Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Init VLAN in AccessLayer switch enviroment ?Start?

Status
Not open for further replies.
Zaxxon26

Zaxxon26

IS-IT--Management
Oct 29, 2001
20
US
Hey Helper Types!
I just took over this network that consists of nothing but 2924 and 2912's. I need to implement a VLAN to secure some traffic going to specific devices. So sure, "just VLAN it!" the boss says. I have documents that say trunk this and port that but you know how it is, I would like to know how real people do it. I have a pretty good idea of the concept so I will run down my plan and open it to your advice.

1> start using VTP making the most central switch the server, and give it a domain name. Join all other switches to that VTP domain as clients.

2> setup some trunk thingy between switches that need to pass multi-vlan stuff. ISL I guess, or does VTP trunk it's own way? Solid point of confusion.

3> add the new vlan to the VTP server. Does the VLAN propegate to other switches in the domain? I think so. If not then add the new vlan to the other neseccary switches.

4> static assign the ports needed to the new VLAN.

5> Duck the boss when the stuff hits the cooling fan!

I dunno. The Sisco :) pages describe each of the entities very well but I am having conceptual difficulties putting together the proceedure for the gammet. TIA for any comments!

VLANDAMMAGE!
 
Sort by date Sort by votes
A few words here..

VTP- You need a VTP domain name.. all switches need to be in this domain( to keep it simple)

VTP- One switch needs to be the VTP server.. the rest should be clients and when you do this.. BE CAREFUL!!! If by chance you toss a switch into the VTP domain as a server and it has a new VLAN version ( higher number) it will overwrite the current VLAN without so much as a how do you do. There is a best practice for putting a new switch into the VTP domain.

Trunking- to pass the VTP info, you need a trunk between the two( or more) switches. The trunks come in two different flavors.. ISL and 802.1Q.. sometimes hardware dependent on which you can use.

As long as the switches are trunked, client/server and in the VTP domain, the VLANs will propagate( there are exceptions but dont worry about them right now)

In order to pass traffic from one VLAn to another, you must router or layer 3 switch. So you need something.. in your case, probably a router on a stick design.. router needs to have a 10/100 port trunk capable.. no 1700s.. 2620 or 2621 come to mind. The router needs to see the VLANs from the trunk connection and have virtual interfaces for each VLAN set up. You can router and apply access lists to them like any other interface. Be warned, the Cat4000 RSM will NOT do policy routing.. always has to be the odd one in the bunch :)

MikeS Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Thanks!!
Lucky for me the VLANs don't need to talk to each other. But I will need to pass that traffic over to a different network. I guess I will need a router there.
I know that there is some latency when you add a VLAN to a switch. Is there any CPU crunch time when you add a VTP domain?
All my switches are WS-29xx, should I just go ISL? It seems to be the favored trunk in my litterature.

Could you just come over and DO my job? he he he

Thanks
 
Upvote 0 Downvote
Zax- funny you should mention.. I am a *mercenary* for Networks ;-) but my better half prefers I call it *consulting*..

In a small network, there is nothing wrong with ISL.. even in large ones.. the issue becomes bigger with mixed equipment or newer equipment. For example, the Cat 4000 series will not talk ISL.. so any switch that you want to trunk the Cat4000 to must speak 802.1Q.. many older switches do not speak this so there is a problem.

You will never see the latency for the vlans.. unless you have a killer datastream which pushed the boundries of reasonable network design .. or something odd like SNA which is very time sensitive.

MikeS Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Cisco is slowly moving toward weeding out ISL and moving toward 802.1Q. 3600 routers with the newest IOS don't support ISL anymore, so you might want to go with dot1Q. The overhear with ISL is much greater than that of dot1q as it has a spanning-tree algorithm for every vlan as opposed to dot1q that has one for all vlans. ISL has faster convergence and recovery in the case of a failure however, but also doesn't adhere to ethernet standards.
 
Upvote 0 Downvote
Mel- lets keep things in perspective... yes, ISL uses PVST and 802.1q uses CST(common spanning tree) and yes, ISL has a somewhat higher overhead from it..

BUT- CST doesnt scale worth squat nor does it allow you to juggle the root bridge for each VLAN. If you have scattered VLANs, it's a very poor design that makes you run the root bridge across the campus when nothing is there that is IN the vlan. That is wasted bandwidth.

Like many things in networking, you can not make a blanket statement and say that XYZ is the "best".. it may be the best for a given circumstance but the worst choice in a different circumstance. You need to know all of your options, what the plus and minuses are and how it applies to your problem.

MikeS Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Umm...OK.
The network in question, mine, is extreemly flat. The New vlan will not have any redundant links in it, so I don't think cst vs. pvst would be an issue. "Right?" Also, I dont' have any really cool switches, all trunks WILL be between 2900's. I don't know if that makes a difference?
 
Upvote 0 Downvote
LOL- pity the user who gets in the crossfire of a couple of geeks ;-)

Since you get to start from scratch and you do not seem to have some the *enterprise* issues to contend with..

I'd probably use 802.1q.. but.. I would check whatever you plan to route with and make it and the code level installed can support trunking and routing 802.1Q The plus here is that if per chance.. somebody decides to buy a DIFFERENT switch, you still have a chance of trunking it.

MikeS Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
347
madwok
madwok
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
160
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
225
Geraldine Souza
Geraldine Souza
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
168
bfordz
bfordz
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
133
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top