Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Switch stealing IPs from 3 different VLANs...help!!! 2

Status
Not open for further replies.
Marcimallow

Marcimallow

Technical User
Apr 12, 2005
3
0
0
US
In our class, we had a project to hook up 3 routers and one switch to the third router...I had the fun of the switch...I set up the subinterfaces on the router for the vlans, and then went to set up the switch. When it got to the VLANs I only assigned an IP to VLAN1- Native. It started out as shut down, so I did a no shut, it brought vlan 1 up but took vlan 10 down, so I went to int vlan 10 and did a no shut and when it came up it stole the IP from vlan 1 and shut vlan 1 down, this process continued for about 4 hours and through many reconfigs...even to the point of erase start and reload...does anyone have any idea what is happening??? Thanks for any replys
 
Sort by date Sort by votes
know exactly what happened , you were dealing with a layer 2 only switch . These switches can only have "1" layer 3 address active as this is used to manage the switch only , it has nothing to do with routing , the routing function is done at the layer 3 router level . So to be able to "manage" it you give it an ip address in the address range you pick in whatever vlan you want it vlan 1 or 10 but you can only have 1 ip address on a layer 2 switch , also you would need to put in a default gateway on the switch to get to it . If you need to run multiple vlans to the switch then the router or l2/l3 switch would have to be able to trunk to the layer 2 switch . Any other questions post here , hope this helps ...
 
Upvote 0 Downvote
we had a default gateway on the switch and the subinterfaces on the router, so the switch only had the vlan 1 ip address...when we brought it up however, it would bring one of the other vlans down, and when we brought the other vlan up that is when it would steal the address...so in essence...the switch was letting only one vlan be up at a time...any ideas???
 
Upvote 0 Downvote
on a layer-2 switch the VLAN interface works as management interface and you can only have 1 management interface.

You don't need to "no shut" a VLAN in order to activate the VLAN. You only need to create the VLAN database and assign the VLAN to ports. This is how a layer-2 device works.

And remember that your default route should be pointing to the router on the same management VLAN that you have assign IP address and no-shut or you can only ping the switch within that VLAN.
 
Upvote 0 Downvote
Also if you want to run multiple VLANs on the same port, you'll need to set "VLAN trunking" on that port. And again this has nothing to do with the VLAN ip address and the VLAN interface status on the layer-2 switch
 
Upvote 0 Downvote
we had done the trunking protocol and the encapsulation on the subinterfaces on the routers, and I assigned the different vlans to different ports...my teacher said she had never seen a switch act that way...more help please...
 
Upvote 0 Downvote
Let me sumarize for you.

Q: ... we had a default gateway on the switch
First off, this is incorrect. Your switch is LAYER2. Meaning it cannot understand logical addressing (aka LAYER3). Setting a default gateway on a layer2 switch does nothing... this is not a router.

Q: ... the vlan 1 ip address...when we brought it up however, it would bring one of the other vlans down
This is correct. The only reason your switch even has an IP address is to remotely manage it (aka TELNET <MANAGEMENT IP>). Your switch cannot have more than 1 IP address because the only purpose of the IP is to remotely telnet / ssh in to manage the device.

Routers are layer 3, and understand logical addressing. Switches are layer 2 and only understand MAC address tables. Therefore your switch is only allowed one IP address for the strict privilige of remotly managing the device.

VLANs are virtual networks. As long as the router has subinterfaces for all VLANS created, and the switch has the same VLANs, with ports assigned to it, it will be able to see the router. You do not need to define routes for directly connected networks. Since the switch VLAN10, VLAN20, VLAN30 etc.... is directly connected to the router, it knows where it is at, and how to route to it.

If you run a SHOW IP ROUTE on the router, it will list all your VLANS, with a 'C' for directly connected route. Hope I helped.
 
Upvote 0 Downvote
Phobos1821: "Setting a default gateway on a layer2 switch does nothing... this is not a router."

Hmm without the default gateway on the switch, you can only manage the switch within the same management VLAN. If you want to manage the switch outside of this management VLAN, you'll need a default gateway.

Marcimallow: "my teacher said she had never seen a switch act that way"

Your teacher is not always correct. Even those Cisco documentations have lots of typo...


So if you want to configure a Cisco Catalyst layer-2 switch like 2950 series, you'll need to:

1) decide which VLANs should be present in this switch and create those VLANs
2) assign those VLANs to physical ports according to your needs
3) decide if you want to remotely manage this switch. If yes, then decide which VLAN should be the management VLAN. Say if you want to make VLAN 3 as the MGT VLAN. Then assign an IP address to interface VLAN3 and no-shut it. Then configure the default gateway which belongs to the same VLAN3 so that the switch can reach other networks via this gateway.

These are very basic configurations and there're more than meet the eyes.
 
Upvote 0 Downvote
{we had done the trunking protocol and the encapsulation on the subinterfaces on the routers}

But did you setup trunking on the SWITCH port that is connected to the router??
 
Upvote 0 Downvote
You will only need to do the "no shut" command on the vlan that you have assigned the IP address to and plan to use as the mngmt vlan. The other vlans will show admin down. They are supposed to for a layer 2 image. As long as you added the ports to the vlan, they should be working. Remember, they WILL show Admin Down. That is normal.
 
Upvote 0 Downvote
I had a similar problem the other day, happily created 3 VLANs and assigned ports etc, then promptly lost all telnet connectivity. From these posts it would appear it was because I had everything on VLAN 2 and I noticed the mgmt VLAN was 1 (from a consol connection). Makes sense but completly confused me at the time! Just to confirm, I need to change the mgmt to 2 and all should be ok? Router, PC's etc are on VLAN 2, VLAN 3 and 4 are empty so far. I could get to internet, other PC's etc but not the switch.
 
Upvote 0 Downvote
You should be okay when you change mgmt to vlan2. Just be sure to shut down vlan 1. If someone accidently reenables vlan1, it'll take over as management vlan always.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
106
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
125
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
110
Hayden09
Hayden09
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
90
BIS
BIS
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
43
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top