A Question on Vlans

T

TheGuy

Expert Member
Joined
Sep 14, 2009
Messages
2,974
Reaction score
19
Location
Jozi
Hi Guys

I'm busy trying to understand VLans. Now I understand the whole concept except for one part.

Workstations don't usually have frame tagging enable. So when you put a switch port connected to the workstation in a certain say VLAN 10 then when the workstation reaches the port it won't be tagged so the port will drop the frame.

How does it work then?
 
TheGuy said:
Workstations don't usually have frame tagging enable. So when you put a switch port connected to the workstation in a certain say VLAN 10 then when the workstation reaches the port it won't be tagged so the port will drop the frame.
Click to expand...
Access ports on the switch configured in a particular VLAN will tag (& remove tags) on behalf of the workstation (& whatever else is connected).
 
Roman4604 said:
Access ports on the switch configured in a particular VLAN will tag (& remove tags) on behalf of the workstation (& whatever else is connected).
Click to expand...

I see but the Dell switch I have when a port is set to access then specifying a VLAN number is greyed out?
 
TheGuy said:
I see but the Dell switch I have when a port is set to access then specifying a VLAN number is greyed out?
Click to expand...
Not sure about Dell switches, possibly they use different terminology for a VLAN access port? What are the options?
 
Can I ask another question about VLANs?

We have VoIP/Data/Storage all bouncing around on the same network (vlan1) Yup, i know a dangerous amount about vlanning.

I have managed to create 2 Vlans (2 and 66) on a Cisco 3760 switch, put Port gi1/0/1 and 2 into vlan 2 and and port gi1/0/24 into vlan 66.
vlan 2 ip address is 192.168.16.2/23
vlan 66 192.168.66.1/24
Default gateway router (192.168.16.1) is connected to gi1/0/1 and a wifi switch is connected to gi1/0/2
IP Phone (192.168.66.5) is connected to gi1/0/24

I managed to get everything routing kiff and all worked hunky dory.

Now the problem. I cannot use this (switchport access) method on our network. Most of our users connect to the network thru their IP phones, so PC-----IP PHONE------Switch------Router
If I have to use the above method id have to build another physical network just so the phones can have their own ports on the switches!!!

So now im puzzled. I have now created the below setup and can ping both 192.168.16.2 and 192.168.66.1 from the 16/0 range connected to the wifi switch on gi1/0/2 and I have connected the ethernet cable to the router (192.168.16.1) on port gi1/0/3. But for the life of me I cannot ping the ip phone connected to port gi1/0/24 on 192.168.66.5..... AAAAARRGGGGGGHHHHHHHHHHH!!!!!!!!!!!


interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
description TestTrunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,66
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!

interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.16.2 255.255.254.0
!
interface Vlan2
no ip address
!
interface Vlan66
ip address 192.168.66.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.16.1

Sorry if this is a mess, i have the frustrated....
 
Wow, talk about over complicating things

I have now done this.

interface GigabitEthernet1/0/1
switchport voice vlan 66
spanning-tree portfast

interface GigabitEthernet1/0/24
switchport voice vlan 66
spanning-tree portfast

interface Vlan1
ip address 192.168.16.2 255.255.254.0
!
interface Vlan2
no ip address
!
interface Vlan66
ip address 192.168.66.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.16.1
ip http server

Can ping phone and phone can ping me. wooot.

Do I have to go through every single port and add the switchport voice vlan 66 to it? Seems like a very manual way of doing things...
 
NOPE!!!

Conf t
Interface Range gi1/0/2 - 24
BOOM

Im very glad I posted here ;)
 
Does this look right?


!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/24
switchport voice vlan 66
spanning-tree portfast
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.16.2 255.255.254.0
!
interface Vlan2
no ip address
!
interface Vlan66
ip address 192.168.66.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.16.1
ip http server
 
Subways81 said:
Now the problem. I cannot use this (switchport access) method on our network. Most of our users connect to the network thru their IP phones, so PC-----IP PHONE------Switch------Router
If I have to use the above method id have to build another physical network just so the phones can have their own ports on the switches!!!
Click to expand...
Most ip phones should be able to support vlan tagging, so they will access the switch port and give a access port to the pc, so essentially you can still have the pc and phone on separate vlans.
 
Tinuva said:
Most ip phones should be able to support vlan tagging, so they will access the switch port and give a access port to the pc, so essentially you can still have the pc and phone on separate vlans.
Click to expand...

Ok but what happens when a tagged packet enters a access port in a different vlan?
 
TheGuy said:
Ok but what happens when a tagged packet enters a access port in a different vlan?
Click to expand...

You don't use switchport access vlans, as that config only allows one vlan per port. The last full config I posted will switch anything not already tagged as vlan1 and tagged traffic as the voice vlan it is tagged with. So ip phone is tagged with vlan 66 and pc plugged into phone is not tagged (ie vlan1) the switch then uses that tag to switch. Im on my cell at the mo so I'll try write up a better explanation when I'm back in the office on tuesday.

Sent from my GT-I9100 using Tapatalk
 
Subways81 said:
You don't use switchport access vlans, as that config only allows one vlan per port. The last full config I posted will switch anything not already tagged as vlan1 and tagged traffic as the voice vlan it is tagged with. So ip phone is tagged with vlan 66 and pc plugged into phone is not tagged (ie vlan1) the switch then uses that tag to switch. Im on my cell at the mo so I'll try write up a better explanation when I'm back in the office on tuesday.

Sent from my GT-I9100 using Tapatalk
Click to expand...

Your config could look like this

interface FastEthernet3/0/48
switchport access vlan 301
switchport mode access
switchport voice vlan 201
spanning-tree portfast


then PC traffic and Voice traffic is split
the voice phone tags the traffic with layer 2 CoS or layer 3Tos or DSCP

on interface mls qos trust dscp
 
Windpomp said:
Your config could look like this

interface FastEthernet3/0/48
switchport access vlan 301
switchport mode access
switchport voice vlan 201
spanning-tree portfast


then PC traffic and Voice traffic is split
the voice phone tags the traffic with layer 2 CoS or layer 3Tos or DSCP

on interface mls qos trust dscp
Click to expand...

Ill give it a shot, every time I tried to use an Access Vlan the routing wouldn't work.

In the config I posted above, will that be effective in separating the vlan 66 and vlan 1 or does it look like a bit of a waste of time?
 
Subways81 said:
Ill give it a shot, every time I tried to use an Access Vlan the routing wouldn't work.

In the config I posted above, will that be effective in separating the vlan 66 and vlan 1 or does it look like a bit of a waste of time?
Click to expand...

is this a layer 3 switch ?

interface GigabitEthernet1/0/3
description TestTrunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,66
switchport mode trunk

you need to allow vlan 2 on the trunk or it will just drop all traffic on that vlan
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X