Cisco Switching/Routing :: Private Vlans Across 2960 / 2950 Switches?
Nov 12, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature?
View 1 Replies
ADVERTISEMENT
Nov 11, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?
what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature
View 7 Replies
View Related
Mar 7, 2012
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies
View Related
Dec 8, 2011
How do you enable multicast traffic on 2900 series switches?
View 7 Replies
View Related
Jun 12, 2012
I have 10 2950 switches on my network that support only 64 vlans on each one. I actualy have requrement to cleate around 100 vlans acros them, can I switch off vtp and create required vlans manualy? I will have more or less following set up:
router
|
2950 - vlan 1,2,3,4,5,6,7,8,9,10
[Code].....
View 12 Replies
View Related
Sep 5, 2012
Is this supported on a 3750X ?? A router has two VRFs and its lan interface is a trunk with 2 VLAN IDs, let say VLAN 10 and VLAN 20. The ip address subnet of these two vlans is the same (therefore , they are in different VRFs)
fa0/1
VLAN 10 = 10.15.4.9 (VRF A)
VLAN 20 = 10.15.4.10 (VRF B)
This router is connected on a 3750X switch. There is a firewall connected to this switch also, which is default gateway for several VLANs including VLAN 10 (10.15.4.1)
The goal is that VRF B ip can talk to 10.15.4.1 and VRF A can talk to 10.15.4.1 but VRF B can't talk to VRF A (10.15.4.9 <-> 10.15.4.10)
FW |--- TRUNK VLANs 1,2,3,4,10 ---------| SWITCH |----- TRUNK VLAN 10,20 -----| ROUTER (vlan 10 = VRF A, vlan 20 = VRF B)
I think this is not supported on the C3750, as my promiscuous port is located on a trunk.
View 1 Replies
View Related
Sep 13, 2012
I have a above said switch at my remote office (600KM) which is connected with L2 Point to Point leased line. Both the ends I have Cisco 3950 catalyst switches with Vlans configured at both the ends. Now, for obvious reasons I should remove the other end 3950 switch and replace with Cisco 2950 switch. The other end 3950 is having 4 Vlans configured on 4 ports. Now my requirement is, I should configure 3 Vlans (one for P2P, one for 10 Desktops and one for to bring traffic from other network).
View 1 Replies
View Related
Aug 28, 2012
We have a requirement for private VLANS for DMZ hosting within one of our datacentres. I just want to query how private VLANs would work in our environment.We have physical servers connected to fex ports (2 fex per rack for each 5k) of a 5548UP switch, virtual servers using the nexus 1000v (vmware hosts connected to fex ports) Out firewalls and load balancers are connected to an upstream pair of nexus 7ks using vPCs.My question is this, ordinarily the firewall would be in a promiscuous port but as these reside on a physically separate switch will the normal vPC trunk still be sufficient or would the "switchport mode private-vlan trunk promiscuous" be required on the vPC up to the northbound 7k.As these connections are already in production I do not want to affect the existing traffic that doesn’t use private VLANs.
View 3 Replies
View Related
Aug 13, 2012
regarding PVLANs and the Nexus, my understanding is that we cannot configure Private VLANs on a FEX trunk port with a NX-OS release older than 5.1(3)N2(1) for the Nexus5548... Is there any known workaround for this limitation (appart from performing a SW upgrade)?
View 2 Replies
View Related
Apr 5, 2013
i am trying to set up a cisco 2950 with a vlan to seperate all of the pos machines on the network (4 of them) from all other machnes in the building (3 hard wired and wi-fi). i was going to use vlan 1 as a trunk to allow internet access to go from fa0/1 to both vlans (vlan 10 and vlan 20). i have read things about the acl having an explicit deny at the end, so i'm thinking that is my problem. i am testing it at my house before deploying it to the network. i have 1 laptop setup with an ip of 192.168.0.50, and the other is .60. my router is 192.168.0.1. i have the ethernet from the router plugged into fa0/1, the 1st laptop on fa0/2 and the other at fa0/3. before i set the vlans up, i checked the communication by just plugging them in and trying to ping, they could both ping each other, the router and 8.8.8.8. when i finished setting up the test vlans, they could not ping each other(what i wanted) and laptop 1 can ping the router, and 8.8.8.8. laptop 2 cannot ping anything.
the only thing i did was create vlan 10 and 20, set port fa0/2 to vlan 10 and no sh, fa03 to vlan 20 and no sh, fa0/1 to vlan 1 and no sh. then i did switchport mode trunk on fa0/1, and switchport native vlan 1. this seems to be how i was supposed to do it, but it's been a while since i have worked with switches. i'm sure it's simple, but after searching the internet and poring over my cisco books for 5 hours, it is turning out not to be the case. here are some details:
greenhouse#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
[code]...
