Cisco 2960X switching and routing question

Report Inappropriate Content · ‎06-25-2017

I have two Cisco 2960X layer 3 switch and a 3850 switch and a Cisco ASA 5506 in each one of my cabinets, I have two cabinets

Cabinet 1

Cisco 2960X IP address 192.168.5.1 255.255.255.128 DG: 192.168.5.126

Cisco 3850 IP address 10.0.0.1 255.255.255.0 with gi1/0/24 port as: 192.168.5.126 255.255.255.128 this is the default gateway for the 2960x

Cisco ASA 5506 connects to the internet to provide updates to McAfee to my 10.0.0.1 network

Cabinet 2

Cisco 2960X IP address 192.168.6.1 255.255.255.128 DG: 192.168.6.126

Cisco 3850 IP address 10.0.1.1 255.255.255.0 with gi1/0/24 port as: 192.168.6.126 255.255.255.128 this is the default gateway for the 2960x

Cisco ASA 5506 connects to the internet to provide updates to McAfee to my 10.0.1.1 network

My question is, I want to connect the 2 2960X via fiber on gi1/0/49 so 192.168.5.1 (Cabinet 1) network can talk to 192.168.6.1 network on gi1/0/49 (cabinet 2)

I understand 2960X has limited IP routing capability, how do I make it happen so 192.168.5.1/25 network can ping devices to 192.168.6.1/25

I am new to layer 3 switches, can anyone explain how I am use static routes and what else I need to configure to make this happen. I don't want to run any routing protocols (RIP, EIGRP, BGP), thank you in advance for you help.

Julio E. Moisa · ‎06-25-2017

Hi

I think you could interconnect the 3850 instead of the 2960X. The 3850 switches already have configured the ip routing (because you have a default static route to the ASA's) so you can make inter-vlan routing or You could configure a routing protocol like EIGRP or OSPF on both 3850 to create an adjacency.

For example:

3850 SW1

interface g1/0/48
no switchport
ip address 10.10.10.1 255.255.255.252
no shut

router ospf 100
net 10.10.10.1 0.0.0.0 area 0
net 192.168.5.0 0.0.0.127 area 0

3850 SW2

interface g1/0/48
no switchport
ip address 10.10.10.2 255.255.255.252
no shut

router ospf 100
net 10.10.10.2 0.0.0.0 area 0
net 192.168.6.0 0.0.0.127 area 0

So you can get:

- Communication between the vlans
- You could have Internet redundancy for each networks.

The 2960X supports static routing but my personal opinion is use the 3850 instead.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Report Inappropriate Content · ‎06-25-2017

Thank you for your help. The requirement calls for 2960X to connect via fiber connection, do you know what commands I need to enable on both the 2960X for them to connect besides ip routing and how do I set the static route for the 2960x to talk? Really appreciate the help

Julio E. Moisa · ‎06-25-2017

Hi

To use a link between access switches should not be part of a good design it should be done between the distribution switches, may I know the reason to interconnect the access switches?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Report Inappropriate Content · ‎06-26-2017

Hi Julio, this is for a process control network environment, basically the 2960X switches are in the level 2 on the PCN, it will not have connection to the internet, the access switches are connected to two cabinets with virtualized training machines for refineries, the machines needs database updates from Level 2.5 SCADA systems. I have to make sure the ASA firewall rules only allow access to the 10.xx.xx.xx network and not to the 192.xx.xx.xx network. The 192.xx.xx.xx network however needs access to the 10.xx.xx.xx network because they have McAfee agents installed on them and to get updates from McAfee server in the 10.xx.xx.xx network. Thank you