SG300-20 - configure DHCP on the interface VLAN

I have read the different partners of the discussions on the SG300 and SG500 going on regarding the high setting of VLAN and DHCP on VIRTUAL networks.  For some reason, I could not get even this simple task to work.

First thing I did was update my version firmware and boot as follows:

SW version 1.3.7.18 (date of 12 January 2014 time 18:02:59)

Start the 1.3.5.06 version (dated 21 July 2013 times 15:12:10)

HW version V02

When I rebooted the SG300 after the SW/Boot updates the boot configuration has been crushed and I had to configure my switch from scratch.  The intention is to have two VIRTUAL networks:

VLAN 1: all the devices, servers, etc.

VLAN 2: subnet basis which distributes DHCP addresses

The SG300-20 is connected to a router Asus RT-AC66U on the 192.168.1.x subnet and provides access to the internal network and WiFi access (IP address of the router is 192.168.1.1 and the default gateway).  Everything works without any problem.  So my task is simply to create 2 VLANS on 192.168.2.x subnet and use DHCP to assign addresses.  I spent many hours on it and I still can't get it to work.  When I connect a laptop to the port (GI8) assigned to 2 VLANS, I end up finding a few wobbly 169.254.x.x address.  I definitely thought something would not 'easy' that hard to set up, but apparently I was wrong.

The SG300 is running in mode L3 as shown in my running-config below.

Someone gets to see something which could prevent my client from the laptop to receive the interface VLAN 2 DHCP IP addresses that are not on the 192.168.2.x subnet?

Any ideas / suggestions would be greatly appreciated!

Here's my running-config:

config-file-header
MYSTICSW1
v1.3.7.18 / R750_NIK_1_35_647_358
CLI v1.0
router adjustment system mode

SSD of encrypted file indicator
@
SSD-control-start
config of SSD
control of password file unrestricted SSD
no control of the integrity of the file ssd
SSD-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
database of VLAN
VLAN 2
output
Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
Add a voice vlan Yes-table 00036 b Cisco_phone___
Add a voice vlan Yes-table 00096e Avaya___
Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
Add a voice vlan Yes-table 00d01e Pingtel_phone___
VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
Add a voice vlan Yes-table 00e0bb 3Com_phone___
Hello interface range vlan 1
hostname MYSTICSW1
host 192.168.1.15 record
logging source hostname id
username privilege 15 b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 encrypted password cisco
location of the SNMP-Server Office
clock timezone ""-5
DST Web recurring U.S. clock.
clock source sntp
unicast SNTP client enable
unicast SNTP client survey
survey of 192.168.1.10 SNTP server
!
interface vlan 1
IP 192.168.1.254 255.255.255.0
no ip address dhcp
!
interface vlan 2
name MysticWAN
192.168.2.254 IP address 255.255.255.0
!
interface gigabitethernet8
switchport mode access
switchport access vlan 2
!
output
Default IP gateway 192.168.1.1

Thanks in advance!

Clint Lambert

Clint, please see this post

https://supportforums.Cisco.com/message/4178990#4178990

-Tom
Please mark replied messages useful
http://blogs.Cisco.com/smallbusiness/

Tags: Cisco Support

Similar Questions

  • The interface VLAN ACL of inbound traffic?

    Hi, I may be over thinking this, but I have an ACL that is applied when entering an interface vlan. I have a line to allow udp any any newspaper which is temporary. I see hits, but the source ip address is outside the network to the ip address of the destination interface vlan. I expect to see ip source addresses only in the range of ip addresses of 192.168.1.128/25. What do you think? Thank you

    Interface vlan 100

    IP 192.168.1.132 255.255.255.128

    IP access-group ACL_IN in

    Hit of the ACL

    % S: SW1-6-IPACCESSLOGP: list of the allowed ACL_IN 192.168.6.100 (137) udp-> 192.168.1.132 (137), 1 packet

    Hello

    That looks like to me WINS navigation, a response packet.

    And as MS navigation works at level 2, it sends a response to the IP of the router where he sees demand for travel coming - maybe your customers have a configured WINS server address?

    Do not forget
    allow udp any any newspaper

    will match ANY ip src, not only your local subnet and is why your journal entries show the traffic in both directions.

