Solved: Re: 2600 router----routing issue with 4506 switch

gomesrichard · ‎05-23-2005

Hi All,

Could you pls help on the below:

<--s0:router2600:e0---->core 4506----local network

1. router's e0 has 2 IP address:

140.x.y1.z and

140.x.y2.z (secondary IP of e0).

2. Core switch has vlan1: 140.x.y1.a

we want to add 140.x.y2.z IP block in the network. We tried to implement 140.x.y2.z network but very very slow performance even someone from that network block tried to access LAN resources.

FYI:

in router: default-route to s0

in core switch: default-route to 140.x.y.z (primary IP of e0 of router.

Pls suggest! ! !

TIA,

Richard

amit-singh · ‎05-24-2005

Richard,

Your Sup is capable of doing the routing and please configure it as per the last post.

Lets make it clear.

If you want to define two separate vlans, then just create the Vlan interfaces on ur sup as this is capable of doing the routing so it will do an intervlan routing for your both the subnets. Just define only one route

ip route 0.0.0.0 0.0.0.0 140.x.y1.z on your switch and both the subnets will be able to talk to the router.

Add the reverse route on you router to get to the 140.x.y2.z subnet.

If you dont want to define 2 seperate vlans then you can use both the primary IP or secondry IP either on the router interface or the switch vlan layer 3 interface.

HTH,

-amit singh

View solution in original post

paddyxdoyle · ‎05-23-2005

Hi,

Can i just double check that your 4506 doesn't have layer 3 capabilites? If it doesn't then i would configure the router as follows:

Router

----------

# Interface fastEthernet 0/1.100

# ip address 140.x.y1.z 255.255.255.0

# encapsulate dot1q 1 native

# Interface fastEthernet 0/1.200

# ip address 140.x.y2.z 255.255.255.0

# encapsulate dot1q 2

Switch

----------

# interface

# switchport trunk encapsulation dot1q

# switchport trunk native vlan 1

# switchport trunk allowed vlan 1,2,1002-1005

# switchport mode trunk

You can then create your new VLAN on the switch and then add whichever ports necessary to it.

On a side note, In practice you shouldn't really use VLAN 1 on a switch for user trafffic, this is because it's used by the switches for various management protocols.

Cisco recommends against the use of VLAN1 for the following reason:

"Control plane data on VLAN 1 should be kept separate from the user data to simplify troubleshooting and maximize available CPU cycles"

There's a best practices guide here:

http://www.cisco.com/warp/public/473/103.html

Its always best to have a dedicated VLAN for your management that only has management traffic in it, so in your case i would use VLAN2 for management and VLAN3 upwards for others...

Good luck!

Paddy

glen.grant · ‎05-23-2005

Make sure you don't have speed/duplex mismatches between the 2600 and the 4506 . Hardcode the 4506 to 10/half to match the 2600, if the 2600 can run 10/full harcode both ends to 10/full duplex and see if that helps .

gomesrichard · ‎05-23-2005

Hi Paddy,

1.the switch is L3 switch, pls see the attached file.

2.I did not mention BandWidth manager in my previous diagram, it should be like below:

<--s0:router2600:e0--BW-Manager-->core 4506----local network

3. Yes, you are right. We should create Vlan2 and use for user data, instead using Vlan1.

4. Actually I want to skip/bypass any vlan configuration in this scenario. It should be very simple routing issue. WE have a plan like below:

a) remove secondary IP of router's e0 interface.

b) put a static route in the router for incoming packets for 140.x.y2.z block

ip route 140.x.y2.z/25 fa0/0

c) put a static route (default-GW) in the core switch:

ip route 0.0.0.0 0.0.0.0 140.x.y1.z

In the above step, I guess we need other routing entries to give users access to 2 IP blocks in LAN. All the servers are in our primary bloack, that is, 140.x.y1.z. And users from 140.x.y2.z network have to access these servers.

Hi Grant, Thanks. I will check that out.

amit-singh · ‎05-24-2005

Hi,

Why do you want your router to do the routing. You have a L3 switch, let it do the routing. I guess you have 2 vlans configured on the Core switch. let it do the routing and you will definately get a good throughput. I think your router was oversubscribed so that's why the throughput was slow.

Just create to vlan interfaces on the Sup and assign them an IP address which will be gateway for both the subnets and this will enable intervlan routing on that for example,

int vlan 1

ip address x.x.x.x

int vlan 2

ip address y.y.y.y

If you want you can also assign the primary and secondry Ip's on 1 Vlan interface if you want to keep only 1 vlan(if you dont want any static port assigments).

interface vlan 1

ip address x.x.x.x

ip address y.y.y.y secondry

Then you can set up a default route on the switch 0.0.0.0 0.0.0.0

HTH,

-amit singh

gomesrichard · ‎05-24-2005

Hi Amit,

Thanks for your mail.

Shall we keep the secondary IP of e0 of router? If we keep the secondary IP then will it cause any performance/throughput issue?

