Config port / VLAN on switch MXL

Similar Questions

• Ports & VLANS

  Hey all - serious brain issue today.

  I have a core switch with a port set to VLAN 10 & 20 tag traffic.

  In this core switch port, I have a GS748T, where I'm the odd ports # be vlan 20 & ports even # to vlan 10.

  Objective:
  I have a DHCP server, which serves the two VLAN - so I was hoping that plug into one line, withdrew a DHCP server IP address, but not luck.

  I've been playing with the PVID & VLAN settings on the ports, but impossible to find the right combo. What is the setting for the port of uplink on 748?

  Thoughts? Help?

  Thank you!

  -Tom

  I have it.

  GS748:
  

  DHCP release/renew unsuccessful for different networks when I move the cable to different VIRTUAL local area network ports.

  So:
  Interface/Port 1: VLAN 20.
  VLAN 20 membership: U
  Port PVID config: VLAN 20
  Uplink port: VLAN 20: T

  Interface/Port 2: VLAN 10
  VLAN 10 members: U
  Port PVID config: VLAN 10
  Uplink port: VLAN 10: T

• Management of VLANS on switches PowerConnect 28XX

  I had already tried the PowerConnect 27XX switches (mainly the 2708), and while it worked very well, he had a very, very frustrating feature: the IP address of management was always assigned to VLAN 1 - there is no way to change this.  I wonder if someone who has the (2708 or 2716) 28XX series could tell me if they have added a way to change the management VLAN, or if the management VLAN is always pasted to the VLAN1?  It is a decisive feature - I can't lose a port on VLAN1 on the switch just to be able to manage, as our current environment uses a VLAN for management.

  Thank you

  Nick

  management of VLANs is always vlan 1 on 28xx switches.

  An option is outwardly loop back one vlan 1 coelio to an access port vlan XX.   This will allow you to manage the switch on any vlan.  Of course, it burns 2 ports, not just 1.  But these switches are inexpensive, so you can have a hard time to find a solution less expensive just to avoid to manage on the vlan 1 or using the hack of the outer loop.

  Note: 28xx executes a single PLEASE, so you will need to disable the STP Protocol on the loop back ports if you go with this hack.

• VLAN 2 switch ESW - 520

  For the test I used 2 switch this name 'ESW X' and 'Y ESW '.

  I have 2 network that I named "Network A" and "Network B".

  I build a VLAN 2 for each network named Vlan 2 for network and Vlan 3 to network B, I do not use Vlan 1 because it is the default Vlan

  Configuration ESW X:

  port e1: access on UNTTAGGED Vlan 2 PORT

  port E2: access on UNTTAGGED Vlan 2 PORT

  E3 port: PORT of ACCESS on UNTTAGGED Vlan 3

  E4 port: PORT of ACCESS on UNTTAGGED Vlan 3

  G3 port: with 1 (default) UNTTAGGED Vlan TRUNK PORT and Vlan tagged WITH 2 and 3 to Vlan

  Configuration ESW Y:

  port e1: access on UNTTAGGED Vlan 2 PORT

  port E2: access on UNTTAGGED Vlan 2 PORT

  E3 port: PORT of ACCESS on UNTTAGGED Vlan 3

  E4 port: PORT of ACCESS on UNTTAGGED Vlan 3

  G3 port: with 1 (default) UNTTAGGED Vlan TRUNK PORT and Vlan tagged WITH 2 and 3 to Vlan

  I use for the test computer 2 with the same class IP address.

  Test result:

  Communication between ESW X e1 and e2 x ESW => OK

  Communication between ESW X e3 and e4 x ESW => OK

  Communication between ESW e1 and e2 ESW Y => OK

  Communication between ESW e3 and e4 ESW Y => OK

  Communication between e1 ESW X and Y of the ESW e1 or e2-online NOK

  Communication between e2 ESW X and Y of the ESW e1 or e2-online NOK

  Communication between e3 ESW X and Y of the ESW e3 or e4-online NOK

  Communication between e4 ESW X and Y of the ESW e3 or e4-online NOK

  Each Vlan cannot communicate with the switch, I think they have a problem in my configuration of vlan / port, can you help me.

