Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3522
Views
0
Helpful
20
Replies

Backbone switch question

the-lebowski
Level 4
Level 4

‎04-08-2010 07:01 AM - edited ‎03-06-2019 10:30 AM

I am replacing a Linksys switch with a 3750 on my backbone network. I did little to no configuration on that switch.  Now that I am replacing it I have question regarding VLAN 1 on the new switch.  It will be a flat L2 switch on backbone network which connects my FW's to my core 3750.

Is it best practice to move all the ports out of VLAN 1 into another vlan?  IE: say my backbone is 10.35.66.0/24, could I just create a VLAN local to that switch (say VLAN 660) and move all the ports in to that vlan?  If I add another switch to the backbone can I create the same vlan local to that switch and again move all the ports off VLAN1 (IE VLAN 660 on switch 2)?

The routing for that network is done via the physical interface on the L3 3750 so that vlan wouldn't exist on the L3 3750. 

Can someone help me wrap my head around it?

Here is a crude diagram, the switch in question is the L2 3750.


L2.png

Labels:
0 Helpful
20 Replies 20

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to the-lebowski

‎04-08-2010 08:21 AM

Hello DPatten,

>> But with the FW's I am  working (netscreen SSG5s) with I wasn't able to  get it working.  Plus  the fact that I am running OSPF between the two  FWs and the routed  interface I wasn't sure how that would work with a  vlan

I guess you could had troubled with MTU settings (MTU mismatch)  that can be detected with debug ospf adj

As Jon noted you should be able to use an SVI instead of a routed port if you like

Hope to help

Giuseppe

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎04-08-2010 08:18 AM

Hello Jon,

for the trunk link option to work it is just enough that the two switches agree on the two vlan-ids used

the L2 Lan switch just needs an IP address in the management interface and act as a pure L2 LAN switch for vlan 20

of course L2 object vlan 20 must exist on switch and need to be created in the usual manner

vlan 20

name backbone vlan

there is no need to move the SVI to the backbone switch (or it will become a L3 backbone switch )

the use of two separate links could only provide the capabiity to use different vlan-ids at the two ends of each link.

Hope to help

Giuseppe

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎04-08-2010 08:23 AM 

giuslar wrote:
Hello Jon,
for the trunk link option to work it is just enough that the two switches agree on the two vlan-ids used
the L2 Lan switch just needs an IP address in the management interface and act as a pure L2 LAN switch for vlan 20
of course L2 object vlan 20 must exist on switch and need to be created in the usual manner
vlan 20
name backbone vlan
there is no need to move the SVI to the backbone switch (or it will become a L3 backbone switch  )
the use of two separate links could only provide the capabiity to use different vlan-ids at the two ends of each link.
Hope to help
Giuseppe

Giuseppe

Not sure i follow you.

If you want to manage the L2 switch on a different vlan than the vlan used for data, which is recommended, there is a need to make the routed port a trunk port because you need to transmit traffic for 2 vlans between the L3 3750 and the L2 3750 ie. vlan 20 for data traffic from the firewalls and vlan 10 for management traffic to the L2 3750.

And the SVI for vlan 20 has to exist on the 3750 because a L2 switch does not pass data traffic via it's SVI.

Jon

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎04-08-2010 10:08 AM 

giuslar wrote:
Hello Jon,
for the trunk link option to work it is just enough that the two switches agree on the two vlan-ids used
the L2 Lan switch just needs an IP address in the management interface and act as a pure L2 LAN switch for vlan 20
of course L2 object vlan 20 must exist on switch and need to be created in the usual manner
vlan 20
name backbone vlan
there is no need to move the SVI to the backbone switch (or it will become a L3 backbone switch  )
the use of two separate links could only provide the capabiity to use different vlan-ids at the two ends of each link.
Hope to help
Giuseppe

Giuseppe

I'm still not following what you mean here. Could you perhaps clarify ?

Jon

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎04-08-2010 10:28 AM

Hello Jon,

you don't need an SVI in vlan 20 you need to create Vlan 20 broadcast domain on the L2 only switch.

you create SVI in vlan 20 if you want to provide L3 services on this broadcast domain I mean on the L2 backbone LAN switch

probably I have misunderstood your previous post you were referring to moving from a routed to an SVI on the L3 C3750

I see it now

Hope to help

Giuseppe

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to the-lebowski

‎04-08-2010 07:57 AM

Hello DPatten,

>> That is ok and won't cause any problems?  Does the port on the L2 3750  connecting to the MGMT vlan on the L3 3750 need to be in vlan 10 as  well?

to this link applies the CDP concern I've expressed before if you use a different vlan on L2 switch

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents