Solved

Configuring 3 VLANs to be used on each port of Cisco Catalyst 2960

Posted on 2013-06-13
4
686 Views
Last Modified: 2013-06-24
Hi, We currently run 2 VLANs in each of our branch offices (Default and Voice).

For every user, their phone connects to the data point in the wall (and then onto one of the switches) and the users PC connects to the phone. So 1 port on the switch is used to relay both VLANs to the phone and PC.

We are now in the process of rolling out Video conferencing units to some staff.
This requires a 3rd VLAN. it also now changes the physical path so it runs from Switch > Video Conferencing unit > Phone > PC.

So each port will now have to carry 3 VLANs. How do I configure this on the switch?

Currently Port 1 is set as a Trunk port (which connects to our Routing gear). Ports 2-24 are configured as access ports. However this confuses me as I thought only trunk ports can carry more than 1 VLAN. These are all configured as access points and they are members of both VLANs.

I have created the new VLAN (200), but not sure what I need to do to apply this to the ports without crashing the device. I tried setting all the ports for this vlan as access and all network activity stopped until the device was rebooted back to the startup config.

The Running-config is as follows. As mentioned, I have created the VLAN, but not applied to any ports.



ctalt-2960-sw1#show running-config
Building configuration...

Current configuration : 9860 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ctalt-2960-sw1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$gVot$X.RK6AmxFu6c/TTJ7LG8M/
!
aaa new-model
!
!
aaa group server radius Rad_Auth
 server 192.168.101.115 auth-port 1645 acct-port 1646
!
aaa authentication login default group radius line
!
!
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2  1
mls qos srr-queue input cos-map queue 1 threshold 3  0
mls qos srr-queue input cos-map queue 2 threshold 1  2
mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3  3 5
mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3  32
mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3  2 4
mls qos srr-queue output cos-map queue 4 threshold 2  1
mls qos srr-queue output cos-map queue 4 threshold 3  0
mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet0/2
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/3
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/4
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/5
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/6
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/7
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/8
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/9
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/10
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/11
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/12
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/13
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/14
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/15
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/16
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/17
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/18
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/19
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/20
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/21
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/22
 description ** TIPT Phone Port **
 switchport voice vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/23
 description ** TIPT Phone Port **
 switchport access vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet0/24
 description ** TIPT Phone Port **
 switchport access vlan 100
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.111.2 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.111.1
no ip http server
radius-server host 192.168.101.115 auth-port 1645 acct-port 1646 key 7 09081E0D4
8101A405A4C
!
control-plane
!
banner login
!
line con 0
 exec-timeout 20 0
 password 7 03400B0F571A2C1E1F48
line vty 0 4
 exec-timeout 20 0
 password 7 03400B0F571A2C1E1F48
 length 0
line vty 5 15
 exec-timeout 20 0
 password 7 03400B0F571A2C1E1F48
 length 0
!
ntp server 125.225.49.194
end
0
Comment
Question by:Howzatt
  • 2
4 Comments
 
LVL 4

Expert Comment

by:iammorrison
ID: 39246483
could you also provide a show vlan output?
0
 
LVL 1

Accepted Solution

by:
vuhanguyen earned 167 total points
ID: 39246506
Only trunk port can carry multi VLAN tagged packets, and normal endpoint devices only understands the untagged packets (it means they only work with access ports on your switch)

And I think your phone and pc now is running in VLAN 100 ("users PC connects to the phone"?!!) So if you want to use 3 VLAN for 3 services you need 3 access ports on your switch (for 1 user)

For example:
interface FastEthernet0/1
 description ** TIPT Phone Port 1**
 switchport access vlan 100

interface FastEthernet0/2
 description ** TIPT PC Port 1**
 switchport access vlan 200

interface FastEthernet0/3
 description ** TIPT Camera Port 1**
 switchport access vlan 300

Open in new window

0
 
LVL 4

Assisted Solution

by:iammorrison
iammorrison earned 166 total points
ID: 39246525
vuhanguyen is correct, thats why i was curious to see a the output of show vlan to get a more complete picture. Also if your phones are PoE, they probably wont work connected to the conferencing unit.
0
 
LVL 1

Assisted Solution

by:Uvg
Uvg earned 167 total points
ID: 39246594
Cisco recommends exactly specify the role of switchport (trunk or access). To avoid problems with endpoint devices (not all devices correctly respond to CDP packets :) ).
Additionally, using native vlan as main data vlan is not a good idea too.

What about voice if you configure port "switport voice vlan ..." this port become virtually a trunk port - you may go deeper using cisco docs. Phone is a switch too. It have one trunk port and one access port.

So if your conferencing units understand 802.1q vlan protocol then you need to configure switch ports as trunks. Connect your conferencing units to this ports. Configure second port of conferencing unit (it have it yes?) as trunk and connect phone to it. Then correctly configure phone to use proper voice and data vlan numbers. Thats all.

You will have trunk for all vlans (or specify allowed vlans) on conferencing unit. Trunk to phone and access port for PC.

P.S. Do you really need LAN isolation between data and video?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now