Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
44306
Views
0
Helpful
9
Replies

Cisco 2960 - Set Ports to Untagged VLAN XX

AMD_GAMER
Level 1
Level 1

‎08-07-2012 03:50 PM - edited ‎03-07-2019 08:12 AM

I have two questions for a Cisco 2960 (WS-C2960-24TC-L)

1. I am working to setup a few Cisco 2960 switches for HP iLO access to our servers. We are going to segregate the iLO network (VLAN 40) from the data network (VLAN 10) by using a different VLAN. All of the HP servers will be configured with static addresses. My question is, how do I set all the ports to VLAN 40 so that untagged devices will automatically go onto VLAN 40? I don't want to have to configure the VLAN on each iLO port on the server. I tried to set the port to: "switchport trunk native vlan 40", but that didn't work.

2. Also, how do you access the web GUI for these switches? I get a login box, but putting in the enable password doesn't work. I have the following commands in the config:

ip http server

ip http secure-server

Thanks.

Dave

Labels:
0 Helpful
9 Replies 9

paolo bevilacqua
Hall of Fame
Hall of Fame

‎08-07-2012 05:34 PM

switchport access vlan XX      

0 Helpful

AMD_GAMER
Level 1
Level 1
In response to paolo bevilacqua

‎08-07-2012 05:39 PM

Correct, I know I need to set each port that I want to use for iLO, but what would the config look like?

I have the following and it isn't working:

interface Ethernet 0/13

  switchport mode access

  switchport access vlan 40

I want each port to come up untagged VLAN 40. The uplink port is configured as follows:

interface GigabitEthernet0/1

switchport trunk allowed vlan 1,40

switchport mode trunk

Dave

0 Helpful

jimmysands73_2
Level 5
Level 5
In response to AMD_GAMER

‎08-07-2012 06:50 PM

Pablo is right, on your access ports if you have sw ac vl 40, then it will be tagged for vlan 40 as is transverses the trunk link.   If its not working, something else is amiss.....I  have read your post a few times, but keep on getting the same answer already stated by PB....maybe you could restate the problem w/diff wording, I dont understand.

0 Helpful

AMD_GAMER
Level 1
Level 1
In response to jimmysands73_2

‎08-07-2012 08:05 PM

Here is the full config:

Current configuration : 3133 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

switchport trunk allowed vlan 1,40

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface Vlan1

ip address 10.0.10.10 255.255.255.0

no ip route-cache

!

interface Vlan40

description iLO_Access

no ip address

no ip route-cache

!

control-plane

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Port 13 is the iLO server that has a static IP of 10.0.10.50. The Gigabit port 0/1 is the uplink to the core switch which is also set as a trunk with vlan 1 and 40 tagged and PVID of 40. That switch has an interface on VLAN 40 with an IP of 10.0.10.1 (gateway). From the core switch, I can ping the 2960, but not the iLO server. Any ideas?

Dave

0 Helpful

jimmysands73_2
Level 5
Level 5
In response to AMD_GAMER

‎08-07-2012 09:55 PM

Now thats a story I can work with.

First, has vlan 40 been defined on the 2960?

sh vlan would show you this.

      

The entry below will not create the vlan:

interface Vlan40

description iLO_Access

no ip address

no ip route-cache

      

It should be created though when you put the sw ac vl 40 in. So from the 2960 can you ping the server? And what does sh ip int br show for vl 1 and 40?

0 Helpful

Fabio Francisco
Level 1
Level 1

‎08-07-2012 11:38 PM

1.) Make sure vlan 40 is created "sh vlan" if not go to Global config mode and type "vlan 40" press enter "name ILO_Access"

2.) communication between server and switch in your case has to be done by switch in access mode so go to the interface fastethernet 13 "conf t" "inter fast 0/13" and type "swichtport access vlan 40" I usually also do "switchport host"

3.) make sure that your vlan 40 is terminated at a layer 3 device for routing purposes.

4.) I also reccomend an inespensive internet connection dedicated for your ILO vlan.

5.) For web access you also need to configure aaa. have a look at http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

HTH,

Fabio

0 Helpful

mlund
Level 7
Level 7

‎08-08-2012 02:25 AM

Hi

From Your output

interface FastEthernet0/1

!

interface FastEthernet0/2

this means these ports belongs to vlan1 (that is the default)

interface FastEthernet0/13

switchport access vlan 40

switchport mode access

this mean the port belongs to vlan 40

interface GigabitEthernet0/1

switchport trunk allowed vlan 1,40

switchport mode trunk

this means a trunk port that allows vlan 1 and 40 to pass throgh

interface Vlan1

ip address 10.0.10.10 255.255.255.0

no ip route-cache

this means the management interface for the switch. observe that this is vlan 1

Port 13 is the iLO server that has a static IP of 10.0.10.50. The Gigabit port 0/1 is the uplink to the core switch which is also set as a trunk with vlan 1 and 40 tagged and PVID of 40. That switch has an interface on VLAN 40 with an IP of 10.0.10.1 (gateway). From the core switch, I can ping the 2960, but not the iLO server. Any ideas?

from this there seems to be a misconfiguration on the uplink switch. The gateway 10.0.10.1 can ping 10.0.10.10, that means that the gateway is on vlan 1 as the 2960, thats why you cant ping the iLO 10.0.10.50.

One suggestion is that you move the ip address on interface vlan1 to interface vlan40, shutdown interface vlan1, fix the uplink switch so that the 10.0.10.1 is on the vlan 40. Then both iLO switch and gateway is on the same vlan.

Or you move your iLO server to vlan1 ( one of the other ports on the switch)

/Mikael

0 Helpful

jimmysands73_2
Level 5
Level 5
In response to mlund

‎08-08-2012 06:18 PM

Nice catch Mikael.

0 Helpful

AMD_GAMER
Level 1
Level 1
In response to jimmysands73_2

‎08-10-2012 12:38 PM

I got it sorted out. I did the following:

1. Made iLO ports access for vlan 40

interface FastEthernet0/13

switchport access vlan 40

switchport mode access

2. Allowed uplink port to be a trunk to carry vlan 1 and 40

interface GigabitEthernet0/1

switchport trunk allowed vlan 1,40

switchport mode trunk

3. Made the switch IP on vlan 40

interface Vlan40

ip address 10.0.10.10 255.255.255.0

I then had to add a default gateway IP. Once I did this, it started working. Thanks for the help.

Dave

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card