cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1709
Views
0
Helpful
8
Replies

External organization netwrok navigating across my CAN transport network

sam.craven.01
Level 1
Level 1

A partner has established a point of presence adjacent to my network. I do not have local access to their router. I have a transport only network in my CAN that interconnects the 40+ buildings that I support locally. I need to connect their router to my 5k Core SW. From the 5k Core SW, I need to pass this traffic to a local SW, or a new 3750 SW, to the designated hosts. This network package provides a PC and a Phone for each user that was pre-configured by the partner. I need to address the POE requirements for the phones coming off the switch.

I would like to create a VLAN 508 for this traffic.

in summary:

Partner router > 5k Core SW > New 3750 SW (comm closet closest to hosts) > hosts

I appreciate any help or guidance that you might provide.

Sam

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Sam

What help do you actually need ?

Is it how to configure it or more to do with whether this is a good thing to do ?

If the users who work for the partner do not need any access to the rest of your network I would recommend using a VRF on your N5K so that the routing is kept entirely separate and to use a new switch just for them if at all possible.

Jon

Thanks for responding. I would like assistance in developing a plan to configure properly. This is a heavily used transport network that experienced a 2 day outage recently (I was on travel) due to unauthorized access that shut down a building, so I want this effort to go as smoothly and competently as possible. I also want to use this as a learning opportunity and to develop a standard approach for similar tasks in the near future.

1. The partner does not need access past their router interface.

2. I want to move the partner's network from his router to my 5k Core SW and then configure to connect to a new 3750 SW co-located with the hosts.

3. Please see attachment for what I am thinking as far as signal flow.

Not sure I follow, is the partner router to be replaced because you talk of moving the network from the router to your switch ?

How is the partner going to be connected to your N5K ?

How many vlans/IP subnets are needed for the partner ?

What I am trying to work out is the intended traffic flow and whether the partner router will still be included.

In terms of 3750 just configure the vlan(s) you need on it and make it VTP transparent.

What else you do depends on the questions above.

Jon

The partner has brought the XYZ network into my area. His POP is adjacent to my CAN transport network. I need to get the XYZ network traffic from his router interface to my core SW. I assume that will be accomplished with a trunked interface.

The partner has a fastethernet capable router that will connect to my 5k switch with a copper adapter (like a gigabit adapter except for copper. I do not know the proper name). So a CAT5E run of less than 1-2 feet to Core SW.

I am initially providing 10 workstations with pre-configured phones and PC's. Their will be one VLAN, VLAN 508. Unless the phones need their own VLAN.

Please see the .pdf I provided from the VISIO signal flow/traffic flow.

1. VTP Transparent - Got it. Adding that to my notepad config product.

If you are putting the PCs and the phones into the same vlan and you will not need another vlan then you do not need trunks, you can use access ports in that vlan for all your connections.

Only use trunks if you think you will need more vlans in the future or if the phones need their own vlan.

So the default gateway for vlan 508 will be on the partner router and you are simply extending the vlan from the new switch to the partner router.

Definitely VTP transparent on the new switch which means you need to create vlan 508 on all the other switches between the new switch and the partner router.

I am not a VOIP person so not sure whether phones need their own vlan,

How are the phones connected ie. do the PCs connect to the phone ?

Jon

Thank you for the insight. I will be installing this today, now that I have gotten past some other network related tasks. I will post the follow up. So with VTP transparent you need to create the VLAN on each SW that that VLAN has clients on? If so, that is a good piece of information that I have been trying to work out in my training. If not please correct me. Due to the fact that I have a tendency to create the same VLAN on each SW in my specific situation. I realize that is not possible for environments. I assume that VTP Server just pushes down the changes to all the other switches and updates the revision number.

With VTP transparent the vlan must be on all switches in the path not just those with clients attached ie. if you have three switches connected in a row with trunks and the first and third switches have clients in that vlan you would still need to add the vlan to the second switch as well.

You can use VTP server if you like, it's just that if this switch is meant to be purely for them and your network is simply a transit I would make it VTP transparent so that switch only knows about the vlan(s) it needs to.

As for the rest of it do you know how the partner has setup the interface connecting to your switch and what the IP is ?

Also where will the PCs and phones be getting IPs from or has the partner setup static IPs on them ?

Jon

One other thing, if you use a trunk to the partner router then they will have to setup a subinterface for vlan 508 unless you make that the native vlan on the trunk link.

Jon