Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
7
Replies

Multi subnet vlans

feroz syed
Level 3
Level 3

‎06-15-2013 12:13 AM - edited ‎03-04-2019 08:12 PM

Hi,

Have 3 subnets like 192.168.100.0 /24, 192.168.200.0 /24, 192.168.254.0 /24 with 12 cisco 2960g switches and my dhcp server distribute this three subnets, now i want to talk with each other from different subnet. Please guide me how to achieve this and check this diagram for clear understand

Labels:
Preview file
55 KB
0 Helpful
7 Replies 7

Bilal Nawaz
VIP Alumni
VIP Alumni

‎06-15-2013 01:26 AM

Do you mean that these subnets are for each access switch as access ports. Does this include management vlan for your switch or is that separate?

From the diagram it isn't clear if the core switch should be the gateway or if the firewall should be the gateway. I will assume the core switch should be the gateway for those respective vlans.

In summary you will have to create the vlans on the switches, and between the switches you will have to create trunks all the way to the core switch.
Then on the core switch, create vlan interfaces (SVI) for all of these VLANs.

By the diagram and design you have, spanning tree will converge to prevent loops and broadcast storms in the network.

Remember that if your DHCP server is not on the same vlan as the clients, you need the ip helper-address x.x.x.x command under the relevant vlan interfaces where x.x.x.x is the dhcp server address.

On all your switches (including the core switch), create the vlans

Conf t
!
Vlan 100
!
Vlan 200
!
Vlan 254

For your access ports here is example

Interface fa0/1
Switchport mode access
Switchport access vlan X

Between all of your switches you must create trunks that will carry all the vlans along the path to the core switch.

Conf t
!
Interface gi0/1
Switchport encapsulation dot1q
Switchport mode trunk

This will carry your vlans. Once you have done trunking all the way to the core switch, including the core switch you are ready to create SVIs

On the core switch

Conf t
!
Ip routing
!
Interface vlan 100
IP address 192.168.100.1 255.255.255.0
!
Interface vlan 200
IP address 192.168.200.1 255.255.255.0
!
Interface vlan 254
IP address 192.168.254.1 255.255.255.0

Remember if the DHCP server is not the core switch but is a different server in a different subnet, you need to specify the ip helper-address x.x.x.x command under the vlan interfaces.

Remember your default route to the firewall on the core switch. And the ip default gateway on your access switches should be of the core switch to the relevant gateway IP address for the vlan.

The term for this scenario is called inter vlan routing.
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

feroz syed
Level 3
Level 3
In response to Bilal Nawaz

‎06-15-2013 01:44 AM

so every users can communicate other subnets ?

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to feroz syed

‎06-15-2013 01:53 AM

Yes, they will be able to with interVlan routing.

Just ensure they get correct DHCP settings, this includes the correct default gateway IP on the core switch (.1)

Make sure all the VLANs and trunks are created and that the VLANs are trunking across, make sure vlan interfaces are up.

Also ip helper command if they require IP from DHCP server in another vlan.

Then you should be able to ping one subnet to the others, vice versa.

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

feroz syed
Level 3
Level 3
In response to Bilal Nawaz

‎06-15-2013 02:49 AM

okay,

here i got another idea,

sw 1 vlan 100 vlan 200 vlan 254 (vlan 100=port1,2,3,4 vlan 200= port 5,6,7,8 valn 254= port 9,10,11,12) {port 13 trunking}

sw2 vlan 100 vlan 200 vlan 254   (vlan 100=port1,2,3,4 vlan 200= port 5,6,7,8 valn 254= port 9,10,11,12) {port 13 trunking}

Core vlan 100 vlan 200 vlan 254  (vlan 100=port1,2,3,4 vlan 200= port 5,6,7,8 valn 254= port 9,10,11,12) {port 13 trunking}

Core swtich DHCP service:

Core vlan 100(192.168.100.0 /24 [port 1to4] ) vlan 200(192.168.200.0 /24 [port 5 to 6] ) vlan 254 (192.168.254.0 /24 [9 to 12 ] )

File server :- 192.168.100.10 255.255.255.0 g/w 192.168.100.1

Mail server:- 192.168.200.10 255.255.255.0 g/w 192.168.200.1

Domain Controller:- 192.168.100.2  DNS:- 192.168.100.2

Now Internet (firewal)server assign with single ip address :- 192.168.100.254 (all users must have access to this address to get access the internet)

Can make Default route to  0.0.0.0 0.0.0.0 192.168.100.254 ?