  Hi, Thibaud,.

  Thank you for the purchase of the ESW switches.

  Just out of curiosity, you are using the latest firmware on your version of switch ESW 2.1.19

  But of course, you seem like you have a great understanding of Tagged and VLAN no tagged of you ad description... great stuff.

  I just tried your configuration, I can communicate between ESW540 - 24 p-switch and a SF300 - 48p.

  Sorry, I don't have two switches handy ESW. But it doesn't matter. Standards based Ethernet is I hope that some standards based on ethernet

  My configuration of vlan below for my ESW540 - 24 p and it works very well.

  I plugged just ports of the switch 24 between the two switches together, that's why the 24 port is labeled in each of the screenshots below.

  I really really doubt you would have a problem, unless there is something fundimental or basic you did for example do not save the configuration running on the boot configuration.  Obviously do not save the configuration before a power down will kill the configuration.

  (saved your configuration in each switch)

  

  

  Here is a copy of a part of my switch running configuration, which were a result of me playing with the ESW configuration utility.

  (Note that my switch has all Gigabit ethernet ports ;)

  serial interface ethernet g(1-2)

  switchport vlan trunk native 2

  output

  interface ethernet g24

  switchport trunk allowed vlan add 2

  output

  serial interface ethernet g(3-4)

  switchport vlan trunk native 3

  output

  interface ethernet g24

  switchport trunk allowed vlan add 3

  output

  If you still have questions, here's what URL to the Small Business Support Center contact, perhaps a new set of eyes can spot the problem.

  http://www.Cisco.com/en/us/support/tsd_cisco_small_business_support_center_contacts.html

  Best regards, Dave

• Limit the number of Port VLAN UCS

  Hi, Cisco:

  Is it possible to INCREASE the limit of the number of Port VLAN of 6000 by FInterconnect 1.4(2b) running?

  Imagine I have 4 and selected VLAN 10 vNIC by Profile Service and 2 vHBA.

  So in this case, how many local network VIRTUAL ports will be used? It's 60 or 40? Assuming that it is 60, he the man I CAN ONLY HAVE 100 Service profiles?

  I was wondering WHY is the VLAN Port count limit so low? What about the other fabric and HOW it contributes to the limit of the number of Port VLAN?

  Please notify.

  Really appreciate it as we roll and unroll UCS mass.

  RIL

  Yes makes sense.  The golden rule in access to resources is only allow what you need, not just what is available.

  See you soon,.

  Robert

• config.defaultPortConfig.vlan.vlanId returns 0

  [Entries]

  DVSwitch ofType VC:VmwareDistributedVirtualSwitch

  The code below always returns 0 for the vlanId.

  Any thoughts on why?
  Is there another way to retrieve the vlanId for a DVPortGroup?

  for(i in DVSwitch.portgroup)
  {
        System.debug(DVSwitch.portgroup[i].name);
    
       if(DVSwitch.portgroup[i].config.defaultPortConfig.vlan instanceof VcVmwareDistributedVirtualSwitchVlanIdSpec){
              var vlanId = DVSwitch.portgroup[i].config.defaultPortConfig.vlan.vlanId;
              System.debug(vlanId);
       }
  }
  

  This problem was known and should be solved in the new version of the vCO. The solution is to disable the use of the Service inventory by vCO:

  See this post for more details: cannot get the ability or the value in space with vCO vCenter plug-in 5.5.1

• Configure access ssh_key based switch MXL. Not "based on the host."

  I have read the documentation and cannot get to a cohesive whole procedure in order to get the simple key-based authentication to work.

