Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
35
Helpful
11
Replies

Cisco basic vlan configuration

Go to solution
satyammehrotra7779309
Level 1
Level 1

‎09-15-2022 12:23 PM

Hi Guys,

I need help configuring a cisco switch. Please refer to the below screenshot for reference. 

SW.png

 

So what I want is that my two windows7 machines should be in different VLANs (10 and 20). Further, I created a DHCP server in the firewall and I want these two win7 machines to take DHCP IP from the firewall.

So I configured the below configuration in the switch - 

#vlan 10
#interface e0/2
#switchport access VLAN 10
#switchport mode access

#vlan 20
#interface e0/3
#switchport access VLAN 20
#switchport mode access

---------------FIREWALL CONFIGURATION-----------

I configured Eth2 of my firewall as VLAN

I created 3 VLANs i.e., vlan1, vlan10, and vlan20 and I created DHCP pools in all three VLANs in the firewall.

So I configured vlan1 as untagged for Eth2, vlan10 as tagged for Eth2, vlan20 as tagged for Eth2

After all this config, I am not getting any IP in the switch or computer. Do I have to configure something else? Please guide.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to satyammehrotra7779309

‎09-16-2022 04:29 AM

SW(cisco)-FW(other Vendor)
between the SW and FW use trunk 
in FW must tag all VLAN 
in FW dont use native VLAN 

View solution in original post

11 Replies 11

Go to solution
MHM Cisco World
VIP
VIP

‎09-15-2022 01:28 PM

 SW is L3 or L2 SW? i.e. ip routing is config in SW or not ?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to satyammehrotra7779309

‎09-16-2022 04:29 AM

SW(cisco)-FW(other Vendor)
between the SW and FW use trunk 
in FW must tag all VLAN 
in FW dont use native VLAN 

Go to solution
Georg Pauwen
VIP
VIP
In response to MHM Cisco World

‎09-16-2022 05:04 AM

@MHM Cisco World Just out of curiosity (and I admit that my knowledge of Watchguard is limited), if you tag all Vlans on the Watchguard, and since the Cisco trunk needs a native, untagged Vlan, will there not be a mismatch (actually, will the trunk work at all) ? Which model did you test this on (e.g. T20/T40/T80) and which Fireware version ?

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎09-15-2022 02:04 PM

Hello,

the link between the switch and the firewall needs to be a trunk:

Switch

interface Ethernet0/1

switchport mode trunk

What brand/type/model is the firewall ?

Go to solution
satyammehrotra7779309
Level 1
Level 1
In response to Georg Pauwen

‎09-15-2022 11:08 PM

Hi Georg,

It's a WatchGuard firewall. What about VLAN 10 and 20, should I select untagged or tagged traffic for them?

And after configuring a trunk port E0/1, will my switch start getting DHCP from FW?

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to satyammehrotra7779309

‎09-16-2022 04:58 AM

Hello,

you need to tag Vlan 10 and Vlan 20, leave Vlan 1 as the default (untagged) native Vlan. In theory, that should get all clients DHCP addresses.

Go to solution
satyammehrotra7779309
Level 1
Level 1

‎09-16-2022 05:23 AM

@Georg Pauwen @MHM Cisco World 

Hi Guys, Thanks for replying. So I made some changes, I changed e0/1 which is connected to the switch as a Trunk port, and remove VLAN-1 from the firewall and now my PC is getting DHCP from FW.

Now my Firewall has two VLANs 10 and 20 and both of them have tagged traffic.

One more thing I can't figure out is can my VLANs in the switch get the IP from the firewall DHCP. I mean how do I access my switch remotely? Do I have to manually assign some IP to VLAN? Can't it get from the FW DHCP?

Go to solution
MHM Cisco World
VIP
VIP
In response to satyammehrotra7779309

‎09-16-2022 05:41 AM - edited ‎09-16-2022 05:46 AM

as I know 
you can do that 
vlan x
ip address dhcp 
this make SW ask FW for IP

one more note:- We assign IP to VLAN in L2SW for management SW, make VLAN have dynamic IP may be it be more difficult to manage the SW remotely. 

Go to solution
satyammehrotra7779309
Level 1
Level 1
In response to MHM Cisco World

‎09-16-2022 06:41 AM - edited ‎09-16-2022 06:44 AM

Hi,

Just the last two queries I have before closing this post, if you can clarify that

1) If I want to access the switch from the firewall side, how to assign the IP address to E0/1 since it is a trunk port?

2) "if you tag all Vlans on the Watchguard, and since the Cisco trunk needs a native, untagged Vlan, will there not be a mismatch (actually, will the trunk work at all)". Can you please explain what Georg was saying? I have very limited networking knowledge. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to satyammehrotra7779309

‎09-16-2022 07:27 AM

bvnnbvbnvbnbvvn.png

the native VLAN in trunk is only use in L2SW not use in any L3 device, L3 device use sub-interface, it dont care about which native VLAN L2SW use 
but 
the most important is tag 
L3 device dont care about native VLAN but if it send untag frame, the L2SW will assume that this frame is for native VLAN.
so that why I mention dont use native VLAN ID in FW 
(not use native VLAN ID in FW is different than allow native VLAN in truck)

that it.

for access SW and you have L2 port trunk, 
simply config SVI for VLAN 10 and assing manually IP to it  and you can access SW. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card