Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1124
Views
0
Helpful
8
Replies

6509 Switch and MSFC / VLAN

aalhajjah
Level 1
Level 1

‎12-27-2004 12:31 PM - edited ‎03-02-2019 08:47 PM

Hello,

I have a 6509 switch with MSFC router. I want to use it to do intervlan routing. I configured two interfaces on the router for each vlan and also configured the vlans on the switch. I am able to ping between the vlans. Does the 6509 interface sc0 have to be on one of those vlans that I configured on the router?. I would like traffic on the switch to default to the MSFC module router and I don't know where to put that?. If I command the switch to default the route to the MSFC router with the (set ip route) command, what is the subnet that I am going to use for the gateway?. In other words, I am confused on which IP to use for the default gateway.

Thanks.

Labels:
0 Helpful
8 Replies 8

rais
Level 7
Level 7

‎12-27-2004 02:51 PM

Once you have created two VLANs on the switch and you also have created 'interface vlanN' on MSFC, you do not need to have any routes in MSFC. Since it's the same box, the data should automatically be switched/routed in the switch.

Note that you must have at least one active port in both VLANs to see vlans in UP state.

sc0 need not be there in any VLAN. Its sole purpose is for management.

Hope this helps.

0 Helpful

aalhajjah
Level 1
Level 1
In response to rais

‎12-28-2004 03:45 AM

This really clears it up for me. Ok, since there is no need for routes in MSFC, in this case what would be the purspose of the "set ip route" statements in the 6509 configurations. Would you say that they don't have significance any more and the switch does not look at them since now all ports belongs to one vlan or another?.

Thanks.

0 Helpful

rais
Level 7
Level 7
In response to aalhajjah

‎12-28-2004 06:44 AM

You can use 'set ip route' command to add default gateway or other routes. Say e.g you are coming in from the internet address 3.3.3.1, which the 6509 has no information about. Use set ip route to add different routes. e.g.

set ip route default 1.2.3.4 1 primary

With this you have added a default gateway for the switch to be managed by anyone over the internet you have access to the switch.

HTH.

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎12-27-2004 02:54 PM

The SC0 interface is to manage the catos side of the switch only,so if you want to be able to telnet to the switch side you will need to assign a address within your existing vlan structure or assign it it's own vlan and address space. The gateway for each vlan is going to be what ever address you assigned for the vlan on the msfc . If you have defined the vlan on the layer 3 (msfc) side and then assigned your ports on the layer 2 (catos) side then traffic will know where to go if your users gateway is pointed to the layer 3 address for the vlan . You don't need a specific ip route statement .

0 Helpful

aalhajjah
Level 1
Level 1
In response to glen.grant

‎12-29-2004 07:38 AM

Thanks for your help, I got the switch working vlans and routing through the router. I have a dot1q trunk between the switch and a pix. The trunk port's native vlan is the default vlan 1. I read and article saying that I should put the physical interface of the pix that is connected to the trunk port on the switch on a different vlan than this native vlan. Why do I need to do that?.

Thanks.

0 Helpful

dtodd
Level 1
Level 1
In response to aalhajjah

‎12-29-2004 11:41 AM

Hey:

The default vlan or Vlan 1 is the catch all ports by default. Most people do not like passing traffic on vlan 1 since that vlan encompasses management traffic (even if you prune the trunk or clear the vlan off the trunk).

Thus people have user traffic in one vlan and management traffic in another. This makes for a good practice because if you have a user create a loop on the network it will not bring complete access down on the switch but you can still get to it through the management vlan.

Example config:

set vlan 2

set vlan 2 name management

set spantree priority 2 8192

#Make the root for the vlan this switch

set vtp mode transparent

#This makes sure that no other switch can remove vlans from this switch using vtp. The only drawback is you need to configure each vlan on all switches and trunks, manually. However, this creates for a better and more stable network (not using vtp)

set vtp domain mycompany

#safe guard

set int sc0 w.x.y.z 255.255.255.0 2

#sets int sc0 to vlan 2

set ip route default w.z.y.1

set vlan 3

set vlan 3 name user_vlan

set spantree priority 3 8192

Lastly:

On user ports to make sure they boot up faster I would look into doing the following:

set host x/y

#Sets spanningtree portfast

#sets channeling off

#sets trunking off

set spantree bpdu-guard x/y enable

#If used this will disable any port that detects bpdus (not trunkports) This is good killing loops. The downside is that XP machines with bridging enabled will cause ports to go into error disabled. And any other port that goes into error disable is either a looped port or has an xp box on it. Resolution on the xp is to remove bridging from the interfaces.

Just some thoughts.

==DMT>

0 Helpful

aalhajjah
Level 1
Level 1
In response to dtodd

‎12-29-2004 06:16 PM

Thanks for the helpful information. Is it correct that default vlan traffic (vlan 1) is not tagged?. I mean when vlan1 traffic traverse a trunk link, it goes without vlan tagging?. Also, on the MSFC side, now that the traffic is routed between one vlan and another, I need to put the default gateway pointed to the pix inside interface. This inside interface will be attached to the logical vlans on it. Now, do I poing the default gateway on the MSFC to the pix inside physical interface or do I pick one of the logical vlans for a default gateway?.

Thanks.

0 Helpful

dtodd
Level 1
Level 1
In response to aalhajjah

‎12-30-2004 07:33 AM

Hmm -

No I believe the vlan traffic on vlan 1 is tagged because the switch needs to tag all traffic being on a trunk to keep it seperate, by default. There is no way for it to tell what traffic is what unless it's tagged on the ingress port and untagged on the host port.

Yes - you will need to specify a default gateway in a few locations.

1) sc0 is like a host on the network. It needs to know it's default gateway. The default gateway for this host must be on the same network as it's default gateway (like any windows,unix box).

2) For traffic to be routed out of your network you need to specify a default route for all traffic that is no local to your network. This will be your PIX.

You PIX you will then have a default route pointing to your ISP router and routes pointing to your MSFC for those networks that are local to you. Remember the PIX needs to know where to send traffic. Default route for networks remote, static routes for those networks that are local.

3)

You might have something like this in your msfc:

ip route 0.0.0.0 0.0.0.0 10.1.1.1

This route is your default route pointing to the internal interface of your pix. In your pix you might have something like

route 0.0.0.0 0.0.0.0 201.18.32.25

I think this answers your question. If you have more questions you can send me an email if you would like to take this off line. dtodd@partners.org.

Thanks -

==DMT>

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card