Solved: Design configuration

feroz syed · ‎06-12-2013

Hi,

I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.

Problems:- All switches running default config no ip address assigned.

mfurnival · ‎06-12-2013

You will need to create VLAN2 on all of the switches where your Finance users are connected and then configure trunking between these switches and the core. You will then need to connect an interface on your DHCP server to VLAN2 on the core switch (or configure dot1q trunking on the current server interface if is capable of supporting this). Users in VLAN1 will get 192.168.100.1/27 addresses and users in VLAN2 will get 192.168.200.0 addresses.

If you need these two sets of users to be able to talk to each other then you will need to configure inter-VLAN routing.

Moving forward you might want to do some house-keeping and create 3 VLANs:

VLANx - management

VLANy - users

VLANz - finance

View solution in original post

Bilal Nawaz · ‎06-12-2013

Hello Feroz, You will need to create vlan 2 - your Core and your finance access switch and allow this vlan on the trunks. If you have a separate DHCP server, you will need the ip helper command under the SVI interface for vlan 2, if the DHCP server is in another vlan. This is so that user devices are able to pick up an IP. If you have to create a pool on the Core then that isnt a problem. But I assume you have a separate server.

SVI Core switch ---------------------> Finance Access Switch

VLAN 2 ---------TRUNK---------> VLAN 2

Core Switch:

Conf t

!

vlan 2

name finance

!

interface vlan 2

ip address 192.168.200.1 255.255.255.0

ip helper-address x.x.x.x (your DHCP server)

!

interface gi1/1

description **UPLINK TO FINANCE ACCESS**

switchport trunk encapsuation dot1q

switchport mode trunk

============================

Finance access switch

conf t

!

vlan 2

name finance

!

int fa0/0

description ** ACCESS PORT**

switchport mode access

switchport access vlan 2

!

int gi0/1

description **UPLINK TO CORE**

switchport trunk encapsulation dot1q

switchport mode trunk

Hope this helps.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

mfurnival · ‎06-12-2013

You will need to create VLAN2 on all of the switches where your Finance users are connected and then configure trunking between these switches and the core. You will then need to connect an interface on your DHCP server to VLAN2 on the core switch (or configure dot1q trunking on the current server interface if is capable of supporting this). Users in VLAN1 will get 192.168.100.1/27 addresses and users in VLAN2 will get 192.168.200.0 addresses.

If you need these two sets of users to be able to talk to each other then you will need to configure inter-VLAN routing.

Moving forward you might want to do some house-keeping and create 3 VLANs:

VLANx - management

VLANy - users

VLANz - finance

feroz syed · ‎06-12-2013

I have only access to one switch and rest of them all in different locations (no ip) and all switches connect via fiber optic.if I plug 200.0 network cable to core switch from core switch to finance switch it will work ?

Sent from Cisco Technical Support iPhone App

mfurnival · ‎06-12-2013

No, if you do that then you will have two DHCP servers in VLAN1. You need to at a minimum create the new VLAN2 on the core and add the DHCP server interface to it. Then on the finance switch you can either create VLAN2 and trunk it through to the core or configure the uplink as an access port (which will work but it is not the nicest solution).

feroz syed · ‎06-12-2013

I have new server to create dhcp service for 200.0 network , now the problem is do i need to create vlan2 on core switch ? or if i plug 200.0 network and 100.0 network to core switch will it distribute both 100.0 and 200.0 netowrk ?

Core switch---->192.168.100.0 to vlan1 (19 switches)

----->192.168.200.0 to vlan 2 (1 switch)

mfurnival · ‎06-12-2013

If you do not create a second VLAN and plug both DHCP servers in to the core switch then users in VLAN1 (the only VLAN) will potentially pick up an IP address from either server which is not what you want.

Bilal Nawaz · ‎06-12-2013

Hello Feroz, You will need to create vlan 2 - your Core and your finance access switch and allow this vlan on the trunks. If you have a separate DHCP server, you will need the ip helper command under the SVI interface for vlan 2, if the DHCP server is in another vlan. This is so that user devices are able to pick up an IP. If you have to create a pool on the Core then that isnt a problem. But I assume you have a separate server.

SVI Core switch ---------------------> Finance Access Switch

VLAN 2 ---------TRUNK---------> VLAN 2

Core Switch:

Conf t

!

vlan 2

name finance

!

interface vlan 2

ip address 192.168.200.1 255.255.255.0

ip helper-address x.x.x.x (your DHCP server)

!

interface gi1/1

description **UPLINK TO FINANCE ACCESS**

switchport trunk encapsuation dot1q

switchport mode trunk

============================

Finance access switch

conf t

!

vlan 2

name finance

!

int fa0/0

description ** ACCESS PORT**

switchport mode access

switchport access vlan 2

!

int gi0/1

description **UPLINK TO CORE**

switchport trunk encapsulation dot1q

switchport mode trunk

Hope this helps.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

feroz syed · ‎06-12-2013

i add second pool address to dhcp server now it's distributing two range of ip address. i assign ip address to core switch vlan 2 and added 2 ports to vlan 2.i take cable from core switch(port 47, by default core and access switch configure as dynamic desirable) to finance access switch now am automatically assigned 200.0 network.

what the use os this commands

ip helper-address x.x.x.x (your DHCP server)

description **UPLINK TO FINANCE ACCESS**

Bilal Nawaz · ‎06-12-2013

the helper command is only there if you have a dhcp server that does not reside in the same vlan.

i.e. if your dhcp server is in vlan 1 and you have clients in vlan 2, how will they get their ip's? the helper address command almost acts as a relay for those dhcp broadcasts, which forwards them on to the dhcp server.

the description is there only for our reference. no operational effect adding a description.

So is it working?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

mfurnival · ‎06-12-2013

The "ip helper-address" allows the SVI to act as a dhcp-relay agent and forward the DHCP request to the configured IP address. It needs to do this because your DHCP server is in a different VLAN than your finance users.