    Rgds

    Ian

  • F10 4820 t - pulsations on the interface vlan

    Hello everyone

    Using Force10 S4820T on 9.6

    Rate limits can be applied to the physical interfaces only? and if yes how can I do to fix a speed limit on an interface vlan? Policy-map?

    Thanks in advance

    Based on the information contained in the user guide, it seems that it cannot apply to the physical interface.

    Page 739:

    http://bit.LY/1IRtdlU

  • Assign IP address to the Interface VLAN of Web Admin?

    It is a simple question, I can't find can in the web config page to assign an IP to an interface vlan.

    Example: I create a vlan 40 and assign ip 192.168.40.254/24 to it, I can accomplish this with the CLI with 'config; interface vlan 40; "192.168.40.254 IP address 255.255.255.0" but it does not seem to exist in the web interface!

    Thank you
    Scott


  • Lockout Ganymede, define the interface VLAN bad

    Hello

    In the middle of application and test the new configs GANYMEDE, I put the t 'GANYMEDE SOURCE INTERFACE IP' to the VLAN evil. My mistake and fortunately, I tested on a switch that is not really used. So I tell myself no case submission, I'll disconnect the trunk and move the console with the user name, with my understanding that if no RADIUS server is available, the local user name would be used. Well the name of username/password combo is not correct or the theory of "not being able to communicate with radius server, so use the local username" is not correct.

    Anyway, anyone have any ideas? Perhaps a password recovery can change the username password and fix VLAN?

    Thanks for your help...

    Hello

    If you are not able to access the switch, simply do a recovery of password for the switch. you would be able to access the switch and change the configuration.

    It is based on the orders of AAA configuration for authentication if you gave Ganymede then local authentication if the aaa is not accessible...

    Thank you

    Please rate if useful...

  • Interface VLAN SG300-28 Firmware 1.3.7.18

    Hello

    I just my SG300 to update the last firrmware 1.3.7.1.8 and I met this problem:

    -By default, the interface VLAN has been activated, but the display is always disabled

    -I can not change and I can not ping to the VLAN IP interface as well (I gave an IP 192.168.10.1)

    Is this a bug? Does anyone know how to fix this? Please help me!

    Appreciate your help

    Minh

    minh06,

    You upgrade the startup code for Sx300_FW_Boot_1.3.5.58 ?

    -Marty

  • SG300/SG500 remove interface vlan

    Hello!

    The question is the following:

    I add a VLAN interface to test IP connectivity to this vlan by adding an IP address for this interface vlan and ping on a host.

    for example
    interface vlan 5
    192.168.0.251 IP address 255.255.255.0

    Then I can remove the ip address "without ip address', but I can't delete the ' interface vlan 5".»

    Even when I delete the vlan itself of the database for vlan. There is no command "no interface vlan. I can only stop the interface vlan.

    If anyone knows how to remove the interface vlan switches SG300/SG500 cli.

    Thanks, Woeger

    Hello

    I tried just that with my switch from laboratory here.

    I created VLAN 10 and he has given an IP address.

    Then I did a no ip address on the interface VLAN and then not a vlan 10.

    At this stage there is no interface THAT VLAN 10 in my config running or when I do a show ip interface.

    So remove the VLAN has done actually remove the interface for me, brings me to my question.

    What version of the bootcode/firmware do you currently use?  Maybe this problem has been fixed, because I am running 1.3.7.18 firmware with 1.3.7.01 code to boot.

    If you are on a low moving forward and put to date, don't forget to upgrade the boot thus code, it is necessary for new versions of firmware.

    Hope that help, but if not just let me know and we can take another look,

    Christopher Ebert - Advanced Network Support Engineer

    Cisco Small Business Support Center

    * Please note the useful messages *.

  • ASA 5540 - cannot ping inside the interface

    Hi all. We have recently upgraded PIX to ASA5540 and we saw a strange thing going. In a Word, we can ping the inside interface of the ASA from any beach on our 6500 network (which is connected directly behind the ASA on the inside), but one where our monitoring tools are placed. Inside there is an ACL that allows all of our core networks, but it does not help that the interface is really strange.

