Solved

Configuring VLANs on a Cisco Catalyst 3550

Posted on 2010-09-18
15
1,053 Views
Last Modified: 2012-06-27
Hi,
I have a Cisco Catalyst 3550.  I'm trying to configure it to get it ready for the Mitel VoIP phone system we're getting beginning of next week.  Basically i want two VLANs - one for phones, one for data. (Vlan 2 for data, Vlan 3 for voice).

One of the ports is going to go to a second switch (a Dell layer 2 POE switch), and i'll need help configuring that too, but for now just trying to get this configured.

What's the problem with my configuration?  If i plug into one of the ports, shouldn't i be able to ping the vlan IP addresses? (i.e. 192.168.15.1 and 192.168.16.1)?


dcc-switch#show run

Building configuration...



Current configuration : 2352 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname dcc-switch

!

!

no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

 switchport mode dynamic desirable

!

interface FastEthernet0/2

 switchport mode dynamic desirable

!

interface FastEthernet0/3

 switchport mode dynamic desirable

!

interface FastEthernet0/4

 switchport mode dynamic desirable

!

interface FastEthernet0/5

 switchport mode dynamic desirable

!

interface FastEthernet0/6

 switchport mode dynamic desirable

!

interface FastEthernet0/7

 switchport mode dynamic desirable

!

interface FastEthernet0/8

 switchport mode dynamic desirable

!

interface FastEthernet0/9

 switchport mode dynamic desirable

!

interface FastEthernet0/10

 switchport mode dynamic desirable

!

interface FastEthernet0/11

 switchport mode dynamic desirable

!

interface FastEthernet0/12

 switchport mode dynamic desirable

!

interface FastEthernet0/13

 switchport mode dynamic desirable

!

interface FastEthernet0/14

 switchport mode dynamic desirable

!

interface FastEthernet0/15

 switchport mode dynamic desirable

!

interface FastEthernet0/16

 switchport mode dynamic desirable

!

interface FastEthernet0/17

 switchport mode dynamic desirable

!

interface FastEthernet0/18

 switchport mode dynamic desirable

!

interface FastEthernet0/19

 switchport mode dynamic desirable

!

interface FastEthernet0/20

 switchport mode dynamic desirable

!

interface FastEthernet0/21

 switchport mode dynamic desirable

!

interface FastEthernet0/22

 switchport mode dynamic desirable

!

interface FastEthernet0/23

 switchport mode dynamic desirable

!

interface FastEthernet0/24

 switchport mode dynamic desirable

!

interface GigabitEthernet0/1

 switchport mode dynamic desirable

!

interface GigabitEthernet0/2

 switchport mode dynamic desirable

!

interface Vlan1

 ip address 192.168.1.1 255.255.255.0

 shutdown

!

interface Vlan2

 ip address 192.168.15.1 255.255.255.0

!

interface Vlan3

 ip address 192.168.16.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.15.254

ip http server

!

!

control-plane

!

!

line con 0

line vty 0 4

 login

line vty 5 15

 login

!

end

Open in new window

0
Comment
Question by:Mystical_Ice
15 Comments
 
LVL 6

Expert Comment

by:collins23
ID: 33708403
i think you should make some ports access ports

Switchport mode dynamic desirable – This command makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default mode for all Ethernet interfaces. If the neighboring interface is set to the access or non-negotiate mode, the link will become a non-trunking link.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33708528
You also need to add "switchport access vlan x" on each port since the default if that command is not there is vlan1 which is shutdown in your configuration.

int range fa0/1 - 24
 switchport mode access
switchport access vlan 2
!

/Kvistofta
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33708581
Hi

you need:

conf t

int range fa0/1 - 24
 switchport mode trunk
switchport native vlan 2
0
 
LVL 24

Expert Comment

by:Ken Boone
ID: 33708712
Like others have mentioned right now you have all your ports defaulting to vlan1 since you didn't specify a vlan.  A couple of questions need to be asked:  

1)  Are you going to have the phones plugged into the switch, and then the PCs plugged in to the back of the phones?
2)  Or are you going to have some ports dedicated for phones only and some ports dedicated for PCs?

If you are doing #1 then you can set the ports up as a trunk port like others have mentioned with the native vlan being the data vlan.

If you are doing #2 then you can set up all ports as access ports (non trunk) and just specify the voice or data vlan as required: i.e. switchport access vlan 2 or switchport access vlan 3

If you are doing #1 you can take a look at this link which will help describe how this works.  The example uses a shortel phone, but the Mitel works the same way I believe.

http://ciscoconfigs.net/index.php?option=com_content&task=view&id=13&Itemid=26
0
 

Author Comment

by:Mystical_Ice
ID: 33709052
GOOD question! - actually you're right, the Mitel phones have ports behind them for the PC, and then on the phone itself you set what the "PC port" vlan is on.  I know because we have the same phone system at another office.

