Any Cisco switch/IOS Gurus here?

[omslaw]

You need to change the port type to a 'trunk port' so it will do the VLAN tagging as it sends data out. Try something like this:

configure terminal

interface vlan 1
ip address x.x.x.x

interface vlan 2
ip address x.x.x.x

and so on...

interface FastEthernet0/1
no switchport access vlan
switchport mode trunk
switchport trunk allowed vlan 1,2,3,4,...
exit

That will set the port to send all VLAN traffic to the 3Com.

I hope that helps.

Oh great! Did I just hit "Computer Geek" status?

At least I a "Fast Computer Geek"!

OK, I see...

Can you explain why I need to set an IP address for each VLAN...or do I?

 

[TruWrecks]

Each VLAN should be a different IP subnet.  If your blade really need to be on different VLANs you'll need to define sunbets that don't overlap each other, so the routing engine doesn't get confused when trying to route data back to the blades.  If the blades can exsist in the same subnet, then you should only need to define one subnet, on one VLAN. That would mean that you don't need a trunk port defined either.



<!--EDIT|TruWrecks
Reason for Edit: None given...|1129939943 -->

 

[omslaw]

Yeah, I'm gonna be running VMware ESX Server on the Blades...and utilizing the 'Virtual Switch' of ESX server...so I'll need the Blade ports to be 'trunk' ports.

I understand that each VLAN should be a separate IP Subnet...and they are. However, I'm still confused as to why an IP address is needed. How can a layer-2 device understand layer-3...routing?

 

[Sane_man]

I know Cisco IOS very well.

You don't have to set an IP address on a Vlan or trunk port if all you are going to do is layer 2 switching or will have a router connected to that VLAN or port. Think of a VLAN without an IP as hub that you will connect to a router port or just want devices on the VLAN to communicate with each other. Once you setup an IP address on a VLAN, you can route the traffic using layer 3. You can also setup multiple IP subnets on a Trunk port if you need to.



<!--EDIT|Sane_man
Reason for Edit: None given...|1129960211 -->

 

[omslaw]

I understand VLANs...I've been using them on 3Com gear for years...I can config a 3Com switch in my sleep...

I just can't figure out why I can't get traffic to pass on VLAN1 on the Cisco switch...

I've tried both:
switchport mode trunk &
switchport mode access

neither would allow traffic to flow on VLAN1!

Lemme know if seeing the config would help...



PS - are you saying that by adding an IP to my VLANs, I turn the switch into an L3 device??

 

[Sane_man]

To turn on layer-3, you have to log into the RSM module of the switch (session 15), configure the IP address, and setup the routing protocol you are going to use (OSPF, RIP, etc). This is assuming you bought the IOS version that supports routing. Then you can setup IP addresses on your ports and put them in a particular VLAN, or a Trunk port if you are passing multiple VLANS on that port (you have to add a VLAN to your trunk port using the "switchport trunk allowed" command on the interface you are using as a trunk port).

Also make sure you have 802.1q encapsulation turned on: switchport trunk encapsulation dot1q

Also again. VLAN 1 is your management VLAN and has it's own IP address. Don't use it for traffic, use a different VLAN, otherwise you won't be able to manage your switch and your traffic won't go where you want it to go.

These are the few things that need to be configured before you can use that switch the way you want, especially if you want to connect it to a different vendors equipment.

Also once again: Your 3Com equipment needs to know about the VLAN's coming from the Cisco switch. You either need to add them to your 3Com gear, or turn on VTP Server mode to allow the Cisco switch to propagate the VLAN's to 3Com. This can be a good or bad thing depending on your network.



<!--EDIT|Sane_man
Reason for Edit: "one more thing"|1130131562 -->

 

[omslaw]

Hmmm. Session 15?...lost me. I have this switch. It's made for IBM for their BladeCenter. AFAIK, it's only an L2 switch.

The management IP is initially setup via the BladeCenter management module. Once I've config'd the IP for the Cisco switch, then I can telnet to it. The IP *is* setup on VLAN1, and assigned to ports 15 and 16 of the switch (which are the internal management ports that are assigned to VLAN1) From what you are saying...I can't use VLAN1 for production traffic, is that correct? If so, that's a HUGE problem for me!

My PRODUCTION network is on VLAN 1!! See, 3Com doesn't need a separate management VLAN. An IP address is assigned to the switch and then I specify what VLAN I want that IP on.

I need to be able to get the blades on VLAN1!! Most will be assigned to VLAN 1, but I will also have several that the OS will specify the VLAN, so I'll need those to be trunk ports.

Right now, I'm able to pass traffic on EVERY VLAN *BUT* VLAN1. I have the 3Com and Cisco talking...except for VLAN1. This sounds like it's a Cisco limitation, no?

