1. Home
  2. Cisco Systems
  3. [NEWBIE-Q]Small 2950, VLANs and plugging it into "big bad" network

[NEWBIE-Q]Small 2950, VLANs and plugging it into "big bad" network

Sorry for the newbie question, but I want to double check something, before getting busted by my network guys: I have a need for a small 2950 (-12) in my office, which I VLAN-ed as follows:

- management VLAN called , with a gw of 192.168.1.1, and 5 ports associated with a DHCP server and 4 systems, all in the

192.168.1.0/24 network. The switch - itself - has the IP from this pool, of course (this is what "management VLAN" means, right?)

- VLAN1 left alone, for the rest of the ports, of which one would be plugged into the "real" network, on a 172.30.0.0/16 net, and one other into another device of mine

I need to plug this switch into the existing network (4000s and 6500s), which was setup by my network group (as far as I understand it) with one

6500 as VTP server, and the rest clients.

My purpose is to avoid any problems when plugging in my little 2950, so I have setup VTP in client mode, and have done nothing else to it (except for the VLAN above) - would it be safe to plug it, in one of the VLAN1 ports? Would there be a better way to configure this?

To give you the whole picture - I have, in fact, a little Linux-based firewall, and I am using the 2950 - half to host my systems "behind" the firewall (on the so-called management VLAN), and two ports to plug the connection to the rest of the network, and the second to plug the external interface of my firewall (I hope it is clear now why I wanted the management VLAN to be on the "other" network). My FW is also the DHCP serve for the systems on the "mgmt" VLAN ...

Sorry for the lenghty message - any comments?!? Does it matter that my VTP domain will not match the rest of the network (besides some errors in the logs, I assume?!?)? Would the port plugged into the rest of the network be regarded as "trunk", even if I did not define it as such?

TIA, C

Reply to
Castravete
Loading thread data ...

You might still get 'busted.'

[snip]
[snip]

Your uplink switch will complain about vtp domains not matching and native vlan mismatches.

Reply to
Hansang Bae

Thanks for replying - so, what would be the 'right' way to do this, and not fill the logs with vtp domain and vlan mismatching warnings? I could try to sniff the traffic on one of my valid ports, to see if I can capture domain name and password, then plugging it into my configuration, but i am not sure what I could do about the native vlan mismatch?!?

C
Reply to
Castravete

The right way to do it would be to talk to your network administrator and have him assist you with confguring the switch properly. Obviously you're trying to do this on the sly, and any administrator with any skills will bust you withing days if not hours. It's not your infrastructure to be mucking with, someone else is responsible for it, let them do it correctly.

Reply to
Brian V

Thank you very much to all. I ended up doing a native VLAN different than

1, for my "private" pool, then shutting down the trunk on the port associated with the uplink connection (which was left in VLAN1), and also removing my other VLAN (#switchport trunk allowed vlan remove ) from the trunk (just in case), and also putting the VTP in transparent mode - which - in turn - trigerred only one complaint about the domain mismatch, and only on my switch, and no "noise" outside my box (checked the syslog server where the uplink switch dumps its info) ... so clean and functional. C
Reply to
Castravete

the right way is to get buy in from your network staff. There are other signs that a switch/hub is in use behind a particular switch.

Reply to
Hansang Bae

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.