    In the ASDM, I see messages like this:

    ID ICMP echo request: 2004 x.x.x.x y.y.y.y on the inside interface to. I don't think that's the problem, but I could be wrong.

    This is also the configuration of the interface VLAN VIRTUAL local area network from which we cannot ping inside the interface we can ping to and since this VLAN and machines without problem. The only problem is ping the inside interface of the ASA.

    interface Vlanx

    IP x.x.x.x 255.255.255.0

    IP broadcast directed to 199

    IP accounting output-packets

    IP pim sparse - dense mode

    route IP cache flow

    load-interval 30

    Has anyone experiences the problem like this before? Thanks in advance for any help.

    Can you post the output of the following on the ASA:-

    display the route

    And the output of your base layer diverter: -.

    show ip route<>

    HTH >

  • Using DHCP from the server, no VMware

    I put in place 2003 server, DNS and DHCP on my first virtual machine.  I want my second virtual machine (windows xp) to get its IP address from the first machine, through DHCP.  Ive read the manual, but I'm just simply do not understand how VMware's DHCP and the network mapping.  Its a bit much to wrap around my head.  Can someone point me in the right direction here?

    How can I know which machines are using what VMnets?  Expected each machine use bridged connection?

    Thanks for any help

    If you bridge then the guests need to have unique IP addresses on the same subnet as the NETWORK card on the host on which they are bridged to. There shouldn't be any provided VMware DHCP on the interface that is connected by a bridge, only NAT and host-only. If you want Internet connectivity, so you can use bridged or NAT. shouldn't have problem with bridged and have your own DHCP server - works fine for me without any special configuration. If you do an "ipconfig/all" in the comments, where it becomes an IP address? Note that your DHCP server is obviously going to have to have a fixed IP address in the range of 192.168.1.x.

    ---

    If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.

  • Cannot connect the switch Cisco Cisco SG300 - 28 p spend and traffic through VLANS

    Try to connect the Cisco SG300 - 28 p switch to another switch and proceed 2 VLANS between them.  Not doing any circuit.  If I connect a computer to the port on the SG300 - 28 p I can access the VLAN 2 and take a DHCP address. However, when I connect to another switch on the port and connect it to a port on another switch secondary I am unable to access VLAN 2 and pull an IP address.  I checked that the works of secondary switch (WS-C3560G-48PS-S) connected to the other 3500 s, but not this latest SG300 - 28 p.  Here's the configuration for both, I'm leaving areas that shouldn't matter and add if necessary.  Try to connect the SG300 - 28 p Port 26-WS-C3560 Port 1 port.  Once again, if I connect a computer to port 26 on the SG300 - 28 p I access the VLAN 2 as expected, but not when I connect to channel 2 on the secondary switch.

    Cisco SG300 - 28 p

    !
    interface vlan 1
    Internet name
    !
    interface vlan 2
    LAN name
    IP 172.20.5.11 255.255.0.0
    no ip address dhcp (this is the VLAN I'm moving)
    !
    interface vlan 3
    private name
    !
    interface vlan 4
    name of Nortel
    !
    interface vlan 101
    name Video_Project
    !
    interface gigabitethernet26
    Description VLAN2-ACCESS-CISCO3500
    switchport mode access
    switchport access vlan 2 (this goes to port 1 on the other Cisco 3500 switch to provide access 2 VLAN)

    Cisco 3500

    !
    interface Vlan1
    NATCO Internet description
    no ip address
    no ip route cache
    no ip mroute-cache
    !
    interface Vlan2
    NATCO LAN description
    IP 172.20.5.13 255.255.0.0
    no ip route cache
    no ip mroute-cache (this is the VLAN I'm moving)

    !
    interface Vlan3
    Description LHPrivate
    no ip address
    no ip route cache
    no ip mroute-cache
    !
    interface GigabitEthernet0/1
    switchport access vlan 2 (this is the port that I connect to the SG300 - 28 p)

    !
    interface GigabitEthernet0/2
    switchport access vlan 2 (this is the port I hang my computer to and trying to access VLAN 2 other switch)

    Hello

    Yes, STP is the problem here. As you can see on your release of the Cisco 3500 switch, port Gi0/1 is BKN (The FEW is a shortened form of "Broken").

