Configuring multiple 2960G switchs

February 6th, 2010 | xumi | 0 Comments »

Question:

Folks- I am configuring multiple 2960g switches for my environment. My config is attached. My goal is to have 2 VLANs on each switch- VLAN 1 for workstations and servers(normal data)and VLAN 2 for ISCSI traffic. I’m using a single int to connect VLAN  1 and an ether-channel with 2 int connecting VLAN 2.  Will the running config attached work? Any suggestions to make it better?

Thanks to that1guy15 for getting me this far.
Code Snippet:

Current configuration : 2594 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch2960_24
!
enable secret 5 $1$hy6A$pz8ebtjsz4FAs64KnfMnI.
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-2 priority 24576
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport trunk allowed vlan 2
switchport mode trunk
!
interface GigabitEthernet0/1-10
switchport mode access
speed 1000
!
interface GigabitEthernet0/11-20
switchport access vlan 2
speed 1000
duplex full
!
interface GigabitEthernet0/21
switchport trunk allowed vlan 1
switchport mode trunk
!
interface GigabitEthernet0/22
switchport trunk allowed vlan 2
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/23
switchport trunk allowed vlan 2
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/24
switchport trunk allowed vlan 1
switchport mode trunk
!

!
interface Vlan1
ip address 10.0.0.10 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.0.1
ip http server
!
control-plane
!
!
line con 0
line vty 0 4
password password
login
line vty 5 15
password password
login
!
end

Switch 2

Current configuration : 6696 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname 2960_48
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8AOK$bi8PdozVKmkcp5gJTExfY.
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
enrollment selfsigned
serial-number
revocation-check none
rsakeypair HTTPS_SS_CERT_KEYPAIR
!
!
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
certificate self-signed 01
30820258 308201C1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
3D311130 0F060355 04031408 32393630 5F34382E 3128300F 06035504 05130843
31364432 43303030 1506092A 864886F7 0D010902 16083239 36305F34 382E301E
170D3933 30333031 30323239 35365A17 0D323030 31303130 30303030 305A303D
3111300F 06035504 03140832 3936305F 34382E31 28300F06 03550405 13084331
36443243 30303015 06092A86 4886F70D 01090216 08323936 305F3438 2E30819F
300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100FB75 8770A998
54486652 476224C8 7068866D 6F596126 0F49582B B0E8CA17 190C9E08 88E7358E
17D5B74B 4C3C2766 357905EC FA616006 77C9C9AA BC1C83B4 4A2FC882 2FF57FA8
0F600BA8 863041DA 28190809 0733A1ED BC4A3A76 E2988F27 E51814A0 A30FD997
E4DB49C1 A79DFA7E 8944BF79 D7C2D67D 5B5B3E37 2C16A047 58E30203 010001A3
68306630 0F060355 1D130101 FF040530 030101FF 30130603 551D1104 0C300A82
08323936 305F3438 2E301F06 03551D23 04183016 8014BAA8 62077878 5EDD3640
F07B37B2 9931D919 6E0F301D 0603551D 0E041604 14BAA862 0778785E DD3640F0
7B37B299 31D9196E 0F300D06 092A8648 86F70D01 01040500 03818100 03E45C6B
46840931 A398D21B 061943FA 39E9D61A E012CEB0 5BE7143A E1586A91 A8774602
BB41BC37 FBC5A9D5 1DAF979E D559D94A 8AB0682C 6F87C6F2 BB69E39E 9672F8F3
1C244D9F 290EDC69 064D49A5 357E27F3 A02C9B4F F254ACB6 284460AC 7FF03639
5EC0DE7A 02656575 57A7E50E C4E47A53 6E35A00D 6ECCD9E5 B2C0A3E8
quit
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-2 priority 28672
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel1
switchport access vlan 2
switchport trunk allowed vlan 2
switchport mode trunk
spanning-tree vlan 2 port-priority 64

!
interface GigabitEthernet0/1-33
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/33-44
switchport access vlan 2
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/45
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree vlan 1 port-priority 64
!
interface GigabitEthernet0/46
switchport trunk allowed vlan 2
channel-group 1 mode active
spanning-tree vlan 2 port-priority 64
!
interface GigabitEthernet0/47
switchport trunk allowed vlan 2
channel-group 1 mode active
!
interface GigabitEthernet0/48
!
interface Vlan1
ip address 10.0.0.20 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.0.1
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 0 4
password password
login
line vty 5 15
password password
login
!
end

Solution:

You might run into the same issues with having the allowed vlan configured on the trunk ports that are part of the port-channel.

It is always recommended to put bassic configs on your interfaces (speed, duplex setting) and then configure the rest on the port-channel interface. Also it is very important for your port and port-channel configs to match exactly for all to work properly.

Everything else looks good to me. I also suggest you lab this up to make sure you are working as expected. It also gives you good practice for when you do this on your production eviroment.

digg delicious stumbleupon technorati Google live facebook Sphinn Mixx newsvine reddit yahoomyweb
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...