vlan configuration on Cisco switches

Hello,

I have 4 Cisco 2960 switches in a stack and they are connected to a stack of layer 3 3850's.  I want to create a vlan for finance traffic on the LAN.  Do I create the vlan on the 2960's and if I do would other computers not in that vlan be able to access the computers in that vlan through the layer 3 switches?  Do I also need to create the vlans on the layer 3 switches?

Note trunking between the layer 2 and layer 3 switches is already set up.

Thanks
wayy2beAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
You would create the VLAN's on the 2960 stack.  If there are other hosts in the same VLAN connected to the 3850 stack, you would need to create the VLAN there as well.

If the hosts on this VLAN need to communicate with anything outside of this VLAN, then you would need to enable inter-VLAN routing either on the 2960 stach or the 3850 stack.
mjhangiani2Commented:
Rule of thumb
1) computers on a VLAN can talk to  computers on the same VLAN on the same switch or switch stack
2) computers  on a VLAN can talk to computers on the same VLAN on another switch if the switches are connected either by a trunk port or by a ports on the same vlan
3) Computers on a vlan can talk to computers on another vlan only if inter-vlan routing is enabled on a layer three switch that hosts these VLANS.

In answer to your question - you need to setup a finance vlan that is accessible from other vlans then you would need to create the finance vlan on both the 2960 switch stack and the 3850 stack. All vlans that need to talk to each other should have layer 3 interfaces on the 3850 stack. configured with IP addresses. And IP routing needs to be enabled on the 3850 stack
wayy2beAuthor Commented:
I created the vlan on the 2960 stack using 4 interfaces of the same switch.  I then plugged in three computers with static IP addresses on three ports and a server on the fourth port with a static IP address.  They could not communicate.

So I then created a vlan interface on the 3850 and plugged the server into that and they can communicate.  How come they could not communicate on the 2960 and needed a port on the 3850?  Routing issue?
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

Don JohnstonInstructorCommented:
How come they could not communicate on the 2960 and needed a port on the 3850?  Routing issue?
Nope. I suspect an incorrect configuration.

Please post the config of the 2960 stack and indicate which port the PC's and Server were connected to.
wayy2beAuthor Commented:
Interface GigabitEthernet 1/0/44
switchport mode access
switchport access vlan 80

Interface GigabitEthernet 1/0/45
switchport mode access
switchport access vlan 80

Interface GigabitEthernet 1/0/46
switchport mode access
switchport access vlan 80

Interface GigabitEthernet 1/0/47
switchport mode access
switchport access vlan 80

Server was on 47, PC's on the others
Don JohnstonInstructorCommented:
Well that's obviously not the full configuration.

But if the server was connected to g1/0/47, and it was correctly configured, then it would be able to communicate with devices on g1/0/44-46.

Perhaps you could post the config of the 3850 where it did work?
wayy2beAuthor Commented:
One item to note that I forgot to mention.  The PC's and server on the ports in vlan 80 have an ip range of 10.0.0.1-4.  The rest of the network is a 192.168.5.0 network.  

I added the following on the 3850:

interface vlan 80
ip address 10.0.0.5
switchport mode access

I cannot post the config right now since I left the office.  Thanks
Don JohnstonInstructorCommented:
It is not possible to add the "switchport mode access" statement to an SVI.  

If all the devices in question are in the same broadcast domain/ip network/VLAN, the SVI is not relevant anyway.
wayy2beAuthor Commented:
Going from memory on the last one since I don't have access right now.  Should I remove the SVI  in the morning and test again?
Don JohnstonInstructorCommented:
Understood. Just saying that if all the devices are in the same VLAN, the SVI doesn't help or hurt or hinder.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Here are the steps you can do to communicate servers/pcs and other resources

on the 2960

conf t
vlan 80
end

conf t
interface range GigabitEthernet 1/0/44 - 48
switch mode access
switchport access vlan 80

====> at this level, if you have your server and pc are in same range of ip address, then pc and server should able to ping

on the 3850

#conf t
vlan 80
end

#conf t
vlan 100
end

#conf t
int vlan 80
ip address 10.0.0.5 255.255.255.0
no sh
end

#conf t
int vlan 100
ip address 192.168.5.0 255.255.255.0
no sh

Now connect 2960 switch to 3560 and configure the interface in trunk mode

2960 switch

int <interface name>
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 80,100
end

PC/server ==>2960 --(trunk interface)--3850

Thanks
wayy2beAuthor Commented:
You were correct.  I tried it again and ran all the cables back into the 2960 stack and it works perfectly. Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.