Is it possible to CHANGE the management VLAN on the Cisco to be something other than VLAN1??

 

[Sane_man]

I looked up the switch you have, and see that it is a Layer-2 switch, so you don't need to worry about Session 15. It's just a method where you telnet into a device and can open separate sessions while there. It's similar to Unix where you open separate command windows or sessions and switch between them. Session 15 allows you to access the router engine, which is separate from the switch engine. You will give the switch an IP address on the same subnet as your VLAN1. There is no need to give an IP address to the VLAN unless you want to be able to manage the switch from a different VLAN.

The switch you have is based on the Cisco 2950, so I looked at that to figure out what you have. Here is the configuration guide, 2950 Switch

As long as you are only using layer-2, you can use VLAN1 to run your traffic, but if you wanted to use Layer-3 routing, which you don't have, you would have to put your traffic on a different VLAN because most of the routing functions don't support VLAN1. You want your equipment on it's on management VLAN so you can still access them in case your LAN goes down from overloaded traffic or some other major problem.

I tried changing the management VLAN from VLAN1, to a different VLAN, and found it's not worth the effort because VLAN1 is hooked into so many different commands and processes.

Check the guide I linked if you don't have the IBM documentation, and use the Cisco "show" commands and maybe a sniffer to see why your 3Com gear isn't seeing your traffic. Make sure you are using VTP transparent mode on that switch. I could probably figure out the problem in a few minutes if I was in front of the equipment, but it may take a few hours doing it over the phone with Tech Support. I could never do that job over the phone, so I don't envy them in the least, but they have saved my butt a few times when I had configuration issues.

I've had many long hours trying to get different vendors equipment to talk to each other, especially if you don't know the gear, so don't beat yourself up because you can't figure it out right away.

Good Luck!

EDIT: I just re-read your detailed post where you want to have multiple VLANS and Trunk ports on that switch. You are probably going to need spanning tree enabled on that switch to keep from having loops in your traffic between the 3Com and this switch. This is where VLAN1 is going to bite you, because VLAN1 will not participate in many switching functions.



<!--EDIT|Sane_man
Reason for Edit: None given...|1130168615 -->

 

[kod3001]

Are you sorted yet omslaw? if not...

show int vlan1 - to check that its up up in the first instance, if you're telnetting to it I would say it is, though you haven't mentioned it, are you consoled in?
if its admin down, type:

conf t
int vlan 1
no shut

show trunk- check vlan 1 and whatever vlans you are trunking are on the applicable port.

vtp is cisco proprietary so 3com isn't going to care about it - though its always a good idea to set it to transparent mode (in case you ever add cisco switches in the future). type vtp mode transparent

as has been mentioned, vlan 1 is usually used for management, but you can pass regular traffic across it. All ports are in vlan 1 by default. You can use any other vlan for management just by assigning it an ip address. You'll notice when you do that the ip address from vlan 1 will be removed - being a layer 2 switch, it can only have the one ip address.

Also, type show vlan to check the ports you are expecting are in the right vlans.

I'm here for a while give me a shout if you want more info.

 

[omslaw]

Nope still no luck. I've created a kludged work-around to get to VLAN1, but it's not what I want. Basically, I've inserted a cross-over cable, on one of my 3com switches, between VLAN1 and VLAN10.

You'll see in the Config that Blade1 is set to VLAN10...and *WILL* pull a DHCP address and I *CAN* access my production network (cuz of my work-around).

However, Blade2, *WILL NOT* pull DHCP and WILL NOT talk to the network cuz it's on VLAN1.

I don't get it...

PS - MOST of this is the DEFAULT config from IBM/Cisco. I've added names for the VLANs (desparate attempt to get something to work). And I've modified a couple of ports.

Specifically, I changed Gi0/1 and 2 for the blades and Gi0/17 to attach to my 3com. everything else is 'stock'.

Config:
------------------------------------------------------

Switch#sh run
Building configuration...

