cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1776
Views
1
Helpful
8
Replies

How to setup VLAN in many Switch?

huynhngochoi
Level 1
Level 1

Hello everyone, I am a beginner (I only know how to configure switches through the web UI, and I don't know how to use CLI).
I have a project with many switches (CBS350-24T-4G), and each switch has 8 VLANs, and each of these VLANs can ping each other. I am setting up all the switches to be identical, but I realized that if I set them the same, all the IP addresses for access will be the same, so I cannot access each switch individually. (I have attached the config file)

huynhngochoi_0-1743397965986.png

However, if I set them differently, the default gateway for the devices will also be different.
Can anyone give me guidance on how to solve this? How should I configure it correctly?

1 Accepted Solution

Accepted Solutions

M02@rt37
VIP
VIP

Hello @huynhngochoi 

Based on your topology, the top switch should be the Layer 3 switch, and the other switches should be Layer 2.

Acting as L3 witch, it perform inter-VLAN routing (allows VLANs to communicate), acts as the default gateway for all VLAN and has got an IP address assigned to each VLAN.

Other Switches, simply forward traffic at Layer 2. VLANs are configured identically to the L3 switch but without IPs. No routing is enabled.

As concerned management IPs, use a dedicated vlan id for that (other than vlan id 1). This should be the only IP address configured on Layer 2 Switches. These switch has got ip default-gateway command pointing towards the management IP of your L3 switch. 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

8 Replies 8

M02@rt37
VIP
VIP

Hello @huynhngochoi 

Based on your topology, the top switch should be the Layer 3 switch, and the other switches should be Layer 2.

Acting as L3 witch, it perform inter-VLAN routing (allows VLANs to communicate), acts as the default gateway for all VLAN and has got an IP address assigned to each VLAN.

Other Switches, simply forward traffic at Layer 2. VLANs are configured identically to the L3 switch but without IPs. No routing is enabled.

As concerned management IPs, use a dedicated vlan id for that (other than vlan id 1). This should be the only IP address configured on Layer 2 Switches. These switch has got ip default-gateway command pointing towards the management IP of your L3 switch. 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

huynhngochoi
Level 1
Level 1

Hi M02@rt37 ,

Thanks for your feedback, 

I have a few questions:

  1. If the switches below are Layer 2, can the VLANs ping each other? (in the case of still being connected to a Layer 3 Switch and in the case of losing connection to the Layer 3 Switch)

  2. Do I need to create an additional VLAN and assign it a different IP address for switch management? Is this VLAN used for web access and switch configuration?

  3. “These switches have got the ip default-gateway command pointing towards the management IP of your L3 switch.” Can you guide me on how to do this?

  4. "My top switch is redundant, how should I configure it? huynhngochoi_0-1743400348351.png

     

Hello @huynhngochoi 

You must have a "L3 engine" in your topology if you want each VLANs hosted by L2 Switches to be "pingable" each other. So if you loose connection to your L3 Switch, so no more inter vlan communication...

For the IP management, yes create an additional VLAN dedicated to management. This IP should be used for SSH and WebGUI yes.

Since L2 switch are not performing ip routing, they need  ip default-gateway. Why ? For management prupose! Return traffic for SSH packets as an example need to return ? Where ? Return to the L3 Switch which performing ip routing and hosted also the Gw of your management vlan.

--

Example: ... Assumed Trunk ports between L2 and L3 Switches are configured and VLANs allowed list on these Trunks is OK ...

vlan 99 name Management on each switches (L2 and L3)

SVI 99 on all switches : Sw-01_L2: 10.99.1.1/24 _ Sw-02_L2: 10.99.1.2/24 Sw-03_L3: 10.99.1.254/24

Add ip default-gateway command on each L2 Switches: ip default-gateway 10.99.1.254

--

 

 

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Hello M02@rt37 ,

Thanks for your feedback, 

Let me ask one more question: In case I leave it as it is, with all the switches being Layer 3, aside from not being able to access their IP addresses, will there be any other conflicts? Because making changes will take time, and if they lose connection to the Layer 3 switch, the VLANs will not be able to communicate with each other.

In addition, can you guide me on setting the Default Gateway via WebUI?

Joseph W. Doherty
Hall of Fame
Hall of Fame

There's possibly several ways to accomplish this, a couple Cisco proprietary (if provided for that switch model).

Proprietary:  physical stacking or "clustering" makes a limited number of switches manageable as a single switch with a single IP.

Non proprietary:  each switch has its own unique IP.  The management IP can be in any VLAN/subnet, and can differ between switches.

At least one L3 switch will need to route between the VLANs/subnets, and the next two cases don't apply to it.

If the switch is running L2, it will need a default gateway just like other hosts.

If the switch is running L3 but not routing for the topology, it would use a default route just like a default gateway.

If the L3 switch is routing for the topology what it needs is a "it depends".  Lots of "you coulds".

Hi @Joseph W. Doherty 

really appreciate your answer, however, perhaps you used too many technical terms, which made it difficult for me to understand what you were saying because I am a beginner

Feel free to post additional questions on anything I wrote you don't understand.

What can cause confusion, as all your switches are L3 capable, in a real-world network, like your shown topology, you would likely not have any VLANs spanning the whole topology.  You might, for example, have any VLANs on your top two layers.  Again, there are lots of ways to configure a network like yours, as L3 switches often are used to restrict the span of a VLAN, without the performance impact that was common decades ago.

If it helps any, again, you need at least one device to route between VLANs/subnets, all the other switches can be used just doing L2.  In fact, they could be totally dumb, i.e. unmanageable L2 switches.  To manage them (and ping them), they each need a unique host IP address.  Possibly, they might be able to acquire a host IP even using DHCP, like other hosts, using any of the 8 VLANs/subnets.  However, for various reasons, we generally have L2 switch management IPs on their own dedicated VLAN/subnet (i.e. a 9th VLAN/subnet).

Basically, again, there are multiple solutions to your goal of being able to ping between switches, themselves.  Which to choose would depend on other goals, you haven't described (and as possibly a beginner, don't yet know to consider).

One important issue, is this just some learning case to learn some basic aspect of networking, or is this a real-world network that needs to be done correctly?  If the former, we can skip many potential considerations to focus on just learning some specific networking aspect(s).

Do you have a copy of Packet Tracer?  If not, highly recommend joining Cisco's Academy so you can acquire a copy.  It's a great tool for working simple cases, like this.  (NB: it doesn't provide SMB devices like the CBS series.)

huynhngochoi
Level 1
Level 1

So, How to setting the IP Default Gateway for L2 Switch via WebUI? Anyone help me?