If I do intervlan routing, then there will be 3 entries all together:

ip route 140.x.y1.0 255.255.255.0 vlan2 ( I don’t know if I can put vlan interface as an interface, I haven’t done it before)

ip route 140.x.y2.0 255.255.255.128 vlan3

ip route 0.0.0.0 0.0.0.0 140.x.y1.z ( router’s e0)

(vlan2: 140.x.y1.z; vlan3: 140.x.y2.z)

regards,

Richard

paddyxdoyle · ‎05-24-2005

Hi Richard,

You can't use the vlan keyword in a route statement from a router, you could if it was an RSFC or an MSFC but not on a dedicated router.

In this case, you would need to configure a point to point link between your router and layer3 switch

e.g.

ROUTER

------

interface FastEthernet0/1

description Router link

ip address 192.168.1.1 255.255.255.252

speed 100

full-duplex

LAYER 3 SWITCH

--------------

interface Vlan10

description Router Interconnect VLAN

ip address 192.168.1.2 255.255.255.252

SWITCH PORT CONNECTING TO ROUTER

------------------------------

interface fa 0/1

description Connection to Router

switchport access vlan 10

speed 100

duplex full

Then your routes on your router will be as follows

ip route 140.x.y1.0 255.255.255.0 192.168.1.2

ip route 140.x.y2.0 255.255.255.128 192.168.1.2

ip route 0.0.0.0 0.0.0.0 140.x.y1.z ( router’s e0)

Hope this makes sense

Rgds

Paddy

gomesrichard · ‎05-24-2005

Hi Paddy,

1)I don't want to route the Vlans in router but in 4506.In my previous mail, I stated:

ip route 140.x.y1.0 255.255.255.0 vlan2

ip route 140.x.y2.0 255.255.255.128 vlan3

ip route 0.0.0.0 0.0.0.0 140.x.y1.z ( router’s e0)

These routing entries will be in 4506 after creating vlan2 and vlan3. How about that.

2)Plus, Shall we keep the secondary IP of e0 of router? If we keep the secondary IP then will it cause any performance/throughput issue?

3)if we remove 140.x.y2.z/25 (second IP of e0) IP from e0 from router then router won't be able to pass/route incoming packets destained for 140.x.y2.0/25 network, inside the LAN. I am talking about incoming packets, which will access LAN users belongs to 140.x.y2.0/25.

So, I guess we should put another static route for incoming packets like this way

ip route 140.x.y2.0/25 fa0/0 ( pls correct if I am wrong)

Along with the default-route of the router:

ip route 0.0.0.0 0.0.0.0 s0

regards,

Richard

amit-singh · ‎05-24-2005

Richard,

Which Sup engine do you have on your Cat4506.

-amit singh

gomesrichard · ‎05-24-2005

WS-X4515.

regards,

Richard

amit-singh · ‎05-24-2005

Richard,

Your Sup is capable of doing the routing and please configure it as per the last post.

Lets make it clear.

If you want to define two separate vlans, then just create the Vlan interfaces on ur sup as this is capable of doing the routing so it will do an intervlan routing for your both the subnets. Just define only one route

ip route 0.0.0.0 0.0.0.0 140.x.y1.z on your switch and both the subnets will be able to talk to the router.

Add the reverse route on you router to get to the 140.x.y2.z subnet.

If you dont want to define 2 seperate vlans then you can use both the primary IP or secondry IP either on the router interface or the switch vlan layer 3 interface.

HTH,

-amit singh

paddyxdoyle · ‎05-24-2005

Hi,

1) You don't need to add routes for the VLAN interfaces as they will be displayed in your switches routing table as connected networks and will look like:

C 140.x.y1.0 255.255.255.0 is directly connected, Vlan2

Your default route is correct

2) Remove the secondary address from your router as this is now a VLAN interface on your switch and is unecessary.

3) You will have to add a static route on your router telling it to get to 140.x.y2.0/25 via the IP address you have configured for VLAN2 on your switch

----------

On a side note you have used a /24 netmask for the interconnection between your router and switch (VLAN2), this should be a /30 (255.255.255.252) netmask as its a point to point link.

You should have a seperate VLAN for your interconnect link, network management and user traffic so if you look at my previous post this is in fact the best way to configure your interconnect between router and switch, obviously you can change the IP addressing to suit your range and then you would have static routes on your router for each VLAN via the VLAN interface created for the point-to-point link on your layer3 switch, thus allowing you to route to your internal VLANs to and from your router however the actual interVLAN routing will be happening on your Layer 3 switch.

HTH

Paddy

gomesrichard · ‎06-05-2005

Hi Amit and Paddy,

Thanks. Yesterday we implemented as per our discussion. It worked.

best regards,

Richard

paddyxdoyle · ‎06-06-2005

Excellent, glad to be of assistance!

amit-singh · ‎06-06-2005

Hey,

Good to know. I appreciate your response in letting Me and Paddy know that it has worked for you.

It was a pleasure assisting you.

regards,

-amit singh