cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


3829
Views
0
Helpful
7
Replies
peter
Beginner

Integrating SG200 into existing network

We have an existing network with a Catalyst 4510 core switch and departmental 3560 switches connected via fiber. Due to company restructure we can no longer afford to buy new 3560's when anything goes wrong so this week I purchased an SG200-26 which I'm trying to get onto the network.

This is a legacy network which I didn't setup so my Cisco skills are somewhat limited (another reason for the SG200's hopefully), anyway have been looking at the configs on the existing switches and trying to match settings in the SG200 setup however not getting anywhere! I have the config from the dead switch so I can show what needs to be achieved, wondering if anyone had experience in downgrading their environment in a similar way and if there was anyone that could assist?

1 ACCEPTED SOLUTION

Accepted Solutions

Peter, the good thing is, it looks like the config is pretty compliant to the SX200. It doesn't look like you guys made anything too special on the 3560.

Here's a snippit from your config

interface FastEthernet0/18

description nortel phone

switchport access vlan 32

switchport trunk encapsulation dot1q

switchport trunk native vlan 32

switchport trunk allowed vlan 16,32

switchport mode trunk

spanning-tree portfast trunk

spanning-tree bpduguard enable

This particular port config looks like it embodies most of your work you have cut out for you.

I will use the device emulator to give an example

https://www.cisco.com/assets/sol/sb/Nikola_GUI/SG_200-50P_v1_1/config/home_sx200.htm

  • Log in to the switch IP address
  • Navigate VLAN MANAGEMENT -> Create VLAN
  • Create the needed VLAN IDs, it looks like you have quite a few 16, 32, 64, 254,
  • Once the VLANs are created navigate VLAN MANAGEMENT -> Port Vlan Membership
  • Choose which port you'd like to configure, in the snippit example port 18, choose the radio button at port 18 then scroll to the bottom and click JOIN VLAN
  • This will open a new window, on your port 18 config it looks like vlan 32 is native. The one command I notice is there is "allowed vlan 32" essentially making it a tagged port for the native vlan. On the right column where it says 1up, select this then use the left facing arrow to slide it over
  • Then on the left panel choose 32, below where it says tagging, choose tagged and try to make this is the PVID and then also choose 16, select tag and ensure 16 is not set as a PVID then apply this
  • The port should read 16t,32tp
  • To configure the spanning tree setting for this example navigate SPANNING TREE -> STP interface setting
  • Choose port 18 then scroll to the bottom and click edit
  • Spanning tree port fast comes in the terminology as edge port, change the edge port from auto to enable
  • Next changing the bpdu handling to filtering (this is about the same as bpdu guard)
  • Apply settings

This is about everything you can match up based off that port config. The switch doesn't have a bpdu guard so the closest you can do is bpdu filtering. The purpose of globally configured BPDU Guard is to disable  (err-disable) all portfast-enabled ports should they ever receive BPDU  frames. While BPDU Filter is to prevent the switch from sending BPDU frames on ports that are enabled with portfast.

It also looks like on the config your vlan 1 is inactive and your vlan 254 is the management vlan. If this is the case, you may want to change the default vlan of the switch to 254.

Don't forget to save the running config to the start up config.

I hope this is enough "translation". Let me know if you have any other questions.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

7 REPLIES 7
Tom Watts
Advisor

Hi Peter, this is quite a "step down". The one piece of advise I will give to you is this- The SX200 switch does not support VTP or PVST. It also does not behave the same in terms of VLANS. On a Catalyst switch, if you define the link as a trunk, all VLANs will pass. However, on the small business switches, you must make all the VLANs on the links. Another problem I've seen is some times there are only tag packets originating from the upstream which will get discarded by the SX200 on a trunk link due to ingress filtering. So there are a few obstacles to be addressed in certain situations.

If you'd like to post the config, we can try to sort through it.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom

Thanks for the fast response, I realize this is a big drop, however we are essentially in receivership and the operations need to keep running so I'm trying to do so on a VERY limited budget. I'll attach the config for my dead 3560 to my original post as a text document (looks like I can't do it here), for simplicity all that is required now are the corporate and public VLANs and maybe the phone one (not as important).

Peter

Peter, the good thing is, it looks like the config is pretty compliant to the SX200. It doesn't look like you guys made anything too special on the 3560.

