01-09-2014 06:03 AM
We have a S3500 in production in our own office. We are trying to set it up with VLAN's and IP routing. I have the commands, but the switch is running 184.108.40.206. We know we have to upgrade to 220.127.116.11 which we will be doing that tonight.
My questions are:
I keep getting this error when I try and interface VLAN 2.
"Error: Maximum number of VLAN interface(s) supported is 1".
- How do I set up a DHCP relay on a VLAN. It looks like I have to setup a profile for the relay.
- How do I setup an IP on the VLAN. I have the commands, but its not working due to the error above
- How do I make sure the VLAN's route between each other
Are there added commands from code 18.104.22.168 to 22.214.171.124?
Any help would be appreciated.......
01-09-2014 06:05 AM - edited 01-09-2014 06:11 AM
126.96.36.199 is a very, very early version of code. I would definitely upgrade the switch before configuring anything.
Once you upgrade to a more recent version of code, here are some of the commands:
create a dhcp-relay-profile
interface-profile dhcp-relay-profile "RELAY-PROFILE-DATA-B" helper-address 10.10.10.10 helper-address 10.10.10.10 !
apply the dhcp-relay-profile to the vlan interface
interface vlan "11" pim-profile "default" dhcp-relay-profile "RELAY-PROFILE-DATA-B" ip address 10.10.8.1 255.255.255.0 !
(stack) (config)# vlan 2 (stack) (config)# interface vlan 2 (stack) (vlan "2")# ip address 172.16.10.1 255.255.255.0
3) Inter-vlan routing is enabled by default between SVIs/RVIs on the same stack.
01-09-2014 06:11 AM
I totally agree, but are my bullet points correct?
Also, how do I get a switch port to associate to the VLAN. I know I can do it thru the GUI, but I don't see a command for the CLI line.
Thanks for the quick response too........
01-09-2014 06:17 AM - edited 01-09-2014 06:18 AM
So if you are using trusted ports (no authentication), you would do the following:
1) create a switching-profile for the VLAN:
interface-profile switching-profile "VLAN100-DATA" access-vlan 100 !
2) create an interface-group containing the switchports you'd like to have this configuration
interface-group gigabitethernet "TRUSTED-GROUP-1" apply-to 0/0/0,0/0/2,0/0/4,0/0/6,0/0/8,0/0/10 lldp-profile "LLDP-PROF-1" poe-profile "POE-PROFILE-1" switching-profile "VLAN100-DATA" !
For untrusted ports (authentication and user-roles), you attach the VLAN to the user-role. There is a bit more setup with this as you need to setup authentication servers.
Create a user-role and attach a VLAN to the user-role:
user-role MEDIA-PLAYER vlan 200 access-list stateless mDNS-AirGroup access-list stateless DLNA-AirGroup access-list stateless allowall-stateless !
Create an interface-group containing the switchports you'd like to have this configuration. This interface-group will have more configuration because of authentication.
interface-group gigabitethernet "UNTRUSTED-GROUP-1" apply-to 0/0/1,0/0/3,0/0/5,0/0/7,0/0/9,0/0/11 lldp-profile "LLDP-PROF-1" poe-profile "POE-PROFILE-1" aaa-profile "UNTRUSTED-AAA-1" no trusted port !
01-09-2014 06:39 AM