Re: VLAN configuration on SGE2010

vijaykhapekar · ‎05-29-2012

Hello,

I have a hybrid kind of network. I want to create create two VLANs on Cisco SGE2010 so that these two VLANs should not talk each other but at the same time they are able to talk Domain controllers, DHCP and other servers which are on other switches.

I am able to create two separate VLANs but they stop talking with other servers(DC, DHCP, etc) which are on another switch.

Please help for configuring this setup.

Thanks,

Vijay Khapekar.

Yassin Alizadeh Golbazi · ‎05-29-2012

Hi

You have to creat 3 vlan and inter vlan routing for communicating between vlan. If you want use acl to control trafic between vlans

Sent from Cisco Technical Support iPad App

vijaykhapekar · ‎05-29-2012

Thanks for quick reply.

I forgot to tell you that other servers(DC, DHCP) resided on HP and nortel switches which are managed switches but i have not configured them. So now servers are connected to default VLAN of respective switches. Does this difference ?

The setup is like this,

I have configured two VLANs - 100 and 200. I have configured g3 port in 100 VLAN as untagged member and g37 port in 200 VLAN as untagged member. Now they don't talk each other which is my requirement. Now I want to talk these two VLANs members with DHCP, DC which are on HP/nortel switches.

It would be great if you give me some direction to achieve this setup.

Thanks.

Yassin Alizadeh Golbazi · ‎05-29-2012

These are not important.

You must creat one svi for each vlan and run routing between this SVIs

Sent from Cisco Technical Support iPad App

bagganitin · ‎05-29-2012

Hi Vijay,

If you want two vlans not to communicate with each other and you have SVIs created on the switch.

you can filter the traffic between these two vlans.

Vlan 50 - 192.168.10.0/24

VLan 60- 192.168.20.0/24

Assume vlan 50 60 should not commucate with each other..I think the following strategy should work.

int vlan 50

ip add 192.168.10.1 255.255.255.0

int vlan 60

ip add 192.168.20.1 255.255.255.0

access-list 111 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 111 permit any any

int vlan 50

ip access-group 111 in

Let me know how this works.

Yassin Alizadeh Golbazi · ‎05-29-2012

Hi

For this type of networks is better that you use private vlan

In this type of vlan first you creat a primary vlan and thats associated secondaries

Then you have to specify ports

For server's ports you can use promiscuous port and for other 2 ports you can use 2 community vlan

If you need more information let me know

Sent from Cisco Technical Support iPad App

vijaykhapekar · ‎05-30-2012

Hello Yasin,

It will be great help if you can tell me how to create promiscuous port and community vlan as I dont see these options in SGE2010 cisco switch.

Thanks.

vijaykhapekar · ‎05-30-2012

Hi Nitin,

Thanks for the reply.

I don't think SGE2010 have option to enter commandes you mentioned. Please let me know if this option is available in web interface.