There will be some ports on the switch, however, that need to be just for data
0
 

Author Comment

by:Mystical_Ice
ID: 33709591
OK so here's the current config. (see attached)

Port 1 - going to a Dell switch; i still need to configure it, but this switch (the cisco) is going to be doing the routing between VLANs for it.
Port 9 - my laptop plugged in
Port 23 and 24 - wireless access point and gateway (pix 506) respectively.  PIX IP address is 192.168.15.254


I can, from my machine, ping the gateway, ping the switch's vlan2 interface (192.168.15.1), and ping the access point, BUT i can't ping 192.168.16.1 (the switch's VLAN3 interface).  shouldn't i be able to?

Please advise.
0
 

Author Comment

by:Mystical_Ice
ID: 33709592
forgot to attach code. see attached
dcc-switch#sh run

Building configuration...



Current configuration : 3873 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname dcc-switch

!

enable secret 5 $1$3EFK$iZRvRdtk/5ceHZbhjkFP11

enable password Dcc123

!

no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

 switchport access vlan 2

 switchport mode dynamic desirable

!

interface FastEthernet0/2

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/3

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/4

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/5

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/6

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/7

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/8

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/9

 switchport access vlan 2

 switchport mode access

 switchport port-security

 switchport port-security aging time 2

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 macro description cisco-desktop

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/10

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/11

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/12

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/13

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/14

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/15

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/16

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/17

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/18

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/19

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/20

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/21

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/22

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/23

 switchport access vlan 2

 switchport mode dynamic desirable

 spanning-tree portfast

!

interface FastEthernet0/24

 switchport access vlan 2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

 spanning-tree portfast

!

interface GigabitEthernet0/1

 switchport mode dynamic desirable

!

interface GigabitEthernet0/2

 switchport mode dynamic desirable

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 ip address 192.168.15.1 255.255.255.0

!

interface Vlan3

 ip address 192.168.16.1 255.255.255.0

!

ip default-gateway 192.168.15.254

ip classless

ip http server

!

!

control-plane

!

!

line con 0

line vty 0 4

 password Dcc123

 login

line vty 5 15

 password Dcc123

 login

!

end



dcc-switch#

Open in new window

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Mystical_Ice
ID: 33709596
also,


dcc-switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
0
 
LVL 24

Expert Comment

by:Ken Boone
ID: 33709763
So you can't pint vlan3 probably because if you do a show interface vlan3 you will find that is in a down state.

The vlan interface will only come up if there is something physically plugged into a port carrying that vlan.  So if you plug a phone in or even another laptop into a vlan3 port you should see the interface come up and you can ping it.

On your switchport mode trunk problem.  Set the encapsualation type to dot1q then set the mode to trunk:

switchport trunk encapsulation dot1q


As far as the port going to the dell switch.  If you need to trunk the vlans to the dell switch you need to do this:
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk

This will setup an 8021q trunk to the dell switch.  You will need to set the dell up as an 8021q trunk as well and have vlan 2 as the untagged vlan on that port.  

0
 

Author Comment

by:Mystical_Ice
ID: 33713424
Man i appreciate the help.  I think i'm ALMOST there.  Here's the current config on the Cisco switch.  Port #1 is connecting it to the Dell switch.  All other ports are just computers (on vlan 2).  I'm not even going to TRY to tackle the vlan 3 phones trunk thing, but i still have a day to figure that out

Cisco config attached to this post.  Dell config attached to next
dcc-switch#sh run

Building configuration...



Current configuration : 3382 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname dcc-switch

!

enable secret 5 $1$3EFK$iZRvRdtk/5ceHZbhjkFP11

enable password Dcc123

!

no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

 switchport mode trunk

!

interface FastEthernet0/2

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/3

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/4

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/5

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/6

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/7

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/8

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/9

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/10

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/11

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/12

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/13

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/14

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/15

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/16

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/17

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/18

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/19

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/20

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/21

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/22

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/23

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface FastEthernet0/24

 switchport access vlan 2

 switchport mode access

 spanning-tree portfast

!

interface GigabitEthernet0/1

 switchport mode dynamic desirable

!

interface GigabitEthernet0/2

 switchport mode dynamic desirable

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 ip address 192.168.15.1 255.255.255.0

!

interface Vlan3

 ip address 192.168.16.1 255.255.255.0

!

ip default-gateway 192.168.15.254

ip classless

ip http server

!

!

control-plane

!

