Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
5
Replies

Help with starting a VLAN implementation

bhoops
Level 1
Level 1

‎01-08-2007 11:33 AM - edited ‎03-05-2019 01:39 PM

Our network is currently all a single subnet with two 3550 and one 3524XL switches, as well as an ICS-7750 VoIP system. Our default gateway is a 515 Pix.

I would like to implement VLANs - probably users, voice, a WLAN guest for internet only, and a WWAN. DHCP server is Windows.

From here I know that I'll need a router, but I would like advice as to which. I think I have enough sample documentation to get it from there, however if what I have planned isn't possible I would like advice on a revised plan.

Thanks for any direction that can be provided!

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎01-08-2007 04:19 PM

Hello Brian,

What software version are you running on the 3550 ?? Is it EMI or SMI ?? If it is EMI, the 3550 can support the Intervlan routing. You do not need an external router for this. Incase, it is SMI, & if you have an IOS more than 12.1(11) EA1, you can run Intervlan routing. Its always good to have a Layer 3 switch which does the L3 routing between VLANs, since you can have more control of the traffic flowing through it. You can also implement stuffs like HSRP on these core switches and give a higly available design.. Have a look at this doc, which can help you in Inter-vlan routing:

http://cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

You can implement VLANs on the core and configure it as a VTP server. The edge switches can be configured as clients or transparent mode.

You can implement different kinds of VLANs. I guess u have all the config docs on CCO. For WLAN guests, you can manually configure the Guest VLAN on the interface or use some kinda ACS authentication server for automatic allocation of VLAN through DOT1X protocol. So, your case it would be straight forward for the other VLANs --- go to the vlan database, add the VLAN, assign the VLAN on the interface, define Layer 3 VLAN interface if required and finish it off. For more security, u can configure VLAN ACL's on the Layer 3 interface to restrict traffic between VLANs.

Hope this helps. all the best.. rate replies if found useful.

Raj

0 Helpful

bhoops
Level 1
Level 1
In response to sachinraja

‎01-10-2007 12:06 PM

Thank you for the information. Based on the info you provided, I took another look at my current configuration and realized that the routing worked, but only if I am plugged in to one of the 3550s.

If I change the VLAN access on a port on the 3524 I cannot access the other LANs, which is why I was thinking a router was necessary. Should the 3550 be able to route these as well?

Also, when pinging accross VLANs many of the packets are dropped. How would I go about troubleshooting this as well?

Thanks for any information you can provide!

0 Helpful

MUHAMMAD SHAHEEN
Level 4
Level 4
In response to bhoops

‎01-10-2007 02:08 PM

Hi,

Check you have C3550 setup VTP server with domain name

Check C3524 is setup as client with correct Domain name as C3550

make sure the connection betwen both switches is set as Dot1Q trunk (both ends)

Your Vlans and SVI interfaces should be configured on C3550 with corresponding Ip addresses and are not shutdown

ensure "ip routing" is confgured on C3550 to perform Vlan routing.

If you still get a problem then please share your configs and topology so we can be more specific to help. When posting configs don't forget to remove passwords and change IP addresses in your config info.

HTH

Shaheen

0 Helpful

bhoops
Level 1
Level 1
In response to MUHAMMAD SHAHEEN

‎01-11-2007 01:20 PM

Well, I found one problem which was that I didn't set the IP helper-address so the clients couldn't register with DHCP. Now that that is fixed, clients can connect, however there are some additional problems.

-Only VLAN1 can view internet through the Pix. Only VLAN1 can ping pix.

-VTP appears configured properly, but changes aren't replicated to the client switches. Am I misunderstanding this feature?

-VLAN20 often gets assigned IP address from the VLAN1 scope. Devices are still showing as registered in VLAN20, but assigned a 10.36.x.x address.

-Still timing out on pings. VLAN20 usually succeeds with the first couple pings, then times out on the rest with a sporadic success here and there. VLAN44 usually times out on the first few pings, but is successful from there on out.

I have attached my configurations. I feel I must be missing something simple.

Preview file
3 KB
0 Helpful

sachinraja
Level 9
Level 9
In response to bhoops

‎01-10-2007 03:22 PM

Agree with shaheen. you need to set the correct configs for the trunk, VTP, ip routing etc, to make this work.. also provide the correct def gateways for the PC's .. once this is setup right, u can cmmunicate between VLANs without any pakcet drop.. let us know if you need any more help in this.

Raj

0 Helpful
Customers Also Viewed These Support Documents