  The docs separate this task in a wide variety of measures in order to activate authentication "host-based", but I don't want to.  I use two laptops and 2 different offices in various locations.  "Host-based" is not going to work for me.  I need an authentication of purely "function key".  You need an example of what involved specific steps and the order to execute them.  I find that this process is pretty simple on the HP based including the new Arubas switches.  But this MXL documentation is difficult to decipher.

  It seems as it is a one-at-a-time operation, but it is more advanced and allows you to better separate, and so I'm happy with it so far.

  1. create the user with administrator privileges
  SN - MXL (conf) "JUtilisateur" somepass privilège 15 password #username

  2 enable authentication rsa
  SN - MXL (conf) ssh rsa authentication #ip activate

  3. copy your public key in the MXL (pull)
  SN - MXL #copy scp: flash:
  Address or name of the host remote []: 172.16.11.10
  Port number of the server [22]:
  Source file name []:.ssh/juser_rsa.pub
  User name to host remote login: "JUtilisateur"
  Password to the remote to connect host:
  The destination [juser_rsa.pub] file name:
  !!
  403 bytes copied successfully

  4. now log in as user, and run:
  SN - MXL #ip ssh juser_rsa.pub my authorized key of rsa authentication
  RSA keys added to the list of authorized Keys user.
  Delete the juser_rsa.pub file: (yes/no)? Yes

  5. I had to create the file ~.ssh/config with the following statement:

  host mxl
  Host name 172.16.11.1
  The user juser
  IdentityFile ~/.ssh/juser_rsa

  This means that the PRIVATE key is referenced.  Note: Make sure that your config file is has 644 permissions.

  6 test

  $ ssh mxl

  The option of SupportAssist EULA acceptance has not been selected. SupportAssist
  can be activated once the EULA of SupportAssist has been accepted. Use of the:
  command "Activate support-assist" to accept the EULA and activate SupportAssist.

  MON-MXL #.

  And I am.  Either way, I want to get rid of that little nag, as this MXL stack is not in a country supported by DELL.  Anyone know how to remove the horse?

• This should be easy but... VLANS and switches

  I have 2 switches Dell 6224 is in Vlan35 and the other is vlan110 - I have an Ethernet cable connecting a switch to another - the port on the vlan 110 arrives but the port on the vlan 35 does not work - I want to access the vlan switch 110 of vlan 35 - what should I add to my config so that it works?

  Thank you very much

  Eric

  When you need two different VLANS to communicate with each other if you have enabled an L3 device on the network to perform routing. Your 6224 ToR may already setup for VIRTUAL LAN routing. In the config, it will have the command # ip Routing. Then the switch should just an IP address for each VIRTUAL local area network, and can then route between the VLANS.

  Example of possible configuration:

  6224 ToR

  VLAN 1 = 192.168.1.1
  VLAN 35 = 192.168.35.1
  VLAN 110 = 192.168.110.1
  # ip Routing
  # int port-channel 1
  switchport mode trunk #.
  # permit switchport trunk vlan add 35 110

  6220

  VLAN 1 = 192.168.1.2
  VLAN 35 only = no IP address
  VLAN 110 no = no IP address

  port-channel int # 1 (connection to ToR 6224)
  switchport mode trunk #.
  # permit switchport trunk vlan add 35 110

  port-channel int # 2 (connection iSCSI 6224)
  switchport mode access #.
  # switchport access vlan 110

  iSCSI 6224

  VLAN 1 = 192.168.1.3
  VLAN 35 only = no IP address
  VLAN 110 no = no IP address

  port-channel int # 1 (connection to 6220)
  switchport mode access #.
  # switchport access vlan 110

  You can also try to continue in the way of the use of the static routes for everything, I don't know how this will work.

• 1252 config several VLAN trunking on ethernet not

  Hi all I am new to these forums, but have read some posts on configurations for an AP from 1252 to switch 2950.

  I have several VLANS andmultiple SSID configuration on my ap.  The switch knows the VLANS on the access point

  I think that in the config.

