need some help from the cisco gurus

[CannonFotter]

First of all I am lost and I need some help.

I have a catalyst 3550 switch(24 port fiber) that I need to set up 2 seperate vlans on. On the first 5 ports I need them to be completely isolated from the other 19. basicly making 2 seperate switches.

How in the Heck do I do this?

Thanks!

 

[Fint]

Are you using the 3550 as a layer 3 switch or as a layer 2 switch? Basically, make your two VLANs, point them to the default gateway, and setup ACLs to block traffic between the VLANs.

 

[Killer69]

Create 2 vlans.

Make the first 5 ports access ports on one vlan, and the other 19 ports access ports on the other vlan.

We usually use Vlan 1 as the management vlan so we put our devices on other vlans like vlan 10, 11, 12 etc.

When you configure your router, do something like this:

configure terminal

interface vlan 10 (command to create vlan 10)
interface vlan 11 (command to create vlan 11)

int range fa0/1 - 5 (select the port range from 1-5)
switchport mode access (make them access ports)
access vlan 10 (vlan they are connected to)

int range fa0/6 - 24
switchport mode access
access vlan 11

That should be all that you need to do.

 

[CannonFotter]

Thanks Killer 69 for the info.

We are using it as a switch.

When I use the "switchport mode access" command I get the following error:
Command rejected: Fa0/5 not a switching port.

Any suggestions?

Thanks for the help. I am an idiot when it comes to cisco programming.

 

[Killer69]

hmmm....I don't think that I have ever seen that before.

My suggestion would be to use the "show run" command and hit return until you can see "interface fastethernet 0/5" and all of the commands under it. If there is anything under that interface that looks out of place get rid of it by going into the configuration command of that interface and typing "no" in front of the text that looks out of place.

ie.

configure terminal

interface fa0/5
no (text of what looks wrong)

Then go back and make it an access port again. I'm not exactly sure what you will see that is messing it up though.

Cisco's website is actually very helpfull with things like this too. Try there - www.cisco.com

 

[SYN ACK]

First of all I am lost and I need some help.

I have a catalyst 3550 switch(24 port fiber) that I need to set up 2 seperate vlans on. On the first 5 ports I need them to be completely isolated from the other 19. basicly making 2 seperate switches.

How in the Heck do I do this?

Thanks!

config t
int vlan 1
int vlan 2
int f0/1
switchport access vlan 1
int f0/2
switchport access vlan 1
int f0/3
switchport access vlan 1
int f0/4
switchport access vlan 1
int f0/5
switchport access vlan 1



---then for the other ports

int f0/6
switchport access vlan 2
int f0/7
switchport access vlan 2

...and so on for the other ports

 

[Blitzrommel]

And are you using VTP?

Just a note, on newer switches, VLAN 1 is reserved for management and is the "default VLAN" -- so essentially, you might just need to make one more. Not sure what your goal is though.

 

[millhouse]

Are you using the 3550 as a layer 3 switch or as a layer 2 switch? Basically, make your two VLANs, point them to the default gateway, and setup ACLs to block traffic between the VLANs.

I hope you are in no way being serious. You dont need to use ACL's to block traffic between VLANS. Thats the whole point of creating VLANS...to isolate network traffic.


Back to CCNA 101 for you!

 

[logo29a]

I hope you are in no way being serious. You dont need to use ACL's to block traffic between VLANS. Thats the whole point of creating VLANS...to isolate network traffic.


Back to CCNA 101 for you!

If you are switching at layer 3, then VLANS can talk via their gateways. In that case, you would need ACL's to restrict traffic.

Back to CCNA 101 for you!

 

[Blitzrommel]

I thought that if you're using a switch at layer 3, that would eliminate a need to have a router to do the communication between VLANs (ie: just set the encapsulation mode)

Otherwise, you need a router to allow VLANs to communicate with each other

 

[logo29a]

I thought that if you're using a switch at layer 3, that would eliminate a need to have a router to do the communication between VLANs (ie: just set the encapsulation mode)

Otherwise, you need a router to allow VLANs to communicate with each other

That's pretty much right. Layer 3 switches remove the need for routers for inter-VLAN communications.

 

[Darkstar850]

You do have to create SVIs to act as the layer 3 interfaces for the vlans, however.

 

[SYN ACK]

I thought that if you're using a switch at layer 3, that would eliminate a need to have a router to do the communication between VLANs (ie: just set the encapsulation mode)

Otherwise, you need a router to allow VLANs to communicate with each other

a layer 3 switch *IS* a router.

what it eliminates is the need for an uplink from a switchport (one for each vlan) to go to a router to do inter-vlan routing.

if the switch does layer 3 routing services, then an ip interface should be created on each vlan (which would be the client's gateway ip) and then you can deside which vlans to route to each other, etc.

 

[logo29a]

a layer 3 switch *IS* a router.

Not exactly. The process of switching packets at layer three is somewhat different from that of the process of routing packets. But, it does basically the same thing...just much quicker.

 

[Blitzrommel]

a layer 3 switch *IS* a router.

what it eliminates is the need for an uplink from a switchport (one for each vlan) to go to a router to do inter-vlan routing.

if the switch does layer 3 routing services, then an ip interface should be created on each vlan (which would be the client's gateway ip) and then you can deside which vlans to route to each other, etc.

That's basically what I said.

Anyway, I'd say it does routing, not that it's a router. Switches use software to do the routing, and switching is done by the hardware. Vice versa for routers.

 

[millhouse]

If you are switching at layer 3, then VLANS can talk via their gateways. In that case, you would need ACL's to restrict traffic.

Back to CCNA 101 for you!

Well next time make yourself more clear, you didnt specify what you were referring too, layer 3 or layer 2

 

[SYN ACK]

Not exactly. The process of switching packets at layer three is somewhat different from that of the process of routing packets. But, it does basically the same thing...just much quicker.

sigh, this terminology debate has been going on for some time now,

it is still a router if it is doing layer 3 routing services (whether it's software based or ASIC based).

 

[logo29a]

Well next time make yourself more clear, you didnt specify what you were referring too, layer 3 or layer 2

It wasn't me who made the original statement.

 

[logo29a]

sigh, this terminology debate has been going on for some time now,

it is still a router if it is doing layer 3 routing services (whether it's software based or ASIC based).

It's not a matter of semantics. Switching, regardless of OSI layer, is different from routing. The lookups are completely different. It is not "routing". It is technically "switching".

 

[WesM63]

CannonFotter,
Did u get things sorted out?

 

[BobSutan]

You're all wrong! It's multilayer packet forwarding

Regardless of the terminology you wish to apply, I think we're beating a dead horse here. So long as the OP is statisfied it's mission accomplished.

 

[logo29a]

You're all wrong! It's multilayer packet forwarding

Regardless of the terminology you wish to apply, I think we're beating a dead horse here. So long as the OP is statisfied it's mission accomplished.

True true.

 

[Darkstar850]

You're all wrong! It's multilayer packet forwarding

Regardless of the terminology you wish to apply, I think we're beating a dead horse here. So long as the OP is statisfied it's mission accomplished.

I think you know us better than that. We'll go find a horse graveyard and dig the horse up just so that we can continue to beat it.

 

[Blitzrommel]

I think you know us better than that. We'll go find a horse graveyard and dig the horse up just so that we can continue to beat it.

Amen. It's just a matter of arguing how we dig up the horse. jk