6 Replies Latest reply on Jan 24, 2013 2:39 PM by levi

    How do I configure trunk ports between switches for VLans?

    dimmthewitted New Member

      So I have 3 Adtran 1534 switches connected in series and I am setting up a separate VLan apart from the Default VLan that comes with the switches.

       

      I configured the switches to have different IPs so I can telnet into each and setup the VLan.

       

      The computers on my Default VLan are on subnet 192.168.0.1

      The computers on my customerservice VLan are on subnet 192.168.16.1

       

      My hope with the VLans is to merge the subnets but maintain network isolation with VLans.

      1534vlan.png

       

      I have a test server on switch3 port5  and my computer on switch 1 port 14.  I set the VLan membership of both these ports to Vlan 2 (customerservice).  The customerservice VLan is configured on all three switches.

       

      I set my IP to the 192.168.16. subnet to talk to the test server on the other switch, but I cannot ping it.  Do I need to configure Trunk ports between the switches?

       

      I don't believe I ever had to with the Default VLan, it was just plug and go.  Is there some crucial step I am missing?

       

      I took an intro Cisco class and can do some command line, but this is not my area of focus. Any help is appreciated. 

        • Re: How do I configure trunk ports between switches for VLans?
          bcrinehart Past_Featured_Member

          The simple answer to your question is yes, you need to configure trunks between the Netvanta switches to pass ALL VLAN traffic between switches. Think of each VLAN as a physically separate network even though multiple VLANs can appear on the same switch.

           

          Some additional details ...

          The default VLAN on Netvanta switches is VLAN 1. It is always present whether you configure it or not. We normally set up our switches to use VLAN 1 as the "network management" VLAN. As you did in your post, we assign an IP address to each switch's VLAN 1 interface.

           

          We use VLANs 2 through "N" to handle the real network traffic. We assign a unique network subnet to each VLAN as you did. As you suggested, this will separate the traffic which improves security. It also limits broadcast traffic on the devices connected to each VLAN. Each VLAN is a broadcast domain.

           

          If you simply plug two ports together, they will only pass the traffic that is assigned to their respective VLAN. If you want to pass traffic from multiple VLANs between switches, you need to configure the two connected ports as trunk ports. You can do this through the GUI or the command line interface (CLI).

           

          If you want traffic from one VLAN to communicate with devices on another VLAN, you will also need to configure a router or level 3 (L3) switch. You've done this using the Netvanta 1534 shown in your example. Suggestion, only configure multiple VLAN interfaces on ONE 1534 in your small network. Enter this switch's VLAN 1 interface as the default router on all of the other switches in the network.

           

          For each device plugged into the network, assign the IP address of this "network router's" corresponding VLAN interface as the default gateway for that device. In your example, any device connected to VLAN 2 should contain 192.168.16.1 as the default gateway.

           

          Remember to enable IP routing on your Netvanta 1534 that is serving as this network router.

           

          If you do not want traffic to communicate between VLANs, you can set up the respective VLANs on each switch but do not create VLAN interfaces for each VLAN. You only need a VLAN interface configured on each switch for the native VLAN (ie VLAN 1).

           

          If you create VLAN 2 on your switches and assign ports to it, any devices plugged into those ports will be able to communicate with each other even if you do not configure a VLAN  interface for VLAN 2 on any of the switches.

          • Re: How do I configure trunk ports between switches for VLans?
            bcrinehart Past_Featured_Member

            Another comment, as you learn to use Netvanta switches, you will want to learn the CLI. You will find that it is faster to configure switches using the CLI and as your network grows, you will be able to telnet from switch to switch. Therefore, should you have to remote in from outside the network, you will be able to log in to one switch and then telnet to all of the rest.

             

            I normally leave port 1 on each switch configured on VLAN 1. If I have to physically connect to the switch to manage it, I know that I can plug into port 1 and be on the "network management" VLAN.

             

            We normally do not assign VLAN 1 to any other ports. We create additional VLANs for all other network traffic.

             

            In your post, you stated that the computers on VLAN 1 are on subnet 192.168.0.n. However, your VLAN 1 interface address is on a different subnet (10.10.10.n). The computers on VLAN 1 will not be able to communicate with devices on the other VLANs because they do not have a default gateway on their own subnet.

             

            I suggest that you create another VLAN (ie VLAN 3) and move your computers off of VLAN 1 to VLAN 3. Assign the IP address 192.168.0.1 to the VLAN 3 interface on the Netvanta 1534 that you show in your post.

              • Re: How do I configure trunk ports between switches for VLans?
                dimmthewitted New Member

                Thanks for the suggestion and advice.

                 

                I will move everyone on the Default VLan 1 onto VLAN 3 when employees are not in office.

                 

                I did not do the initial setup, but there is a static route for the 192.168.16.1 subnet.  I am not quite sure why the 192.168.0.1 subnet routes between switches, but it does just fine.

                Untitled.png

                 

                Pardon my ignorance, but is there a way to get separate VLan's to communicate with each other.

                 

                Here is what I am trying to accomplish:

                 

                We have a server that 2 different VLans have to communicate to.  That server has to have 1 IP address for the software we are running on it.  (Call Center software) (We can't throw in another NIC)

                 

                Both VLans have to talk to that server.  We have to have separate VLans for PCI (Credit card) compliance.

                 

                Thanks for advice  - (single IT / website / access / everything else guy for a small business).

                  • Re: How do I configure trunk ports between switches for VLans?
                    dcorrea Visitor

                    Hi,

                     

                    You can separate VLANs in your switch using L2 which applies when you assign the ports to their respective vlan, if you need to that VLANs communicate each other your NV1534 will do the work by routing them (L3 Switching). Now if you need then, to block or isolate traffic from one vlan to another you could use ACLs for prevent communication at a L3 Switching.

                     

                    Hope my idea helps you,

                • Re: How do I configure trunk ports between switches for VLans?
                  dimmthewitted New Member

                  I changed the interface Vlan 1 ip address for each switch to putty into each switch individually.  I don't know if there is a better way.

                   

                  Here is part of the config file:

                   

                  !

                  interface vlan 1

                    ip address  10.10.10.1  255.255.255.0

                    ip address  209.253.81.1  255.255.255.248  secondary

                    no ip route-cache express

                    no shutdown

                  !

                  interface vlan 2

                    ip address  192.168.16.1  255.255.255.0

                    no ip route-cache

                    no ip route-cache express

                    no shutdown

                  !

                  !

                  !

                  no ip tftp server

                  no ip tftp server overwrite

                  ip http server

                  ip http secure-server

                  no ip snmp agent

                  no ip ftp server

                  ip ftp server default-filesystem flash

                  no ip scp server

                  no ip sntp server

                  !

                   

                   

                  =-=-==-=and on switch2

                   

                  !

                  !

                  interface vlan 1

                    ip address  10.10.10.2  255.255.255.0

                    ip route-cache express

                    no shutdown

                  !

                  interface vlan 2

                    ip address  192.168.16.1  255.255.255.0

                    no ip route-cache express

                    no shutdown

                  !

                  !

                  !

                   

                  =-=-=-=--=-=you get the idea.

                  • Re: How do I configure trunk ports between switches for VLans?
                    levi Employee

                    dimmthewitted:

                     

                    I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

                     

                    Levi