!

line con 0

line vty 0 4

 password Dcc123

 login

line vty 5 15

 password Dcc123

 login

!

end



dcc-switch#

Open in new window

0
 

Author Comment

by:Mystical_Ice
ID: 33713447
And here is the Dell config.
The Dell IP address is (supposed to be): 192.168.15.2
The Cisco VLAN2 IP address is 192.168.15.1

Worth noting, is that computers plugged into the Dell switch can ping 192.168.15.2, but can't ping anything outside of it.  They don't get IP addresses either, cause the DHCP server (192.168.15.254) is plugged into the other switch.
dcc-switch2# show run

interface range ethernet e(1-24)

spanning-tree portfast

exit

interface range ethernet e(1-24)

switchport mode general

exit

interface range ethernet g(1-4)

switchport mode trunk

exit

vlan database

vlan 2-3

exit

interface ethernet e1

switchport general pvid 2

exit

interface ethernet e2

switchport general pvid 2

exit

interface ethernet e3

switchport general pvid 2

exit

interface ethernet e4

switchport general pvid 2

exit

interface ethernet e5

switchport general pvid 2

exit

interface ethernet e6

switchport general pvid 2

exit

interface ethernet e7

switchport general pvid 2

exit

interface ethernet e8

switchport general pvid 2

exit

interface ethernet e9

switchport general pvid 2

exit

interface ethernet e10

switchport general pvid 2

exit

interface ethernet e11

switchport general pvid 2

exit

interface ethernet e12

switchport general pvid 2

exit

interface ethernet e13

switchport general pvid 2

exit

interface ethernet e14

switchport general pvid 2

exit

interface ethernet e15

switchport general pvid 2

exit

interface ethernet e16

switchport general pvid 2

exit

interface ethernet e17

switchport general pvid 2

exit

interface ethernet e18

switchport general pvid 2

exit

interface ethernet e19

switchport general pvid 2

exit

interface ethernet e20

switchport general pvid 2

exit

interface ethernet e21

switchport general pvid 2

exit

interface ethernet e22

switchport general pvid 2

exit

interface ethernet e23

switchport general pvid 2

exit

interface ethernet e24

switchport general pvid 2

exit

interface range ethernet e(1-24)

switchport general allowed vlan add 2 untagged

exit

interface range ethernet g(1-4)

switchport trunk allowed vlan add 2

exit

interface range ethernet e(3-24)

switchport general allowed vlan add 3

exit

interface range ethernet g(1-4)

switchport trunk allowed vlan add 3

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface vlan 2

ip address 192.168.15.2 255.255.255.0

exit

ip default-gateway 192.168.15.1

hostname dcc-switch2

username admin password 190f409287a73abfb5bacda18ef28326 level 15 encrypted

snmp-server community Dell_Network_Manager rw 192.168.15.2 view DefaultSuper













Default settings:

Service tag: 6PL8FH1



SW version 1.0.1.6 (date  18-May-2008 time  18:11:40)



Fast Ethernet Ports

==========================

no shutdown

speed 100

duplex full

negotiation

flow-control off

mdix auto

no back-pressure



Gigabit Ethernet Ports

=============================

no shutdown

speed 1000

duplex full

negotiation

flow-control off

mdix auto

no back-pressure



interface vlan 1

interface port-channel 1 - 15



spanning-tree

spanning-tree mode STP



qos basic

qos trust cos

dcc-switch2#

Open in new window

0
 

Author Comment

by:Mystical_Ice
ID: 33713449
OH-
Port 1 on cisco switch connects to port gig 1 on Dell switch.  i configured all 4 gig ports on the dell switch the same just for simplicity =P
0
 
LVL 3

Accepted Solution

by:
davdjevans earned 250 total points
ID: 33714554
Hi Mystical Ice,

If you will be using Mitel Phones with the switch, then I would recommend the following for the ports connected to the Mitel Phones:

switchport mode access
switchport access vlan 2
switchport voice vlan 3
(You can also use spanning-tree portfast.)

This will allow the ports to support the data vlan (2) and a voice vlan (3).
If you plug in a computer into this port, then you should be able to ping 192.168.15.1, even without a default gateway. 192.168.16.1  will be "pingable" if a default gateway is set on the PC.

When you plug in the Mitel phone, it will use CDP to find out the VLAN (3) that it belongs to as well as the QoS COS value of 5 (Layer 2 QoS for voice on Cisco). Don't forget to set a default gateway for the Mitel phones as well as option 43/125 with vlan=3.
You can ping the 192.168.16.1 IP address from the Mitel phone, to test the setup.
Any device plugged into the back of the phones will be on VLAN 2.


In answer to the question "shouldn't I be able to ping 192.168.15.1 and 192.168.16.1?" at present possibly not because the port will default to VLAN1. If you gave yourself an IP address on VLAN 1 and a default gateway of 192.168.1.1, then it will work.

Good Luck


0
 

Author Comment

by:Mystical_Ice
ID: 33717559
Thanks for that - but look at my two above configs.  The two switches aren't talking to each other, and i don't know why.
0
 
LVL 24

Assisted Solution

by:Ken Boone
Ken Boone earned 250 total points
ID: 33720111
The Dell switch on the port that plugs to the Cisco switch, needs to have vlan 2 as untagged.  I think you said you set all for 4 gig ports the same.  So make sure you set vlan 2 to be untagged on those ports.  Right now you have a mismatch and the trunk won't come up properly.  The cisco term native vlan = dell term untagged vlan.  On an 802.1q trunk the native/untagged vlan on the trunk ports have to match.  On the cisco switch you have the native vlan as 2, but on the dell switch it is currently tagged I believe.  Make it untagged on those ports.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now