means.

Because these vlans are unrouted you can use any IP address range.  It's not recommended but you could even use IP addresses that are in use elsewhere on your network because the traffic in the unrouted vlan can NOT leave that vlan
0
 
LVL 1

Expert Comment

by:namoom
Comment Utility
Check my bold addition below, but that will work great

login to cli interface

enable
password (my password)
conf t
vlan 100
name (variable name)
int g1/(port)
switchport mode access
switchport access vlan 100

and for every additional port i wish to include in vlan 100
repeat:
int g1/(port)
switchport mode access
switchport access vlan 100
0
 
LVL 1

Expert Comment

by:namoom
Comment Utility
also add to the end of those commands:
no interface vlan 100
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now