No traffic allowed on VLAN to outside at all
-
@the-other Thank you for the advice
@the-other said in No traffic allowed on VLAN to outside at all:
So, vlan1 is always UNTAGGED on a trunk while VLAN x-y is TAGGED on that trunk
Those ports working as access port should be configured with the wanted/needed VLAN ID.That's the concept I failed to understand and still struggle to apply to my use case. I actually don't need any of my devices to be physically assigned to a VLAN. I don't want any switchport to be assigned to one VLAN. Because they either connects to a VM host server with many VMs that should be running on different VLANs, or they are connected to an AP which also connects to a dumb switch and both of them have devices that needs to be on different VLANs.
In short, I was expecting VLANs to be completely virtual and only based on their IP address. I did not expect that I need to assign a switchport to a VLAN, and that makes this port exclusive to one VLAN. I thought I can switch the VLAN of one connected device by assigning the IP from another VLAN to it.
-
@ydyw8rdm8i7dfd
Hey,
Well, one could use dynamic vlans as well...there you do not have a vlan bound to a simple port, but a radius server decides which vlan a device is put in to depending on mac or credentials or...
But i don't think that's the point here.You could buy a small smart switch (simple tplink with vlan capapbility, here around 20 euro) and then you get vlans for your entire network.
For your vm question...use a vlan for the parent server running your hyper v. For your vms use the hypervisor virtual switch...
-
Post your running config of the 3750
Webgui is ok but some of us have a better time visualizing if we see the actual config.
-
@the-other Thank you for the suggestion. My set up is somewhat working as expected now. I will continue my learning journey. I probably will eventually buy another more user friendly switch. But that's another project for anther long weekend. I am so tired of working on networking now
PS: interesting this website banned the ip address of the VPN I use. Welp, it means the VPN is working
-
@flat4 I actually just learned a the "show run" command a moment ago. I didn't even know it's existence when I posted my question.
The webgui on 3750x sucks. It is slow and has very limited features. It does not allow VLAN management on webgui.
I wanted to share my "show run" result, but this website flags it as spam
I wonder what had happened before. -
@ydyw8rdm8i7dfd
You prob needs some "likes" aka "Thumbs up" , to gain some "credit".
I just gave you one.You could try to upload the config as a .txt file
-
@ydyw8rdm8i7dfd yes a 3750 is really not for beginners but if you YouTube some basics for Cisco switches and learned the basics you'll will not regret it.
-
@flat4 I just did. It's very interesting how it's managed. At least for VLAN it's not that hard.
-
@bingo600 It is working now. I think my settings are mostly correct. I made those switchport who might be connecting to APs/Servers/Switches trunk port.
interface FastEthernet0 no ip address ! interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/2 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/3 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 switchport access vlan 20 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/7 switchport trunk encapsulation dot1q switchport mode trunk -
Just note that when you set switchport mode trunk , it will "default" allow all Vlans on the trunk.
If you feel for it you could do a further restriction :
switchport trunk allowed vlan 868-870,872-876,897,898Remember the "add" on allow , else you will be sorry
/Bingo
