05-01-2015 02:44 AM - edited 03-05-2019 01:22 AM
I left an earlier post re: C2513s I had purchased to start working on certification.
Given the age of the 2500s, plus the fact that when I get my geek on I tend to go full
bore, I made a few other acquisitions. I now have 3xC1841 routers, 1xC2851 router,
1xC2821 router, the original 2x2513 routers, and 4x2950-24s, as well as a couple 8-port
serial over IP devices for management (OK fine, I'm too lazy to keep walking downstairs
from my office if I want to work on them).
My question is, what's a good setup, given the hardware, for a multiple lan or wan training
system? It's been quite a few years since I worked with routing, but I used to be pretty good.
Of course now I'm back to complete novice since I haven't used it for so long. I have quite a
few technical skills in other fields, but I freely admit that I've forgotten most of what I learned.
While I can remember some basic commands, I couldn't even begin to design a good router/switch
WAN configuration anymore.
SOO. I'm hoping someone,out of the kindness of their heart, and possibly due to also
being a hardware geek, would be willing to help plan the config for these. I'll be attending training
in about 2 months but I can't bear to let this hardware sit, and I also don't (at this point) have time
for weeks of "Ask Professor Google", especially since most of the answers Ive found on other
sites appear to be deliberately malicious or posted by people who know even less than i do.
Any constructive assistance would be welcome. Please, don't just say RTFM. I know as well as
anyone else the value of learning on your own, but I need a good training platform now so I can get
ready for the course/cert. Thanks in advance.
05-09-2015 05:30 AM
Your switches are L2 switches so you can only have one SVI up at any one time.
This SVI (int vlan <x>) is used purely to manage the switch ie. you do not use it as the default gateway for your clients.
In a production environment you usually have a separate vlan for managing your switches so you can either -
1) just use either vlan 10 or vlan 11 (as in example) so you can access the switch
or
2) use a new vlan and create another subinterface on your router with a new IP subnet and then create an SVI on the switch in that vlan and give it an IP from the same subnet.
Whichever of the above you do you then need to add this to your switch -
"ip default-gateway x.x.x.x" where x.x.x.x is the IP of the subinterface for that vlan.
Note also that in a production environment you usually have L3 switches to do all the routing for vlans but we are using subinterfaces here because you don't have any.
But the principles of what you are doing is the same.
Lastly if you do create a management vlan then it has to be a different vlan/IP subnet per site.
Jon
05-11-2015 07:13 AM
couldnt figure out how to delete this, please see the post below (assuming it works properly)
05-11-2015 07:14 AM
Thank you for shedding light on the vlan limitation! I havent finished configuring everything. I havent had a lot of personal time but I'm hoping to finish everything by Tues or Wed. I'm not used to being totally in the dark on something technical, but once I get this setup done I can start studying. I ordered some CCNA books from amazon, also got a few others in kindle version. BTW, I ordered a couple used L3 switches from Ebay. They dont have to be perfect, I just need something for hands-on so I can get CCNA/CCNP. Once I'm no longer too dangerous, I'll be able to start monitoring the guys I'll be joining. Hopefully a couple months down the road when they're sure I'm over the "I can spell CISCO, and that's it" phase, I'll be able to start supporting prod systems. Thanks again for your help, and more importantly, your patience.
ADDED ON MONDAY:
Jon, I just thought of something. If I remember correctly, licenses are hardware based, and should move with the hardware. If someone needs features that arent included with the base license, then they pay to add on. I was looking at a 2960 switch in another training env, which seems to be able to have more than one vlan up at a time, even though the 2960 is also L2.Cisco's docs said to use show license but on both my switch and this other one, that returns an errror. So 3 questions:
1) How do I check license information on IOS 12 (which is what both have, just diff versions).
2) If show license doesnt work does that mean there are no licenses or is it just an IOS 12 thing.
3) On switches, are switching features license based. Can a 2950 EVER have more than one vlan up at a time if add'l software is licensed? The reason for this question is, since I just ordered some used 3560s, if THEY won't support multiple vlans without $7000 to Cisco for a license, then I just wasted more money. It also means I'll have basically 7 fancy hubs, not switches.
I'm just confused as to why the 2960 has more than one vlan (vlan1, vlan2,vlan2) created, and none are admin down.
of course the ports arent actually connected but I dont think that matters
05-11-2015 07:52 AM
The 2960 with the right feature set supports routing but it is still limited ie, static routes and maybe RIP (I need to to check).
That is why you can have multiple SVIs up/up.
It doesn't as far as I know support EIGRP or OSPF.
A "sh version" will show you the feature set in use.
A 2950 is a L2 switch. Even if you could have multiple L3 SVIs up it can't route between them.
The 3560 is a true L3 switch. Even with the base license it will route between vlans so you are not wasting your money.
However to run full EIGRP, OSPF, BGP you would need the IP Services image which they may not come with.
If you only have the IP Base image though, as I say, they do support routing using static routes and I believe RIP and maybe a limited version of EIGRP.
So to summarise -
2950 - L2 only
2960 - can do L3 with the right feature set but limited support
3560 - full L3 switch so will support routing between vlans. However depending on the license/image you may not be able to run all the routing protocols.
If you let me know which you are thinking of buying I can double check as to exactly what will be available.
Jon
05-11-2015 07:52 AM
Seriously, you ROCK! It's like you know everything. I'm actually working right now, but I get a 5 minute break every hour. lol
THANKS!
