Issue creating a VLAN on a Switchport connected to a wireless bridge. 1

[dannyyo]

I am in the process of planning and designing a vlan infrastructure and I am wondering how to configure one of the ports on the switch. This one port on the switch is connected to a wireless bridge and communicates across the street to another building with a wireless bridge. There the wireless bridge is connected to a switch and the VOIP phones and the computers are connected to this switch. The switches at both buildings are Cisco 3560 POE switches. I'd liked to create a VLAN that separates the ip phone and data. How would I configure the local port on the switch that's connected to the wireless bridge? I thought maybe it'd be a trunk, but it's not being connected to a router.

Hope someone can help me...thanks in advance.

 

[jpm121]

You seem to be having some terminology issues, if it's just me misunderstanding then I apologize.

You will have multiple VirtualLANs, like one for voice, data, management, etc. Each of those will be assigned a VLAN ID.

When multiple VLANs travel over a single switch port, you have a VLAN trunk. That's how you'll move the data between buildings.

 

[dannyyo]

jpm121,

Thanks for your response. I did more reading and yes VLAN Trunk is what I need to configure. It's more clear to me now. Each port can either be an "Access Link" or a "Trunk".

 

[dannyyo]

Now I have another question regarding VLAN. I have created a lab consisting of 2 cisco switches. I configured VTP server on switch #A and VTP client on switch #B. And I enabled routing on switch #A. I created 4 vlans. 2 vlans for each switches and a "Trunk" to connect the switches together. I can telnet into switch #A, but how do I telnet into switch #B? Let me rephrase the question. How do I configure switch #B, so that I can telnet into it?

 

[vipergg]

Just create a SVI with a default gateway in switch b in the vlan you want to manage the switch in , same way you did for switch a . This is just to manage the switch and does no routing .

 

[dannyyo]

But if I have a VTP Domain configured with Switch A being the server and B as Client, there is no option to configure SVI on the B Switch. Unless I'm not doing it right.

 

[burtsbees]

Also, when you say that you wanted to create the trunk to the wlan, but it goes to no router---those 3560's are layer 3 switches---they route their own vlans...
switchport mode trunk

make sure you have
ip routing
in there also so that it CAN route...

Burt

 

[dannyyo]

In my test lab, I was able to get everything working once I enabled VTP. However, today I reset everything back to start from a clean slate. Also I do not want to get this working w/o using VTP.


Vlan 10 Vlan 20 Vlan 30 Vlan 10
---------------------- -------------------
| cisco 3750G x | | cisco 3560 x|
---------------------- -------------------

excuse my drawing here, but that about best I can do. So I have 2 switches and I congifured 2 vlans on each switch. I create a trunk using port "x" on each box.

switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan all

And I also enabled IP routing on the 3750G switch.

First, I can ping from Vlan 10 to Vlan 20 within the 3750G switch.
Secondy, a pc on vlan 10 on the 3560 switch I can ping a pc on vlan 10 on the 3750G Switch. So I know the switches are talking to each other.
Finally, the problem is from a PC on vlan 30 trying to ping another pc on vlan 10 or vlan 20.

I shouldn't have to enable ip routing on both switches right? I'll post the config if anyone wants to view it.

Thanks.

 

[vipergg]

Did you set a SVI and layer 2 vlan on the 3750 for vlan 30 . Without that you won't be able to talk between vlan 30 and the other 2 vlans because the 3750 is doing the routing . You do not need ip routing active on the 3560 to route between the vlans if the trrunk is correct and you have all 3 vlans both layer 2 and the layer SVI's defined on the 3750.

 

[dannyyo]

vipergg,

Thank you. I was confused as to where I should create the SVI and give it the IP address, but now it's clear to me.

I already had vlan 30 on the 3750, but I haven't assigned an IP address. So I assigned an IP address to it and voila...works like a charm. Other thing I did was give vlan 30 a ip address on 3560 so that I can manage it remotely.

Any how, it makes more sense to me now.

One final question. If one of the ports on the 3750 ought to be connected to a cisco router that goes out to WAN. Do I configure the port on the switch as just an "access link" port? I guessing yes, since no VLAN info is crossing the WAN. Can you confirm?

Thanks a bunch.

 

[jpm121]

If you want all your VLANs to be able to send traffic out the WAN, it should be a trunk port. On your router, you'd create sub-interfaces on the LAN interface for each VLAN

interface FastEthernet0/0.3
description DATA
encapsulation dot1Q 3
ip address 192.168.60.2 255.255.255.0

interface FastEthernet0/0.4
description VOICE
encapsulation dot1Q 4
ip address 172.16.60.254 255.255.255.0

The WAN port of the router will, of course, not have any VLAN stuff associated with it.

 

[vipergg]

As long as the address space that the link is using falls under one of your configured SVI ranges then just put that port into that vlan as a access port . If you have a separate address range for that link /30 you could just make the port a "routed" port with the ip address on that port. How is the wan being used to get to the rest of the company ? Any dynamic routing protocols being used?

 

[dannyyo]

But what would be the point of configuring sub-interfaces on the WAN router if I enabled "IP routing" on the 3750 switch so that I wouldn't have to use sub-interfaces on the WAN router? Am I missing something? If the WAN eth port is connected to a say one of the vlan ports, then it'd be able to ping everything on that vlan as well as other pc's on the other vlan's since the vlan routing is done on the 3750 right? Thus this WAN router shouldn't have to be a TRUNK, being an access-link should suffice shouldn't it???

 

[vipergg]

That is correct if the wan router is hooked to the 3750 on a common subnet . What kind of routing is the wan router doing though , are you running dynamic routing protocols on there ? If not then you would need static routes pointing to your subnets on that connecting link , if you are running dynamic routing <ospf,eigrp etc..> then it will automatically know where to go . The connecting link does not need to be a trunk if you are going to route on the 3750.

 

[dannyyo]

I'm running ospf on the WAN router, but I have not configured it for the 3750. Should I be running OSPF on the 3750 as well?

 

[vipergg]

If that connects to the rest of the network then yes you should run ospf on the 3750 if it has the correct IOS image. It would need the enterprise version of IOS to support that , base version does not support ospf.

 

[jpm121]

Sorry for the confusion, we're running SMI on our 3500-series switches so I've gotten used to using sub-interfaces. Carry on!

 

[dannyyo]

vipergg,

I did what you suggested, but I still have an issue pinging from a pc connected to the 3560 to the wan router. This vlan can really get hairy. I think I may have some issue with the default gateway. Now I wonder if it's easier just to keep all the routing within the actual router and use the subinterfaces like jmp121 suggested. Then again, I am so close to getting this thing working the way it should.

 

[dannyyo]

Geez...the problems don't end. So now I've taken a different approach. Instead of having routing done on the 3750 switch, I made the WAN router do all the routing for the VLAN as well. Much cleaner and everything works beautifully. Except 1 thing. On one of the VLANs on the 3750 I gave it an IP address so that I could telnet into it and manage it. From any VLAN I can telnet into it, but from the other side of the WAN it doesn't work. It's really odd because from the other side of the WAN I can get to any of the PC's on any vlan on the 3750. Have you guys experienced something like this??? Functionality wise every thing is fine, I just won't be able to manage vlan from a remote WAN site.

 

[vipergg]

Sounds like you are missing the default gateway on the 3750 or the default static route.