02-21-2013 09:32 AM - edited 03-07-2019 11:51 AM
I'll preface this by stating I'm very much a cisco beginner. I know the basics and that's about it so here goes...
I'm in a situation where the network just doesn't seem right. Certain tasks are unusually slow - like copying large amounts of data from one machine to another - especially if they're on different Vlans. There is a core gigabit switch which is a pair of 3750's stacked together. We then have five 2960's which basically uplink (trunk) into the core 3750's. Seems like it should be a pretty simple setup.
Does the proper routing of VLAN's require a layer 3 switch? I've been poking around the web trying to figure these switches out and what might be wrong here and it seems like the 2960's are basically layer 2 switches. I've also seen that you need to have a minimum ios of 12.2(55) in order to do simple VLAN routing on these 2960's. Is that the case? All the 2960's here are ios 12.2(25) or 12.2(35). We have 4 Vlans here. Two are data on different subnets, one is for voice and one is for the servers heartbeat and monitoring.
To my limited knowledge and skill in this area, there doesn't seem to be any IP routing going on. We have six remote offices all VPN tunnelled in to the home office via ASA5505's to a ASA5510. If I'm in the core switch, I can ping all devices at the remote offices. If I'm in any of the 2960's I cannot ping any device in any other office. I can ping the Core though. Any user connected to those 2960's therefore cannot access resources in other offices.
If every port is configured to be on a certain Vlan, are the 2960's actually routing properly with the ios they're using? I can't even enable ip routing on the 2960's - it doesn't appear to be an option. I've read that you have to do some kind of SDM PREFER command to enable IP routing but that doesn't seem to be an option given the ios the 2960's are on?
Nobody here knows much of these cisco switches and from what I've gathered different consulting compaines over the years have had their fingers in this mess and the owners don't want to pay to have yet another consulting group come in and possibly mess it up even further. My gut is telling me these 2960's need to have their ios's upgraded. That right now it's just a lot of bridging going on and packets just meander around the network until they hit their destination.
Any direction or at least confirmation that these 2960's with the ios they have won't handle multiple Vlan's well would be helpful. It'll at least get me pointed in a direction to try to clean this place up.
Thank you!
02-21-2013 09:55 AM
The 2960s don't do VLAN routing as far as I know, no matter what verison of code you put on them. And without a layer-3 switch you can't route between VLANs, unless you use the old router-on-a-stick technique (which you shouldn't)!
The 2960s do let you confusingly configure IP on more than one SVI (switch virtual interface). But it will not route between them. The best set up is this:
Matt
02-21-2013 03:31 PM
The 2960s don't do VLAN routing as far as I know,
Yes and no.
2960 will not do dynamic routing, however, if you load 12.2(55)SE2 (and later), 2960 will support limited static routes.
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/scg_2960.html
02-21-2013 09:58 AM
You don't need routing on the 2960's. Routing really needs to be enabled on your core which in your case are the 3550's. And it is a simple command to enable routing on 3750's
conf t
!
ip routing
Check and see if the routing is enabled on the 3750's. You can run the command "show ip route" and "show runn | i routing".
2960's will need to have the default gateway defined on those switches with the "ip default-gateway x.x.x.x" command.
You will have to post configs and network topology for further review.
02-21-2013 12:56 PM
Routing is enabled on the Core. The 3750 has a default route to the 5510. It looks like all the 2950's have the same ip-default gateway which is the address of the Core. All the 2950's have unique IP's which are all on the same subnet (Vlan).
Don't know if it makes a difference but each 2950 has the IP address under a Vlan interface.. ie:
interface Vlan103
ip address x.x.x.x 255.255.255.0
If these 2960's really aren't doing anything regarding these Vlan's do I even need to have Vlan info them? Anything like:
interface FastEthernet0/1
switchport access vlan xxx
switchport mode access
switchport voice vlan xxy
Is something like this doing anything if the 2960's don't really route and specifically don't route Vlan traffic?
As per m.glosson's post: All those things are done. My question would be: What is the appropriate Vlan address on the core that I would point the 2960's to? If they're set on each 2960 to Vlan 103 then they should point to the Vlan 103 IP address on the core? If so, they already are....
02-21-2013 01:08 PM
Hello
That is correct - see below the basic setup between L3 and L2 switches for intervlan routing
Basic L3 core switch config:
ip cef
ip routing
spanning- tree mode rapid-pvst
spanning-tree vlan 1-4092 root primary
( configure SVi for all vlans - intervlan-routing)
int vlan 1 ( default native vlan)
ip address 172.16.1.1 255.255.255.0
ip route-cache
no shut
int vlan 2
ip address x.x.x.x y.y.y.y.y
ip route-cache
no shut
int vlan 3
ip address x.x.x.x y.y.y.y.y
ip route-cache
no shut
vtp mode server
vtp domain TST
vlan 2 name xxxx
exit
vlan 3 name xxxx
exit
int gigx/x
Description Link to access switch
switchport trunk encap dot1.q
switchport mode trunk
no shut
int fax/x
Description WAN link
ip address x.x.x.x y.y.y.y.y
switchport mode access
no shut
ip route 0.0.0.0 0.0.0.0 x.x.x.x ( default route to wan or Firewall next-hop)
Basic access-switch config -
no ip routing
spanning- tree mode rapid-pvst
spanning- tree portfast default
spanning-tree portfast bpduguard default
int vlan 1
Description Default management vlan)
ip address 172.16.1.2 255255.255.0
ip route-cache
no shut
int gigx/x
Description Link to core switch
switchport trunk encap dot1.q
switchport mode trunk
no shut
int range fa0/1 -12
no shut
switchport mode access
switchport access vlan 2
int range fa0/13 -24
no shut
switchport mode access
switchport access vlan 3
vtp mode client
vtp domain TST
ip default-gateway 172.16.1.1
( ip address of core svi - in this case its vlan 1)
res
Paul
Please don't forget to rate this post if it has been helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide