1. Home
  2. Cisco Systems
  3. L3 switch issue

L3 switch issue

Folks, My setup as follows.......The L3 switch is used to route between the vlans.The subinterface fasthethernet 1.1 is connect to a L2 switch, which host the servers and clients.Now I want to connect one of my less frequently accessed server,directly to the L3 switch ,to the same VLAN as the Fastethernet 1.1 is connected.How do i go about.I have given the config file below... I want to put the server on interface Fe15 of L3 switch.

The switches i am using are all cisco.The L3 switch is 2948

Building configuration...

Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname aspcrt1 ! enable secret 5 $1$/JqD$Jih8rUUam.U0hr3FOWQZ/1 enable password 7 02050D480809 ! ip subnet-zero no ip domain-lookup bridge irb ! ! ! interface Port-channel1 no ip address no ip directed-broadcast hold-queue 300 in ! interface Port-channel2 no ip address no ip directed-broadcast hold-queue 300 in ! interface FastEthernet1 no ip address ip directed-broadcast ! interface FastEthernet1.1 encapsulation dot1Q 1 native ip address 10.0.11.254 255.255.255.0 no ip redirects ip directed-broadcast interface FastEthernet15 no ip address no ip redirects no ip directed-broadcast

.... banner motd ^CUnauthorized access is prohibitted! ^C ! line con 0 transport input none line aux 0 line vty 0 4 password 7 1304040208 login transport input telnet ! end

Reply to
unknown
Loading thread data ...

You could just configure ...

int vlan 1 ip address 10.0.11.254 255.255.255.0

int Fa1 description attached to l2 switch switchport trunk allowed vlan 1 switchport mode trunk switchport trunk encaps dot

int Fa2 description attached to server switchport trunk allowed vlan 1 switchport mode trunk switchport trunk encaps dot

But if the server's hardly ever accessed why use up a perfectly good L3 switch port?

BernieM

Reply to
BernieM

BTW ... the use of 'password' is insecure. There are plenty of decrypt engines online ... "1304040208" decrypts to "aspc". I realise your config didn't have any public addr's but believe it or not I've seen posts that did ... with 'passwords' as well. Where possible replace them with "secret" which uses an MD5 hash, but of course it's better practice to snip any sensitive unnecessary info out before you post device configs.

Just a bit of advice ... not a lecture.

BernieM

Reply to
BernieM

If you do a "show tech", the 'config' part has all(/most?) password data removed.

Trouble is of course that sh tech can be quite a lot of data. (500k?). Depending on how you are accessing the router the size may or may not be an issue.

I just did a CORE1#sh tech-support ? bridging L2 related information cef CEF related information ipc IPC related information ipmulticast IP multicast related information isis CLNS and ISIS related information ospf OSPF related information page Page through output password Include passwords | Output modifiers

Never seen the options before.

If yoo ARE NOT running isis then show tech isis

is the equivalent (roughly) of sh tech config which does not exist.

Nice I say.

Reply to
anybody43

Bernie, Thanks a lot.Yeah its an internal switch and only I have access to it.As you said, it is better practice to go for secret.

But am just wondering whether anything can be done on my existing config to meet the needs.Because the switch is configured for other vlans too and it mainly acts as a router.

Cheers

snipped-for-privacy@hotmail.com wrote:

Reply to
unknown

Bernie, Thanks a lot.Yeah its an internal switch and only I have access to it.As you said, it is better practice to go for secret.

But am just wondering whether anything can be done on my existing config to meet the needs.Because the switch is configured for other vlans too and it mainly acts as a router.

Cheers

snipped-for-privacy@hotmail.com wrote:

Reply to
unknown

Just a thought ... you could create a bridge-group between Fa1.1 and the interface you want to connect the server to.

BernieM

Reply to
BernieM

2948G-L3 is more of a switching router than a routing switch, so the config required to achieve this is a little ass backwards. Steps are:

- Configure a unique bridge group for these ports

- Move the IP address from Fa1.1 to the BVI interface of the new bridge group

- Configure Fa1.1 and Fa15 as bridge-group members

I would recommend reading

formatting link
understand what's required here and why.

Andy

Reply to
Andy Furnell

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.