couldnt figure out how to delete this, please see the post below (assuming it works properly)
 

Thank you for shedding light on the vlan limitation! I havent finished configuring everything. I havent had a lot of personal time but I'm hoping to finish everything by Tues or Wed. I'm not used to being totally in the dark on something technical, but once I get this setup done I can start studying. I ordered some CCNA books from amazon, also got a few others in kindle version. BTW, I ordered a couple used L3 switches from Ebay. They dont have to be perfect, I just need something for hands-on so I can get CCNA/CCNP. Once I'm no longer too dangerous, I'll be able to start monitoring the guys I'll be joining. Hopefully a couple months down the road when they're sure I'm over the "I can spell CISCO, and that's it" phase, I'll be able to start supporting prod systems. Thanks again for your help, and more importantly, your patience.

ADDED ON MONDAY:

Jon, I just thought of something. If I remember correctly, licenses are hardware based, and should move with the hardware. If someone needs features that arent included with the base license, then they pay to add on. I was looking at a 2960 switch in another training env, which seems to be able to have more than one vlan up at a time, even though the 2960 is also L2.Cisco's docs said to use show license but on both my switch and this other one, that returns an errror. So 3 questions:

1) How do I check license information on IOS 12 (which is what both have, just diff versions).

2) If show license doesnt work does that mean there are no licenses or is it just an IOS 12 thing.

3) On switches, are switching features license based. Can a 2950 EVER have more than one vlan up at a time if add'l software is licensed? The reason for this question is, since I just ordered some used 3560s, if THEY won't support multiple vlans without $7000 to Cisco for a license, then I just wasted more money. It also means I'll have basically 7 fancy hubs, not switches.

I'm just confused as to why the 2960 has more than one vlan (vlan1, vlan2,vlan2) created, and none are admin down.

of course the ports arent actually connected but I dont think that matters

The 2960 with the right feature set supports routing but it is still limited ie, static routes and maybe RIP (I need to to check).

That is why you can have multiple SVIs up/up.

It doesn't as far as I know support EIGRP or OSPF.

A "sh version" will show you the feature set in use.

A 2950 is a L2 switch. Even if you could have multiple L3 SVIs up it can't route between them.

The 3560 is a true L3 switch. Even with the base license it will route between vlans so you are not wasting your money.

However to run full EIGRP, OSPF, BGP you would need the IP Services image which they may not come with.

If you only have the IP Base image though, as I say, they do support routing using static routes and I believe RIP and maybe a limited version of EIGRP.

So to summarise -

2950 - L2 only

2960 - can do L3 with the right feature set but limited support

3560 - full L3 switch so will support routing between vlans. However depending on the license/image you may not be able to run all the routing protocols.

If you let me know which you are thinking of buying I can double check as to exactly what will be available.

Jon

Seriously, you ROCK! It's like you know everything. I'm actually working right now, but I get a 5 minute break every hour. lol

THANKS!

Jon,

Update: I just got 3x3560-24s delivered. I'm going to use them instead of the 2950s..I'll try to set them up with the vlans as you originally suggested for the 2950s.

One additional point.

In a lot of networks you have access layer switches which the clients connect to and then those switches connect to a distribution pair of switches.

Because you have 3 3560s once you have setup the SVIs as in the last post then for one of the sites what you can do, if you want, is run a pair of 3560s as the distribution switches.

You would then run HSRP for example between the switches and connect a 2950 or multiple 2950s to them and the clients would connect to the 2950s.

Again this is a very common setup in a production network so if you get the L3 switches setup and working and want to try this for one site let me know and I can help out.

It would be worth considering because it is likely you will come across this setup or something like it when you start supporting the network.

Jon

If you are using 3560s then the configuration I posted can change.

You can route the vlans on the 3560s and not on the routers using subinterfaces.

This will be far more representative of a production network where L3 switches usually do the routing between vlans.

It depends on the feature set of the switches as to which routing protocol you can use but as I said you can always use statics.

Briefly, instead of using subinterfaces for each vlan you would -

enable routing and create SVIs (Switched Virtual Interfaces) on the 3560 eg.

switch(config)# ip routing

then create the SVIs -

int vlan 10
ip address 192.168.10.1 255.255.255.0
no shut

int vlan 11
ip address 192.168.11.1 255.255.255.0
no shut

Then change the link to the router to be a L3 routed port.

So remove the subinterfaces and reboot to get rid of them and then use another /30 as you did with the router interconnections eg. on the switch the port that you originally configured as a trunk to the router -

int <x/y>
no switchport
ip address x.x.x.x 255.255.255.252

and then on the main router interface use the other IP from the above IP subnet.

Then either run a routing protocol between the switch and router or use static routes.

The SVIs will not come up until you have at least one port in that vlan up/up ie. an end client.

Like I say it's worth doing this as in a company of any size you would expect to find L3 switches doing the routing between vlans.

Let me know if you need more help etc.

Jon

Thanks again. I'll set them up with the new config. FYI, I've recently taken about 30 hours of high-level training on planning, troubleshooting strategies, etc..   Concept/theory is great, but I'm hopefully going to start the REAL training in July. The good news is, with the Cisco books I've bought and my hands-on setup, achieved only through your help, I shouldn't have much of a problem going through the courses. I really can't thank you enough.

No problem at all, happy to have helped.

Jon

Jon,

TYVM for your assistance. I had a few issues. Since I already had all router ports configured I had to try to translate what I had with your design. I hit a snag  with  the interfaces between routers, .252 would only allow 2 hosts, so the summary at the end where you had R2 to R3, etc. with .5 and .6 wouldnt work.  I'm not quite finished configuring. I had to do some tweaking to the IPs on the switches because I have an IP/serial server with a hardcoded IP I need to work into the mix. I also had issues with one of the switches - older OS, wouldn't use the vlan command and since I didn't want to learn the vlan database, I had to figure out how to get an interface up so I could hit the tftp server and upgrade. Also, not sure if I'm doing something wrong but it looks like I can only have 1 vlan up at a time on these switches. If I bring vlan 10 up, 11 goes down, vice versa. Not sure if I made an error in the config, but I'll look into it more when I finish playing with IPs.

Thanks again for your help. I REALLY appreciate it. I do have a question about this forum. Can I give you multiple ratings, like on each answer, or can I only rate once if I say it's a correct answer. And if that's the case, will that close and lock the thread if I say it's a correct answer?

Not sure I follow about the 255.255.255.252 part as each router is only connected to the other router by a single link.

Perhaps I am not understanding.

Only having one vlan interface up on the switch see last post (I missed this reply originally).  You only need one vlan interface up and it is for management only so you don't need multiple vlan interfaces up.

In terms of ratings it can be quite a contentious subject on this forum :-).

As a general answer you can rate any or all posts you want and marking an answer as correct does not lock the thread, you can continue to add to the post.

The convention is to rate 5 and/or a correct answer and using the ratings system is a way to say thanks for the help given and can help other people find helpful answers.

So thanks for asking as many people do not rate.

That said the above is a general response about ratings which should help if you continue to use the forums.

My own personal view is that whether you rate or not is entirely up to you. It's nice to be rated  but you shouldn't feel you have to do it and a lot of posts in a thread like this one are just getting more information from the OP so I personally don't believe every post should be rated.

If a post, or multiple posts, answers your question then by all means rate if you want but it really is up to you.

Jon

Thanks for the excellent suggestions on course materials!  Also your comment on mastering the test vs the material is spot on. I want to be GOOD at what I do, and I always strive to improve. I used to support unix lans and I actually had someone in another group who had just been bragging about his  MCSE cert the day before ask me how to setup a DHCP server. Because I had helped him out before, even though it wasn't my OS, I dug up my notes and walked through it with him. A week later, he was again implying he was better than I because he had an MCSE and I didnt. Then he asked me a couple hours later how to setup some other minor crap in windows. I asked him to look on his MCSE cert, and see if the instructions were there. (Then I did help him). But yes, my goal isn't just to get a pretty piece of paper. That paper won't help a bit if I have a trouble call and I don't know what the heck I'm doing. Thanks again!