Here's a snippit from your config

interface FastEthernet0/18

description nortel phone

switchport access vlan 32

switchport trunk encapsulation dot1q

switchport trunk native vlan 32

switchport trunk allowed vlan 16,32

switchport mode trunk

spanning-tree portfast trunk

spanning-tree bpduguard enable

This particular port config looks like it embodies most of your work you have cut out for you.

I will use the device emulator to give an example

https://www.cisco.com/assets/sol/sb/Nikola_GUI/SG_200-50P_v1_1/config/home_sx200.htm

  • Log in to the switch IP address
  • Navigate VLAN MANAGEMENT -> Create VLAN
  • Create the needed VLAN IDs, it looks like you have quite a few 16, 32, 64, 254,
  • Once the VLANs are created navigate VLAN MANAGEMENT -> Port Vlan Membership
  • Choose which port you'd like to configure, in the snippit example port 18, choose the radio button at port 18 then scroll to the bottom and click JOIN VLAN
  • This will open a new window, on your port 18 config it looks like vlan 32 is native. The one command I notice is there is "allowed vlan 32" essentially making it a tagged port for the native vlan. On the right column where it says 1up, select this then use the left facing arrow to slide it over
  • Then on the left panel choose 32, below where it says tagging, choose tagged and try to make this is the PVID and then also choose 16, select tag and ensure 16 is not set as a PVID then apply this
  • The port should read 16t,32tp
  • To configure the spanning tree setting for this example navigate SPANNING TREE -> STP interface setting
  • Choose port 18 then scroll to the bottom and click edit
  • Spanning tree port fast comes in the terminology as edge port, change the edge port from auto to enable
  • Next changing the bpdu handling to filtering (this is about the same as bpdu guard)
  • Apply settings

This is about everything you can match up based off that port config. The switch doesn't have a bpdu guard so the closest you can do is bpdu filtering. The purpose of globally configured BPDU Guard is to disable  (err-disable) all portfast-enabled ports should they ever receive BPDU  frames. While BPDU Filter is to prevent the switch from sending BPDU frames on ports that are enabled with portfast.

It also looks like on the config your vlan 1 is inactive and your vlan 254 is the management vlan. If this is the case, you may want to change the default vlan of the switch to 254.

Don't forget to save the running config to the start up config.

I hope this is enough "translation". Let me know if you have any other questions.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom

Thanks for the comprehensive response, np with the switch config instructions, wrt the vlans and trunking I have broken down the 3560 config into the 6 different ethernet port 'categories' (see below);

Eth/1-5, 8-9, 11-12 access vlan 32

Eth/6 access vlan 16

Eth/7 access vlan 32, native vlan 32, allowed vlan 16,32

Eth/10 native vlan 254, allowed vlan 1,32,64,254 (trunk)

Eth/13-18 access vlan 32, native vlan 32, allowed vlan 16,32 (trunk)

Eth/19-24 access vlan 64

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

My questions from this and using your instructions are;

  1. Should I be assigning PVID to the old access OR native vlan on the new switch?
  2. Ports 10 and 13-18 are in switchport mode trunk rather than access, what's the setting on the new switch we are assigning that handles this?
  3. What if any changes do I need to make to the gigabit port that connects back to the core switch? The only setting on the original config seems to have been to make it a trunk, this might be covered by Q2 above I guess...

If all goes well I should be able to test this morning, will let you know how that goes.

Thanks again.

Peter

Tom

A couple of 'issues' I've come across so far this morning;

  • Cannot achieve 16T,32TP because I cannot select PVID (greyed out) on a tagged port, though I thought I could yesterday when I tried?
  • Get an error when I try to have two tagged vlans, it says something along the lines of cannot have vlan without an untagged port...

Based on these two issues I can only appear to set to either 16UP,32T OR 16T,32UP any thoughts???

Peter

Hi Peter, try changing the port mode from trunk to General.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom

I made the deadline to get the office up and running by 9AM this morning, had half an hour to spare!

I ended up setting the ports 16UP,32T and it went into production, seemingly without issues, prior to me seeing your last response. It's a remote office and following an hour of testing I left and hopefully won't be back there for a few months.

I'll probably get another switch in now to play with and will try changing the port mode then. Thanks for your assistance you definitely saved the day!

Peter