    This is caused by an incompatibility of versions PLEASE used between the two switches. Small businesses (including series SG300) switches are use legacy STP or Rapid STP (your case), but uses templates to business (such as catalyst 3500) PVST + (each VLAN spanning tree version of STP).

    Two versions between group of switches are compatible only under certain conditions. Important condition is that the two switchports needs to use a VLAN 1, vlan access/native and not any other number VLAN.

    It is to make your communication work, you must:

    • disable the STP at least 3500 Cisco switch:

      • on overall global (Switch (config) # no vlan spanning tree 2)
      • or by the base interface (switch(config-if) # no vlan spanning tree 2)
    • change the configuration of your connection between two switches by following the path:
      • change the switchport trunk (trunk switchport mode) mode
      • do 1 VLAN as native vlan (vlan switchport trunk native 1)
      • Towing VLAN 2 as vlan tagged on that Stump (switchport trunk allow vlan add 2)
  • SG300-10 - Configuration of DHCP MAC based reservations

    Hi all!

    I have the SG300-10 for my home network, and I have the installer except static bookings via DHCP

    exactly how you re ones?  I have several things set up for the port-forwarding, which requires static IP addresses.  I've already configured with points of departure to leave me the room for bookings of several that I need pools, but I don't want to make a mistake and suddenly something upward.

    Here is my config, what commands can I use to add those?  I want several in the VLAN from 10 to 200.  1 for each of my wireless devices where I know the Mac and also for my vlan 200 for my devices wired.

    v1.3.5.58 / R750_NIK_1_35_647_358

    CLI v1.0

    set system mode router

    file SSD indicator encrypted

    @

    ssd-control-start

    ssd config

    ssd file passphrase control unrestricted

    no ssd file integrity control

    ssd-control-end

    !

    no cdp run

    spanning-tree mode mst

    vlan database

    default-vlan vlan 99

    exit

    vlan database

    vlan 1,10,200

    exit

    voice vlan oui-table add 0001e3 Siemens_AG_phone________

    voice vlan oui-table add 00036b Cisco_phone_____________

    voice vlan oui-table add 00096e Avaya___________________

    voice vlan oui-table add 000fe2 H3C_Aolynk______________

    voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

    voice vlan oui-table add 00d01e Pingtel_phone___________

    voice vlan oui-table add 00e075 Polycom/Veritel_phone___

    voice vlan oui-table add 00e0bb 3Com_phone______________

    no lldp run

    ip dhcp server

    ip dhcp pool network User_200

    address low 10.5.10.10 high 10.5.10.220 255.255.255.0

    default-router 10.5.10.1

    dns-server 68.105.28.12 68.105.29.12 68.105.28.11

    exit

    ip dhcp pool network Wireless_10

    address low 10.5.11.10 high 10.5.11.15 255.255.255.0

    default-router 10.5.11.1

    dns-server 8.8.8.8 8.8.4.4

    exit

    no bonjour enable

    bonjour interface range vlan 1

    ip access-list extended U_Wireless_10

    permit ip 10.5.10.0 0.0.0.255 10.5.10.1 0.0.0.255

    permit ip 10.5.10.0 0.0.0.255 10.5.5.2 0.0.0.0

    deny ip 10.5.10.0 0.0.0.255 10.0.0.0 0.255.255.255

    deny ip 10.5.10.0 0.0.0.255 172.16.0.0 0.15.255.255

    deny ip 10.5.10.0 0.0.0.255 192.168.0.0 0.0.255.255

    permit ip any any

    exit

    hostname WesleyNetS1

    management access-list Management

    permit

    exit

    Here's the Info for verification:

    [quote]

    Show worm

    SW version 1.3.5.58 (date October 10, 2013 time 17:15:41)

    Start the 1.3.5.06 version (dated 21 July 2013 times 15:12:10)

    HW version V02

    dir

    Directory of flash:

