Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
0
Replies

Vlans and MSTP config

Neville Dsouza
Level 1
Level 1

‎09-02-2015 02:48 AM

Hi ,

I am new to vlans so I would request help from this forum.

I am presently working on 2 SRX 240 firewalls connect to 2 3012 Cisco catalyst switches.The port 0/0/7 of both the firewall connect to the 0/15 port of each 3012 Cisco Catalyst switch that will be used handle management vlan 4000 with subnet 172.16.0.1/24 in our datacenter. I want to connect port 0/16 of the both the cisco switches to 2 ports on a brocade switch. So far I have come up with the below config. Can some one please check and tell me if this is the way to go on each switch.

Create the Management Vlan
 
Cisco01# configure terminal
Cisco01(config)# vtp mode transparent                                                          Disable VTP (Cisco Proprietary and u can create vlan with id above  1005 only if you disable vtp)
Cisco01(config)# vlan 4000 Create VLAN
Cisco01(config-vlan)# name mgmt Name the vlan
Cisco01(config-vlan)# end
Cisco01# show vtp status Check vtp status
 
 
Connect using console cable, presntly accessing through 172.16.1.4 (vlan 1). 
 
Cisco01# configure terminal
Cisco01# interface vlan 4000                                                                           Enter the vlan Interface
Cisco01(config-if)# management                                                                      When the keyword management is issued, the old management VLAN  interface is shutdown and the old IP                                                                                                                      address (172.16.1.4/24) is moved  over to this new interface
Cisco01(config-vlan)# no ip address 172.16.1.4 255.255.255.0                            Removing the temporary IP 
Cisco01(config-vlan)# ip address 172.16.0.4 255.255.255.0                                 Assign a new IP (ip address 172.16.0.5 255.255.255.0 for Cisco02)
Cisco01(config-vlan)# no shut                                                                          Start the Interface
Cisco01(config-vlan)# end
Cisco01# interface GigabitEthernet 0/1 - 18                                                     Enter the interface or interfaces to be added to the VLAN. 
Cisco01(config-if)# switchport mode access                                                     Define the VLAN membership mode for the port (Layer 2 access  port).By default allows only vlan 1
Cisco01(config-if)# switchport access vlan 4000                                               Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094. Specifically  allow access to this vlan 
Cisco01# end
Cisco01# copy running-config startup-config
Cisco01# reload
 
Trunk Configuration Allowing VLANs on a Trunk ( This may be not required since we have just one vlan on cisco switches but I am not sure if it will work with just
switchport access vlan 4000
switchport mode access
)
 
Cisco01# configure terminal
Cisco01# interface GigabitEthernet 0/15                                                             Specify the port to be configured, and enter interface configuration mode.( This will connect to SRX 240) 
Cisco01 (config-if)# description Connect to Juniper SRX240 Cluster                       Each Port from both cisco switches will provide redundancy
Cisco01 (config-if)# switchport trunk encapsulation dot1q                                   ISL is cisco proprietry so use IEEE 802.1Q encapsulation (IEEE 802.1Q encapsulation has its own limitations)
Cisco01 (config-if)# switchport mode trunk                                                          Configure the interface as a VLAN trunk port. 
Cisco01 (config-if)# switchport trunk allowed vlan 4000                                      (Optional) Configure the list of VLANs allowed on the trunk.
Cisco01 (config-if)# switchport trunk native vlan 4000                                         Specify the native VLAN for IEEE 802.1Q trunks. 
Cisco01# show interfaces GigabitEthernet 0/15 switchport                                     Verify your entries in the Trunking VLANs Enabled field of the display
                                                                                                                             
 
Cisco01# interface GigabitEthernet 0/16                                                               Specify the port to be configured, and enter interface configuration  mode.( This will connect to Brocade ICX 6430-24) 
Cisco01 (config-if)# description Connect to Brocade ICX6430 Switch                          Each Port from both cisco switches will provide redundancy
Cisco01 (config-if)# switchport trunk encapsulation dot1q                                       ISL is cisco proprietry so use IEEE 802.1Q encapsulation
Cisco01 (config-if)# switchport mode trunk                                                           Configure the interface as a VLAN trunk port. 
Cisco01 (config-if)# switchport trunk allowed vlan 4000                                       (Optional) Configure the list of VLANs allowed on the trunk.
Cisco01 (config-if)# switchport trunk native vlan 4000                                          Specify the native VLAN for IEEE 802.1Q trunks.
Cisco01# end                                                                                                         Return to privileged EXEC mode. 
Cisco01# show interfaces GigabitEthernet 0/16 switchport                                                  Verify your entries in the Trunking VLANs Enabled field of the display. 
Cisco01# copy running-config startup-config                                                        (Optional) Save your entries in the configuration file. 
 
 
MST Configuration
 
Cisco01# configure terminal
Cisco01# spanning-tree mst configuration                                                            Enter MST configuration mode. 
Cisco01# instance 1 vlan 2-250
Cisco01# instance 2 vlan 251-500
Cisco01# instance 3 vlan 501-750
Cisco01# instance 4 vlan 751-1000
Cisco01# instance 5 vlan 1001-1250
Cisco01# instance 6 vlan 1251-1500
Cisco01# instance 7 vlan 1501-1750
Cisco01# instance 8 vlan 1751-2000
Cisco01# instance 9 vlan 2001-2250
Cisco01# instance 10 vlan 2251-2500
Cisco01# instance 11 vlan 2501-2750
Cisco01# instance 12 vlan 2751-3000
Cisco01# instance 13 vlan 3001-3996
Cisco01# instance 14 vlan 3997,4000
Cisco01# instance 15 vlan 3998,3999
 
Cisco01# name somehosting
Cisco01# revision 1
Cisco01# show pending
Cisco01# exit
Cisco01# spanning-tree mode mst
Cisco01# end                                                                                                      Return to privileged EXEC mode. 
Cisco01# show running-config                                                                               Verify your entries. 
Cisco01# copy running-config startup-config
 
The above will be repeated on each switch.
Please let me know if you need more details. I would like to get this config right.
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents