Switches 2950 with private - vlan

Similar Questions

• 2910al - 48G Switch: problem with the VLAN

  Hi all,

  I write a new message because I don't know what is happening on my SW series 2910al - 48G and v1910 - 48G.

  I put on the main core SW VLAN 610 and I put to this VLAN IP addreess 100.110.10.1 24-bit etc and it worked fine until yesterday. I change only PLEASE and I enebale STP - loop protect for ports in the range 1-52. (now I rolback this settings as was before)

  

  STP configuration

  

  Now, every PC that has for a long time what IP range 100.110.10.1 24-bit works fine, but new PC have problem with to get the new IP address. I tested it add a static and same address does not work.

  Introduced in second v1910 SW - 48 G VLAN as below

  I connect this flexible switch this \port SW 2910 - G 48, 46 (Vlan 610 tag) <>- at v1910-48G\ port 50 SW (Vlan 610 tahgged) other ports on this switch I put not marked.

  Configuration file for sw v1910 - 48G looks to below:

  #
  activate default domain system
  #
  LLDP enable

  #
  domain system
  disable the access limit
  Active state
  Disable Idle-cut
  self-service-url disable

  #
  rstp STP mode
  enable STP
  #
  NULL0 interface
  #
  GigabitEthernet1/0/1 interface
  hybrid type port link
  port hybrid vlan tagged 610 620
  untagged port hybrid vlan 1
  #
  interface GigabitEthernet1/0/2
  access port vlan 610
  #
  interface GigabitEthernet1/0/3
  access port vlan 610
  #
  interface GigabitEthernet1/0/4
  access port vlan 610
  #
  interface GigabitEthernet1/0/5
  access port vlan 610
  #
  interface GigabitEthernet1/0/6
  access port vlan 610
  #
  interface GigabitEthernet1/0/7
  access port vlan 610
  #
  interface GigabitEthernet1/0/8
  access port vlan 610
  #
  interface GigabitEthernet1/0/9
  access port vlan 610
  #
  interface GigabitEthernet1/0/10
  access port vlan 610
  #

  #
  interface GigabitEthernet1/0/49
  hybrid type port link
  port hybrid vlan tagged 610 620
  port hybrid vlan 1 10 untagged
  #
  interface GigabitEthernet1/0/50
  hybrid type port link
  port hybrid vlan tagged 610 620
  port hybrid vlan 1 10 untagged
  #
  interface GigabitEthernet1/0/51
  hybrid type port link
  port hybrid vlan tagged 610 620
  untagged port hybrid vlan 1
  #
  interface GigabitEthernet1/0/52
  hybrid type port link
  port hybrid vlan tagged 610 620
  untagged port hybrid vlan 1

  etc...

  Could you help me when I made a mistake?

  THX

  The problem was that solve this problem.

  I have blocked all ports. It was a problem. I change several settings and everything works well.

• SWITCH Cisco/Linksys SLM224G: Problem with the VLAN

  Hello!

  I'm trying to set up a VLAN in my baskets. I have some knowledge about VLANs, but I still can not configure in my path.

  My situation:

  I have PC that contains two virtual machines, which works as a router between three networks: LAN, WAN, LAN2. It's a bit complicated, but I'll try to draw:

                                                   |-------------||----------------------------|                   |           e1|-to-eth1-VM2-----WAN|VirtualMachine 1        eth0|---trunk-VLAN1&2---|g1         e2|-to-eth0-VM2-----LAN2|eth0=VLAN1 eth1=VLAN2       |                   |           e3|-to-eth0-VM2-----LAN2 etc.|                         PC |                   |   SWITCH  e4||VirtualMachine 2            |                   |           e5|-to-eth1-VM1---wire-to-LAN2|eth0=VLAN3 eth1=VLAN4   eth1|---trunk-VLAN3&4---|g2         e6|-to-eth0-VM1-----LAN1|----------------------------|                   |           e7|-to-eth0-VM1-----LAN1 etc.                                                 |-------------|
  
  gX = Gigabit portseX = 100Mbit portsVMX = Virtual machine numberwire-to = patch-cord connection between ports on the switch
  
  Schema of routing and logical visibility:
  
  LAN1---VM1-----VM2---WAN              |LAN2----------|
  

  Important note is that LAN1 and LAN2 must be separated (visible only through routers). WAN must be visible through VM2 to LAN2 and through by VM1 and VM2 to LAN1. It seems easy, but VLAN that I did on this passage seems doesn't work.

  I do it like this:

  Step 1: Management of VLANS / create a VLAN...