View 10 Replies
View Related
Nov 29, 2011
We currently have a HP blade platform which has two Cisco CBS30X0 switches built into it running Version 12.2(55)SE. These are connected to two Cisco C2960 aggregation switches running Version 12.2(44)SE6. According to this article I need to upgrade these to 12.2(25)FX: url...
1.)This will according to that article only allow me to create edge ports on them, is this a hardware limitation or am I just not finding what firmware I need to upgrade them to, in order to allow the creation of community VLANs? We have these aggregation switches conncted directly to multiple types of firewalls which take care of each of our clients networks including internet access etc. We are wasting many VLANs and IP addresses with our current setup so I am hoping to move over to using private VLANs. The setup of the private VLANs looks simple enough.
2.)When the private VLAN's try to communicate, all info will be sent directly to the layer 3 device I gather, which will not need to know anything about the private VLANs?
View 12 Replies
View Related
Nov 3, 2012
Need to confirm if WS-C3750-48TS-S supports Private vlans and IPV6?
Also need to know which stack cable like part number i can use for stacking them .
View 3 Replies
View Related
Mar 13, 2013
I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies
View Related
Feb 11, 2012
With out using any server, will DHCP be configured in cisco 2950/2960 switch?I man cisco it self should work as a dhcp server also.
View 10 Replies
View Related
Jan 2, 2013
Is it possible to run VTP V3 on 2950 and 2960 switches. If so what version of IOS supports V3? Our 2960s are running 12.2(25r)SEE1, and 2950s are running 12.1(22)EA4a. Neither of which supports v3.
View 3 Replies
View Related
Mar 25, 2013
How to setup 3 SG300-52 (in L2 mode) as per this diagram:Port 1 on all switches should be able to talk to each other and access the blob at the right.The ports 25 on the other hand should only be able to talk among themselves in their own private vlan. They are to carry sensitive traffic. So I created 3 vlans, vlan 78 for ports gi1, gi51 and vlan 10 for port25,49,50 and a dummy vlan: 666 with the intent of segratating vlan 10 from vlan 78. My attempts so far have failed. ports gi49-50 are configured as trunk ports and gi1,gi51 as access ports as the following cli output (excerpts of the startup config):
vlan database
vlan 10,78,666
exit
interface vlan 1
ip address 172.16.10.11 255.255.255.0
[code]....
Ports gi1 can talk to each other and access the blob but ports 25 refuse to talk to each other. But as soon as I remove the access links to the blob they can! Obviously, at that point port gi1 lose access.Is such a topology feasable or even advisable?
View 7 Replies
View Related
Feb 7, 2012
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
View 12 Replies
View Related
Feb 8, 2012
I have two switches, a 2960 (sw01) and a 2948 (sw02). The sw01 is trunking via dot1q on Gi0/24 to sw02 on 2/48. Why are VLANs 2-4 not active on sw02?
sw01#sh int Gi0/24 trunk
Port Mode Encapsulation Status Native vlan
Gi0/24 auto 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/24 1-4094
[code].....
View 5 Replies
View Related
Sep 26, 2012
How can i add two data vlans on cisco 2960 on one interfase? i have 3 mac adresses on one interfase: one PC, one ipphone and one XP virtual machine(VM). PC and VM are in one data vlan and phone is in voice vlan. i need to place the VM in another data vlan is it possible? if so could you give me a link or place information here.
View 2 Replies
View Related
Apr 30, 2012
I have a a hardware server running a VM hosting virtual servers which are all on different VLANs. My challenge now is to configure the switchport that the server is connected to, to see all the VLANs needed by this VM. The VM has an IP that is used for managing the server VMs which is on a different VLAN also.
My switch is a 2960 switch and it is presently trunked from the core switch.
View 3 Replies
View Related
Dec 19, 2012
I have two Catalyst 2960 Series (48 port) switches with the newest Cisco IOS installed. There is also a Cisco 2600 Series Router which I can't manage because it's ISP managed.
Now the problem is as follows. I'd like to create two VLANs, one in the IP range 192.168.0.xxx and the other in the 192.168.1.xxx. Now the router has a gateway IP address 192.168.1.1 .
Would it be possible to somehow connect these two VLANs with the router so that these 2 VLANs can't see each other but they can ofcourse both contact the router and exit on the internet?
View 3 Replies
View Related
Nov 22, 2011
On a low-end switch like a 2960 the maximum VLANs is 255, as shown in the output of VTP status:
Maximum VLANs supported locally : 255
Number of existing VLANs : 245
When the VTP mode is changed to transparent, VLANs from the extended range can be added without increasing the number of existing VLANs - e.g. if I create VLANs 3000 - 4000 the number of existing VLANs is still listed as 245.
If MST is used to cut down on the number of spanning-tree instances - and assuming propagation of VLAN configuration via VTP is not required - is there any downside to using transparent-mode VTP to increase the number of available VLANs? It does feel like I'm cheating the maximum listed in the datasheet.
