Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1058
Views
0
Helpful
5
Replies

Cisco Switching, Native Vlan, and VLAN

dcgtechnologies
Level 1
Level 1

‎01-27-2018 12:30 PM - edited ‎03-08-2019 01:35 PM

Hi All. I have been posting here for sometime now and I am trying to learn on my own, but it is hard to understand until you get the basics down of VLAN Tagging and Native VLAN along with basics of routing at least for me. I am trying to redo my companies network, but I am really lost. My goal is to remove everything off of VLAN1 an use it for management on the Cisco Switches. I have a Zyxel Firewall that is doing the routing and acting is as DHCP server for VLAN 2 and 3. It was working fine before using the VLAN 1. All devices have a network IP address of 192.168.1.x on VLAN1 and have there internal Windows DHCP server. I have two Cisco switches and they are a Cisco 3750G 24 port and 3750X 48 port.

 

Currently the VLANS are configured as follows:

 

VLAN 1 - Users Workstations - 192.168.1.x

VLAN 2 - Users Wifi - 192.168.2.x

VLAN 3 - Guest Network - 192.168.3.x

 

The VLANS new configuration:

 

VLAN 10 - Users Workstations - 192.168.2.x

VLAN 20 - Users Wifi - 192.168.3.x

VLAN 30 - Guest Network - 192.168.4.x

 

I removed VLAN 1 from the whole trunk and everything stopped working. I had to add it back and everything worked again. My firewall is plugged into switch 1 port 1/0/1 and all computers are on the remaining ports. The access point (Aironet 1040) for the wireless which is on Switch 2 Port 1/0/48. I would like all networks to communicate back and fourth with each other, but I want to use different network segments  and VLAN's for the network traffic and if possible just use VLAN 1 as the management VLAN. I would also like to use my firewall with default gateway ip address 192.168.1.1 and have all the traffic for all the other network segments (192.168.2.1, 192.168.3.1, and 192.168.4.1) pass it back to the default gateway without using VLAN 1 unless it is necessary. I also want to move all user computers to VLAN10 on the new VLAN setup. Does VLAN 1 need to apart of the trunk? Why does VLAN 1 interfere with my default-gateway? How would I set this up to work? I know to most that these are newbie questions and pretty basic to some, but for me this is all new. I am reading all this, but still confused. Thank you all in advance.  

 

 

 

Labels:
0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎01-27-2018 03:54 PM

Hi,

 Basically you need your firewall to have three  sub-interfaces (192.168.2.1, 192.168.3.1, and 192.168.4.1) Which will be the gateway for each vlan respectively.

 You need trunk between firewall and switch allowing all three vlans.  Then, you can create those vlans on each switch and distribute the ports accordingly.  You´ll  also need a trunk between those two switches allowing all three vlans.

  This is the basic setup. You dont need to keep vlan 1 by no means and it is always a good practice do not use it.

  You need native vlan if in your environment some traffic is not capable of to be tagged, otherwise, it is not necessary. Another reason could be if you intend to manage your device and keep all the management traffic on the same vlan.

  

-If I helped you somehow, please, rate it as useful.-

 

0 Helpful

dcgtechnologies
Level 1
Level 1
In response to Flavio Miranda

‎01-27-2018 06:22 PM

Thank you for your feedback. I have all three of the VLAN setup currently, but how would I setup the routing between them to pass traffic through to the Default Gateway of each vlan along with the default gateway those goes through the firewall out to the internet. I have trunked everything using switchport mode trunk, but the issue is I still need to include VLAN 1 in the trunk or I lose all connectivity. Also would I do the VLAN tagging on the switches themselves? My firewall is handling all the routing, but again still a little fuzzy on this. Can you explain more on the Cisco side of things with the swiches and what needs to be configured to get rid of VLAN1 etc
0 Helpful

Flavio Miranda
VIP
VIP
In response to dcgtechnologies

‎01-27-2018 08:32 PM

The firewall must habdle inter vlan routing.I mean, as a layer 3 device, it also must be able to route packet among vlans.

 About vlan 1, if you have the switch interface properly configured on a respective vlan and all vlan permitted on trunk, you definitely can get rid of vlan 1.

 Believe me, vlan 1 is not recommend on any Cisco doc.

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

dcgtechnologies
Level 1
Level 1
In response to Flavio Miranda

‎01-28-2018 09:55 AM

Please explain in detail how to remove VLAN 1 from a cisco switch. Thank you.
0 Helpful

chrihussey
VIP Alumni
VIP Alumni
In response to dcgtechnologies

‎02-14-2018 04:30 AM

I know this is kind of late, but you really can't remove VLAN 1 from the switches, it's the default VLAN. Simply by assigning all the ports to other VLANs and removing it from the list of allowed VLANs on trunk ports is all you would need to do. You can also make the native VLAN on trunks something other than VLAN 1, but in the end if VLAN 1 is only being used for a native VLAN on trunks, it's not going to bother anything.

 

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents