Solved: cisco design question

afsharki2 · ‎04-07-2017

Let's say I have the following:

routed refers to routed interface

we want to ping between computer1 and computer2

Current design:

(computer1)----Sw1----routed----Sw2---routed---Sw3---routed----Sw4-----(computer2)

Future design:

(computer1)---Sw1----routed-----Sw2-----trunk----Sw3-----routed-----Sw4-----(computer2)

As you can see, a trunk is now attempting to be implemented between Sw2 and Sw3. What configuration changes need to be done to make this happen? so the packets can get from comp1 to comp2. Do we have to create a new vlan definition (svi), so that it knows to route it up to the next inerface?

I have a feeling I'm missing something really important. Please let me know if this is not clear enough.

Jon Marshall · ‎04-08-2017

I'll try and answer both questions but you have removed the diagram so I'll have to do the first question from memory :)

If the service switch connects at L3 to the core switches then, assuming you setup the routing between DS2 and the service switch as discussed, DS2 would receive routes for the voice gateways from both the core switches and the service switch.

Assuming the interconnects from DS2 are the same speed to the cores as to the service switch then DS2 should favour the routes received direct from the service switch which is what you want. In fact you could then use the cores as a backup in case the trunk failed if that is what you wanted.

If the interconnects are different speeds then the above may not apply.

If you do not create this new vlan for peering the traffic will not traverse the link because the traffic is not arriving at DS2 as L2 traffic unlike the guest vlan traffic which is. The traffic from vlan 50 is L3 traffic when it arrives at DS2.

It might help to think of it from DS2's perspective. A packet arrives from vlan 50 via the routed link. DS2 does what any L3 device does and does a route lookup on the destination IP but you don't have those routes if you don't peer with the service switch (assuming you are not still receiving those routes from the core switches).

So DS2 cannot forward the packets. The native vlan does not come into it here.

Jon

View solution in original post

Julio E. Moisa · ‎04-07-2017

Hi

I think if you are using layer 3 switches you will need a routing protocol like RIPv2, EIGRP, OSPF on those switches.

Assuming you will have something like this on the SW2 and 3

SW2

ip routing

vlan 10

interface vlan 10
ip add 192.168.10.1 255.255.255.0
no shut

router ospf 1
net 192.168.10.1 0.0.0.0 area 0
net <other IP ´routed port>

interface g1/24
switchport trunk encapsulation dot1q
switchport mode access
no shutdown

SW3

ip routing

vlan 10

interface vlan 10
ip add 192.168.10.2 255.255.255.0
no shut

router ospf 1
net 192.168.10.2 0.0.0.0 area 0
net <other IP ´routed port>

interface g1/24
switchport trunk encapsulation dot1q
switchport mode access
no shutdown

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

afsharki2 · ‎04-07-2017

they are all L3 switches and they all have OSPF. But if there is nothing to add to the trunk, then how will it go up to Sw3? It will just use the native vlan?

Jon Marshall · ‎04-07-2017

It will use whatever vlan the traffic is in.

If there are no client vlans on sw2 and sw3 then why use a trunk ?

Jon

afsharki2 · ‎04-07-2017

thank you. ok, so first off: Sw1 only has one way out and that's through switch 2 via its routed link.

The thing with that is the traffic from PC1 it's all under a different subnet address that doesne't match anything on the trunk link between sw2 and sw3...so it will just take the native vlan right? I think I'm already forgetting what the native vlan is...

Jon Marshall · ‎04-07-2017

It will take whatever vlan you are peering on between sw2 and sw3.

You still need to exchange routes between sw2 and sw3 and that is why you need a vlan to peer between the switches (see my original post above). So whichever vlan you are using for peering is the vlan that the traffic will be routed across.

This is why I was asking about why you want a trunk ie. if sw2 and sw3 have common vlans between them or they have other switches connected using these vlans then a trunk makes sense but from the topology you have drawn it doesn't at the moment.

Jon

afsharki2 · ‎04-07-2017

Thank you Jon and Julio, I will be attaching a picture soon that will clear up any confusion and addresses why I will be implementing a trunk.

Julio E. Moisa · ‎04-07-2017

Hi

If you are using routed ports between sw1 and 2 the broadcast will be isolated.

You can use a native vlan different than 1 between sw2 and 3. But As Jon mentioned the trunk should not be required unless you want to use vlans to be used with the routing protocol, please see my design on the last post.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎04-07-2017

Hi

Thank you

No, you should use other vlan for the native role only and disable the vlan 1, it is for best practice.

The trunk will be used to transport the vlans from SW2 and SW3 like the config above.

vlan 10

interface vlan 10
ip add 192.168.10.1 255.255.255.0
no shut

vlan 10

interface vlan 10
ip add 192.168.10.2 255.255.255.0
no shut

You could also consider this design:

Switch1 -- trunk -- Switch2 --- routed ---- Switch3 --- trunk --- Switch4

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

afsharki2 · ‎04-07-2017

thank you. Ok, so let's say I wanted to use the future design and I didn't want to make a single configuration change. Would the traffic from computer 1 go through the native vlan of the trunk between sw2-sw3? There is no vlan defined on the trunk for that perticular subnet that computer 1 is on, but it would take the native vlan in that case, right?

Julio E. Moisa · ‎04-07-2017

By default all the vlans created locally are passed through the interface trunks unless you create restrictions like: switchport trunk allowed vlan X,Y,Z

The default native vlan is the vlan 1, are your computers assigned to the vlan 1 on each end and different subnets?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

afsharki2 · ‎04-08-2017

1

Jon Marshall · ‎04-07-2017

I think there is some confusion here.

When the traffic arrives at sw2 from PC1 it will do a route lookup for the destination subnet and so it needs a route for that subnet. Which means you need to peer between sw2 and sw3 to exchange routes which means you need a common vlan between them for the peering.

The native vlan will not be used because sw2 is making a routing decision unless of course you use the native vlan for the peering but I would not recommend that.

Jon

afsharki2 · ‎04-07-2017

please see picture attached. I hope it does not confuse you, it's a lot of stuff in 1 page.

Jon Marshall · ‎04-07-2017

The picture is a little confusing because it shows the trunk bypassing everything and going to a service switch and it's not clear why you need to do that.

Can you put into words based on the picture exactly what it is you are trying to do ?

Jon