Creating VLANS on 6500 IOS 12.2

essenz crashed Echelon writing news:dc4812fe-1aab-4d00- snipped-for-privacy@u72g2000hsf.googlegroups.com:

2 ways, through IOS config or through the "Old" VLAN database. I am used to the old form so here is the explanation.

Usually VLANs are transparent, this meaning the VLANs created on the 6509, needs to be created on the 3524 as well.

Thanks to VTP we can end this. With VTP you designate a server, make a VTP domain and VTP password. This would preferably be done on the 6509. On the

3524 you then set them i client mode, add in the VTP domain and password created and they will automatically get VLANs created from the server.

So to begin with, on the 6509 enter

vlan database (this accesses the VLAN configuration part) vtp server (To make the 6509 VTP server) vtp domain (Sets the VTP domain name) vtp password (Sets the VTP password for the domain)

and then we add the VLANs:

vlan (creates vlan 1-1005, remember additional switches can be made after VLAN number)

Does not quite understand, but my guess is you ask to do this for VLANs instead of physical ports?

On the 6509 you would enter the VLAN interface instead of the physical, so:

interface vlan 5 ip address 4.4.4.1 netmask 255.255.255.248

And just to add. Use 'switchport' on the ports you want as Layer 2.

Here's a couple of simple examples that may help.

On a Cisco layer-3 capable switch running IOS there are two ways to configure a layer 3 interface. You can put the IP address on a virtual interface associated with a VLAN. Those virtual interfaces are sometimes called SVIs.

Or you can put the IP address directly on a switch port that is configured as "no switchport".

By default, all switch ports on a 6509 are configured as "switchport".

Example, putting 4 ports into VLAN 123 and giving the switch an SVI on VLAN 123.

interface range FastEthernet7/1 - 4 switchport switchport mode access switchport access vlan 123

interface vlan123 description This is the SVI for VLAN 123 ip address 4.4.4.1 255.255.255.248

Now you can give 4.4.4.x addresses to the equipment plugged into FastEthernet7/1 through 7/4. At layer 2, the switch will forward traffic within the VLAN. At layer 3, the switch will route IP packets in and out of the VLAN using its gateway address of 4.4.4.1

Example, using a single port as a layer 3 interface

interface FastEthernet1/1 no switchport description This interface runs at layer 3. ip address 5.5.5.1 255.255.255.248

ip route 0.0.0.0 0.0.0.0 5.5.5.2

Now you can plug an ISP router into FastEthernet1/1 and route between 4.4.4.x and the Internet.

If your Cisco switch were not layer 3 capable, you could still create VLANx interfaces. But the switch wouldn't route packets through. It would just let you route packets to or from the switch itself so that you could manage it via telnet, ssh, http, snmp or whatever.

Ahh, thats it. Thats what I figured, but didn't know the syntax. Put the ports in a vlan, the give the VLAN an IP.

I'll test it this afternoon.

One followup. I have one user that runs snort. So on his 2-port VLAN, one port will be his live uplink for traffic which he then plugs into his own switch with all his servers, the other port needs to be a mirror or trunk port to monitor all TX and RX off the uplink port for IDS purposes. I did this on the 3524XL, would the syntax be the same on the 6509 in this vlan setup?

-john