Need some vlean assistance 3

[amike]

Am taking over a project and am looking for some additional advice. Flat network 192.168.255.x being upgraded to L3 with 3750G's (core) and 2960T's (edge). Fiber trunks between all switches. It is a star network with fiber trunks between switches. Will need to setup 5 vlans:

vlan100 - servers, including dhcp server
vlan101 - workstations
vlan102 - data gathering panels
vlan103 - private devices
vlan104 - audio/intercom


vlan100 will need to communicate to vlans 101,102,103
vlan101 will need to communicate to vlan100
vlan102 will need to communicate to vlan100
vlan103 will need to communicate to specific server on vlan 100.
vlan104 will need to communicate to specific server on vlan100.

Any help would be appreciated.

Thanks,

 

[baddos]

What you will need to do is setup vlan interfaces on your 3750s. After setting them up, you should have routes for all those vlans. Now you will need to setup access lists to control access like you mentioned above.

You mentioned plural 3750 switches, so I'm assuming you want some kind of backup. You can setup HSRP on each vlan interface so the default router for hosts on that vlan will use the new HSRP ip.

 

[jeter]

I perfer to use a router in this case..

Setup your ethernet port 802.1q encapsulation and setup your sub interfaces... Connect to a trunk port on the switch.


As mentioned you will need to setup vlans on the switch and program your switch ports. trunk port from switch to switch....

router 802.1q--to--sw trunk port----to----sw trunk port


SPC NVARNG
Tek-TIP Member 19,650

 

[vipergg]

Almost anyone will tell you to use the 3750 which has a 32 gig backplane for routing , it is a lot faster than a router at forwarding packets and you don't have the total traffic that needs to be routed going up a single uplink between the router and the switch.

 

[amike]

I appreciate the quick responses here. The question is more on programming examples and implentation. I am reaching out to those in my organization, as well as on here, to assist.

The problem is upgrading a L1 network to L3. The current network, not my design, is a single subnet - 192.168.255.x. The network is saturated, unamanaged, and leaves no rooom for expansion.

The network spans 8 building with 100FX MMF fiber uplinks connecting all buildings in star config. This connectivity is not being changed. Not my choice, I tried to have fiber upgraded.

The solution is to replace each building hub or unmanaged swith with the cisco hardware. The main building will have the core 3750G and all other buildings will have 2960T's. Existing fiber will be used as trunks. Each building contains servers, workstations, communication panels, and data gathering panels.

My plan was to configure vlans for each of the above type. The problem I am having is with inter-vlan configuration and communication of devices between vlans.

Any example programming in IOS would be appreciated. I don't want to sound petty, I received my CCNA 2 years ago, rarely used my knowledge until recently. Looks like I am in the thick of things from now on.

I can provide more details to those that can help via direct email.

Thanks

 

[vipergg]

Fairly basic . On the 3750 create your layer 2 and layer 3 vlans. Just an example. if you have 2 3750's make them both vtp servers , if you plan on stacking the 3750's then you will only have one vtp server but you will have redundancy because of the stack .

conf t
ip routing
vtp domain test
vtp mode server

vlan 100

vlan 101

vlan 102

vlan 103

vlan 104
exit

int vlan 100 --->layer 3 SVI
ip address 192.168.100.1 255.255.255.0

Note: make a layer 3 SVI for each of your layer 2 vlans that you created 100 -104

Trunk ports

switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 100 --> must match on each end
switchport mode dynamic desirable

---------------------------------------------------------

2960's

Determine what address you want to manage the 2960's . Make a layer 2 vlan and a layer 3 SVI to manage the switch with.

vtp domain test , must match other end
vtp mode client

The vlans will be propagated from the 3750 so you just need to put the ports into the vlan you want them in.

Trunk to 3750

switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 100 --> must match on each end
switchport mode dynamic desirable

Any other questions post back...

 

[amike]

I think I am getting this.

I think am getting this. How easy using svi. The gateway for each host on the vlan. What is needed on the 2960, I am a little confused - just need to add ports to the vlans?