  When I put the 2950 in trunk mode on the port, the ap is conencted too, I can see no longer the access point. And none of my ssid / VLAN traffic through the stem net ether to the switch.  I think I have a problem with the config of the ap specifically either in the British Virgin Islands (do not understand this virtual port) or in bridge groups. (Never worked with foredeck groups.)

  The AP is in stand-alone mode.

  Here is my config on the side of the ap.

  interface Dot11Radio0

  no ip address

  no ip route cache

  !

  the cipher mode vlan 300 encryption tkip aes - ccm

  !

  broadcasting-key vlan 300 change 600 members-notice change in capacity

  !

  !

  SSID 101

  !

  SSID 300

  !

  countermeasure tkip duration of maintaining 120

  gain of antenna 0

  Base-1 speed, 0 2.0 5.5 11.0 6.0 12.0 9.0 18.0 24.0 36.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

  root of station-role

  Bridge-Group 1

  Bridge-Group 1 block-unknown-source

  No source of bridge-Group 1-learning

  unicast bridge-Group 1-floods

  Bridge-Group 1 covering-disabled people

  !

  interface Dot11Radio0.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  100 block-unknown-source bridge-group

  No source of bridge-group 100-learning

  No bridge group 100 unicast-flooding

  Bridge-group 100 covering people with reduced mobility

  !

  interface Dot11Radio0.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  Bridge-group subscriber-loop-control 255

  Bridge-group 255 block-unknown-source

  No source of bridge-group 255-learning

  No bridge group 255 unicast-flooding

  Bridge-group 255 covering people with reduced mobility

  !

  interface Dot11Radio1

  no ip address

  no ip route cache

  !

  the cipher mode vlan 300 encryption tkip aes - ccm

  !

  broadcasting-key vlan 300 change 600 members-notice change in capacity

  !

  !

  SSID 101

  !

  SSID 300

  !

  countermeasure tkip duration of maintaining 120

  gain of antenna 0

  DFS block 3 Strip

  Speed - Basic6.0 9.0 12.0 18.0 36.0 24.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

  channel SFR

  root of station-role

  !

  interface Dot11Radio1.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  100 block-unknown-source bridge-group

  No source of bridge-group 100-learning

  No bridge group 100 unicast-flooding

  !

  interface Dot11Radio1.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  Bridge-group subscriber-loop-control 255

  Bridge-group 255 block-unknown-source

  No source of bridge-group 255-learning

  No bridge group 255 unicast-flooding

  Bridge-group 255 covering people with reduced mobility

  !

  interface GigabitEthernet0

  no ip address

  no ip route cache

  automatic duplex

  automatic speed

  !

  interface GigabitEthernet0.51

  51 native encapsulation dot1Q

  no ip route cache

  Bridge-Group 1

  No source of bridge-Group 1-learning

  Bridge-Group 1 covering-disabled people

  !

  interface GigabitEthernet0.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  No source of bridge-group 100-learning

  Bridge-group 100 covering people with reduced mobility

  !

  interface GigabitEthernet0.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  No source of bridge-group 255-learning

  Bridge-group 255 covering people with reduced mobility

  !

  interface BVI1

  IP 10.131.10.70 255.255.255.0

  no ip route cache

  !

  51 of VLAN is what I'm trying to trunk more.  VLAN 100 is my networks vlan normal almost everything at the moment.  And my attempt to secure traffic wireless to a new vlan Vlan 300 more course on my local network.

  VLAN 51 has no ip address range

  IP VLAN 100 range is 10.131.10.0

  10.131.11.0 between 300 VLAN

  The routing goes to my switch 3750 core / router, but the access point is conencted to a 2950 namely shared resources to my layer distribution on a stack of 2975.  Once again the vlan 300 works on the 2975 stack and will pull dhcp if it is enabled.  Have not tried this on the 2950 yet, but I suspect it will also work based on the setting of the trunk on the s950 battery of 2975.