    Size data Flash size of the name changed file Permission

    ------------------- ---------- ---------- --------- -----------------------

    backup-config rw 131040 13162 November 25, 2013 21:55:24

    backuplo rw 327600 26 10 October 2013 17:16:01

    dhcpdb.sys r-65520-10-Oct-2013 17:18:12

    dhcpsn.prv - 65520 - 2 may 2013 14:55:10

    directry.prv - 65520 - 2 may 2013 14:55:10

    image-1 rw 6976867 6976867 November 25, 2013 21:15:32

    image-2 rw 6976867 6976867 November 25, 2013 21:26:41

    mirror-config 131040 4351 22 - Sep - 2013 rw 06:52:13

    startup-config rw 262080 15333 25 November 2013 22:42:55

    syslog1.sys r-65520-12-Nov-2011 23:34:37

    syslog2.sys r-65520-12-Nov-2011 23:34:37

    Total Flash size: 16252928 bytes

    Free flash size: 1119834 bytes

    [/ quote]

    Hi Wesley, I think for the static host, you must configure all of the options. option respectively 3 and 6 option for the default router and dns.

    -Tom
    Please mark replied messages useful

  • The proSafe (JGS524E + GS116E) Switches: Configuration Management Web GUI in VLAN specific

    Hello

    I use a JGS524E and a GS116E. The two are connected via a 802. 1 q uplink with all defined VLANS in him.

    A 802. 1 q other interfaces goes to a pfsense firewall, which serves as a router and dhcp server for each VLAN that I use.

    How can I configure the switches plug are in one VLAN specific and get his IP address of the dhcp server in this VLAN?

    At present, it seems to be random access: it is not predictable that range from intellectual property, it takes its IP configuration via dhcp...

    How management function works internally?

    Thank you

    Markus

    Hello

    Thank you. I tried it out, but the behavior seems to be a little different:

    I configured a static IP address for the switch (10.1.0.13 / 24). I have access to the switch web gui via the ip address of the host of a host directly connected (connected via a trunk port, where I put 1 VLAN on the trunk), but it is all the same, what VLAN that I use:

    When it is connected to the VLAN 1 I have access, but also through 10 VLANS, VLAN 20 and so forth (assumed, I configure my computer appropriate staticly in the IP network, for example 10.1.0.20 / 24). So it seems not be limited only to the VLAN 1. You have access to each vlan, only the IP configuration must be in the same network.

    I'm not sure, how it behaves when cascading the two switches, I have not tried.

    If this information can be useful for other users with the same question about this switching product line.

    For me, this behavior is not very well implemented from my point of view. For security reasons, you must limit access to the administration, for example by allowing access from a specific hardware port or a vlan. With the effective implementation, centralized management for a cascade topology is not easy to set up, perhaps because the behavior is not very clear and not documented in the manuals.

    Mentioned on the edge: there is no available TLS/SSL encryption when accessing the web gui (not https). So the password is transmitted in clear text... not a very good idea, I think.

    Thanks a lot for your help.

    Best regards

    markusd112

  • All traffic Vlan to the Interface of the Proxy Server

    Hello!

    I need little help to route all the traffic on VLAN to the proxy server.

    I have different VLANS on switches L2 200-26 and by 300-28-L3 for routing.

    I have already created VLANs and able to rout them, but facing problem for routing traffic to the interface proxy for internet access.

    I have different VLAN for example Vlan 10, 10.10.10.0/24 sales, Vlan20 10.10.20.0/24 Marketing. I have trunk between switches interfaces and default 1U is the same on all switches.

    My proxy server has two NICs, one is connected to a dsl modem and other one to the switch port that uses the IP 192.168.0.2 to default vlan1.

    I am able to surf the internet using vlan1 but not on ther VLAN.

    I put the route defaults to the switch of 192.168.0.2, but don't not routing for internet to another VLAN.

    Thank you

    Hello

    To answer your questions:

    1. I have to update the following files?

    https://software.Cisco.com/download/release.html?mdfid=283019617&release...

    Yes, please let me know what firmware and boot code, that you have right now and I'll tell you what is the best way for you to upgrade because you shouldn't go straight to the latest firmware unless you run already 1.3.5.58 or later version.

    2. it supports to 8 dhcp pools. I have swimming pools, but I have more than 8 VLAN. I put all the settings, works very well.

    You are right and I forgot to mention the limitation of only 8 DHCP pools, I'm sorry. That being said, make sure that your current DHCP server uses IP addresses assigned to each VLAN on the switch as the gateway by default for the VLAN respective.