  Creation of VLANS 1, 2, 3, 4 (numbers meters right now - I have now this number 1 is restricted to the switch).

  Step 2: Management of VLAN / Port to VLAN...

  Setting up VLAN1 with ports g1, e5 (the two labelled or not identified?-I have not seen any difference)

  Implementation VLAN2 with ports g1, e6, e7, etc...

  Implementation VLAN3 with ports g2, e2, e3, etc...

  Setting up VLAN4 with g2, e1 ports

  Step 3: Management of VLAN / Port setting...

  Implementation of ports e1 to PVID4 (chassis type = all I guess, but with "capture filter"?)

  Setting up port e2 at PVID3

  Setting up port PVID3 e3

  etc...

  Setting up port e5 for PVID1

  Setting up port e6 at PVID2

  Setting up port e7 for PVID2

  etc...

  Thus, on this configuration and that the switch it does not work for me

  I know that the switch is to see Mac since VLAN which is carried out by PC, because when I arrive in "Admin / dynamic address" I see pimps on the correct ports, with good VLAN ID. So the problem is to transmit a VLAN for their ports, then clear frames of ID and let the packets to go (and return: clear packages, add the VLAN ID and send to their Gigabit ports).

  Show the configuration is one of the many I tried :/ but I think this one is the best.

  Or maybe I don't know VLAN as I think and this scheme is impossible? Please tell me.

  Concerning

  and waiting for any suggestions,

  READ

  Hello.

  These products are processed by the Cisco Small Business Support Community.

  * If my post answered your question, please mark it as "acceptable Solution".

  * Do not forget to give a 'congratulations '. Thank you!

• Issue of private VLAN

  Hello

  I want to configure private VLANs on cisco switch science I write this command (host of the private vlan switchport mode) on the interface automatically interface to go down, please help me

  I'm not sure that the 3560 supports VLAN private dashboard, but it supports the ports protected with "protected" switchport mode

  Here is the guide on this feature.

  http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swtrafc.html#wp1175133

• Cisco ISE 1.3 - Mab authentication with a vlan for each foor

  Hello

  A client wants to implement authentication MAB with a vlan for each floor. I found a solution of Loïc

  I have set up the following:

  -the profile of different authentication with a vlan different.

  -Add the endpoint (printer etc) endpoint identity.

  -create endpoint group identity that end point of recall.

  -create a rule to authorizzation reminding all work and element... in the end.

  Do you know if there is a faster way where another way to solve the problem?

  Thank you all

  Well, mab in some environments, could be replaced by profiling and for rules, rather af with a rule authz for each floor, you can name your VLAN in your eponymous switches to "Printers", in the world, then you would only need an authz rule, where you use the name of the vlan instead of identification number, so no matter where this printer , it will end in the vlan 'Printer', whatever it is in this specific switch.

• Problem with the VLAN routing

  I try to put in place several VLAN on a Cisco 3560 switch. These new segments must be able to communicate with the VLAN 1 and even Internet access. I managed to add the VLAN and have network connectivity between the new VLAN.  However, these VIRTUAL to VLAN1 networks routing was not working properly.  Certainly something is missing or correct in this configuration. It would be much appreciated if someone can shed some light. Thanks in advance.

  Basic IP information:

  • Gateway 10.1.1.2
  • VLAN1: 10.1.1.1/24
  • VLAN2: 10.1.2.1/24
  • VLAN3: 10.1.3.1/24

  What works:

  • Hosts in VLAN 1 can ping the DG and access the internet
  • LAN 2 and 3 communicate with each other.  Hosts in VLAN2 (e.g. 10.1.2.2) can ping hosts in VLAN3 (e.g. 10.1.3.2) on the same switch
  • Hosts in VLAN 2 and 3 can ping to the IP of VLAN1 (10.1.1.1) interface

  What does not work:

  • Hosts in VLAN 2 and 3 cannot ping hosts in VLAN 1 on the same switch, or vice versa.
  • Hosts in VLAN 2 and 3 cannot even ping the DG.

  Yched blocks my post if I understand the config.  I'm sorry that I have to include it as an attachment.

  We have no information on the DG - what it is, how it is configured.  It is likely:

  1. unknown subnet vlan2 and vlan3 ranges.  Therefore can not to return packages for them.

  2. the default gateway for vlan1 customers is 10.1.1.2, so when customers vlan1 are trying to answer to vlan 2, 3, packets is directed to a DG, which probably ONLY has a default route to the Internet.

  3. once it is somehow solved (extra static on DG), Internet for vlan 2.3 will require same NAT rules with respect to the vlan 1.