Another question

There are 2 buildings each of which has other buildings connected, not mesh, only star config. The main building (bldg 1) will have 2 3750's stacked. The second building will have the same 3750 stack. I don't want to assume how the second stack will be configured. If the bldg1 stack fails, connectiivty is lost to several buildings. What would be the recommended config for the second stack? I am not sure if both stacks need to have svi. I am not looking for redundancy if the main stack fails. But if it does, how does this affect svi etc... Thanks

Overview of site:

bldg 1 is connected to bldg 2. (3750s stacked) does have redundant fiber pairs.

Bldgs 2,3,4 connect to bldg 1
Bldgs 4,5,6 connect to bldg 2
bldg 1 is connected to bldg 2.

 

[vipergg]

Not much is needed on the 2960's just create a svi to manage the switch with along with the default gateway for the mgt. vlan .2960's are layer 2 only and do no routing. If you run client server trunking then you just need to put the port in the correct vlan .
The setup is a little different .I am sure there are other ways and other members can chime in .
Idea

Set up the vlans on each stack with a hsrp setup between the 3750 stacks via a crosstack trunked etherchannel . If you do this then one stack will do all the routing or you could alternate the hsrp setup so the one 3750 stack does some of the routing the other 3750 does some of it . When you use crosstack ether channel you would run 1 fiber out of 3750 to a 3750 on the other side and the 2nd fiber would go to the 2nd switch in the 3750 stack so if you lose one switch you do not lose connectivity for everyone just whoever was on the failed switch . The 3750's could be vtp servers and all the 2960's would clients . This way you can create the layer 2 vlans on one 3750 and those vlans get progated to all other servers and (clients --2960's) which makes it easier than making those vlans on all the other switches , you just have to the ports into the correct vlan then .

3750stack1 switch1 --------------> 3750 stack2 switch1
cross stack etherchannel trunk

3750 stack1 switch2 -------------> 3750 stack2 switch 2
cross stack etherchannel trunk

2960's building 1 2960's bulding 2

 

[amike]

I am comfortable with creating the VLANs and interVLAN routing on the 3750. I am still just a bit confused when expanding out to the 2960s. Would using trunking ports connecting each 2960 allowing all vlans do this?


Your idea of alternating routing sounds good, at least there would be some backup, but I will hold off until I fully understand the svi expansion.

 

[vipergg]

Yes use trunk ports to the 2960's this will allow you to put any vlan out on the 2960's that you have created on the 3750's...

 

[amike]

So svi's are created only on 3750. Only thing to do on 2960s is to setup vlan ports, and trunk port to 3750.

 

[vipergg]

That is correct , intervlan routing is done on the 3750's.The 2960's can do no routing as they are layer 2 only switches . The only reason they would have an address is for managability of the switch itself.

 

[zinkann]

The network spans 8 building with 100FX MMF fiber uplinks connecting all buildings in star config. This connectivity is not being changed. Not my choice, I tried to have fiber upgraded."



The 2960's should have SFP ports on them so all you would need is SFP's to upgrade from 100M to 1Gig between your buildings. They run around 100-300 a piece.


CCNA, Network+

 

[baddos]

If your MMF fiber is 62.5 it will work at gigabit sx provided both sides have the appropriate equipment on each end.

 

[amike]

Thanks, all buildings have MMF connections, and all are at 100FX. The distance between buildings is a factor, and was unable to convince the powers to be that we should TDR the fiber to determine if 1GB is possible. However, I do have 1GB SX SFPs if I find out it is possible.

I am hitting the books on using hrsp. Right now, building 1 is the core, and all routing will be done there. There are 2 other buildings with 3750s, overkill but, those buildings also have many fiber connections, using the 3750 will eliminate all those media converters. Vipergg mentioned the hrsp, perhaps using building 2 stack for routing also.

Not to be long winded but currently all devices are on the 192.168.255.x network. This network also has a .240 gateway which connects it to the enterprise wan for communication to specific servers (nat is used). My plan is to keep all servers and workstations on the 255 segment, create 2 additional vlans with 2 svi's. This way there is no change required on the enterprise side router.

I included an xdrive link to a prelim design that was done for this network, perhaps it will help explain more. Link will be active for a few days.

http://plus.xdrive.com/XDRequestDis...ZQWhRR2xuV2lXbUh2YW5yNFkvTkdKUnc4Yy9KcGhRPT0=

Appreciate all the help.