Solved: Re: Intervlan Routing at the switch verses at the connected upstream router

CiscoBrownBelt · ‎04-15-2018

Ok let's say you have SVI interfaces on a switch that connects to the servers (SVI 2 10.1.2.5, SVI3 10.1.3.5, etc.) and that switch connects to a router that has the sub-interfaces (int g0/0.2 10.1.2.1, g0/0.3 10.1.3.1, etc.).

If the gateway configured on the servers or what ever is connected to the switches (host machines) is 10.1.2.1 or the ip address on the router) the packet will still travel to the router to reach destinations in other subnets?

If network is being setup this way, sub-interfaces on the router should be different subnets then what is on the switches as packets are already being routed on the switches or am I incorrect?

Deepak Kumar · ‎04-19-2018

Hi,

Question, if I am using 2x switches for redundant questions, won't giving both the same SVI ips cause a duplicate IP error?

Ans: I do not know your switch model. You can go with Stacking option for catalyst switches, VSS/VPc. If you configure these switches in stacking there will no need for duplicate IP and auto-failover will work with Multi-chassis EtherChannel.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Reza Sharifi · ‎04-15-2018

That is correct. You have to decide where you want to do the inter-vlan routing. If it is the switch then there is no need for any sub-interfaces on the router. You route on the switch and you have a layer-3 transit vlan or a /30 point-to-point between on the switch and the router. If you decide to route on the router, you need a sub-interface for each vlan/subnet and the switch is just layer-2 with a management IP and an SVI.

HTH

CiscoBrownBelt · ‎04-18-2018

Yes that is how I am setting it up.

So if I have two redundant (primary and secondary) switches so servers can connect to each for redundancy, I am not supposed to create the same SVI ips on each switch correct (excluding management SVI which I have as X.X.X.5 and sw2 .6)?

I am not quit sure how to set that part up.

Reza Sharifi · ‎04-18-2018

That is correct. If the switches are just layer-2, you just need one SVI on each switch for management (X.X.X.5 and sw2 .6). From there, you trunk the switch to the routers and add all vlans to it and on the router, you need a sub-interface for each vlan/subnet.

HTH

Deepak Kumar · ‎04-18-2018

Hi,

Yes, you can configure Intervlan routing on switch or router.

If you are going to configure inter-VLAN routing on the switch then Inter subnets packet will route in the switch and will not go to router interface (If not required) and you required an SVI or L3 interfaces for router connectivity with /30 (It is not mandatory) with access switch port. It is also required a default route toward to router interface so internet traffic can route to the router.

On the router, you also required static route for all VLANs toward to switch IP.

If you are going to configure inter-VLAN routing on the router then all Intervlan packets will go to router and route to a respective VLAN interface. In this scenario, you required a trunk port between switch and router.

Best Practice: If there are few users then there is no matter best practice but In the real network we are trying to keep InterVLAN routing on Core or distribution switches. This increases the performance of network, stability, reliability, save bandwidth on uplink links and resources on Internet gateway level as the firewall.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

CiscoBrownBelt · ‎04-18-2018

Thanks for info!

In this particular setup, on servers connect to the switches, then switches connect to Routers via trunk > Switch (for redundancy connections) > to FW > to Edge Rt.

Yes so I am configuring SVIs on the switches for the servers.

Question, if I am using 2x switches for redundant questions, won't giving both the same SVI ips cause a duplicate IP error?

Reza Sharifi · ‎04-18-2018

I thought you said you want the IPs for the server vlan on the routers and just a truck port from the switch (layer-2 only) and just one IP for each switch for management. If this is correct, you only need one SVI per switch using a different IPs. The IPs for the server subnet will be on the routes, this means the default gateway for all servers will be the routers and not the switch. Is this what you are trying to do?

HTH

CiscoBrownBelt · ‎04-19-2018

No sorry for the confusion. I will need the intervlan routing done on the switches that connect directly to the servers. Each server will connect to each switch for redundancy, and from the switch it then connects to a router (yes GW of switches will be the router).

My question is, since the switches are for redundancy, how would I configure the SVIs if I only have 1 pair of these switches (so access switches then straight to router, no distro or core). Wouldn't giving both the same SVI ips give a conflict?

Deepak Kumar · ‎04-19-2018

Hi,

Question, if I am using 2x switches for redundant questions, won't giving both the same SVI ips cause a duplicate IP error?

Ans: I do not know your switch model. You can go with Stacking option for catalyst switches, VSS/VPc. If you configure these switches in stacking there will no need for duplicate IP and auto-failover will work with Multi-chassis EtherChannel.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

CiscoBrownBelt · ‎04-19-2018

Hi,

Sorry you basically answered my question on my other post. It is for Nexus 3548 switches (1 pair).

CiscoBrownBelt · ‎04-19-2018

Ok so it is for Nexus 3548 I got VPC working but have a couple question or concerns about best practice.

My VPC domain and port-channel for it are same "10"
Shall I configure hold times, etc. for peer-keep alive configs?
Should I not give the secondary switch a priority of 110 or higher since sw1 is 100?

See vpc brief and configs below:

vPC domain id : 100

Peer status : peer adjacency formed ok

vPC keep-alive status : peer is alive

Configuration consistency status : success

Per-vlan consistency status : success

Type-2 consistency status : success

vPC role : primary

Number of vPCs configured : 0

Peer Gateway : Enabled

Peer gateway excluded VLANs : -

Dual-active excluded VLANs : -

Graceful Consistency Check : Enabled

Auto-recovery status : Disabled

vPC Peer-link status

---------------------------------------------------------------------

id Port Status Active vlans

-- ---- ------ --------------------------------------------------

1 Po100 up 1,6, 10, 12

Both mgmt. 0 of the 3548 switches can ping (Sw1 is 10.10.10.1 and Sw2 is 10.10.10.2 /24)

Same both switches:

feature LACP

feature vpc

int mgmt. 0

ip add 10.10.10.1 /24 (Sw2 is 10.10.10.2)

Sw1

vpc domain 10

role priority 100

peer-keepalive destination 10.10.10.2 source 10.10.10.1

delay restore 150

peer-gateway

Sw2

peer-switch

peer-keepalive destination 10.10.10.1 source 10.10.10.2

delay restore 150

Both for Sw1 and Sw2 same:

interface Ethernet1/46

description vPC Peer-Link

channel-group 10 mode active

interface port-channel 10

switchport mode trunk

no shutdown

interface Ethernet1/47

description vPC Peer-Link

channel-group 10 mode active

interface port-channel 10

switchport mode trunk

no shutdown