Cisco 2950 VLAN setup

What kind of Router does the T1 terminate into ?

 

Cisco 1721

There are currently setup with muliple vlans sharing on T1. There router is failing so we have to basicaly have to setup things the way they were and add a few new vlans

 

Right then here it goes.

Firstly you will need to do one of a few things

Firstly configure the CLIENT ports as above.

So each company will have there own individual port.

Next you will need to configure one port as a TRUNK port on the switch and router. This port will require ISL configuring on it. On the router you will need to configure a number of sub-interfaces (logical not physical) on the one physical port that connects the router to the switch. You will need one sub interface per VLAN.

I hope this helps.

If not get me the config off the 1700 through capturing a "show run" and i'll write the config for you and an explanation.

 

I'll get back to you Monday

Thanks

 

The reason that I am asking for teh running config off the 1700 is if teh VLANS will interfere with any existing config also get the IP addressing scheme that is going to be employed.

 

The best reason! I can't argue with that.

 

Here is the current vlan setup:

CCBX-2950-A(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 11
Name: lantech-outer
Media Type: Ethernet
VLAN 802.10 Id: 100011
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 12
Name: lantech-inner
Media Type: Ethernet
VLAN 802.10 Id: 100012
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 13
Name: ccbe
Media Type: Ethernet
VLAN 802.10 Id: 100013
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 14
Name: cust1
Media Type: Ethernet
VLAN 802.10 Id: 100014
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 15
Name: cust2
Media Type: Ethernet
VLAN 802.10 Id: 100015
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 16
Name: VLAN0016
Media Type: Ethernet
VLAN 802.10 Id: 100016
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 17
Name: VLAN0017
Media Type: Ethernet
VLAN 802.10 Id: 100017
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 1003
Name: token-ring-default
Media Type: Token Ring
VLAN 802.10 Id: 101003
State: Operational
MTU: 1500
Maximum ARE Hop Count: 7
Maximum STE Hop Count: 7
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 1004
Name: fddinet-default
Media Type: FDDI Net
VLAN 802.10 Id: 101004
State: Operational
MTU: 1500
STP Type: IEEE
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

VLAN ISL Id: 1005
Name: trnet-default
Media Type: Token Ring Net
VLAN 802.10 Id: 101005
State: Operational
MTU: 1500
STP Type: IBM
Backup CRF Mode: Disabled
Remote SPAN VLAN: No

 

CCBX-2950-A#show run
Building configuration...

Current configuration : 2054 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CCBX-2950-A
!
no logging console
enable password 7 00071B07160C0703
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description - PIX 501 - 206.80.25.34/28
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/2
description - PIX 501 - 192.168.1.1/24
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/3.1
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 14
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 16
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 17
switchport mode access
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport access vlan 13
switchport mode access
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan13
ip address 192.168.1.248 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
password 7 060506324F41
login
line vty 5 15
login
!
!
end

 

That configuration is the config off a switch not a router ? Also was that running config taken after the show VLAN was taken ?

 

The old 2950

 

Well if al you are doing is a straight hardware swap out then just copy and paste that config and all should work as it did before.

 

I will, but I need to add a few vlans as well

 

Ok then, now it all makes sense. Are they new companies or existing ones ?

 

Paul, since you seem to be somewhat more familiar with VLAN business than most of us, I have a query for you. I have read that for switching betwen 2 VLAN's you require a L3 switch. Is this correct ?

 

No this is not true you require a L3 device as the VLANS will be on different subnets. A L2 switch with a router will do the same job but they both have to support VLAN. Depending upon your application will depend upon what is required if you need any more help tell me more about the setup and the reasons for VLAN implementation.

 

A L2 switch with VLAN capability would do the job (no router) ?

Just curious. Haven't implemented VLAN's yet and wouldn't start in hurry unless I know what I am doing & why I am doing it.

 

VLANS seperate ports logically. If you need to route between VLANS then you need to use a router.

 

You might want to ask the questions:
Why are they insisting on Vlan?
How much traffic is going to be on these devices?

Vlans are essentially used to break up broadcast domains and institute a basic amoun of network security. If you group employees by department you can limit a departments access to resources by creating an access control list based on their subnet, among other things.

In a small office, they're not usually that necessary, and in a bigger office, I'd hope they could swing slightly better equipment (you can get 2600 series routers new for $300 on ebay)

Luckily the 1721 will actually work for this, but its not a very beefy router. Enabling a lot of vlans on it will really strap its resources. Essentially any traffic from one vlan destined for another travels to the switch then out to the router, then back to the switch to the proper vlan. Conveniently this is the focus of my entire semester at college right now

Your vlans appear to be set up fine. If you enable trunking on the port connected to the router:
switchport mode trunk
switchport trunk encapsulation dot1q

then on the routers main interface:
no shut the interface, and then create subinterfaces like this:
int fa0/0.11
this wil be the logical interface for vlan 11. its good to number your subinterfaces the number of the vlan they are, helps to organize them.
use the command:
encapsulation isl (or dot1q, the 2600s use dot1q, the 1900s use isl, not sure what the 1700s use)
ip address x.x.x.x. m.m.m.m

this address will become the gateway for all hosts on that subnet.

Then set them up with whichever routing protocol you're using and you should be good to go.

the main interface may require you put in an IP prior to configuring subinterfaces, just put in a regular one (normally matching vlan 1s subnet, as this is the management subnet)