Wired Networks Thread, Setting up Multiple VLAN's in Technical; Hi,
I am in need of a little help, I am currently re-installing a network with all new equipment and ...
I am in need of a little help, I am currently re-installing a network with all new equipment and need some guidance in configuring mutliple VLANs on a switched network. I will be utilizing 4 Cisco 2960 Switches(user switches), a Cisco 3750-X Switch(Core switch), and Cisco 2921 router as the backbone devices. I already configured them with the basic information in order to test them out for connectivity, however I am still unsuccessful/unsure in properly configuring them utilizing seperate/multiple VLAN's between all the devices. I want to use the 10.17.0.0 network information, utilizing NAT of course and then use 10.17.1.0 network on one switch utilizing VLANs, x.x.2.0 on another, x.x.3.0, x.x.4.0 ect. networks, on the other switches. Can anyone assist me in the right direction? Here is the example of basic configs (minus sensitive information) that I installed for testing purposes and everything is working fine, however now I want to seperate the devices, and put them on their own networks, and then eventually segment the switches on seperate sub-vlans. I will also attach a basic diagram as a reference of the equipment. Thanks for the help.
Router:
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime
service timestamps log datetime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname rtr
!
boot-start-marker
boot-end-marker
!
!
security passwords min-length 10
logging buffered critical
logging rate-limit 10
!
aaa new-model
!
!
aaa authentication login default local-case
aaa authorization console
aaa authorization exec default if-authenticated
!
!
!
!
!
aaa session-id common
clock timezone **omitted**
clock calendar-valid
!
no ipv6 cef
ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name **omitted**
multilink bundle-name authenticated
!
!
password encryption aes
crypto pki token default removal timeout 0
!
crypto pki trustpoint **omitted**
!
!
crypto pki certificate chain **omitted**
!
!
username **omitted**
username **omitted**
username **omitted**
!
!
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description THE NEW ISP INFO LIVE! $OUTSIDE$
no ip address
ip flow egress
ip nat outside
no ip virtual-reassembly in
ip virtual-reassembly out max-reassemblies 128
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Link to CoreSW
ip address 10.17.1.1 255.255.0.0
ip flow ingress
ip nat inside
ip virtual-reassembly in max-reassemblies 128
duplex full
speed auto
!
interface GigabitEthernet0/2
description **NOT USED**
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export destination 10.17.3.250 2055
!
ip nat inside source list 117 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 10.17.0.0 name **omitted**
!
ip access-list extended netbios
deny tcp any any eq 135
deny udp any any eq 135
deny tcp any any eq 136
deny udp any any eq 136
deny tcp any any eq 137
deny udp any any eq netbios-ns
deny tcp any any eq 139
deny udp any any eq netbios-ss
deny tcp any any eq 445
deny udp any any eq 445
deny tcp any any eq 138
deny udp any any eq netbios-dgm
permit ip any any
!
logging trap warnings
logging 10.17.3.250
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 remark **omitted** Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 117 permit ip any any
!
!
snmp-server community **omitted**
snmp-server enable traps tty
!
!
!
control-plane
!
!
banner login ^C
LOG OFF IMMEDIATELY IF YOU DO NOT AGREE TO THE CONDITIONS STATED IN THIS WARNING
^C
banner motd ^C
NOTICE TO USERS
THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may
be intercepted, monitored, recorded, copied, audited, inspected,
and disclosed to authorized site and law enforcement personnel,
as well as authorized officials of other agencies, both domestic
and foreign. By using this system, the user consents to such
interception, monitoring, recording, copying, auditing, inspection,
and disclosure at the discretion of authorized site personnel.
Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.
By continuing to use this system you indicate your awareness of and
consent to these terms and conditions of use.
^C
!
line con 0
exec-timeout 5 0
line aux 0
no exec
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class **omitted** in
privilege level 15
transport input ssh
line vty 5 15
access-class **omitted** in
privilege level 15
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 196.43.1.9
end
Core switch:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname **omitted**
!
boot-start-marker
boot-end-marker
!
enable secret 5 **omitted**
enable password **omitted**
!
username **omitted**
username **omitted**
username **Omitted**
no aaa new-model
clock timezone **omitted**
switch 1 provision ws-c3750x-24s
system mtu routing 1500
no ip sticky-arp
ip dhcp excluded-address 10.17.3.250
ip dhcp excluded-address 10.17.2.249 10.17.2.255
ip dhcp excluded-address 10.17.0.1
ip dhcp excluded-address 10.17.1.0 10.17.1.15
!
ip dhcp pool 1
network 10.17.0.0 255.255.0.0
default-router 10.17.1.1
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool jv1
host 10.17.2.250 255.255.0.0
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool jv2
host 10.17.2.249 255.255.0.0
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool console
host 10.17.3.250 255.255.0.0
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool user_bad_wifi_card
host 10.17.3.80 255.255.0.0
!
ip dhcp pool Slim
host 10.17.3.50 255.255.0.0
dns-server 8.8.8.8 8.8.4.4
!
!
ip domain-name **omitted**
!
!
crypto pki trustpoint **omitted**
!