05-15-2015 10:22 PM
Jon,
Update: I just got 3x3560-24s delivered. I'm going to use them instead of the 2950s..I'll try to set them up with the vlans as you originally suggested for the 2950s.
05-16-2015 04:43 AM
One additional point.
In a lot of networks you have access layer switches which the clients connect to and then those switches connect to a distribution pair of switches.
Because you have 3 3560s once you have setup the SVIs as in the last post then for one of the sites what you can do, if you want, is run a pair of 3560s as the distribution switches.
You would then run HSRP for example between the switches and connect a 2950 or multiple 2950s to them and the clients would connect to the 2950s.
Again this is a very common setup in a production network so if you get the L3 switches setup and working and want to try this for one site let me know and I can help out.
It would be worth considering because it is likely you will come across this setup or something like it when you start supporting the network.
Jon
05-16-2015 08:43 PM
If you are using 3560s then the configuration I posted can change.
You can route the vlans on the 3560s and not on the routers using subinterfaces.
This will be far more representative of a production network where L3 switches usually do the routing between vlans.
It depends on the feature set of the switches as to which routing protocol you can use but as I said you can always use statics.
Briefly, instead of using subinterfaces for each vlan you would -
enable routing and create SVIs (Switched Virtual Interfaces) on the 3560 eg.
switch(config)# ip routing
then create the SVIs -
int vlan 10
ip address 192.168.10.1 255.255.255.0
no shut
int vlan 11
ip address 192.168.11.1 255.255.255.0
no shut
Then change the link to the router to be a L3 routed port.
So remove the subinterfaces and reboot to get rid of them and then use another /30 as you did with the router interconnections eg. on the switch the port that you originally configured as a trunk to the router -
int <x/y>
no switchport
ip address x.x.x.x 255.255.255.252
and then on the main router interface use the other IP from the above IP subnet.
Then either run a routing protocol between the switch and router or use static routes.
The SVIs will not come up until you have at least one port in that vlan up/up ie. an end client.
Like I say it's worth doing this as in a company of any size you would expect to find L3 switches doing the routing between vlans.
Let me know if you need more help etc.
Jon
05-16-2015 08:43 PM
Thanks again. I'll set them up with the new config. FYI, I've recently taken about 30 hours of high-level training on planning, troubleshooting strategies, etc.. Concept/theory is great, but I'm hopefully going to start the REAL training in July. The good news is, with the Cisco books I've bought and my hands-on setup, achieved only through your help, I shouldn't have much of a problem going through the courses. I really can't thank you enough.
05-17-2015 07:50 AM
No problem at all, happy to have helped.
Jon
05-09-2015 02:36 AM
Jon,
TYVM for your assistance. I had a few issues. Since I already had all router ports configured I had to try to translate what I had with your design. I hit a snag with the interfaces between routers, .252 would only allow 2 hosts, so the summary at the end where you had R2 to R3, etc. with .5 and .6 wouldnt work. I'm not quite finished configuring. I had to do some tweaking to the IPs on the switches because I have an IP/serial server with a hardcoded IP I need to work into the mix. I also had issues with one of the switches - older OS, wouldn't use the vlan command and since I didn't want to learn the vlan database, I had to figure out how to get an interface up so I could hit the tftp server and upgrade. Also, not sure if I'm doing something wrong but it looks like I can only have 1 vlan up at a time on these switches. If I bring vlan 10 up, 11 goes down, vice versa. Not sure if I made an error in the config, but I'll look into it more when I finish playing with IPs.
Thanks again for your help. I REALLY appreciate it. I do have a question about this forum. Can I give you multiple ratings, like on each answer, or can I only rate once if I say it's a correct answer. And if that's the case, will that close and lock the thread if I say it's a correct answer?
05-09-2015 10:35 AM
Not sure I follow about the 255.255.255.252 part as each router is only connected to the other router by a single link.
Perhaps I am not understanding.
Only having one vlan interface up on the switch see last post (I missed this reply originally). You only need one vlan interface up and it is for management only so you don't need multiple vlan interfaces up.
In terms of ratings it can be quite a contentious subject on this forum :-).
As a general answer you can rate any or all posts you want and marking an answer as correct does not lock the thread, you can continue to add to the post.
The convention is to rate 5 and/or a correct answer and using the ratings system is a way to say thanks for the help given and can help other people find helpful answers.
So thanks for asking as many people do not rate.
That said the above is a general response about ratings which should help if you continue to use the forums.
My own personal view is that whether you rate or not is entirely up to you. It's nice to be rated but you shouldn't feel you have to do it and a lot of posts in a thread like this one are just getting more information from the OP so I personally don't believe every post should be rated.
If a post, or multiple posts, answers your question then by all means rate if you want but it really is up to you.
Jon
05-01-2015 09:42 PM
My meager advice:
Hope this helps and good luck!
John
05-01-2015 09:42 PM
Thanks for the excellent suggestions on course materials! Also your comment on mastering the test vs the material is spot on. I want to be GOOD at what I do, and I always strive to improve. I used to support unix lans and I actually had someone in another group who had just been bragging about his MCSE cert the day before ask me how to setup a DHCP server. Because I had helped him out before, even though it wasn't my OS, I dug up my notes and walked through it with him. A week later, he was again implying he was better than I because he had an MCSE and I didnt. Then he asked me a couple hours later how to setup some other minor crap in windows. I asked him to look on his MCSE cert, and see if the instructions were there. (Then I did help him). But yes, my goal isn't just to get a pretty piece of paper. That paper won't help a bit if I have a trouble call and I don't know what the heck I'm doing. Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide