Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
5
Helpful
5
Replies

core w/ vlans link to router

rpalacio
Level 1
Level 1

‎12-15-2003 12:31 PM - edited ‎03-02-2019 12:21 PM

whats the best practice when you link a core switch with a say 10 vlans to a router or firewall.

1. Does the interface linking this 2 devices has to be a lone interface in a separate vlan..

2. or is it just ok to connect this interface in a vlan with server farm.

thanks a lot.

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎12-15-2003 12:50 PM

Hello,

it depends on what you want to achieve: is the core switch providing the inter-vlan routing as well ? If not, you need to configure a trunk between the switch and the router. If the core switch is providing the routing, I guess all you need is a default route from the core switch to the router or firewall, and the interface can be member of any VLAN, as long as that VLAN is routed on the core switch.

HTH,

Georg

0 Helpful

rpalacio
Level 1
Level 1
In response to Georg Pauwen

‎12-19-2003 04:24 AM

yes, it provides the inter vlan routing...but what i mean is, is the vlan connecting the router to the core must be a vlan with SINGLE member interface only ? (i am talking about the best practice, becoz i know also that it could also be a member of any vlan with users or servers and use that as default gateway as you mentioned.)..In p

0 Helpful

jamey
Level 4
Level 4
In response to rpalacio

‎12-19-2003 06:15 AM

If the router is doing interVLAN routing, you need to configure the connection between the core switch and the router as a trunk. A trunk interface will carry traffic from all VLANs. So basically, the router's interface will be in all VLANs. You use subinterfaces on the router like this:

Router(config)# interface fastethernet 2.1

Router(config-subif)# encap dot1q 1

Router(config-subif)# ip address 10.1.2.3 255.0.0.0

Router(config-subif)# exit

Router(config)# interface fastethernet 2.2

Router(config-subif)# encap dot1q 2

RRouter(config-subif)# ip address 10.1.2.3 255.0.0.1

Router(config-subif)# end

This creates routing between VLAN 1 and VLAN 2...

-HTH

0 Helpful

rpalacio
Level 1
Level 1
In response to jamey

‎12-19-2003 08:04 AM

its the core switch that is doing the inter vlan routing (not the router)

the only thing questionable on me is the vlan in the core switch where the router ethernet interface is connected. Should that Vlan be consisting only of that port. Because it could just be part of a vlan where servers are or where workstations are...am asking about the best practice in this scenario because both of the above are possible.

thx.

0 Helpful

rwcrowe
Level 1
Level 1
In response to rpalacio

‎12-19-2003 09:15 AM

As long as you are not using VLAN1 I would say that putting the firewall interface in your core or server VLAN/subnet would be best. VLAN1 is discouraged because switches and other devices send CDP, BPDU and other administrative traffic in this VLAN.Putting the firewall in its own VLAN/subnet is not very scalable as it adds more routes/vlans to your core switches.

Common Scenario

All users access servers in a centralized subnet. Basically all servers are in say VLAN 100 with subnet 192.168.1.0/24. Users are in misc VLANS, ie. 101,102,etc, with different subnets, 192.168.2.0/24, 192.168.3.0/24. You would then put all the servers interfaces and network device interfaces in VLAN 100. With your core switch doing Inter-VLAN routing and a static route to the firewall.

Customers Also Viewed These Support Documents