Joining networks

bsomali · ‎05-15-2004

Due to initial business req., we run 3 total separate networks, each has different subnets, Catalyst L2 switches (clients connect on same default Vlan1), Cisco routers and Pix with different T1 to ISPs.

Then, due to migration to corporate email, the other 2 networks required a link to 3rd network (only email and Intranet web), and still retained each own router and Pix to Internet.

The 3rd network has a Catalyst L3 switch.

Currently, a port from one of L2 switches in network #1 & #2 was connected to ports on L3 switch in network #3 configured as switchport access on different Vlans (each Vlan has its own gateway for inter-Vlan routing).

I guess this setup was the easiest and has worked fine as expected.

I welcome experts' suggestions for the following:

1. Can I link network #1 & #2 to #3 via dot1q trunk and each network running on separate Vlans? Do I need to configure all ports (except trunk port) with switchport access on different Vlan) in each switch in each network?

Note: now each network runs on same default Vlan1.

2. Can I configure redundant routes for outbound Internet for each network? Will the use of different metric work for that purpose?

Much appreciated and TIA,

Benny

micah · ‎05-15-2004

1) Yes you could link them together in this manner. You will need to change the vlan membership and probably create 3 separate vlan's for each of these networks. Yes you would use the switchport access command to change those switchports that have connections to the various nodes.

2) You can configure redundant default routes with a higher administrative distance:

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2 2

In this example the first route has a default administrative distance of 1 and the second default route has an administrative distance of 2. Since the AD is higher on the second route it will only be used if the first route is unavailable. However, in order to make sure you have complete failover you will need to do more then this for inbound traffic. If all of the T1's are with the same provider then I'm sure your ISP will work with you on creating backup routes through the other circuits. If you have T1's with different ISP's then you will need to run BGP to achieve failover on inbound traffic.

HTH

-Micah-

bsomali · ‎05-17-2004

Thanks, Micah.

As I have some ideas how to make the changes, but I was not sure if it will work.

I hope you can further clarify the vlan membership setup with the examples below:

Network#1:

- Vlan1: for LAN 172.16.1/24

- Vlan2: for public Internet

Network#2:

- Vlan1: for LAN 172.16.2/24

- Vlan11: for public Internet

Network#3

- Vlan1: for LAN 172.16.3/24

- Vlan22: for public Internet

Port#1 on each network#2 & #3 was uplinked to port#1 & #2 on network#1.

Current config on L3 switch in network#1:

- port#1: swithport access vlan33

- port#2: swithport access vlan44

- int vlan33;ip addr 172.16.2.1

- int vlan44; ip addr 172.16.3.1

After I changed to trunk mode, I want to retain network#2 as Vlan33 and #3 as Vlan44.

The changes to be are:

Network#1:

- port#1: swithport trunk encap dot1q

- port#2: swithport trunk encap dot1q

Network#2:

- port#1: switchport trunk encap dot1q

- other ports: switchport access Vlan33

- ports for public Internet stay in Vlan2

Network#2:

- port#1: switchport trunk encap dot1q

- other ports: switchport access Vlan44

- ports for public Internet stay in Vlan11

Do I still need the int vlan33/44 in network#1?

Was there better way of config so network#2 & #3 can come in thru separate Vlans to network#1, rather than config individual ports as access mode?