Current configuration : 5084 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 XXXXXXXX
!
username USERID privilege 15 secret 5 XXXXXXXX
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2
name DMZ VLAN
!
vlan 3
name INET VLAN
!
vlan 4
name PS INT VLAN
!
vlan 5
name PS EXT VLAN
!
vlan 6
name INET2 VLAN
!
vlan 7
name INET3 VLAN
!
vlan 8
name DSL VLAN
!
vlan 9
name TEST VLAN
!
vlan 10
name SURF VLAN
!
vlan 11
name SAP VLAN
!
vlan 12
name RR VLAN
!
vlan 13
name MM VLAN
!
vlan 14
name DEV VLAN
!
vlan 4000
name VLAN 4000
!
interface GigabitEthernet0/1
description blade1
switchport trunk allowed vlan 1-12
switchport mode access
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/2
description blade2
switchport access vlan 10
switchport trunk allowed vlan 1-12
switchport mode access
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/3
description blade3
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/4
description blade4
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/5
description blade5
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/6
description blade6
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/7
description blade7
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/8
description blade8
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/9
description blade9
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/10
description blade10
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/11
description blade11
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/12
description blade12
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/13
description blade13
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/14
description blade14
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/15
description mgmt1
switchport trunk allowed vlan 1
switchport mode trunk
switchport nonegotiate
spanning-tree cost 100
!
interface GigabitEthernet0/16
description mgmt2
switchport trunk allowed vlan 1
switchport mode trunk
switchport nonegotiate
spanning-tree cost 100
!
interface GigabitEthernet0/17
description extern1
switchport trunk allowed vlan 1-12
switchport mode trunk
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/18
description extern2
switchport access vlan 2
switchport trunk native vlan 2
!
interface GigabitEthernet0/19
description extern3
switchport access vlan 2
switchport trunk native vlan 2
!
interface GigabitEthernet0/20
description extern4
switchport access vlan 2
switchport trunk native vlan 2
!
interface Vlan1
ip address 172.17.150.152 255.255.0.0
no ip route-cache
!
ip default-gateway 172.17.1.250
ip http server
ip http authentication local
!
line con 0
line vty 0 4
password XXXXXXXX
login
line vty 5 15
password XXXXXXXX
login
!
!
end

 

[kod3001]

ignore this one, hang on, I'll repost



<!--EDIT|kod3001
Reason for Edit: None given...|1130176177 -->

 

[kod3001]

ghj



<!--EDIT|kod3001
Reason for Edit: None given...|1130176247 -->

 

[cache]

hahaha.. he said drunk port..

 

[kod3001]

doh! sorry mate... you want to be trunking to your 3com, which you're doing...

the ports to your blades should be access ports.
just type show vlan for a mo, and check what vlan g0/1 is in - I reckon its in vlan 1 because you haven't specified a vlan for that port.

g0/2 is in vlan 10 as you have specified in the config but not in your post.


switchport trunk allowed vlan 1-12 - you won't need this if you're not trunking on g0/2

what vlan is the dhcp server on?

bear in mind that a dhcp multicast will only be on the one (v)lan, if blade 2 is on another vlan its not gonna get a response unless you route between the 2 networks, and even then you're going to need some dhcp forwarding on whatever box you're using for layer 3.

If its a cisco router or layer 3 switch it'll be ip helper-address, on bay/nortel dhcp prefserv.

 

[Sane_man]

Do a "show vlan" and post the results.

 

[Sane_man]

doh! sorry mate... you want to be trunking to your 3com, which you're doing...

the ports to your blades should be access ports.
just type show vlan for a mo, and check what vlan g0/1 is in - I reckon its in vlan 1 because you haven't specified a vlan for that port.

g0/2 is in vlan 10 as you have specified in the config but not in your post.


switchport trunk allowed vlan 1-12 - you won't need this if you're not trunking on g0/2

what vlan is the dhcp server on?

bear in mind that a dhcp multicast will only be on the one (v)lan, if blade 2 is on another vlan its not gonna get a response unless you route between the 2 networks, and even then you're going to need some dhcp forwarding on whatever box you're using for layer 3.

If its a cisco router or layer 3 switch it'll be ip helper-address, on bay/nortel dhcp prefserv.

Exactly right.

It sounds like you want traffic on different VLAN's to communicate with each other, but the only way to get traffic on different VLAN's to see each other is with a switch that also does routing, which the switch you have, does not.

 

[omslaw]

sorry if the. Post looks weird but I'm at lunch and replying from my blackberry...

Yes, I understand about routing between vlans...I'm already doing that. DHCP server is on VLAN 1. I can't get request/replies on vlan1

Yes, some blades will be access ports (only on one vlan). HOWEVER, I will also be running VMware ESX server on other blades, which will require Trunk ports since ESX will provide the dot1q tags

Does this help?

 

[Rhythm]

I dont know what the hell you Playaz are talking about, but it sounds interesting.

 

[kod3001]

Sorry omslaw, can you clarify...

dhcp server is on vlan 1 ?
blade 1 is also on vlan 1 ? and can get dhcp?

but then you mention you cannot get request/replies on vlan 1 ?

I don't really know VMware, are you configuring virtual interfaces on the blade/s ?

are you trunking to blade 1?
on blade 2 assuming then that you want to trunk to this one, have you tried setting the switchport mode trunk ?

 

[omslaw]

See, there's some shid in the trunk that I needs access to... And some other playa brought the drunk port....

Aw hell, now I don't even know what I'm talkin bout!