Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VLAN tutorial 2

Status
Not open for further replies.

jolobo

IS-IT--Management
Dec 30, 2003
1
QA
Hey listen out, I am looking for some info about getting a VLAN up and running. We have 4 Cisco Switches, two 2950 switches,3500 and and old 2820 with ATM module but no fast ethernet ports. SO I need to put all of these in maybe 4 different VLANS. I clearly understand how VLAN works but I need some begining info to get this up and running. Like Trunk configuration, and when how will the clients receive their IP address assignment, I mean right now we use DHCP with Win2K, but after I assign different subnets to the VLANS how will the clients receive all these different addresses from one DHCP sever? Hope its clear, need some good advice.
 
For setting up your Vlans, on whatever your main switch is, (this example is CatOS, it's slightly different for IOS...

set vtp domain <VlanDomain>
set vtp pruning enable
set vlan 540 name LAW-Switches type ethernet mtu 1500 said 100540 state active
set vlan 541 name LAW-Classrooms-1-2 type ethernet mtu 1500 said 100541 state active
set vlan 542 name LAW-Classrooms-3-4 type ethernet mtu 1500 said 100542 state active
set vlan 543 name LAW-Public type ethernet mtu 1500 said 100543 state active


these are a couple of my vlans... the next thing is you will need to go into each switch and:
set vtp domain <VlanDomain>
set vtp mode client vlan



after it's all set up you can then check
show vlan

and you should have your vlans listed.

Next you need to establish trunk ports between the switches to carry the traffic for all the vlans...

you can do this a couple ways, set up multiple seperate links that each carry 1-2 vlans, set up multiple aggregated links that carry all the vlans, or single links that carry all the vlans...

Mostly I use single 1gb links except for my trunk to another building where I run a 2gb feed to them...

set trunk 1/1 desirable dot1q 1-1005,1025-4094
or
set trunk 1/1 desirable dot1q 1-1005,1025-4094
set trunk 1/2 desirable dot1q 1-1005,1025-4094
set port channel 1/1-2 mode on


Note, Some switches may require the trunk to be forced ON instead of desirable...

Lastly, you need to set up your router to route all the vlan traffic...

<b>ip multicast-routing
!
interface Vlan540
description LAW-Switches
ip address <IP for Router> <SubnetMask for IP Block>
ip helper-address <DHCP server IP>
no ip redirects
ip pim dense-mode
mls rp vtp-domain <VlanDomain>
mls rp management-interface
mls rp ip
!</b>

I need the IP Multicast Routing and the mls stuff because I use Ghost to clone PC's, you may or not need to do this.. I also use 2 routers in active/active mode in my 6509, I removed this code for clarity but if you need it let me know...


okay, for the DHCP, what happens is in the router for each vlan you specify

ip helper-address <DHCP server IP>

then you specify seperate scopes for the different IP ranges, make sure there seperate scopes, not super-scopes


If you have additional questions, or someone else wishes to expand correct, Please feel free... :)



-Mike
 
Your DHCP server will have to be multi-homed having a NIC that physically resides on each subnet so that it can hear the DHCP requests from all your clients regardless of which VLAN they are on. And yes, also be sure that the server contains a scope for each subnet.
 
You do not need to Multi-home the dhcp servers. Look at the IP Helper address info above.

NetEng
 
NetEng631 is correct in the fact that you do not have to multi-home your DHCP server. I guess I shouldn't be so lax with my thinking. I would RECOMMEND multi-homing your DHCP server. If you have a small network and not very many nodes requesting ip addresses, then no big deal. If you have a large network though and all those bootp broadcasts being relayed through your router, I hope you're confident in its abilities. Broadcasts are bad enough, much less relaying them to other subnets. Just be sure if you do use the ip helper-address tool, that you lock down all the other broadcasts that come with that tool as well such as DNS, TFTP, and NetBIOS name service packets to name a few. You can configure the router to forward only DHCP requests, but it takes a little more configuring.

Happy Networking!
 
