You don't know til you try . . .


Cisco SG500 <-> 2960/2950 VPN

, posted: 20-Oct-2015 09:47

sg500-2960-c

I am no Cisco tech so this may seem obvious to the Pros.
Googling did not return the solution in one hit.
Recently had to get get a network of Catalyst 2960 and SG500 to work together with VPNs.
The SG500 was the backbone and powered the 2960's via POE.

The SG500's do not support VTP.
They do support the industry equivilant of GVRP (IEEE 802.1p).
This means you have to manually set up VPNs on both devices.
Names assigned to the VPN do not matter only the VPN number.

The ports default to Trunks, you would assume that all VPN traffic would pass through by default.
Not so.
1. Create the VPN on the SG500.
2. Assign the port to the VPN.
3. Add the port to the VPN.

2 and 3 may seem like the same thing.
2 Controls access, while 3 controls membership.

Of course I may be doing this wrong but this is what I had to do to get it to work for me.

You can imagine 10 switches x 5 VPNs adds up to a lot of manual configuration without the auto propagating VTP.

Good setup guide on the SG500
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/885-cisco-switches-sg500-52p.html
ASSIGNING PORTS TO VLANS

VLAN and VTP config information
http://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/98154-conf-vlan.html

Other related posts:
#dickfails
Debugging, old school
Android Stealth Instant media upload




Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.

Your name:

Your e-mail:

Your webpage: