Solved

Configuring VLANs on a Cisco Catalyst 3550

Posted on 2010-09-18
15
1,084 Views
Last Modified: 2012-06-27
Hi,
I have a Cisco Catalyst 3550.  I'm trying to configure it to get it ready for the Mitel VoIP phone system we're getting beginning of next week.  Basically i want two VLANs - one for phones, one for data. (Vlan 2 for data, Vlan 3 for voice).

One of the ports is going to go to a second switch (a Dell layer 2 POE switch), and i'll need help configuring that too, but for now just trying to get this configured.

What's the problem with my configuration?  If i plug into one of the ports, shouldn't i be able to ping the vlan IP addresses? (i.e. 192.168.15.1 and 192.168.16.1)?


dcc-switch#show run
Building configuration...

Current configuration : 2352 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dcc-switch
!
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 switchport mode dynamic desirable
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/3
 switchport mode dynamic desirable
!
interface FastEthernet0/4
 switchport mode dynamic desirable
!
interface FastEthernet0/5
 switchport mode dynamic desirable
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 switchport mode dynamic desirable
!
interface FastEthernet0/22
 switchport mode dynamic desirable
!
interface FastEthernet0/23
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 shutdown
!
interface Vlan2
 ip address 192.168.15.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.16.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.15.254
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
end

Open in new window

0
Comment
Question by:Mystical_Ice
15 Comments
 
LVL 6

Expert Comment

by:collins23
ID: 33708403
i think you should make some ports access ports

Switchport mode dynamic desirable – This command makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default mode for all Ethernet interfaces. If the neighboring interface is set to the access or non-negotiate mode, the link will become a non-trunking link.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33708528
You also need to add "switchport access vlan x" on each port since the default if that command is not there is vlan1 which is shutdown in your configuration.

int range fa0/1 - 24
 switchport mode access
switchport access vlan 2
!

/Kvistofta
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33708581
Hi

you need:

conf t

int range fa0/1 - 24
 switchport mode trunk
switchport native vlan 2
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 25

Expert Comment

by:Ken Boone
ID: 33708712
Like others have mentioned right now you have all your ports defaulting to vlan1 since you didn't specify a vlan.  A couple of questions need to be asked:  

1)  Are you going to have the phones plugged into the switch, and then the PCs plugged in to the back of the phones?
2)  Or are you going to have some ports dedicated for phones only and some ports dedicated for PCs?

If you are doing #1 then you can set the ports up as a trunk port like others have mentioned with the native vlan being the data vlan.

If you are doing #2 then you can set up all ports as access ports (non trunk) and just specify the voice or data vlan as required: i.e. switchport access vlan 2 or switchport access vlan 3

If you are doing #1 you can take a look at this link which will help describe how this works.  The example uses a shortel phone, but the Mitel works the same way I believe.

http://ciscoconfigs.net/index.php?option=com_content&task=view&id=13&Itemid=26
0
 

Author Comment

by:Mystical_Ice
ID: 33709052
GOOD question! - actually you're right, the Mitel phones have ports behind them for the PC, and then on the phone itself you set what the "PC port" vlan is on.  I know because we have the same phone system at another office.

There will be some ports on the switch, however, that need to be just for data
0
 

Author Comment

by:Mystical_Ice
ID: 33709591
OK so here's the current config. (see attached)

Port 1 - going to a Dell switch; i still need to configure it, but this switch (the cisco) is going to be doing the routing between VLANs for it.
Port 9 - my laptop plugged in
Port 23 and 24 - wireless access point and gateway (pix 506) respectively.  PIX IP address is 192.168.15.254


I can, from my machine, ping the gateway, ping the switch's vlan2 interface (192.168.15.1), and ping the access point, BUT i can't ping 192.168.16.1 (the switch's VLAN3 interface).  shouldn't i be able to?