    3 for the Proxy Server, I need to find a way to point back roads of VLAN to vlan mapping static address on the switch. I'm confused in this little piece.

    I understand that this can be confusing, let me see if I can explain it a little better.

    Assuming that everything on the switch is configured according to my recommendations can

    1. you need a single, a route by default on the switch, so that when a PC is connected to one of VLAN on she tries to go online, an unknown IP address to the switch, it will send it to the Ip address of the router, because the proxy server will be able to reach this IP public, unknown to any Web site.

    2 - when the traffic is back to this Web site, it will be intended for another subnet that the proxy server is on. Suppose the answer is looking for 10.10.10.100 (subnet unknown to the proxy server), without a static route on the proxy server it say where to send this traffic, packets are simply deleted.

    3. you need to create as many static routes on the proxy server as the amount of VIRTUAL LANs, you have on your network.

    For now I know that the proxy server is 192.168.0.2 on VLAN 1 but I don't know what the IP address of the switch is on the same VLAN, it should be something on the 192.168.0.x range.

    All journeys should look like this:

    10.10.10.1 255.255.255.0 send 192.168.0.x (IP address of the switch on the VLAN 1)

    10.10.20.1 255.255.255.0 send 192.168.0.x (IP address of the switch on the VLAN 1)

    Alternatively, if all your internal VIRTUAL local networks are on the beach of 10.10.x.x then you should be able to create a single rule to summarize all the VLAN as this:

    10.10.1.1 255.255.0.0 send 192.168.0.x (IP address of the switch on the VLAN 1)

    Please let me know if it was a little clearer.

    Feel free to ask any questions.

  • Catch 22 - Port Trunk Configurations: how to combine identifiers VLAN native with DHCP (but allows traffic of VM)

    Catch 22 - Port Network Configurations: how to combine identifiers VLAN native with DHCP (but allow the virtual computer)

    I came across a Catch 22.  Maybe someone can restore the directly here.  I found a "witch hunt" for sure.

    It comes with the Ports of junction on the side of the switch of the ESX host network.

    Context:

    Ok. The Setup is a HP Blade C7000 enclosure.  I try to configure ports for switching to the blades.  ESX 3.5 U4 will be installed the BL460cs.  Installation is preferred method: revive unattended.  No problem with the syntax of Kick-Start,

    I am here, it's the side network.

    The problem:

    I find a major complication in that the switch ports must be configured for both traffic Service Console and VMkernel, more Virtual Machine since only two NICs by blade. Not best practices, but we have only two switches Cisco 3020 inside.  The two uplink physical NIC is paired in the same vSwitch.  (No iSCSI does fortunately).

    So the Catch 22 question is as follows:

    If the id VLAN native set up on the switch port, DHCP works of course and the VMware boot loader is able to grasp a binary / packets on the network (FTP Site) and install OK.  But after no installation, no communication with SC unless I set the VLAN id of the SC to '0 '.  The value "4" 0 does not communication, but "40" is the VLAN native.

    If id configuring VLAN native retired from the Switch port, DHCP will not work and host does not have IP address during the VMware boot process.  This is as expected as traffic without label is not assigned an eligible

    VLAN, so no comms.

    The Port of the Switch configuration:

    interface GigabitEthernet0/16

    SERVERNAME description

    switchport trunk encapsulation dot1q

    switchport trunk vlan native 40

    switchport trunk allowed vlan 40-254

    switchport mode trunk

    switchport nonegotiate

    Speed 1000

    No cdp enable

    spanning tree portfast trunk

    end

    Summary

    OK, let's summarize where things are and if possible please attach responses to their digital identity.

    (1) is there a way to delete the VLAN tagging altogether side ESX host? Not only the id '0 '. The problem is with clearly with the VLAN native defined as "40".  If "40" IDs specified on the Group of ports for the Service Console, no joy, no comms. If the id of '0' value, capable of ping gateway and communicate on the network.

    (2) what is the problem with the definition of VLAN native as "40" when the config for the switch port is set as VLAN native "40"?  Or if it was a problem?  Both parameters clearly do not work together.

