Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
7
Replies

Connection Problem with vlans

qus83
Level 1
Level 1

‎07-24-2018 12:28 AM - edited ‎03-08-2019 03:43 PM

Hi Everyone

i have question i hope someone can help me with

i have ws-c2960x-24td-l stack switches for our customer
 I have configured new VLAN (VLAN 53)  same way as (VLAN50 & VLAN51) as requested from customer ,and now they informed me that one of the servers moved from VLAN50 to VLAN53 and will make new virtual servers in future  (VLAN 53) and needs to be allowed to access from both of them ?
as i know The separate VLANs must communicate through a layer-3 device (Routers) which is located in ISP
If the host on one VLAN wants to communicate  to a host on another VLAN, it must perform the routing between them.

So in order to perform that ,shell i contact ISP to do that or make NAT or ROUTING in Firewall

?

 i have no experance with FW so your help please

Labels:
Preview file
41 KB
Preview file
41 KB
0 Helpful
7 Replies 7

Seb Rupik
VIP Alumni
VIP Alumni

‎07-24-2018 01:17 AM

Hi there,

Ask you ISP to configure a SVI for the VLAN at the local router. Looking at your topology this router should advertise the new subnet to other routers via an IGP (OSFP, EIGRP?) to provide access.
Unless you require remote access to the new server VLAN then there will be no need to adjust the firewall configuration.

 

cheers,
Seb.

0 Helpful

qus83
Level 1
Level 1
In response to Seb Rupik

‎07-24-2018 02:16 AM

Hi   Seb Rupik

 thanks for your reply

 

 if i ask the ISP to do the routing so i don't need to configured anything in firewall cuz for vlan 50 and 51 they are configured inside fw ???

 
0 Helpful

keanej
Level 3
Level 3

‎07-24-2018 01:23 AM - edited ‎07-24-2018 01:24 AM

So... You have Vlan 50 / 51  and 53

 

What are the default gateways on all the devices in these vlans ?? 

Lets say - they are 192.168.50.1 / 192.168.51.1 and 192.168.53.1

Are these all on different sites ?? Seems that two of the vlans are on the same site.

 

If they are on the same site and the router is the default gateway for both - they will communicate without and issue.

Ideally you should have different Home Subnets on all the different sites - otherwise it will get confusing.

 

So lets say its configured like this...

 

Site 1 = Vlan 50 - 192.168.50.0/24

Site 2 = Vlan 60 - 192.168.60.0/24

Site 3 - Vlan 70 - 192.168.70.0/24

Site 4 - Vlan 81 - 192.168.80.0/24

Vlan 81 - 192.168.81.1/24

 

 

 

If you have hosts/machines in different sites communicating - you will needs to allow inbound communication between the sites - this would typically be done using Site-to-Site VPNs.

 

To get this working - you need DNS entries locally on each site for the remote machines.

The router then has two routes - one for default (internet) and one for the other site.

This second route points to the Site to Site VPN.

 

If its a HQ / Branch situation - which it often is - then you would have - 3 Site to Site VPNs

 

HQ to Site 1 / HQ to Site 2 and HQ to Site 3 - 

 

Im presuming your double vlan is the HQ.

 

Anyway - hope that helps

 

James

 

0 Helpful

qus83
Level 1
Level 1
In response to keanej

‎07-24-2018 02:07 AM - edited ‎07-24-2018 04:39 AM

 
0 Helpful

RabbitSchpaenningtri
Level 1
Level 1

‎07-24-2018 01:54 AM

You configure the switchport to trunk und allow both VLANs on that port. The Serverside admin has to enable trunking on its own side to tag the VLANs. This is the usual way to to host virtualized hosts on one switchport. This way the virtualized Server can communicate to the ISP gateway directly.

0 Helpful

qus83
Level 1
Level 1
In response to RabbitSchpaenningtri

‎07-24-2018 02:11 AM

Hi  RabbitSchpaenningtri         

 

Thanks for your reply

 

i already configured them as trunk allowed the two vlans in same portchannels

but how can the The Serverside admin enable trunking on its own side to tag the VLANs ???

can you explain that in more details please ??

 

 
0 Helpful

qus83
Level 1
Level 1

‎07-24-2018 03:12 AM - edited ‎07-24-2018 03:13 AM

below you can find the switch configuration , might be helpful to understand what i mean

and please inform me if something missing or need to be changed its same like config that i have

 

 

vlan 50
 name Groun
!
vlan 51
 name GLeem
!
vlan 53
 name Glees
!
vlan 52
 name Test
!
interface Port,channel1
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel2
 switchport trunk allowed vlan 1,50-53
 switchport mode trunk
 spanning,tree portfast trunk
 spanning,tree bpduguard enable
!
interface Port,channel3
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel4
 switchport trunk allowed vlan 1,50-53
 switchport mode trunk
 spanning,tree portfast trunk
 spanning,tree bpduguard enable
!
interface Port,channel5
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel6
 switchport trunk allowed vlan 1,50-53
 switchport mode trunk
 spanning,tree portfast trunk
 spanning,tree bpduguard enable
!
interface Port,channel7
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel8
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel9
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel10
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel11
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable
!
interface Port,channel12
 switchport access vlan 50
 switchport mode access
 spanning,tree portfast
 spanning,tree bpduguard enable

!
interface GigabitEthernet1/0/1
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 1 mode on
!
interface GigabitEthernet1/0/2
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 channel-group 2 mode on
!
interface GigabitEthernet1/0/3
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 3 mode on
!
interface GigabitEthernet1/0/4
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 channel-group 4 mode on
!
interface GigabitEthernet1/0/5
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 5 mode on
!
interface GigabitEthernet1/0/6
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 channel-group 6 mode on
!
interface GigabitEthernet1/0/7
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 7 mode on
!
interface GigabitEthernet1/0/8
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 8 mode on
!
interface GigabitEthernet1/0/9
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 9 mode on
!
interface GigabitEthernet1/0/10
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 10 mode on
!
interface GigabitEthernet1/0/11
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 11 mode on
!
interface GigabitEthernet1/0/12
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 12 mode on
!
interface GigabitEthernet1/0/13
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/14
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/15
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/50
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/51
 description Support port i VLAN 50
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/53
!
interface GigabitEthernet1/0/19
 switchport mode access
 shutdown
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
 switchport trunk allowed vlan 1,50-53
 switchport mode trunk
 shutdown
 spanning-tree bpdufilter enable
!
interface GigabitEthernet1/0/24
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface GigabitEthernet2/0/1
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 1 mode on
!
interface GigabitEthernet2/0/2
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 channel-group 2 mode on
!
interface GigabitEthernet2/0/3
 switchport access vlan 50
 switchport mode access
 channel-group 3 mode on
!
interface GigabitEthernet2/0/4
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 channel-group 4 mode on
!
interface GigabitEthernet2/0/5
 switchport access vlan 50
 switchport mode access
 channel-group 5 mode on
!
interface GigabitEthernet2/0/6
 switchport trunk allowed vlan  1,50-53
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 channel-group 6 mode on
!
interface GigabitEthernet2/0/7
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 7 mode on
!
interface GigabitEthernet2/0/8
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 8 mode on
!
interface GigabitEthernet2/0/9
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 9 mode on
!
interface GigabitEthernet2/0/10
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 10 mode on
!
interface GigabitEthernet2/0/11
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 11 mode on
!
interface GigabitEthernet2/0/12
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 channel-group 12 mode on

interface GigabitEthernet2/0/13
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/14
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/15
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/16
 switchport access vlan 53
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface TenGigabitEthernet2/0/1
!
interface TenGigabitEthernet2/0/2
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
!
interface Vlan52
 ip address 192.168.52.254 255.255.255.0
!
interface Vlan50
 ip address 192.168.50.254 255.255.255.0
!
interface Vlan51
 ip address 192.168.51.254  255.255.255.0
!
interface Vlan53
 ip address 192.168.53.254   255.255.255.0
!
ip default-gateway 192.168.50.1
ip http server
ip http secure-server

ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 8.8.8.8 255.255.255.255 192.168.1.1
ip route 192.168.0.0 255.255.0.0 192.168.1.1
ip route 192.168.0.0 255.255.0.0 192.168.50.1
ip route 192.168.0.0 255.255.0.0 192.168.51.1
ip route 192.168.0.0 255.255.0.0 192.168.53.1
ip route 192.169.0.0 255.255.0.0 192.168.1.1
ip route 192.169.0.0 255.255.0.0 192.168.50.1
ip route 192.169.0.0 255.255.0.0 192.168.51.1
ip route 192.169.0.0 255.255.0.0 192.168.53.1
ip route 200.55.120.21 255.255.255.255 192.168.50.1
ip route 400.60.20.22 255.255.255.255 192.168.1.1
ip route 192.168.25.0 255.255.255.0 192.168.1.1
ip route 192.168.25.0 255.255.255.0 192.168.50.1
ip route 192.168.25.0 255.255.255.0 192.168.51.1
ip route 192.168.25.0 255.255.255.0 192.168.53.1
!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card