This post will show you how to configure a trunk port with a native vlan. In this specific example I am configuring a range of ports, but the commands for an individual interface will be the same once you have entered the config for a particular port.
First enter configuration mode
s3560#conf terminal
Now we configure the range of ports. Here we are configuring the range of ports to be a trunk, using dot1q encapsulation. We are allowing vlans 96-99, and vlan 101. We are also setting vlan101 to be the native vlan (no vlan tagging required).
Now we enable spanning-tree portfast and bpduguard
s3560(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast will be configured in 13 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking mode.
Need to reset your Cisco Catalyst 3560 back to the factory default settings? Have you forgotten your password? Well you have come to the right place.
Note that I am assuming that you have already established a console connection to the switch using a Cisco serial cable (rollover cable).
Here are the details of my 3560G in case you were wondering…
s3560#show ver
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 21-Jul-11 01:44 by prod_rel_team
First you need to power down the switch. Once the switch is powered off, hold down the mode button, and power the switch on. The switch will boot up and you should see the switch prompt as shown below.
Now type flash_init. Your output should be similar to what you see below
switch: del flash:config.text
Are you sure you want to delete “flash:config.text” (y/n)?y
File “flash:config.text” deleted
switch: del flash:vlan.dat
Are you sure you want to delete “flash:vlan.dat” (y/n)?y
File “flash:vlan.dat” deleted
Note that you can also just rename the config.text and vlan.dat if you are not certain that you want to delete them.
switch: rename flash:config.text flash:config.old
Now type boot, to reboot the switch. Once the switch is rebooted you will see the System Configuration Dialog, and will have the opportunity “to enter the initial configuration dialog”.
First off let’s start out by saying that Isolated VLANs and Private VLANs are two completely different things… they are not at all the same. To a network administrator, this should make perfect sense. However, a Server or Virtualization Administrator may or may not know the different. Because of this, I hear many non-network Administrators toss around the term “Private VLAN“, when they actually mean to say “Isolated Vlan“, or more specifically what they are referring to is a “Non-Routable” VLAN.
What’s confusing is that the networks that we plan to use over our newly commissioned Non-Routable VLANs can correctly be refereed to as Private networks. They are private because no traffic can get in our out without a direct lP link to this network. However the VLANs themselves are not private, just isolated, or non-routable.
I believe that you can see where the confusion comes from.
So allow me to provide a bit of context before we go any further.
In my specific case, I need to create what are commonly (however incorrectly) referred to as Private VLANs to act as a back-end network for an OpenStack deployment. I cannot tell you how often I have heard someone make this mistake. This new VLAN, or network, needs to remain isolated from the outside world, meaning that it does not need to be able to route to any other network, or out to the internet. Rather, this new VLAN needs to send isolated traffic back and forth between network nodes deployed as part of my OpenStack Deployment. What I am describing here is not a “Private VLAN”, it is a “Non-Routable”, or “Isolated VLAN”
So please let’s make sure that we are using the correct terms.
So here is how you do it.
In my case I want to create two isolated VLANS for isolated traffic between my OpenStack nodes. Note that I am using nested virtualization, so my OpenStack nodes are themselves VMs.
First lets create what I will refer to as NR-1 (non-routable-1). We will use the VLAN id 666 as its easy to remember.
s3560#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3560(config)#vlan 666
s3560(config-vlan)#name NR-1
s3560(config-vlan)#end
Now lets create what I will refer to as NR-2. (non-routable-2)
s3560#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3560(config)#vlan 667
s3560(config-vlan)#name NR-2
s3560(config-vlan)#end
How lets check out our vlans, starting with 666
s3560#show vlan id 666
VLAN Name Status Ports
—- ——————————– ——— ——————————-
666 NR-1 active
…trunc…
Now let’s take a look at 667
s3560#show vlan id 667
VLAN Name Status Ports
—- ——————————– ——— ——————————-
667 NR-2 active
…trunc…
Note, that if I wanted to make these VLANs routable, I would need to add a layer3 interface. We are obviously not going to do that here.
Now lets add these new VLANs to our existing virtualization server trunks. We are going to do this to a range of interfaces to save time. Note that I was already allowing VLANS 101-104 and 192 on these trunks.
s3560#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3560(config)#interface range GigabitEthernet0/15 -18
s3560(config-if-range)#switchport trunk allowed vlan 101-104,192,666,667
s3560(config-if-range)#end
Now don’t forget to save our config.
s3560#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
0 bytes copied in 1.443 secs (0 bytes/sec)
Looking for Cisco Visio Stencils — Access the entire Cisco Visio template library via the links below. I have tossed in a couple of extra links that should pretty much meet any of your Visio needs.
Since my last post on Cisco UCS Stencils seems to get a good deal of traffic each day, I figured I would toss another post out into the ether that pertained to Cisco and Visio Stencils:
Need to reset your Cisco Catalyst 3750 back to the factory default settings? Have you forgotten your password? Well you have come to the right place. Note that I am assuming that you have already established a console connection to the switch using a Cisco serial cable (rollover cable).
First you need to power down the switch. Once the switch is powered off, hold down the mode button, and power the switch on. The switch will boot up and you should see the switch prompt as shown below.
Now type flash_init. Your output should be similar to what you see below
switch: del flash:config.text
Are you sure you want to delete “flash:config.text” (y/n)?y
File “flash:config.text” deleted
switch: del flash:vlan.dat
Are you sure you want to delete “flash:vlan.dat” (y/n)?y
File “flash:vlan.dat” deleted
Note that you can also just rename the config.text and vlan.dat if you are not certain that you want to delete them.
switch: rename flash:config.text flash:config.old
Now type boot, to reboot the switch. Once the switch is rebooted you will see the System Configuration Dialog, and will have the opportunity “to enter the initial configuration dialog”.
Attending Cisco Live 2014 in San Francisco this week?
Well, get ready to hear a lot about ACI (Application Centric Infrastructure). It's almost here and its everywhere. And the acronyms, holy crap, get ready to get hit upside the head with of ton of those that you have never heard before. Cisco is only a close second to VMware when it comes to their love of acronyms.
Here are a couple of them that I have heard for the first time today.
APIC
VTEP
EPG
Anyway – here is Cisco's primer on ACI. Its a good read and might help you wrap your head around a few subjects before you head full bore into your sessions.
