Solved: Cisco 3560 as L2 switch with no intervlan routing.

Gdlgiii · ‎01-07-2018

I have a basic question that I hope I can get some assistance for. I have two Cisco 3650 switches that I want to create two vlans on and configure two separate VLANS with no iprouting between the two. The first one will be on second floor with EdgeRouter that will handle DHCP and routing. The second switch will be downstairs connected to a single cable drop. I would like to know how I can create two VLANs on each switch. i would like to use the two Gb ports on each as uplink ports to connect the two switches together and the second Gb port on the first switch upstairs to be the uplink to the Ubiquity router that will then connect to the ISP cable modem.

I want to have the private vlan to be the default vlan for untagged ports and set some of the ports to use both VLANs or would it be better to specify each port with the specific vlan? I drew up a quick diagram of what I think this should look like.

Deepak Kumar · ‎01-07-2018

Yes, Mr. @paul driver is right. This is the best way to the configuration.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

paul driver · ‎01-08-2018

Hello

@Gdlgiii wrote:

Thank you very much for your help in this! Seeing that really helps me understand more on how to configure these but devices. SVI is where the IP for vlan 10 is defined? What about vlan 50? Would that need an IP address as well? My plan is to put smart devices and smart bulbs and Google home on the van 50 by hanging a Netgear r8000 router in IP vlan mode and configure it as a WiFi AP that will only have access to the Internet and not able to see other devices in vlan 10. Would devices that so not understand vlans be connected to ports that are untagged with a default network on vlan10?

You mentioned the rtr will be perfroming the routing/Dhcp as such that will be where the addressing for vlan 10 and vlan 50 will reside.

The SVI 10 I used because you shown it in your drawing and to avoid more confusion for yourself However this SVI can be any MGT subnet other than vlan10/50 as long it also resides on the rtr - its just for remote administration of the two switches.

As I said the rrtr most probably will have a physical interface with subinterfaces and the address ranges for vlan 10/50 applied - somethig like this:

RTR
int x/x
description link to switch 1

int x/x.10
description Vlan 10
ip address 10.10.10.254 255.255.255.0

int x/x.50
description Vlan 50
ip address 50.50.50.254 255.255.255.0

As long you have a trunk from switch 1 to the rtr and have the L2 vlans defined on each switch then it would just be matter of the assigning each port the correct vlan.

Lastly you mentioned you didn't want vlan 10 and vlan 50 traffic communicate with each other, this can also be accomplished on the rtr with access-lists

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎01-07-2018

Hello

@Gdlgiii wrote:

I have a basic question that I hope I can get some assistance for. I have two Cisco 3650 switches that I want to create two vlans on and configure two separate VLANS with no iprouting between the two. The first one will be on second floor with EdgeRouter that will handle DHCP and routing. The second switch will be downstairs connected to a single cable drop. I would like to know how I can create two VLANs on each switch. i would like to use the two Gb ports on each as uplink ports to connect the two switches together and the second Gb port on the first switch upstairs to be the uplink to the Ubiquity router that will then connect to the ISP cable modem.

I want to have the private vlan to be the default vlan for untagged ports and set some of the ports to use both VLANs or would it be better to specify each port with the specific vlan? I drew up a quick diagram of what I think this should look like.

If the router is to handle the routing and dhcp and as it will alsol have a interface for each vlan then all you need to do it create svi 10 on each switch and have their default gateway point to the rtr.

sw1

int gig0/0

description RTR interface
switchport trunk dont1q encapsulation
switchport mode trunk

int gig0/1

description link to Switch 2
switchport trunk dont1q encapsulation
switchport mode trunk

int vlan 10

ip address 10.10.10.1 255.255.255.0

ip helper address ( dhcp server of rtr)

exit

no ip routing

ip default-gateway 10.10.10.254

vlan 10, 50

exit

int x/x
switchport mode host
switchport access vlan 10

int x/x
switchport mode host
switchport access vlan 50

sw2

int gig0/1

description link to Switch 1
switchport trunk dont1q encapsulation
switchport mode trunk

int vlan 10

ip address 10.10.10.2 255.255.255.0
ip helper address ( dhcp server of rtr)

exit

no ip routing

ip default-gateway 10.10.10.254

vlan 10, 50

exit

int x/x
switchport mode host
switchport access vlan 10

int x/x
switchport mode host
switchport access vlan 50

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Gdlgiii · ‎01-07-2018

Thank you very much for your help in this! Seeing that really helps me understand more on how to configure these but devices. SVI is where the IP for vlan 10 is defined? What about vlan 50? Would that need an IP address as well? My plan is to put smart devices and smart bulbs and Google home on the van 50 by hanging a Netgear r8000 router in IP vlan mode and configure it as a WiFi AP that will only have access to the Internet and not able to see other devices in vlan 10. Would devices that so not understand vlans be connected to ports that are untagged with a default network on vlan10?

paul driver · ‎01-08-2018

Hello

@Gdlgiii wrote:

Thank you very much for your help in this! Seeing that really helps me understand more on how to configure these but devices. SVI is where the IP for vlan 10 is defined? What about vlan 50? Would that need an IP address as well? My plan is to put smart devices and smart bulbs and Google home on the van 50 by hanging a Netgear r8000 router in IP vlan mode and configure it as a WiFi AP that will only have access to the Internet and not able to see other devices in vlan 10. Would devices that so not understand vlans be connected to ports that are untagged with a default network on vlan10?

You mentioned the rtr will be perfroming the routing/Dhcp as such that will be where the addressing for vlan 10 and vlan 50 will reside.

The SVI 10 I used because you shown it in your drawing and to avoid more confusion for yourself However this SVI can be any MGT subnet other than vlan10/50 as long it also resides on the rtr - its just for remote administration of the two switches.

As I said the rrtr most probably will have a physical interface with subinterfaces and the address ranges for vlan 10/50 applied - somethig like this:

RTR
int x/x
description link to switch 1

int x/x.10
description Vlan 10
ip address 10.10.10.254 255.255.255.0

int x/x.50
description Vlan 50
ip address 50.50.50.254 255.255.255.0

As long you have a trunk from switch 1 to the rtr and have the L2 vlans defined on each switch then it would just be matter of the assigning each port the correct vlan.

Lastly you mentioned you didn't want vlan 10 and vlan 50 traffic communicate with each other, this can also be accomplished on the rtr with access-lists

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Gdlgiii · ‎01-09-2018

Correct, the Ubiquity edgerouter will manage the 2 vlans and dhcp scope for each. Thank you for the very useful information!

Gdlgiii · ‎01-23-2018

So, made progress. I have setup an Ubiquiti USG with 3 networks. Lan 1 (untagged) is 192.168.1.0/24. vlan 10 is 172.16.0.0/24, and vlan 50 is 192.168.0.0/24. I am trying to put a raspberry pi 3 with a static on the "lan" network so it is on same network as the router. Coming out of interface lan port 1 from the router is connected to port fa0/2 on the Cisco switch. I have set port fa0/1 as unconfigured and plugged the raspberry pi 3 in there but it is unable to connect to the network. If I set the pi to DHCP on port fa0/3 I get an IP from vlan 10 and can get a route to the router IP. The goal is to use the LAN network as a management network and want to set a management IP for the switch itself on to the management LAN.

Why can't I get connectivity to the router if setting the static IP to the LAN network. Attached is the switch config

Deepak Kumar · ‎01-07-2018

Yes, Mr. @paul driver is right. This is the best way to the configuration.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!