• The switch SLM224G does support VLAN per port?

  I'm looking for a simple solution create two LAN. One for my own and the other for my clients, who will be able to use the desktop computer with internet access. I only have one internet connection (ADSL over ISDN) and wil not get another just for my clients.

  My own network should not be accessible or visible to users who use the PC clients. The other way around is authorized, but not really necessary. My setup requires me to connect to the switch to the (ISP) router, and the router has a LAN port not able to do anything related to VIRTUAL networks.

  I read on the VLAN port to put here, where it is stated that creating separate LAN is just the ports in VLANS on the switch, nothing else to do... However, they used a NetGear smart switch.

  I checked SLM224G of Cisco because it is affordable, has 24 ports (instead of 8 for the NetGear) and must support of VLAN. I read a lot about VIRTUAL networks, including:

  «- Means the VLAN per port that you can reconfigure the ports to be in different VLANS.» VLAN per port does not confirm the 802. 1 q supported VLANS.

  -802. 1 q VLAN means you can mark the VLANS with 802. 1 q headers to create a trunk between two devices carrying frames for several VLAN. 802 1 q VLAN confirms that there are also supported VLAN per Port. »

  I knew by the sheets that the SLM224G supports 802. 1 q (tagged) trunking. So it should be, given the text above, also supports VLAN per port.

  My question is if it indeed will support VLAN per port?

  I am able to use it directly behind the router of my ISP and create two separate LAN?

  If so, a supplementary question: how are the PC behind the switch (inside the two VLAN) removes the ISP router IP addresses? It will serve only of the two LAN or do I have to install a DHCP server in the other LAN?

  Any information is welcome!

  Thank you.

  Mr. Bertrand,

  
  

  I read what you posted and I don't think the slm224g will do what your configuration you want to.  The reason behind all this, if you have installed 2 VLAN you will need 2 gateways for each network.  Since then just the ISP router and a network.  I'd get a router capable of VLANs and plug it into the router of the Internet service provider and then you can have up to 4 networks behind your router.  The rvs4000 is a router excellent gigabits, which supports up to 4 VLANS.  So if you need additional ports, you can get unmanaged switches and plug it into the router for added ports.

• Cisco ASA5520 facing ISP with private IP address. How to get the IPSec VPN through the internet?

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ;}

  Hello guys,.

  I have Cisco ASA5520 facing the ISP with private IP address. We don't have a router and how to get the IPSec VPN through the internet?

  The question statement not the interface pointing to ISP isn't IP address private and inside as well.

  Firewall configuration:

  Firewall outside interface Gi0 10.0.1.2 > ISP 10.0.1.1 with security-level 0

  Firewall inside the interface Ethernet0 192.168.1.1 > LAN switch 192.168.1.2 with security-level 100

  I have public IP block 199.9.9.1/28

  How can I use the public IP address to create the IPSec VPN tunnel between two sites across the internet?

  can I assign a public IP address on the Gig1 inside the interface with the security level of 100 and how to apply inside to carry on this interface?

  If I configure > firewall inside of the item in gi1 interface ip address 199.9.9.1/28 with security-level 100. How to make a safe lane VPN through this interface on the internet?

  I'm used to the public IP address allocation to the interface outside of the firewall and private inside the interface IP address.

  Please help with configuration examples and advise.

  Thank you

  Eric

  Unfortunately, you can only complete the VPN connection on the interface the VPN connection source, in your case the external interface.

  3 options:

  (1) connect a router in front of the ASA and assign your public ip address to the ASA outside interface.

  OR /.

  (2) If your ISP can perform static translation of 1 to 1, then you can always finish the VPN on the external interface and ask your provider what is the static ip address assigned to your ASA out of the IP (10.0.1.2) - this will launch the VPN of bidirectionally

  OR /.

  (3) If your ISP performs PAT (dynamic NAT), then you can only start the tunnel VPN on the side of the ASA and the other end of the tunnel must be configured to allow VPN LAN-to-LAN dynamics.

• VMotion: A large private VLAN or several small VLAN for each cluster?

  Our production of VMware ESX 3.5 environment begins to develop very quickly and since we have different subnets 1,000001 million (bad network design), but all our esxHost Service Console is on the same subnet for accessibility, it would make sense to have VMotion all the different of the pole on a large local network separate VIRTUAL private or private VLAN?

  We currently have 3 clusters running in our production environment, with each cluster serving a different subnet for connections to data and mgmt VMs.  These 3 groups all are currently 3 separate private LAN of VMotion.

  Over the next month we will add an extra 2 groups serving two different subnets.

