vlan routing enablement

consult_srishti · ‎05-12-2016

Dear Team,

I have 25 L2 switches in downstream and a Layer 3 3750G switch as core.

I need to create around 5 networks( vlans ) in the core. I do not know which network user connected to which port on the downstream L2 switches.

In this scenario, is it possible to have e separate networks and inter vlan routing enablement in core.

With Juniper switching it is possible. But am new to cisco switching.

Suggestions please.

Thanks and regards,

AN

Richard Burts · ‎05-12-2016

AN

There are many things about your network that you have not told us and some of them might change the advice that we might give. But based on what you have told us so far the answer is that yes it is possible to set up 5 new networks/vlans on the core and to route between them.

If you want to go further with this question you might start by explaining what will be the relationship of the existing users in the network with the L2 switches and the new networks/vlans. Will they be separated or will there be interaction between the old network(s) and the new networks?

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎05-12-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Rick noted, it's likely possible. As he also noted, much we don't know. How are the VLANs routed now?

consult_srishti · ‎05-12-2016

Hi Rick,

Thanks for the update.

All the five networks are existing (172.16.10.0/24; 172.18.10.0/24; 192.168.12.0/24; 192.168.1.0/24 and 10.10.10.0/24) and populated in the downstream switches in various ports. Their identification with respect to ports in those switches is not possible.

Currently they are routed in core switch with valn1 and as secondary IPs to vlan 1 .

We are facing high cpu utilization issue since the icmp traffic enters into and exits from same L3 interface.

We need to segregate them to prevent high cpu utilization.

Trust this clarifies.

Thanks and regards,

AN

Richard Burts · ‎05-12-2016

AN

Thanks for the additional information. Am I correct in understanding that the existing network is essentially a flat network with all switch ports in vlan 1 and that 5 different IP subnets are used in the network?

That does not change the part of the answer that is about what you can do on the layer 3 3750G switch. You can certainly configure 5 vlans and assign each of the IP subnets to a vlan, and you can route between the vlans on the layer 3 switch. But it does raise a question about what you would need to do on the layer 2 switches. For the new vlan and subnets to help with the issue of high cpu utilization you would need to trunk the vlans to the layer 2 switches and to assign switch ports on the layer 2 switches to appropriate vlans. And I believe that you are saying that it is not possible to identify with respect to ports on the layer 2 switches. Without having the switch ports identified and assigned to appropriate vlans then I do not believe that your plan to implement vlans and subnets on the layer 3 switch will solve your problem.

HTH

Rick

HTH

Rick

consult_srishti · ‎05-13-2016

Hi Rick,

Thanks for the update.

We have an idea / workaround as below

1. Creating 5 separate L3 vlan interfaces and assigning 5 individual access ports respectively to the corresponding Vlan created in the Core switch.

2. Providing 5 uplinks directly to the individual Vlan access ports created in the core switch from the L2 switch sitting below the Core switch.

We can avoid identifying and assigning hosts to appropriate vlans in the below cascaded L2 switching.

Let me have your thoughts to proceed further.

Thanks and regards,

AN

Richard Burts · ‎05-14-2016

AN

Your suggestions for points 1 and 2 are fine, as far as they go and provide part of a solution alternative to the trunking that I suggest. But your next paragraph is problematic. You say that "We can avoid identifying and assigning hosts to appropriate vlans in the below cascaded L2 switching". But if all of the clients connected to these access switches are in vlan 1 then all of their traffic will be forwarded through the access port for vlan 1 and no traffic will be forwarded through the other access ports.

I continue to believe that until you are able to identify ports on these access switches with the appropriate vlan and subnet that you will not be able to solve your issue with high cpu on your layer 3 switch.

HTH

Rick

HTH

Rick

pwwiddicombe · ‎05-15-2016

Are you using DHCP at all in the environment, or has everything got a static address? If you have DHCP in use, there might be scenarios where you could migrate the users' IP addresses to something more logical, and simplify the network (and ongoing administration) going forward.

Printers and special devices would have to be managed separately.