Please advise.
0
 

Author Comment

by:Mystical_Ice
ID: 33709592
forgot to attach code. see attached
dcc-switch#sh run
Building configuration...

Current configuration : 3873 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dcc-switch
!
enable secret 5 $1$3EFK$iZRvRdtk/5ceHZbhjkFP11
enable password Dcc123
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 2
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 2
 switchport mode dynamic desirable
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 ip address 192.168.15.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.16.1 255.255.255.0
!
ip default-gateway 192.168.15.254
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password Dcc123
 login
line vty 5 15
 password Dcc123
 login
!
end

dcc-switch#

Open in new window

0
 

Author Comment

by:Mystical_Ice
ID: 33709596
also,


dcc-switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 33709763
So you can't pint vlan3 probably because if you do a show interface vlan3 you will find that is in a down state.

The vlan interface will only come up if there is something physically plugged into a port carrying that vlan.  So if you plug a phone in or even another laptop into a vlan3 port you should see the interface come up and you can ping it.

On your switchport mode trunk problem.  Set the encapsualation type to dot1q then set the mode to trunk:

switchport trunk encapsulation dot1q


As far as the port going to the dell switch.  If you need to trunk the vlans to the dell switch you need to do this:
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk

This will setup an 8021q trunk to the dell switch.  You will need to set the dell up as an 8021q trunk as well and have vlan 2 as the untagged vlan on that port.  

0
 

Author Comment

by:Mystical_Ice
ID: 33713424
Man i appreciate the help.  I think i'm ALMOST there.  Here's the current config on the Cisco switch.  Port #1 is connecting it to the Dell switch.  All other ports are just computers (on vlan 2).  I'm not even going to TRY to tackle the vlan 3 phones trunk thing, but i still have a day to figure that out

Cisco config attached to this post.  Dell config attached to next
dcc-switch#sh run
Building configuration...

Current configuration : 3382 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dcc-switch
!
enable secret 5 $1$3EFK$iZRvRdtk/5ceHZbhjkFP11
enable password Dcc123
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 ip address 192.168.15.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.16.1 255.255.255.0
!
ip default-gateway 192.168.15.254
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password Dcc123
 login
line vty 5 15
 password Dcc123
 login
!
end

dcc-switch#

Open in new window

0
 

Author Comment

by:Mystical_Ice
ID: 33713447
And here is the Dell config.
The Dell IP address is (supposed to be): 192.168.15.2
The Cisco VLAN2 IP address is 192.168.15.1

Worth noting, is that computers plugged into the Dell switch can ping 192.168.15.2, but can't ping anything outside of it.  They don't get IP addresses either, cause the DHCP server (192.168.15.254) is plugged into the other switch.
dcc-switch2# show run
interface range ethernet e(1-24)
spanning-tree portfast
exit
interface range ethernet e(1-24)
switchport mode general
exit
interface range ethernet g(1-4)
switchport mode trunk
exit
vlan database
vlan 2-3
exit
interface ethernet e1
switchport general pvid 2
exit
interface ethernet e2
switchport general pvid 2
exit
interface ethernet e3
switchport general pvid 2
exit
interface ethernet e4
switchport general pvid 2
exit
interface ethernet e5
switchport general pvid 2
exit
interface ethernet e6
switchport general pvid 2
exit
interface ethernet e7
switchport general pvid 2
exit
interface ethernet e8
switchport general pvid 2
exit
interface ethernet e9
switchport general pvid 2
exit
interface ethernet e10
switchport general pvid 2
exit
interface ethernet e11
switchport general pvid 2
exit
interface ethernet e12
switchport general pvid 2
exit
interface ethernet e13
switchport general pvid 2
exit
interface ethernet e14
switchport general pvid 2
exit
interface ethernet e15
switchport general pvid 2
exit
interface ethernet e16
switchport general pvid 2
exit
interface ethernet e17
switchport general pvid 2
exit
interface ethernet e18
switchport general pvid 2
exit
interface ethernet e19
switchport general pvid 2
exit
interface ethernet e20
switchport general pvid 2
exit
interface ethernet e21
switchport general pvid 2
exit
interface ethernet e22
switchport general pvid 2
exit
interface ethernet e23
switchport general pvid 2
exit
interface ethernet e24
switchport general pvid 2
exit
interface range ethernet e(1-24)
switchport general allowed vlan add 2 untagged
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 2
exit
interface range ethernet e(3-24)
switchport general allowed vlan add 3
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 3
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface vlan 2
ip address 192.168.15.2 255.255.255.0
exit
ip default-gateway 192.168.15.1
hostname dcc-switch2
username admin password 190f409287a73abfb5bacda18ef28326 level 15 encrypted
snmp-server community Dell_Network_Manager rw 192.168.15.2 view DefaultSuper