  In any case, I want to be able to do is have multiple VLANs configured on the AP (from most secure to least guarantee based on the capabilities of the equipment) and that traffic vlan tag go to my 3750 possibly for other guidelines.

  Here, any help would be greatly appreciated.

  Thank you for taking the time to read this.

  Sincerely,

  Kevin Pulford

  Systems administrator

  Harmon city, Inc.

  Yes, remove the vlan 51 can tell vlan 100 is the native, and there will be a link to bridge - Group 1.  Then change the switch port to vlan 100 native.  You should then be able to reach the access point via telnet/GUI.

  orders will be:

  config t

  No int dot11radio0.51

  No int dot11radio1.51

  No int g0.51

  int dot11radio0.100

  100 native encapsulation dot1q

  int dot11radio1.100

  100 native encapsulation dot1q

  int g0.100

  encapsulation dot1q 100 natively.

  To be sure, save reboot and wr mem.

• 5524 - jumbo Frames - entire unit or only to certain ports / vlan

  Hello

  is - anyone idea, if possible to use frames only for ports specific it s?

  After enable JumboFrames, it will create a problem of common computers network traffic? I intended to create a VIRTUAL LAN to connect to the storage and r.620 (under XenServers).

  * We plan to use this unit to connect a Dell Power Vault MD3200i volumes as iSCSI offering.

  * According to our (ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-5524_User%27s%20Guide_en-us.pdf ) switch mannual: "Activation iSCSI automatically enables Jumbo frames and allows the control of flow on all interfaces.

  Allowing the frames on the switch will allow the frames extended on all interfaces. I don't see a way on this option to activate the frames extended on a specific interface or VLAN. Allowing the Jumbo will not create any problem with common computer network traffic. If this switch is connected to another switch, it's a good idea to have some Jumbo frames enabled on the interface of switches connection also.

  Here is a white paper with some info good iSCSI.

  www.dell.com/.../Dell_EqualLogic_%20iSCSI_Optimization_for_Dell_Power_onnect_%20Switches.pdf

  See you soon

• Uplink port VLAN

  Hello:

  I'm lost

  I know not if you have for example two uplink ports that belong to the same vlan, and two or more NICs for asociated to this VLAN, pinning happen dynamically

  I don't know how to set up a VLAN and assign it to a vNIC

  But I can't found how to link the uplink port to the VLAN in the UCS Manager

  Can someone help me please

  Thanks in advance

  Al

  Al,

  In the end-host mode for ethernet, when you set vlan in the UCSM the vlan is automatically assigning / configured on all uplink and port of the server.

  This is a chapter of the Guide to config:

  http://www.Cisco.com/en/us/docs/unified_computing/UCS/SW/GUI/config/Guide/2.0/UCSM_GUI_Configuration_Guide_2_0_chapter15.html

  However, since version 2.0, there is a feature in which you can control or confiure different VLAN on different uplink ports. This feature is characteristic L2-disjoint and here is a URL to configure:

  http://www.Cisco.com/en/us/docs/unified_computing/UCS/SW/GUI/config/Guide/2.0/UCSM_GUI_Configuration_Guide_2_0_chapter21.html

  I hope this helps!

  . / Afonso

• The security design: DMZ ports on internal switch - bad idea?

  Hi all

  I'm looking for a compelling - or he said is not serious - why a customer should not creator of DMZ VLAN on a cat internal-6509.

  Basic topology is a 6509 in a controller area and 2 x ASA - 5510 to active / standby. They finally agreed to start using the DMZ for different services, but because they have no other switch on the domain controller, they are happy to have these DMZ on VLANS separated on the 6509.

  Is this a security risk? (They do NOT use the 6509 as an 'outside' switch so it's something that I guess)

  How the risk can be mitigated?

  How their environments could be compromised?

  Any suggestion is appreciated. Thanks in advance,

  Mike

  I don't see a problem with this setup as:

  (1) External / DMZ is LAYER2 ONLY! Use a safety device to manage all Layer 3 (Firewall, FWSM, etc...)