View 4 Replies
View Related
Mar 7, 2012
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into: Code...
View 7 Replies
View Related
Apr 25, 2013
I have a server windows 2008 that I would like to have a nic teaming configuration, the server has two nics, each nic is connected to a different switch. One is connected to cisco 2960 and the other is connected to cisco 2950. I have read here in forums about nic teaming but using the same switch. I have not found using different switch. Is this possible?
View 1 Replies
View Related
Feb 18, 2011
I have a number of class-'c's as a hand-off from my data center fiber to my 2960, which then sprawls the racks with about many 2950 switches, mostly 20 machines per switch. To allow machines on one 2950 to push data to another 2950 without routing back to my ISP's router(which costs money for bandwidth) isn't is possible to trunk one port on each 2950 to another 2950 and adding a addititional vlan8 to them. Then data jumps from 2950 to 2950 without going back to the 2960 or mainly not going back to my ISP's router. Is this the correct way to accoplish this with extra vlan and trunking the 2950's to each other or am I looking at this all wrong?
View 1 Replies
View Related
May 14, 2012
have setup a small lab as per CBTNuggets. Everything was going well until I introduced a second switch to create a trunk. Now I cannot ping between my two switches. Both show operational mode as down:
SWITCH1#show interfaces f0/12 switchport
Name: Fa0/12
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
[code]....
I have tried to allow all vlans or vlan 1 specifically and the output of the above doesn't seem to change. I am wondering if there is something in the config-register that is preventing trunking, but I don't really know enough yet!
The output of my second switch is identical to this one, the only difference is that I have it configured as a vtp client.
View 4 Replies
View Related
Aug 27, 2012
I have more than 20 Cisco switches in my office which is basically a soap manufacturing factory. The switches include Cisco 2950, 2960, 3560, 3750 etc. We have routers also which include 2821, 2951 etc. We also have Cisco WLC 2125 and LAP 1262 series. Sometimes all these devices management comes very tough to us.
We need to log on to different devices for troubleshooting/network management which sometimes becomes very tough to us. So I wonder if there any Cisco applications or tools by which we can centrally manage all these devices.
View 2 Replies
View Related
Dec 12, 2011
Is there a chart to show what modules will fit what swithches for fiber applications ex 2950 and 3560 switches
View 1 Replies
View Related
Jan 25, 2012
How to get vlans working properly between sub-interfaces on a ASA and a trunk port on a switch.There seems to be issue with the VLAN's being assigned to the correct VLAN and this information being properly sent to the ASA over the trunk.
We seem to be unable to ping most of the interfaces except for one on the switch. Sometimes if we are lucky we are able to ping a host on a different vlan that is on the switch. This seems sparadic at best.
Logs on the ASA show traffic does not seem to be assigned properly to the correct sub interface. We have access rules on the ASA disallowing traffic not part of the same vlan. For example you will see networkA blocked on networkB when it really should be directed through networkA's sub interface.
Any example commands for the ASA and Switch for at least the basic requirements to enable all the VLAN's to communicate properly with the ASA?
View 5 Replies
View Related
Nov 21, 2012
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies
View Related
Mar 12, 2013
We have 3 layer LAN architecture, layer 1 of 6500(IP routing), layer 2 of 4500(L2 switch only), layer 3 of 2960(L2 Switch)In a Single (2960 and 4500) Switch Port Avaya IP phone and PC are connected.Now, the requirement is that, Qos need to be configured for Voice traffic and Data traffic should be in default class of service.We plan to use COS value in Switch 4500 and 2960. We made a sample configuration as below
### For 4500 Switch
class-map match-all VOIP-Access-2MB
match cos 3 5
class-map match-all VOIP-Uplink-20MB
match cos 3 5
[code].....
check these configurations are correct as per standard and if there is any other method of configuration?What need to be configured in L3 Switch(6500)??In 2960, it doesn't support ingress QoS, what impact it will make when compare to 4500? do users experiance any difference?
View 1 Replies
View Related
Jul 5, 2012
Are the non-S series 2960 switches stackable or are they only able to be uplinked?
View 6 Replies
View Related
Mar 22, 2012
Company I work for just moved into a new location. We have two data closets which are patched as independent entities, with no Ethernet tie connection. These closets are roughly 100 feet apart.
There is a fiber connection that runs between both closets, that the previous tenant used to connect the switches. I have placed a Cisco 2960 switch in each location, and added one mini SFP gbic's to each switch. After attaching both sides, neither light up. I do a sh inter gig1/0/49 on each and shows 'down down' (not admin down).
What is the trick on getting these to communciate, do I need to configure these ports, and are they supposed to light up?
What I am trying to accomplish is to get the one closet that is completely cut off, communicating by logically stacking, or 'daisy chaining' via fiber.
I turned off the lights and popped the fiber out, and I do see a faint red light (I did not look straight into it), so I think the fiber is active.
View 2 Replies
View Related