Default settings:
Service tag: 6PL8FH1

SW version 1.0.1.6 (date  18-May-2008 time  18:11:40)

Fast Ethernet Ports
==========================
no shutdown
speed 100
duplex full
negotiation
flow-control off
mdix auto
no back-pressure

Gigabit Ethernet Ports
=============================
no shutdown
speed 1000
duplex full
negotiation
flow-control off
mdix auto
no back-pressure

interface vlan 1
interface port-channel 1 - 15

spanning-tree
spanning-tree mode STP

qos basic
qos trust cos
dcc-switch2#

Open in new window

0
 

Author Comment

by:Mystical_Ice
ID: 33713449
OH-
Port 1 on cisco switch connects to port gig 1 on Dell switch.  i configured all 4 gig ports on the dell switch the same just for simplicity =P
0
 
LVL 3

Accepted Solution

by:
davdjevans earned 250 total points
ID: 33714554
Hi Mystical Ice,

If you will be using Mitel Phones with the switch, then I would recommend the following for the ports connected to the Mitel Phones:

switchport mode access
switchport access vlan 2
switchport voice vlan 3
(You can also use spanning-tree portfast.)

This will allow the ports to support the data vlan (2) and a voice vlan (3).
If you plug in a computer into this port, then you should be able to ping 192.168.15.1, even without a default gateway. 192.168.16.1  will be "pingable" if a default gateway is set on the PC.

When you plug in the Mitel phone, it will use CDP to find out the VLAN (3) that it belongs to as well as the QoS COS value of 5 (Layer 2 QoS for voice on Cisco). Don't forget to set a default gateway for the Mitel phones as well as option 43/125 with vlan=3.
You can ping the 192.168.16.1 IP address from the Mitel phone, to test the setup.
Any device plugged into the back of the phones will be on VLAN 2.


In answer to the question "shouldn't I be able to ping 192.168.15.1 and 192.168.16.1?" at present possibly not because the port will default to VLAN1. If you gave yourself an IP address on VLAN 1 and a default gateway of 192.168.1.1, then it will work.

Good Luck


0
 

Author Comment

by:Mystical_Ice
ID: 33717559
Thanks for that - but look at my two above configs.  The two switches aren't talking to each other, and i don't know why.
0
 
LVL 25

Assisted Solution

by:Ken Boone
Ken Boone earned 250 total points
ID: 33720111
The Dell switch on the port that plugs to the Cisco switch, needs to have vlan 2 as untagged.  I think you said you set all for 4 gig ports the same.  So make sure you set vlan 2 to be untagged on those ports.  Right now you have a mismatch and the trunk won't come up properly.  The cisco term native vlan = dell term untagged vlan.  On an 802.1q trunk the native/untagged vlan on the trunk ports have to match.  On the cisco switch you have the native vlan as 2, but on the dell switch it is currently tagged I believe.  Make it untagged on those ports.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
stacking Catalyst 3650 20 52
fiber and Gig ports on 3650 5 56
What is mean " No service tcp-small-servers , No service udp-small-servers " ? 3 57
Trunk Port 7 60
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question