Clients ip address :- 192.168.100.25 255.255.255.0 192.168.100.254

Clients ip address :- 192.168.200.25 255.255.255.0 192.168.200.1

Clients ip address :- 192.168.254.25 255.255.255.0 192.168.254.1

And vlan 2 clients vlan 3 clients has different local DNS (192.168.200.2 192.168.254.2) how they contace my domain server ?

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to feroz syed

‎06-15-2013 03:07 AM 

sw 1 vlan 100 vlan 200 vlan 254 (vlan 100=port1,2,3,4 vlan 200= port 5,6,7,8 valn 254= port 9,10,11,12) {port 13 trunking}
sw2 vlan 100 vlan 200 vlan 254   (vlan 100=port1,2,3,4 vlan 200= port 5,6,7,8 valn 254= port 9,10,11,12) {port 13 trunking} 
Core vlan 100 vlan 200 vlan 254  (vlan 100=port1,2,3,4 vlan 200= port 5,6,7,8 valn 254= port 9,10,11,12) {port 13 trunking}

Where does port 13 connect to?

====================================================

Core vlan 100(192.168.100.0 /24 [port 1to4] ) vlan 200(192.168.200.0 /24 [port 5 to 6] ) vlan 254 (192.168.254.0 /24 [9 to 12 ] )

What do you mean by [port 1 to 4] [port 5 to 6] [port 9 to 12] - are these access ports? Please explain this.

====================================================

File server :- 192.168.100.10 255.255.255.0 g/w 192.168.100.1
Mail server:- 192.168.200.10 255.255.255.0 g/w 192.168.200.1
Domain Controller:- 192.168.100.2  DNS:- 192.168.100.2

This is fine

====================================================

Now Internet (firewal)server assign with single ip address :- 
192.168.100.254
 (all users must have access to this address to get access the internet)

Yes this is correct - just make sure you have default route on your Core switch.

ip route 0.0.0.0 0.0.0.0 192.168.100.254

You need to make sure the Firewall has routes back to all your subnets!

====================================================

Clients ip address :- 192.168.100.25 255.255.255.0 192.168.100.254
Clients ip address :- 192.168.200.25 255.255.255.0 192.168.200.1
Clients ip address :- 192.168.254.25 255.255.255.0 192.168.254.1

No, almost!

Clients ip address :- 192.168.100.25 255.255.255.0 192.168.100.1

Clients ip address :- 192.168.200.25 255.255.255.0 192.168.200.1

Clients ip address :- 192.168.254.25 255.255.255.0 192.168.254.1

====================================================

And vlan 2 clients vlan 3 clients has different local DNS (192.168.200.2 192.168.254.2) how they contace my domain server ?

The will be able to contact your Domain Controller because of inter-VLAN routing. Unless its a requirement for them to be on the same vlan. But I do not think this is true.

Hope this helps.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

feroz syed
Level 3
Level 3
In response to Bilal Nawaz

‎06-15-2013 04:07 AM

Where does port 13 connect to?

====================================================

Core vlan 100(192.168.100.0 /24 [port 1to4] ) vlan 200(192.168.200.0 /24 [port 5 to 6] ) vlan 254 (192.168.254.0 /24 [9 to 12 ] )

Port 13 connected to other switch for trunking

What do you mean by [port 1 to 4] [port 5 to 6] [port 9 to 12] - are these access ports? Please explain this.

====================================================

File server :- 192.168.100.10 255.255.255.0 g/w 192.168.100.1

Mail server:- 192.168.200.10 255.255.255.0 g/w 192.168.200.1

Domain Controller:- 192.168.100.2  DNS:- 192.168.100.2

each ports seperate vlans [port 1 to 4] [port 5 to 6] [port 9 to 12] YES Access ports

No, almost! what you mean ??

Clients ip address :- 192.168.100.25 255.255.255.0 192.168.100.1

Clients ip address :- 192.168.200.25 255.255.255.0 192.168.200.1

Clients ip address :- 192.168.254.25 255.255.255.0 192.168.254.1

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to feroz syed

‎06-15-2013 04:17 AM

Okay, so you will have like daisy chain set up?

switch-------switch--------switch---------core

or like all the switches trunk to the core?

switch-------core---------switch

                     |

                     |

                  switch

anyway, they need to be trunks, and trunk all vlans in anycase.

====================================================

yes, if they are access ports then it is fine.

====================================================

I mean that client ip address on vlan 100 should be 192.168.100.1 and not 192.168.100.254.

====================================================

Hope this helps

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card