  (2) you turn off the proxy arp on ALL layer 3 interfaces on the switch.

  (3) you don't give anyone access the switch unless they know what they do (understand the implications of having mixed traffic on the switch)

  (4) configure you a vlan fake, make sure that everyone knows what it is (put a name in it and it document) and make the vlan by default for your switchports.

  (5) you turn off the trunk negotiation (all ports must be configured "switchport mode trunk" or switchport mode access and also "switchport nonegotiate". If you use 802. 1 q (or isl - ugh), explicitly set the VLANs that are allowed to pass "trunk allowed vlan switchport x, y.

  (6) use VTP transparent and not trunk VLAN external to other switches, unless you know what you're doing.

  The most important is probably #3. A layer interface moved 3 or IVR and game over, you filled just Internet to your internal network. I can't emphasize enough that, if this is possible and safe if done correctly, it is VERY dangerous if you don't know what you're doing. Some consider too high of a risk to take and to believe in the physical separation to eliminate the risk. I agree, however, I understand that not all of us can afford to purchase several 6500 s.

  Another thing to consider, did you think to use VRF-Lite?

• Port of the switch for LAP

  Hello

  I have a potentially ridiculous question.

  I work with a WLC 5508.

  He'll be there 2 separate WLAN on their own VIRTUAL local area network.

  The WLC connects to the Southwest over a trunk link, which seems logical.

  However, ym question lies in the connection with the TOWER to the switch... should be a trunk as well?  If each SSID is on a VLAN respective, then TURN to pass wouldn't be a trunk as well?  Example: I have my tricks on vlan 9 (192.168.9.0/24) and I want my personal WLAN on VLAN 6 (192.168.6.0/24) and I want that my guest WLAN on vVLAN 8 (can you guess the IP address?)

  I read that the link between the KNEES and the SW needs to be an access port (so it would ' Switchport access vlan 9 "on the port which connects the LAP... but how would the traffic / VLAN 6 and 8, considered then?)

  FYI - DHCP for all devices (APs and hosts for each WLAN) is going to be the closest crossing the WLC, the DHCP for the APs will opt 43 defined pool so that APs can find the WLC...

  I'm getting confused about how the traffic is separated, can someone enlighten me?

  I still have to set up the JUMP with IAS and other, buit I must get DHCP and WLC communications up to b4, I even worry about security...

  However, ym question lies in the connection to the LAP to the switch...does that need to be a trunk as well?
  

  No. an access port.

• The Port of the switch to ESX host configuration

  I have a switch that connects to a physical server used in

  virtualization.  This means that virtual machines with IP addresses on

  several subnets will send layer 2 frames to this switch.

  However, in an attempt to reduce the number of network adapters on the server

  It is.   If there is only one card NETWORK in this physics

  Server connected to a physical switch port - it is possible to

  with a port on the handful of physical switch frames that come

  all virtual machines running on the physical server - when these VMs have IPs

  different subnets?  Or each separate subnet property intellectual logic requires a

  switch port separated to manage its images and its own on physical NETWORK card

  the server used for virtualization?

  Thanks for your comments

  Yes, you need to configure the physical switch port as a trunk and then configure the VLAN tagging on your Exchange Configuration-> Networking.

  If you have found this helpful at all prices please points using the correct or useful!  Thank you!

• Switch MXL blade 10/40GbE - what is the latest firmware, and where I can get it?

  Hi guys,.

  I logged into the site to support Force 10 today and found virtually useless.  Where can I get my support, documents and firmware for my MXL going on these days?

  The number is actually: 800-945-3355 for Force10.

  Apparently my sales guy forgot to add that switches M-Sereis to my Force10 load site profile.  It's a shame because it's been over a year since I bought the 2nd battery of them and he never even he added the first time.  If the support guys, that I just talked can not do the job, I'll have to track down this sales guy and her dog by doing this.