04-13-2013 04:07 AM - edited 03-07-2019 12:47 PM
Hello,
I am having Cisco 5510 ASA where I have created vlans.
Using 3COM 4500 switch to terminate thsoe vlans.
I want to replace 3COm switch with Cisco 3560 switch.
I created vlans & trunk ports. [ using siwtch port access,trunk port command,no shut, encapsulation used for trunk. ]
Nothing else.
Now the problems are
Subnets are not able to talk with each other
Subnets are unable to take IP from DHCP server on ASA
What addition commands I need to use in Cisco switch so that all subnets can talk each other?
In 3COM switch I can see some routing entries. Not sure how can I add thsoe entries in Cisco switch via command line.
I haven't worked on Cisco switch since long time.
Any help with detail commands which I need to use in Cisco switch so that all vlans can to each other?
I can not do any modifications in ASA as of now.
04-13-2013 07:23 AM
Hi,
If the 3COM 4500 series switch is/was doing the routing you'll likely have to create Switch VLAN Interface (SVI) with the interface vlan com mand, and then add the IP address, DHCP helper address etc., within interface vlan context.
!
interface vlan
no shut
ip address
ip helper-address
!
You're likely to need a routed connection to the Cisco ASA and some form of routing for the address of the DHCP server.
If you're able to post the configuration from the 3COM switch we can probably figure out exactly what the configuration for the Catalyst 3560 switch should be.
Regards
04-13-2013 08:00 AM
Here you go.
04-14-2013 01:11 AM
Rather than try to figure this out from the screenshots, are you able to telnet/SSH into the 3COM switch and post the output of the display current-configuration command?
Regards
04-17-2013 04:23 AM
Here you go >>>
[4500]display current-configuration
#
private-group-id mode standard
#
local-server nas-ip 127.0.0.1 key 3com
#
domain default enable system
#
igmp-snooping enable
#
undo password-control aging enable
undo password-control length enable
password-control login-attempt 3 exceed lock-time 120
#
radius scheme system
#
domain system
#
local-user admin
service-type ssh telnet terminal
level 3
local-user manager
service-type ssh telnet terminal
level 2
local-user monitor
service-type ssh telnet terminal
level 1
#
acl number 4999
rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
#
vlan 1
igmp-snooping enable
#
vlan 2
#
vlan 7
#
vlan 10
#
vlan 20
#
vlan 192
#
vlan 193
#
interface Vlan-interface1
ip address dhcp-alloc
#
interface Vlan-interface2
ip address 193.168.1.150 255.255.255.0
#
interface Vlan-interface10
ip address dhcp-alloc
#
interface Vlan-interface20
ip address dhcp-alloc
#
interface Aux1/0/0
#
interface Ethernet1/0/1
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 2
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/2
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/3
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/4
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/5
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 192
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/6
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/7
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 20
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/8
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 193
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/9
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 7
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/10
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 10
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/11
stp edged-port enable
port link-type trunk
port trunk permit vlan 1 7 10 20 192 to 193
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/12
stp edged-port enable
port link-type trunk
port trunk permit vlan 1 7 10 20 192 to 193
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/13
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 2
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/14
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/15
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/16
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/17
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/18
stp edged-port enable
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/19
stp edged-port enable
duplex half
speed 10
broadcast-suppression PPS 500
priority trust
port isolate
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/20
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 193
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/21
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 7
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/22
stp edged-port enable
broadcast-suppression PPS 500
priority trust
port access vlan 10
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/23
stp edged-port enable
port link-type trunk
port trunk permit vlan 1 7 10 20 192 to 193
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/24
stp edged-port enable
port link-type trunk
port trunk permit vlan 1 7 10 20 192 to 193
broadcast-suppression PPS 500
priority trust
packet-filter inbound link-group 4999 rule 0
#
interface GigabitEthernet1/0/25
port link-type trunk
port trunk permit vlan 1 7 10 20 192 to 193
flow-control
broadcast-suppression PPS 500
shutdown
#
interface GigabitEthernet1/0/26
broadcast-suppression PPS 500
shutdown
#
interface GigabitEthernet1/0/27
port link-type trunk
port trunk permit vlan 1 7 10 20 192 to 193
flow-control
broadcast-suppression PPS 500
#
interface GigabitEthernet1/0/28
broadcast-suppression PPS 500
#
sysname 4500
undo xrn-fabric authentication-mode
#
interface NULL0
#
ip route-static 192.168.1.0 255.255.255.0 192.168.1.70 preference 60
ip route-static 192.168.1.0 255.255.255.0 192.168.1.90 preference 60
ip route-static 192.168.1.0 255.255.255.0 192.168.1.60 preference 60
#
snmp-agent
snmp-agent local-engineid 8000002B0016E0CC55406877
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
user-interface aux 0 7
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return
[4500]
04-17-2013 09:53 AM
Hi,
If you already have your ports configured as access or trunk ports, then the main change would be the addition of the VLAN interfaces as follows:
!
interface vlan 2
no shut
ip address 193.168.1.150 255.255.255.0
!
interface vlan 10
no shut
ip address dhcp
!
interface vlan 20
no shut
ip address dhcp
!
Some additional commands that may be of use:
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide