04-03-2006 04:36 AM - edited 03-03-2019 02:37 AM
Hey all,
I have a couple of general vlan questions that I was hoping to get some help on. Currently I have 2 vlans on a campus with six buildings. I also use VACL's on the academic vlan(3) to prevent/allow to certain servers on certain ports on vlan1.
I want to keeps all servers, printers, wireless ap's, switches, etc on vlan 1 and then create 4 vlans for each building (which are only two stories tall). An academic and administrative vlan for the first floor and an academic and administrative vlan for the second floor.
I also want to use vlan pruning to cut out unwanted traffic. All of our servers and such are in one building so most of the vlans will not need to communicate with each other, just vlan 1.
Is this too many vlans? I was hoping to make the broadcast domains smaller. I should be able to use a class c subnet for each vlan, we are a small outfit.
Is there a better way of doing it?
Any advice and info would be greatly appreciated.
Thanks
Matt
04-03-2006 04:49 AM
Matt,
You are absolutely good to go with that. Segregating the vlans will give you different broadcast domian and hence lesss broadcast accross an indicidual segment and also layer 2 security acrross the whole network. The Ip addressing depends on how your present network is and how you really want to design. Class C subnet should be OK here.
Please shoot any questions if you have.
HTH, Please rate if it does.
-amit singh
04-03-2006 07:42 AM
Thanks for the reply, This now brings up another question. Right now, I have a 4006 as my core L3 switch and it is doing all of the routing. In two of my buildings, they have 4506's doing most of the L2 switching. Can I remove some of the burden of the L3 routing from the 4006 to the 4506 in each of the buildings for the vlans that are in those buildings?
Lets say I setup vlan 2-26 as my vlans that I want to use. In building A with a 4506, vlans 22-26 are being used. Can I make the 4506 perform the layer 3 routing instead of it going all the way back to the 4006?
If so, how do I accomplish that?
Thanks
Matt
04-03-2006 07:56 AM
Hi Matt,
Yes you can definetely do that depending which sup engine you have on 4506. If it is having sup2+ and above liek sup 3,4 you can do intervlan routing on the sup engine itself.
Incase you have sup 2 which is a pure layer 2 switch but have a module which is 4232 l3 module which you can insert in 4500 chassis you an configure routing there.
HTH, if yes please rate the post.
Ankur
04-03-2006 09:48 AM
Thanks for the reply. I think it is but it has been about 2 years since I got the first 4506. I think it has a sup3 and the other building has a newer 4506 that has a sup4.
How do I figure that out. Below is a sh ver from the older 4506 and it states L3 switching software but not what version the supervisor is.
show ver
Cisco Internetwork Operating System Software
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.1(20)EW2,
EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 17-Apr-04 15:41 by hqluong
Image text-base: 0x00000000, data-base: 0x00F573B4
ROM: 12.1(20r)EW1
Dagobah Revision 86, Swamp Revision 28
uptime is 32 weeks, 3 days, 12 hours, 31 minutes
System returned to ROM by reload
System image file is "bootflash:"
cisco WS-C4506 (XPC8245) processor (revision 7) with 524288K bytes of memory.
Processor board ID FOX081501B1
Last reset from Reload
2 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
122 Gigabit Ethernet/IEEE 802.3 interface(s)
403K bytes of non-volatile configuration memory.
Configuration register is 0x2101
Thanks for any input
Matt
04-03-2006 10:30 AM
'show module' should give you the Supervisor part #.
HTH,
Sundar
04-03-2006 10:34 AM
Thanks for the response
it shows ws-x4515 which I think is a sup 4 from a quick google search.
Thanks
Matt
04-04-2006 12:27 AM
Yes MATT,
Its Sup-4 and it has full layer 3 capability. You can do and use all the L2/L3 features you want.
HTH, Please rate if it does.
-amit singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide