cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
957
Views
0
Helpful
5
Replies

VLAN routing query in Cisco 3560 switch with IOS 12.2.55

puneitsupport
Level 1
Level 1

Hello,

I am having Cisco 5510 ASA where I have created vlans.

Using 3COM 4500 switch to terminate thsoe vlans.

I want to replace 3COm switch with Cisco 3560 switch.

I created vlans & trunk ports. [ using siwtch port access,trunk port command,no shut, encapsulation used for trunk. ]

Nothing else.

Now the problems are

Subnets are not able to talk with each other

Subnets are unable to take IP from DHCP server on ASA

What addition commands I need to use in Cisco switch so that all subnets can talk each other?

In 3COM switch I can see some routing entries. Not sure how can I add thsoe entries in Cisco switch via command line.

I haven't worked on Cisco switch since long time.

Any help with detail commands which I need to use in Cisco switch so that all vlans can to each other?

I can not do any modifications in ASA as of now.

5 Replies 5

Steve Fuller
Level 9
Level 9

Hi,

If the 3COM 4500 series switch is/was doing the routing you'll likely have to create Switch VLAN Interface (SVI) with the interface vlan com mand, and then add the IP address, DHCP helper address etc., within interface vlan context.

!

interface vlan

no shut

ip address

ip helper-address

!

You're likely to need a routed connection to the Cisco ASA and some form of routing for the address of the DHCP server.

If you're able to post the configuration from the 3COM switch we can probably figure out exactly what the configuration for the Catalyst 3560 switch should be.

Regards

Here you go.

Rather than try to figure this out from the screenshots, are you able to telnet/SSH into the 3COM switch and post the output of the display current-configuration command?

Regards

Here you go  >>>

[4500]display current-configuration

#

private-group-id mode standard

#

local-server nas-ip 127.0.0.1 key 3com

#

domain default enable system

#

igmp-snooping enable

#

undo password-control aging enable

undo password-control length enable

password-control login-attempt 3 exceed lock-time 120

#

radius scheme system

#

domain system

#

local-user admin

service-type ssh telnet terminal

level 3

local-user manager

service-type ssh telnet terminal

level 2

local-user monitor

service-type ssh telnet terminal

level 1

#

acl number 4999

rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff

#

vlan 1

igmp-snooping enable

#

vlan 2

#

vlan 7

#

vlan 10

#

vlan 20

#

vlan 192

#

vlan 193

#

interface Vlan-interface1

ip address dhcp-alloc

#

interface Vlan-interface2

ip address 193.168.1.150 255.255.255.0

#

interface Vlan-interface10

ip address dhcp-alloc

#

interface Vlan-interface20

ip address dhcp-alloc

#

interface Aux1/0/0

#

interface Ethernet1/0/1

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 2

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/2

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/3

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/4

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/5

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 192

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/6

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/7

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 20

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/8

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 193

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/9

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 7

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/10

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 10

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/11

stp edged-port enable

port link-type trunk

port trunk permit vlan 1 7 10 20 192 to 193

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/12

stp edged-port enable

port link-type trunk

port trunk permit vlan 1 7 10 20 192 to 193

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/13

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 2

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/14

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/15

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/16

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/17

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/18

stp edged-port enable

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/19

stp edged-port enable

duplex half

speed 10

broadcast-suppression PPS 500

priority trust

port isolate

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/20

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 193

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/21

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 7

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/22

stp edged-port enable

broadcast-suppression PPS 500

priority trust

port access vlan 10

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/23

stp edged-port enable

port link-type trunk

port trunk permit vlan 1 7 10 20 192 to 193

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/24

stp edged-port enable

port link-type trunk

port trunk permit vlan 1 7 10 20 192 to 193

broadcast-suppression PPS 500

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface GigabitEthernet1/0/25

port link-type trunk

port trunk permit vlan 1 7 10 20 192 to 193

flow-control

broadcast-suppression PPS 500

shutdown

#

interface GigabitEthernet1/0/26

broadcast-suppression PPS 500

shutdown

#

interface GigabitEthernet1/0/27

port link-type trunk

port trunk permit vlan 1 7 10 20 192 to 193

flow-control

broadcast-suppression PPS 500

#

interface GigabitEthernet1/0/28

broadcast-suppression PPS 500

#

sysname 4500

undo xrn-fabric authentication-mode

#

interface NULL0

#

ip route-static 192.168.1.0 255.255.255.0 192.168.1.70 preference 60

ip route-static 192.168.1.0 255.255.255.0 192.168.1.90 preference 60

ip route-static 192.168.1.0 255.255.255.0 192.168.1.60 preference 60

#

snmp-agent

snmp-agent local-engineid 8000002B0016E0CC55406877

snmp-agent community read public

snmp-agent community write private

snmp-agent sys-info version all

#

user-interface aux 0 7

authentication-mode scheme

user-interface vty 0 4

authentication-mode scheme

#

return

[4500]

Hi,

If you already have your ports configured as access or trunk ports, then the main change would be the addition of the VLAN interfaces as follows:

!

interface vlan 2

no shut

ip address 193.168.1.150 255.255.255.0

!

interface vlan 10

no shut

ip address dhcp

!

interface vlan 20

no shut

ip address dhcp

!

Some additional commands that may be of use:

  • Use storm-control broadcast level pps 500 in place of broadcast-suppression PPS 500
  • Use spanning-tree portfast (on access ports) and spanning-tree portfast trunk (on trunk ports) in place of stp edged-port enable

Regards

Review Cisco Networking for a $25 gift card