Basic VLAN Setup across multiple switches 1

[JasonPerdue]

Hi all,
We just installed 7 3Com 5500-EI switches and have a basic configuration loaded with everything running on vlan1. My plan is to have vlans defined to segment out our voice traffic, network equipment, servers, and computers with the following ip schema;

10.10.10.0/24 - network equipment
10.10.20.0/24 - servers
10.10.30.0/24 - phones
10.10.40.0/24 - dhcp scope

The intention is to define vlans 10, 20, 30, 40 and configure the vlan interface with x.x.x.1/24 address.

Will these vlans and interfaces need to be configured on each of the 7 switches individually? Will GVRP simplify this for me or just over complicate our basic setup?

Any tips or advice will be appreciated.

 

[VinceWhirlwind]

You will need a layer-3 device (switch/router/firewall) which routes between the VLANs. This is your "core" device. This device will require a virtual interface in each of the VLANs. This interface's address is the "default GW" for its subnet.

You then need to extend the VLANs out to wherever they are needed on your "edge" switches. You should not extend a VLAN to anywhere where it is not needed.

To extend the VLAN, you need to configure it as "tagged" on the physical interface on the core that it needs to go out of. Then configure it as "tagged" on the physical interface of the remote switch it needs to come into. Then configure it on the remote switch ports where it is required, usually as "untagged", although VMWare servers and IP phones will also use "tagged" VLANs.

Your "edge" switches do not need any IP address on them for them to fulfill their role as switches, however you will want to configure an IP address on them for remote management purposes.

Forget GVRP - your design will tell you where VLANs belong on your network, you don't need some overcomplicated extra configuration which adds no value and introduces new risks.

 

[JasonPerdue]

Thanks for the helpful information. You cleared up a gray area in my thought process and deserve a star.

 

[cyberspace]

Just thought I'd add my 2 cents.

As the 5500-EI is a Layer 3 switch then one of the switches will become the router for inter-vlan traffic. What I do is have IP addresses on VLAN 1 for management on every switch, but only 1 switch has an IP interface for the voice VLAN and this becomes the default gateway for this VLAN.

So on each switch you need to define the VLAN which is simply a case of "vlan x" in system view (where X is the VLAN ID) so it will be:

vlan 10
vlan 20
vlan 30
vlan 40

on every switch. And on the switch you designate as the core your will need to add an IP address for each VLAN

eg:

interface vlan 40
ip address 10.10.40.1 24

On your switch to switch links you will set these as trunks and permit the necessary VLANs in order for all vlans to talk on all switches.

port link-type trunk
port trunk permit vlan 10 20 30 40

or you could simply use "port trunk permit vlan all" but I prefer explicit definitions.

Also don't forget that if DHCP servers are on a different VLAN to the machine that is asking for an address that you will need to use DHCP relay on the switch.

'When all else fails.......read the manual'

 

[JasonPerdue]

Thanks for your 2 cents!

I had assigned an ip address to each vlan interface on each switch and was confused about what to use an the default gateway. Since each switch could technically be a default gateway for the devices plugged into it, I wasn't sure which one I should use. To simplify my situation, I ended up adding a sub-interface on our router for each vlan following the "router on a stick" configuration and used that address as the default gateway. I would really prefer to utilize the layer 3 functionality of the switches and will adjust my configuration according to your comments.

As far as dhcp, we're currently serving dhcp requests from another location with a point to point T1 connecting the sites. I have dhcp functioning on one vlan for our computers and plan to add another scope for the phones and phone system, which should be coming later this week. Thanks for the heads up about needing dhcp relay - will certainly have to look into that in more detail.