Connecting two Catalyst 3560 Routers (both doing L3 routing)?

obrienw264 · ‎10-16-2012

Scenario: Two buildings connected with a private leased fiber line, so it does operate as a LAN. There are several subnets and everyone at both buildings needs to be able to access all subnets. However the physical machines on those subnets are building specific:

Building 1: 10.2.0.0/24 (vlan20), 10.4.0.0/24 (vlan40), Internet connection

Building 2: 10.1.0.0/24 (vlan10), 10.3.0.0/24 (vlan30)

The majority of the traffic between the subnets is specific to the buildings as well (i.e. most of the traffic is between 10.1 and 10.3 or 10.2 and 10.4).

Currently I have a Catalyst 3560 at Building 1 operating as the single "core" L3 router (and then a variety of switches connected to that). I have another 3560 at Building 2 that I'd like to turn in to the "master" L3 router for the two subnets primarily used by Building 2. In other words, make it so traffic from 10.1 to 10.3 doesn't have to run to building 1 just to get back to building 2.

I've got a basic knowledge of adding VLANs, VLAN interfaces and a static routes. The part that I'm getting confused on is that the Building 1 core router needs to make its default route to the firewall (and on to the internet) but "know" that traffic on vlans 10 and 30 gets sent across the fiber line to the other router.

So I'm assuming this gets done with some combination of vlan definitions, vlan interfaces and static ip routes on each router, but I'm not sure if I'm missing something.

John Blakley · ‎10-16-2012

Can you post a diagram of how you're laid out? Do you have a physical connection between buildings (ie, bldg 1 -> 2, bldg 1 -> 3, bldg 2 -> 3)?

HTH, John *** Please rate all useful posts ***

obrienw264 · ‎10-16-2012

Sure:

So right now, 3560#1 is doing all the L3 routing and is set up so machines on all the subnets can talk to all the other machines. I'd like to make it so when machines on the 10.1.0.0 subnet go to talk to machines on the 10.3.0.0 subnet, they don't have to run all the way to 3560#1 and back.

Thank you.

cashqoo · ‎10-16-2012

from what i understand, you want 3560#2 to perform intervlan routing. this can be done by "ip routing" command.

you can also refer to this document.

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

you may also need other commands for the design to work, depending on the existing setup/configuration you have.

hope it helps

schaef350 · ‎10-16-2012

You will need a route to 10.1.0.0/24 and 10.3.0.0/24 pointed from router1 to router2

3560#1 should get some routes like this:

3560#1(config)# ip route 10.1.0.0 255.255.255.0

3560#1(config)# ip route 10.3.0.0 255.255.255.0

3560#1(config)# ip route 0.0.0.0 0.0.0.0

3560#2 should look like this:

3560#2(config)# ip route 10.2.0.0 255.255.255.0

3560#2(config)# ip route 10.3.0.0 255.255.255.0

You can do a "no switchport" on the interfaces inbetween and then configure them as router interfaces. THAT WILL CAUSE DOWN TIME though so be aware of that.

- Be sure to rate all helpful posts

obrienw264 · ‎10-17-2012

Thanks Adam. I think the "no switchport" / routing interface is what screwed me up in the past; I was trying to switchport trunk everything.

Do I need to define the VLANs and VLAN interfaces for all VLANs on both switches or just their respective ones:

A) Both:

3560#1

3560#2

vlan 1,10,20,30,40

int vlan10

ip address 10.1.0.2 255.255.255.0

int vlan20

ip address 10.2.0.1 255.255.255.0

int vlan30

ip address 10.3.0.2 255.255.255.0

int vlan40

ip address 10.4.0.1 255.255.255.0

int vlan10

ip address 10.1.0.1 255.255.255.0

int vlan20

ip address 10.2.0.2 255.255.255.0

int vlan30

ip address 10.3.0.1 255.255.255.0

int vlan40

ip address 10.4.0.2 255.255.255.0

ip route 10.1.0.0 255.255.255.0 10.1.0.1

ip route 10.3.0.0 255.255.255.0 10.3.0.1

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0 10.2.0.1

OR

B) Just their respective subnets:

3560#1

3560#2

vlan 1,20,40

vlan 1,10,30

int vlan20

ip address 10.2.0.1 255.255.255.0

int vlan40

ip address 10.4.0.1 255.255.255.0

int vlan10

ip address 10.1.0.1 255.255.255.0

int vlan30

ip address 10.3.0.1 255.255.255.0

ip route 10.1.0.0 255.255.255.0 10.1.0.1

ip route 10.3.0.0 255.255.255.0 10.3.0.1

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0 10.2.0.1

schaef350 · ‎10-17-2012

I would do something like:

3560#1

3560#2

vlan 20,40

vlan 10,30

int gi0/1 (or whatever physical int)

description To Gi0/1 on 3560#2

no switchport

ip address 10.5.0.1 255.255.255.252

ip route 10.3.0.0 255.255.255.0 10.5.0.2

ip route 0.0.0.0 0.0.0.0

int gi0/1 (or whatever physical int)

description To Gi0/1 on 3560#1

no switchport

ip address 10.5.0.2 255.255.255.252

ip route 10.2.0.0 255.255.255.0 10.5.0.1

ip route 10.4.0.0 255.255.255.0 10.5.0.1

ip route 0.0.0.0 0.0.0.0 10.5.0.1

Be sure you know what everything is doing before attempting to implement of course. Try on lab gear if you have that option...

You can do what ever you want for IP addressing over that link. I just used a 10.5.0.0/30 as an example. You may want to keep that subnet for future VLANs on one side or the other...

- Be sure to rate all helpful posts