  So my question is, how is another to tackle this task?  You create a new VLAN separate private for each cluster (which is what we are doing now)?  Or you have created a large private VLAN for VMotion?  If you have created a large private VLAN, what problems met?  Performance problems?  Networking issues?  Collisions of data?  All esxHost panic?  SMV panic?

  Your comments on your experience would be greatly

  appreciated!

  Hello

  I did have problems with a large network of VMotion. Or with cluster of specific networks of VMotion. Note that with VLAN possible external of attacks using the VLAN is a matter of trust as the VLAN do not guaranttee security.

  Best regards
  Edward L. Haletky
  VMware communities user moderator, VMware vExpert 2009
  ====
  Author of the book ' VMWare ESX Server in the enterprise: planning and securing virtualization servers, Copyright 2008 Pearson Education.
  Blue gears and SearchVMware Pro items - top of page links of security virtualization - Security Virtualization Round Table Podcast

• How can I switch phones with a member of the family without losing the data on a phone?

  How can I switch phones with a member of the family without losing the data on a phone?

  jkatts wrote:

  How can I switch phones with a member of the family without losing the data on a phone?

  Make a backup of each phone to iTunes or iCloud (do not forget to use your Apple ID or personal computer), then do whatever your carrier wants do you to change numbers if that's your intention, then restore these backups on the device of the "other."

• SA520W VPN from Site to Site with several VLANs

  Hello

  I have a customer here with several VLANS in their places who wants to set up a VPN from Site to site between 2 devices SA520W. Unfortunately I can not find a way to set it up. In the VPN policy, I can choose between everything (which is not what I want, I want only traffict between subnets the routed via VPN), IP address unique, a beach (in a subnet) and a subnet itself - but only one. I don't find a way to configure several subnets in the selection of local traffic and remotely. Adding another IKE policy between the 2 sites does not either (which is good normally).

  Any ideas? Anything I'm doing wrong?

  Thank you for your help.

  Best regards

  Thomas

  I know that if you have an ASA or a router, you can define as VLANS to pass through the tunnel.

  Do not have access to a SA520W to test...

  A recommendation might be to post the question on the SMB community where they answered questions related to this product, just to check what other people did.

  Federico.

• Overloading a package with private procedures

  Hi all
  
  Is there a probelem if you overload a package with private procedures?
  In other words if I have two methods named as in a package, of which none is declared in the pacakge specification? It seems that I always overloaded a package with public procedures.
  
  Thanks for any help,
  Bradley

  I can:

  SQL>CREATE OR REPLACE PACKAGE test
    2  AS
    3    PROCEDURE test_public;
    4  END  test;
    5  /
  
  Package created.
  
  Elapsed: 00:00:00.00
  SQL>
  SQL>sho err
  No errors.
  SQL>CREATE OR REPLACE PACKAGE BODY test
    2  AS
    3    PROCEDURE test_private (num IN NUMBER)
    4    IS
    5    BEGIN
    6      DBMS_OUTPUT.PUT_LINE('number: '||TO_CHAR(num));
    7    END test_private;
    8
    9    PROCEDURE test_private (str IN VARCHAR2)
   10    IS
   11    BEGIN
   12      DBMS_OUTPUT.PUT_LINE('string: '||str);
   13    END test_private;
   14
   15    PROCEDURE test_public
   16    IS
   17    BEGIN
   18      NULL;
   19      test_private(1);
   20      test_private('a');
   21    END test_public;
   22  END  test;
   23  /
  
  Package body created.
  
  Elapsed: 00:00:00.01
  SQL>sho err
  No errors.
  SQL>
  SQL>exec test.test_public
  number: 1
  string: a
  
  PL/SQL procedure successfully completed.
  
  Elapsed: 00:00:00.00
  SQL>
  SQL>select * from v$version;
  
  BANNER
  ________________________________________________________________
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
  PL/SQL Release 10.2.0.4.0 - Production
  CORE    10.2.0.4.0      Production
  TNS for Linux IA64: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  
  Elapsed: 00:00:00.04
  SQL>
  

• Connect 2 switches SG200-26 with two VLANS separated

  B "H".

  Well, I'm going to cry uncle and ask the community of cisco to help here... Here's what I'm trying to accomplish.  I have two cabinets in a data center with four available cross connect cables.  I want to put in place two discrepancies between the two switches which will each be a vlan through to the other.   My vlan by default contains all my servers on it (10.0.0.0/8) and my backup vlan (192.168.200.0/24) will only be used for data backups and iscsi traffic.  For the moment, I have a cable connecting the two switches and it works very well for the vlan by default.  When I add a second cable and set it on vlan 200, no matter what I try settings it just does not pass traffic.  I'm sure I'm doing something wrong, stupidly, but well, I never claimed to be a networking expert, that's why I'm here asking for help!

  I have made several attempts to get the second connection works, marked, unmarked, trunk, access, etc.  Can someone be tell me is this the real solution, or point me to the documentation, so I can solve this problem?

  Thanks in advance!

  Hello Yitz'har,

  SG 200 switch does not support EMU, PVST and PVST +. None of the products of small businesses currently support any proprietary protocol which is not IEEE or equivalent. The exception to this idea is COP which was added about 18 months in the LWA 1.1 releases to better integrate voice, onplus solutions and interact with business networks.

  Work that we discussed yetserday in your case is to disable the covering tree generally define the bpdu filtering.

• Help with the VLAN on SG200-18 and two switches SG200-08

  Hello world. My apologies, but I'm only average at best with my CISCO skills. I have simple installation running some network devices connected via 3 CISCO switches. It is small office and two bedrooms - one with the servers and the other with the printer and pc. Each room has 8 ports SG200-08 pass.

  Router / firewall is Sonicwall TZ215 and manages the internal routing between VIRTUAL networks. Each SG200-08 was directly connected to TZ215 (no SG200-18 again) and VLAN worked perfectly. Please see diagram below...

  Problems started when I added in the Center SG200-18 more to handle additional devices. Everything that I'm doing wrong, but I can't do VLAN longer works. Something I won't set up correctly in SG200-18.

  Please help me to Setup VLAN here - tag, unidentified, PVID, trunk... I am completely lost and already had to reset SG200-18 twice.

  My work without port switch 18 Setup was like that.

  SG200-08 (1)
  G1 1 trunk 1U, 100 t
  G2 1 trunk 1U
  G3 1 trunk 1U
  G4 1 trunk 1U
  G5 1 trunk 1U
  G6 1 trunk 1U SERVER3
  G7 trunk 100 100U SERVER1
  G8 trunk 100 100U Server2

  SG200-08 (2)
  G1 1 trunk 1U, 50 t, 200 t
  G2 1 trunk 1U
  G3 1 trunk 1U
  G4 1 trunk 1U PC1A
  G5 1 trunk 1U PC1B
  G6 trunk 50 50U PC2A
  Trunk PC2B 50 50U G7
  NETWORK PRINTER for the 200 trunk 200U G8

  Thank you in advance.

  VLAN.jpg

  

  Hello

  Oh I'm sorry. I understand that you have 3xSG200-08 and 2 of them with the same configuration :-). So no need to use this port for now.

  Kind regards

  Aleksandra

• Help with the VLAN and RVS4000

  I am trying to Setup VLAN on a RVS4000 to share our Internet connection with another office but do not allow access to our network of the other network. We have a BEFSX41 connected to Internet and also connected to our other site via a virtual private network to another BEFSX41. Port 1 on the BEFSX41 connects to Port 1 on an EZXS88W switch.

  The other company has provided the RVS4000 and also provides a WRT54GS router. I want to connect 2 ports on the BEFSX41 to Port 1 on the RVS4000 and 2 ports on the RVS4000 to track 1 on the WRT54GS.

  Port 1 on the RVS4000 is member of the default VLAN1 and Port 2 will be a member of VLAN2.

  Our IP network is 192.168.20.0/24

  BEFSX41 is 192.168.20.1

  The DHCP service is disabled

  The RVS4000 has a static IP address of 192.168.20.254 and is configured as a router

  DHCP is also disabled

  The wireless network is as follows:

  IP network is 192.168.21.0/24

  The address IP of WRT54GS is 192.168.21.254 and is static and also configured as a router.

  I don't know how to actually Setup the VLAN from here and the instructions are not useful. My questions are:

  1 port 1 on the RVS4000 must be safe, with label or Untagged?

  2 If the interval routing disabled?

  3. If so, how do I route between the RVS4000 and WRIGHT so the two networks have access to the Internet, but not to other networks?

  The befsx41 should be one that is connected to the internet so that your final point so that the vpn tunnel work. The wan port on the wrt54g must be connected to the lan of the befsx41 port.

  If your server is located behind the befsx41, you should be able to port forwarding. If your server is located behind the wrt54g you may experience the problem with the redirect because you need to forward ports on both routers and according to me, there are some applications that do not work on double NAT.

  If you want to have access to the internet on both VLAN of the rvs4000, it should work as a router so its internet port must be connected to the port the befsx41 lan.