We are using Cat2950 24 ports switch & I am wondering it does support the following:
I want to create vLan1 (the default) & assign to it ports from 1 to 16, then create vLan2 & assign to it ports from 17 to 24,
Each vlan shouldn't see the other vlan & should have defferent IP range.
I couldn't do this Cat2950 supports one managemetn IP which is already set to vlan1.
is this possible to do it or it's the layer 2 limitation, should I move to layer 3 switch or there is a work around to isolate the 2 vlans.
Hi Ahmad, on a layer 2 switch, the IP address is only for management. The relevance of having an IP address on the switch interface for your scenario is unknown. It simply sounds like you want an IP on the interface to have an IP on the interface?
All layer 2 vlans are isolated as it is. Only a layer 3 device or router would permit the inter-vlan communication. You may assign any IP address you like to a computer in the same VLAN, as long as those computers have the same IP subnet they will communicate. Quite factually, even if you have lets say 192.168.1.1 for management on vlan 1, you should be able to assign lets say 172.25.100.1 and 172.25.100.2 to two computers on a vlan 1 port and have no problems for them to communicate but they wouldn't be able to manage the switch.
Please rate helpful posts
Thanks for ur reply.
My problem is not with management ip or managing the switch
1) My problem is I'm trying to create 2 vlans with deferent IP address and do some setup to avoid these 2 vlans from seeing each other, this is high risk again they shouldn't see each other in any way!
2) In the same time this cat2950 connected to a pix firewall
3) these 2 vlans should utilize the Internet from the same connection
Sent from Cisco Technical Support iPhone App
The IP interface for the switch is not relevant. The configuration of the PIX is. A layer 2 switch does not support intervlan communication. The layer 3 device (PIX in this scenario) allows the intervlan communication. Once you configure the trunk between the PIX, you need to configure the PIX to not allow routing between the subnets.
Please rate helpful posts
Tom, I don't think you got my point.
You are saying layer 2 switch doesn't support intervlan .. that is correct!, I don't want the intervlan support.
I need to create 2 vlans (sales & accounts) & give each vlan a defferent ip & I don't want them to communicate with each other ... that is why I don't need the intervlan!
So, how to do this in cat2950 .. can you show some example code plz.
You can try and create the VLAN outright, you could also enter vlan database from global configuration mode and create them that. There are a few different ways to accomplish this.
Once you create the VLAN, assign the IP, and then assign the ports to the appropriate VLAN you should be good to go.
CCNP, CCIP, CCDP, CCNA: Security/Wireless
On a 2950, it as simple as this.
vtp mode transparent
switchport access vlan 10 or 20 --> or whatever vlans you define.
You would then need a trunked line to your pix for internet . Any routing restrictions are done on the firewall .