Re: Creating Vlans on Cat2950 Switch

adsc · ‎10-30-2012

Dear All,

We are using Cat2950 24 ports switch & I am wondering it does support the following:

I want to create vLan1 (the default) & assign to it ports from 1 to 16, then create vLan2 & assign to it ports from 17 to 24,

Each vlan shouldn't see the other vlan & should have defferent IP range.

I couldn't do this Cat2950 supports one managemetn IP which is already set to vlan1.

is this possible to do it or it's the layer 2 limitation, should I move to layer 3 switch or there is a work around to isolate the 2 vlans.

Regards.

Tom Watts · ‎10-30-2012

Hi Ahmad, on a layer 2 switch, the IP address is only for management. The relevance of having an IP address on the switch interface for your scenario is unknown. It simply sounds like you want an IP on the interface to have an IP on the interface?

All layer 2 vlans are isolated as it is. Only a layer 3 device or router would permit the inter-vlan communication. You may assign any IP address you like to a computer in the same VLAN, as long as those computers have the same IP subnet they will communicate. Quite factually, even if you have lets say 192.168.1.1 for management on vlan 1, you should be able to assign lets say 172.25.100.1 and 172.25.100.2 to two computers on a vlan 1 port and have no problems for them to communicate but they wouldn't be able to manage the switch.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

adsc · ‎10-30-2012

Hi Tom
Thanks for ur reply.

My problem is not with management ip or managing the switch
1) My problem is I'm trying to create 2 vlans with deferent IP address and do some setup to avoid these 2 vlans from seeing each other, this is high risk again they shouldn't see each other in any way!

2) In the same time this cat2950 connected to a pix firewall

3) these 2 vlans should utilize the Internet from the same connection

Sent from Cisco Technical Support iPhone App

Tom Watts · ‎10-30-2012

The IP interface for the switch is not relevant. The configuration of the PIX is. A layer 2 switch does not support intervlan communication. The layer 3 device (PIX in this scenario) allows the intervlan communication. Once you configure the trunk between the PIX, you need to configure the PIX to not allow routing between the subnets.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

adsc · ‎10-31-2012

Tom, I don't think you got my point.

You are saying layer 2 switch doesn't support intervlan .. that is correct!, I don't want the intervlan support.

I need to create 2 vlans (sales & accounts) & give each vlan a defferent ip & I don't want them to communicate with each other ... that is why I don't need the intervlan!

So, how to do this in cat2950 .. can you show some example code plz.

SOcchiogrosso · ‎10-31-2012

Try this link: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swvlan.html

You can try and create the VLAN outright, you could also enter vlan database from global configuration mode and create them that. There are a few different ways to accomplish this.

Once you create the VLAN, assign the IP, and then assign the ports to the appropriate VLAN you should be good to go.

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/

glen.grant · ‎10-31-2012

On a 2950, it as simple as this.

conf t

vtp mode transparent

vlan10

vlan 20

exit

interface x/x

switchport access vlan 10 or 20 --> or whatever vlans you define.

You would then need a trunked line to your pix for internet . Any routing restrictions are done on the firewall .