    (3) a switch receiving a unmarked frame it will assign to the VLAN Trunk native. Ok. Trunking bases and why I need a VLAN specified on the port for DHCP native work.  But it seems that since the id VLAN is set manually even as VLAN native, closed communications and no traffic as possible.

    (4) executives made tag 802. 1 q VLAN native?  I think that it is not and this could well be the problem. Since the id VLAN "40" is not labeled, but try to score the side host vSwitch port group.

    Please let me know your thoughts, community and how in general, we are approaching 2 NIC ESX configurations.

    When trunking multiple VLANs, you either have a default VLAN is nothing is tagged, or you don't.  That's what the vlan native to you, it defines which VLAN would be used if no tag is visible on the packets traversing the network.  For servers, if you are marking, then everything has to tag, if you're not marking at the server level, then the port must be either an access port or a VLAN native or default must be set.  I also don't keep your service console the same network as your vm.  Keep this isolated for the security of the network.  If you isolate this VLAN, you can separate and use a single IP address for installation and one for post construction.

    Or, you can provide an IP address during the build.

    -KjB

    VMware vExpert

  • Configuration of the Interface under... Required main line?

    ASA5520: I'm trying to implement a subinterface for my 2 apart from the IPs (we have 2 pipes entering the data center). I just added a configuration with 2 secondary Interfaces because I didn't have enough ports with the help of g0/3 of our Interface failover (active / standby config). I was just wondering if I need to set up a trunk as to allow the communication? I have attached all ports on a switch and tried ping the secondary Interfaces of a server on the same subnet, but I can't ping interfaces. I have not implemented a main line and I was wondering if this would be the reason? I use a Dell 2724 switch so maybe that's the reason why it won't work? I could * really * use to help with this problem because I am at a loss... I added my current config to post so I hope this helps to clarify my situation and the installation program.

    See the ICM-asa01 (config) # executes

    : Saved

    :

    ASA Version 7.0 (4)

    !

    icm-xxxxx host name

    xxxxxxxx.com domain name

    !

    interface GigabitEthernet0/0

    No nameif

    security-level 0

    no ip address

    !

    interface GigabitEthernet0/0.1

    VLAN 10

    nameif Outside1

    security-level 0

    IP address 66.38.x.x 255.255.x.x Eve 66.38.x.x

    !

    interface GigabitEthernet0/0.2

    VLAN 20

    nameif Outside2

    security-level 0

    IP address 64.187.x.x 255.255.x.x Eve 64.187.x.x

    !

    interface GigabitEthernet0/1

    nameif DMZ

    security-level 100

    IP address 255.255.x.x 10.10.x.x ensures 10.10.x.x

    !

    interface GigabitEthernet0/2

    nameif private

    security-level 40

    IP address 255.255.x.x 192.168.x.x ensures 192.168.x.x

    !

    interface GigabitEthernet0/3

    STATE/LAN failover Interface Description

    !

    interface Management0/0

    STATE failover Interface Description

    No nameif

    security-level 100

    IP address 192.168.x.x 255.255.x.x

    !

    passive FTP mode

    clock timezone IS - 5

    clock to summer time EDT recurring

    pager lines 24

    Enable logging

    monitor debug logging

    asdm of logging of information

    MTU 1500 Outside1

    MTU 1500 Outside2

    MTU 1500 DMZ

    MTU 1500 private

    failover

    primary failover lan unit

    local failover FoInt GigabitEthernet0/3 network interface

    failover replication http

    link failover FoInt GigabitEthernet0/3

    failover interface ip FoInt 192.168.x.x 255.255.x.x Eve 192.168.x.x

    the interface of the monitor Outside1

    the interface of the monitor Outside2

    Thank you

    Chris

    Hi Chris,

    When you have created a sub-intf, it will automatically set the physical interface to use the trunk with dot1Q encap. No order of trunk/encap is required compared to spend. The rest must be supported by the switch, for example allowing to what vlan borrow and be associated with the respective subinterface.

    For example, if your Outside2 of Outside1 & is associated with the Vlan 10 and Vlan 20 respectively, the trunk of the switch (with dot1Q encap) must allow to these VLANS to pass through. Other than that, the configured IP subnet will determine how the traffic on the side switch vlan reach vlan firewall-side

    Rgds,

    AK

Maybe you are looking for