09-02-2013 11:05 PM - edited 03-04-2019 08:55 PM
Hi,
We are having L2 Vlans on our switch and there is a requirement of assigning multiple VLANs to same physical switch port-Access port. We will be terminating server over this port having multiple applications.
Thanks
05-22-2020 07:39 AM
It is not clear what you are saying about the Sophos. Is its port an access port assigned to vlan 200? Or is it a trunk port with both vlan 1 and 200? Or is this a subinterface, which would indicate that it is a trunk port?
If the Sophos is an access port then you just configure your 3560 with access ports. As long as the 3560 ports are all in the same vlan they should work (and it does not really mater whether the 3560 uses vlan 200 or some other vlan - because with access ports they are just sending normal (untagged) Ethernet frames and there is no requirement that vlan ID must match the peer device)
05-22-2020 08:16 PM
05-22-2020 11:33 PM
Hi Richard,
Thanks for your reply , Port 1 (172.16.16.254) on Sophos is a physical port
, not sure if its access or trunk. Created VLAN on this port which gave me
Port1.200 and the ip range assigned to it via Sophos XG DHCP  is 10.10.200.50 to  .150
Port 1 is connected to Cisco 3560 on fa0/1 , also i have made this port as
trunk with 802.1q encapsulation
VLAN 1 is created with 172.16.16.17
When a laptop is connected to fa0/2 or any other port on the switch , they
get ip from sophos in the range of 172.16.16.0/ 24
Im trying to assign fa0/3 to fa0/15 with VLAN 200 so that devices connected
to these ports get ip in the range 10.10.200.50 to 150
Also from the switch (using telnet on laptop) im able to ping both Port 1
address and Por1.200 ip address
Hope im making sense and appreciate your assistance
Have a good day
Cheers
Raj
05-22-2020 11:35 PM
Hi Richard,
Thanks for your reply , Port 1 (172.16.16.254) on Sophos is a physical port
, not sure if its access or trunk. Created VLAN on this port which gave me
Port1.200 and the ip range assigned to it via Sophos is 10.10.200.50 - 150
Port 1 is connected to Cisco 3560 on fa0/1 , also i have made this port as
trunk with 802.1q encapsulation
VLAN 1 is created with 172.16.16.17
When a laptop is connected to fa0/2 or any other port on the switch , they
get ip from sophos in the range of 172.16.16.0/ 24
Im trying to assign fa0/3 to fa0/15 with VLAN 200 so that devices connected
to these ports get ip in the range 10.10.200.50 to 150
Also from the switch (using telnet on laptop) im able to ping both Port 1
address and Por1.200 address
Hope im making sense and appreciate your assistance
Have a good day
Cheers
Raj
05-23-2020 09:38 AM
Raj
Thank you for the additional information. What you have told us does seem to indicate that the Sophos interface is a trunk which carries both vlan 1 and vlan 200. You have told us that devices in vlan 1 are working and that they do get IP addresses assigned using DHCP from Sophos. And you have told us that from the switch you are able to ping both vlan addresses on Sophos. All of this is good and seems that it should work. Are you saying that it is not working? If so would you post the output of these commands on your switch:
show vlan
show interface trunk
05-23-2020 07:47 PM
05-24-2020 10:27 AM
Raj
Thank you for the outputs. They do confirm that FA0/1 is configured as a trunk and carries both vlan 1 and vlan 200. They seem to indicate that FA0/3 is configured as a trunk and carries only vlan 200. Is that correct? This could get data from vlan 200 on FA0/3 to FA0/1 and on to Sophos. But it wold work only if the device connected to FA0/3 is a device that understands and supports dot1Q trunking and its Ethernet interface is sending tagged frames for vlan 200.
What kind of device is connected to FA0/3? I am guessing that it is sending untagged frames. So the switch is treating those frames as belonging to vlan 1. What I would expect (and what could make your switch work as expected) is to configure FA0/3 as an access port assigned to vlan 200.
The suggestion to use voice vlan is one way to have 2 vlans assigned to the same access port. But I do not believe that it will accomplish what you are attempting to do.
05-24-2020 07:31 PM
Hallelujah, Thanks Rick , that worked, changing the interface from trunk mode to access helped
Appreciate your help mate , this was haunting me for few days
Once again appreciate your time and efforts
Have a good day ahead
Cheers
Raj
05-24-2020 11:03 PM
Raj
Thanks for the update. Glad to know that you got it working and that my suggestion pointed you toward the solution.
 
					
				
		
02-16-2014 08:21 PM
you can assign 1 vlan to 1 access port but you can assign secondary ip address to vlan interface
so you will get 2 networks
02-21-2014 11:27 PM
please guide me.. in my organisation there is approx 350 users and 15 catlyst switch 3760 series. .but only vlan 1 is create on root switch. and connet to other switch..some issue is frequenty facing in network. . i want to implement atleat two vlan and stp .but issue is that i dont want to do changes on users desktop as their is no dhcp in our organistain. all have assign static ip address.4 network ip are user in our organisation network. but all are interconnete and able to ping each other. may be configured on fireware. there is large number of live user.. is there any possible way . to overcome form this issue. need your guide..
02-23-2014 01:14 PM
Hi.
Are you sure about Cisco Catalist 3760 series number ? wuold not be Cisco Catalist 3750 or 3560 ?
Please reply.
Regards
02-24-2014 09:19 PM
Hi Mukesh
to help you, I need to know a few things:
all models of switches used in the network;
how they are interconnected;
classes used for IP addressing
who is the DHCP server, Linux or Windows server or router or switch;
maybe this video help you: http://www.youtube.com/watch?v=cnpzulyys2s
Regards
Alexandre
09-22-2018 01:02 AM - edited 09-22-2018 08:38 AM
Hello
This isnt a very good network design having all those switches in one large flat broadcast domain. As you are using staitc addressing which apart from being very administrative it also prone duplication and with this flat network you could easily incurr broadcast/unicast floods etc.
As you dont want to split the users into a additional vlan/subnet then creating another L2 vlan will be of no use, you need to start thinking about dyanmic addressing(dhcp), Segregating your network with additional vlans and L3 subnets.
02-28-2017 08:55 AM
You can only assign 1 vlan per ACCESS port, if more are needed it needs to be a trunk port
interface fastethernet0/1
switchport mode trunk
switchport trunk allowed vlan 1,10,20
interface fastethernet0/18
switchport mode access
switchport access vlan 20
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide