Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating 2nd VLAN on four Cisco 3560's

Status
Not open for further replies.
Parkermc

Parkermc

Programmer
Mar 25, 2007
2
US
Hi all,
I have four 3560G's on my LAN which run our production environment/domain from the default VLAN 1. The ports between the switches which connect each switch to another are trunked. What I'm trying to accomplish here is create another VLAN which is totally separate from the main VLAN 1 so each cannot talk to one another. The default VLAN (or VLAN 1) is 192.168.252.x. The VLAN 2 subnet will be 192.168.250.x.

The 192.168.252.1 gateway you see in the configs is our ISA server which is connected to the outside world. The ISA server is connected to a port on SWITCH-B. Only VLAN 1 should be able to hit the ISA server and Internet.

Here's the layout...

Switch-A:
- Port 49 trunked to port 49 on Switch-C
- VLAN 1 192.168.252.51
- VLAN 2

Switch-B:
- Port 49 trunked to port 50 on Switch-C
- VLAN 1 192.168.252.52
- VLAN 2

Switch-C:
- Port 49 trunked to port 49 on Switch-A
- Port 50 trunked to port 49 on Switch-B
- Port 51 trunked to port 49 on Switch-D
- VLAN 1 192.168.252.53
- VLAN 2 192.168.250.53

Switch-D:
- Port 49 trunked to port 51 on Switch-C
- VLAN 1 192.168.252.54
- VLAN 2

Is it possible to have a client on Switch-A talk to a client on Switch-D from VLAN 2 without clients from VLAN 1 and VLAN 2 being able to talk each other? Basically, I would like for the 252 subnet (VLAN 1) to be on one domain and the 250 (VLAN 2) be on another domain and not see each other.

I've attached a URL to the config's for each switch for review.

Thank you for helping me with my issues.

 
Sort by date Sort by votes
Just create a layer 2 vlan for vlan 2 and allow it across your trunks . If you do
"not" create a layer 3 SVI for vlan 2 it cannot talk to vlan 1 . On all your switches,do the following. You should not need any layer 3 info if you only destination will be devices on the same vlan . If you trunk vlan 2 to all your switches then anyone in vlan 2 on any of the 4 switches should be able to talk to anyone else in vlan 2.

conf t
vlan 2
name 192.168.250.0/24
exit
write mem
 
Upvote 0 Downvote
I think this is what I was missing on the switches. I was missing the "name 192.168.250.0/24" for notifying each switch that VLAN 2 was on the x.x.250.x subnet. Am I correct?

Also, what does the "name" in "name 192.168.250.0/24" do towards the configuration? Just curious as I've never seen/heard this and going to research this now for my knowledge and learning. The last time I worked on Cisco Routers and switches was back in 2001. So, I've definitely missed out on the newer technology from the past few years.

Thank you very much for helping me with my issues. Much appreciated!
 
Upvote 0 Downvote
No the name is just a description of the vlan , nothing else. It is just a description to tell you what the vlan is when you do a show vlan command . If you just create the layer 2 vlan and it is allowed across your trunk you should be fine . If you are running transparent mode then you have to do this manually on each of your switches.

conf t
vlan 2
exit
write mem
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
119
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
443
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
413
madwok
madwok
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
380
Hayden09
Hayden09
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
437
Jared R
Jared R

Part and Inventory Search

Sponsor

Back
Top