Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
1
Replies

MGMT vlan

Go to solution
avilt
Level 3
Level 3

‎06-04-2013 01:02 AM - edited ‎02-21-2020 04:54 AM

I have 2 L2 switches, one in DMZ and one in LAN. I would like to set a single dedicated vlan for these tqo switches. What is the best option?

a) Is it by creating a same vlan on both switches and then connect a cable between DMZ and LAN switch. Configure this port as access port to prevent vlan from DMZ crossing into LAN switch.

b) Is it by defining the port as trunk and define allowed vlan?

c) What is the best option?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
James Leinweber
Level 4
Level 4

‎06-04-2013 08:04 AM

If you are only sharing a single vlan across the switches, you could connect them using access ports.  More commonly you are sharing multiple vlan's, and that requires using 802.1q tags and trunk ports.  On catalyst switches the trunk configuration can look like:

vtp mode transparent

!

vlan internal allocation policy ascending

vlan dot1q tag native

!

vlan 400

name SECURITY_NATIVE

vlan 500

name V500

vlan 501

name V501

vlan 502

name V502

!

interface FastEthernet0/1

description Fa0/1_TRK

switchport trunk encapsulation dot1q

switchport trunk native vlan 400

switchport trunk allowed vlan 1,500-502

switchport mode trunk

switchport nonegotiate

-- Jim Leinweber, WI State Lab of Hygiene

View solution in original post

0 Helpful
1 Reply 1

Go to solution
James Leinweber
Level 4
Level 4

‎06-04-2013 08:04 AM

If you are only sharing a single vlan across the switches, you could connect them using access ports.  More commonly you are sharing multiple vlan's, and that requires using 802.1q tags and trunk ports.  On catalyst switches the trunk configuration can look like:

vtp mode transparent

!

vlan internal allocation policy ascending

vlan dot1q tag native

!

vlan 400

name SECURITY_NATIVE

vlan 500

name V500

vlan 501

name V501

vlan 502

name V502

!

interface FastEthernet0/1

description Fa0/1_TRK

switchport trunk encapsulation dot1q

switchport trunk native vlan 400

switchport trunk allowed vlan 1,500-502

switchport mode trunk

switchport nonegotiate

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card