It's my understanding once the broadcast BOOTP packets are processed by the router, there no longer broadcasts because the router knows where to direct them because of the helper address.

If this is not correct, please let me know...

-Mike
 
You are totally correct Mike. I'm just the kind of guy that likes to keep things as simple as possible. If I can keep my router from having to relay anything so that it runs more efficiently doing what it's really meant to do, then I'm all about it. This is why I speak of the multi-homing being good and relaying a bootp request being bad. Both will work, just depends on your needs as to which would be better. Great discussion...any other ideas? I don't even like DHCP to tell you the truth. Not very nice when looking at traffic, but better on the security side.
 
I too believe in trying to keep my routers running more effeciently, thats one reason with Dual sups & routers in my main switch I run my routers in active/active mode... I can't stand the thought of having the second router sitting there asking 'Are you stilll alive, do I need to take over?' much rather have it load balance and have the main switch chassis send me a message if it can't see one of them...

-Mike
 
IP helper address takes the MAC Broadcast and the router converts it to IP directed broadcasts. your DHCP server will read the directed broadcast and choose a scope accordingly.

If you require multiple helpers, use them if you want to &quot;summarize&quot; your helper address to reduce router overhead. Put all of your servers on one subnet, put in the helper address, but not to a specific server. use the Server subnet's broadcast address like 10.1.1.255



 
It is in fact routed traffic with a destination address over the network. It's just broadcast on the clients segment.
 
hi mike or anyone,

do you know what happen if i use different super-scopes for my DHCP scope? please help! i'm about to implement them tonight.

Sipa
 
Is there any particular reason why your introducing superscopes?

-Mike
 
Basically need to use the command
IP ADDRESS xxx.xxx.xxx.xxx mmm.mmm.mmm.mmm secondary

you can add as many secondary ip's as necessary...

You will need to set this on your VLAN interfaces for the router to be able to route packets from other subnets assigned. If your doing this because you are running out of IP's in your DHCP block and want to add more, then this may not be the best way, you may want to consider adding new VLANS and reflow your VLANS to create seperate defined area. Having too many clients on a vlan just generates more chatter between people sending broadcasts and everyone else responding to broadcasts...

-Mike
 
Question - I have a 3750-EMI with a VLAN1 ip address of 10.0.0.3/15 and am trunking a vlan from a 3550, I want to set the VLAN 103 ip address on my 3750 to 10.0.0.103 but it gives me an "10.0.0.0 overlaps with VLAN1" error, I am not sure what to do.

Any help is appreciated.
 
the reason is because a 10.0.0.0/15 subnet is
Subnet Mask Subnet Size
10.0.0.0 255.254.0.0 131070

Host Range Broadcast
10.0.0.1 to 10.1.255.254 10.1.255.255

the next available subnet block would be 10.2.x.x


The nest utility out there for figuring subnets I have found is SolarWinds Advanced subnet calculator... and best of all, it's free

-Mike

-Mike
 
BTW, 131070 Addresses is a little much, you might want to consider breaking it to a more manageable size, like
255 Addresses or /24
or 510 for /23

Unless you really need that many addresses... usually when you use one that big, it's meant more for breaking into smaller pieces...


-Mike
 
How do you set VLANs up with CATOS version 2.1. You can't even communicate with the router unless the interface as in IP assigned to it, but you can only assign it one IP.
 
I've got a Cisco 4506 I have the following

VLan1 192.168.1.0/24 Gateway is 192.168.1.1
VLan2 192.168.2.0/24 Gateway is 192.168.2.1
VLan3 192.168.3.0/24 Gateway is 192.168.3.1

Right now I got my internet connection firewall as 192.168.1.2 and on the cisco switch, I got IP route 0.0.0.0 0.0.0.0 192.168.1.2

I dont know if that is a good place to put my firewall to internet ? Anyone can give me any suggestions ?
 
You might create a special Vlanxxx with range a.b.c.d / 32
and default route 0.0.0.0 to a.b.c.x which is the IP of your FW.
This will help you the day you add a second FW for redundancy using vrrp, master /slave....
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top