!
crypto pki certificate chain **omitted**
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
description Link to For
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
description Link to Class1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
description Link to ELibrary
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/5
description Link to Class2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/6
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/7
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/8
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/9
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/10
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/11
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/12
description **NOT USED**
switchport mode access
spanning-tree portfast
shutdown
!
interface GigabitEthernet1/0/13
switchport mode access
spanning-tree portfast
shutdown
!
interface GigabitEthernet1/0/14
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/15
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/16
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/17
description **NOT USED**
switchport mode access
shutdown
!
interface GigabitEthernet1/0/18
description **NOT USED*
switchport mode access
shutdown
!
interface GigabitEthernet1/0/19
description **NOT USED*
switchport mode access
shutdown
!
interface GigabitEthernet1/0/20
description **NOT USED*
switchport mode access
shutdown
!
interface GigabitEthernet1/0/21
description **NOT USED*
switchport mode access
!
interface GigabitEthernet1/0/22
description **NOT USED*
switchport mode access
shutdown
!
interface GigabitEthernet1/0/23
description **NOT USED*
switchport mode access
shutdown
!
interface GigabitEthernet1/0/24
description **NOT USED*
switchport mode access
shutdown
!
interface GigabitEthernet1/1/1
description **NOT USED*
shutdown
!
interface GigabitEthernet1/1/2
description **NOT USED*
shutdown
!
interface GigabitEthernet1/1/3
description **NOT USED*
shutdown
!
interface GigabitEthernet1/1/4
description **NOT USED*
shutdown
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 10.17.1.2 255.255.0.0
no ip route-cache cef
no ip route-cache
!
ip http server
ip http secure-server
!
!
logging esm config
logging trap warnings
logging 10.17.3.250
access-list 1 permit 10.17.1.1
access-list 1 permit 10.17.1.2
access-list 1 permit 10.17.1.3
access-list 1 permit 10.17.1.4
access-list 1 permit 10.17.1.5
access-list 1 permit 10.17.1.6
access-list 1 permit 10.17.2.249
access-list 1 permit 10.17.2.251
access-list 1 permit 10.17.3.250
access-list 1 permit 10.17.2.250
snmp-server community **omitted**
snmp-server enable traps tty
!
!
line con 0
login local
line vty 0 4
access-class 1 in
password **omitted**
login local
line vty 5 15
access-class 1 in
password **omitted**
login local
!
end
twin--turbo...sorry about that I should have gave you the other configs with the other VLANs on the swithces that I tried. I was not successful in getting the other networks (VLAN 10, 20, 30, 40, 50) with 10.17.1.0, 10.17.2.0, 10.17.3.0..... to talk to eachother. I am reading up on the VTP, server, clients now. Was that my issue? Also what is RSTP? I am not that new to networking, just as technology evolves and I get busy with other work, it seems to move faster than my time and knowledge can keep up, thus the reason why I ask for help. Thanks for the help.
Where do you want your internal network routing to happen on the 2921, or on the 3750
if the latter..
Get VTP on and confirm that the clients update their Vlandatabases.
Set up Vlan Interfaces on the core with an IP address.
Assign switchport access vlans to ports on the switches.
Change G0/1 to a access port, remove the IP address and assign it to vlan1
set up default route on the 3750 as the 2921, and set static routes on the 2921 for the internal networks.
IS the Internet link really an E1???????
Rob
Last edited by twin--turbo; 24th June 2012 at 09:09 PM.
Yes I have I tired to set up the VLAN's, but I could not get them to talk to eachother, I will send you the configs that I tried. Also I am going to (wanting to) run the DHCP Services by the Core Switch, I DO NOT have a DHCP Server at this time. I figured that until the funding comes in that the Core switch could handle the servcies.
Where do you want your internal network routing to happen on the 2921, or on the 3750
if the latter..
Get VTP on and confirm that the clients update their Vlandatabases.
Set up Vlan Interfaces on the core with an IP address.
Assign switchport access vlans to ports on the switches.
Change G0/1 to a access port, remove the IP address and assign it to vlan1
set up default route on the 3750 as the 2921, and set static routes on the 2921 for the internal networks.
IS the Internet link really an E1???????
Rob
I want the "internal networking" to happen from the Core switch and just the routing functions to happen from the 2921 router for now (until I expand the Network). Yes I have a dedicated Fiber Line already terminated to my building, from the ISP. I know that it might seem a little overkill, however I am looking into the futre and want to expand the network soon.
Who's the ISP and what equipment are they providing, A 2921 aint a cheap bit of kit.. The APC 2200's on the core and 2921 are overkill too.
Rob
The ISP is very...let's just say not very informative, however they give me enough infformation to set up the external (WAN) link. As far as the equipment, all I get from them is the modem, the external link (fiber...as an agreement) and the fiber converter to my switch (which should be insiginficant in this matter for now). As far as the rest of the equipment, I flipped the bill for this and I know it might seem a little overkill, however, I want to make sure that the network, equipment, and services are running without any problems.
I want the "internal networking" to happen from the Core switch and just the routing functions to happen from the 2921 router for now (until I expand the Network). Yes I have a dedicated Fiber Line already terminated to my building, from the ISP. I know that it might seem a little overkill, however I am looking into the futre and want to expand the network soon.
You need layer 3 routing somewhere for your vlans to talk. Either the 3750 must do the routing or the 2921 must do the vlan routing.
LinkBack URL
About LinkBacks
Originally Posted by twin--turbo 
