12-18-2007 08:09 PM - edited 03-05-2019 08:04 PM
I am currently planning the transition of our network into a vlan environment, with routing provided by a 3550. I have been using doc 41260 as my guide (see http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml#NetPro).
I am not sure how to proceed with implementing the element in the guide where the connection between the routing switch and the gateway router is configured. In our network there is no direct connection between the switch and router (there is a 2960G in between which is connected to the 3550 by a fibre trunk). Thus the advice to convert the router-connected port on the 3550 to a routed port by issuing a "no switchport" command and assigning an IP address would appear not to apply, but I can't see what to do instead.
Can someone advise me or provide me with a link to a more complicated example than exists in this document?
Solved! Go to Solution.
12-18-2007 08:57 PM
So, you have:
[3550]->[2960G]->[Router]
Make believe you have F0/0 on router 192.168.1.1/24
Make believe this is Vlan 192
On the 3550, you configure Vlan 192 in Layer2 and Layer3 while in the 2960G, you configure Vlan 192 in layer 2.
Layer2 Vlan:
config t
vlan 192
Layer 3 Vlan:
interface vlan 192
ip address 192.168.1.2/24
______________
Configure a trunk or access switchport between 2960G and 3550. If you decide to carry more than one Vlan on this link, configure a trunk. If you decide to carry only one Vlan (Vlan 192), then configure access port.
Trunk configuration on both switches:
interface fx/x
switchport mode trunk
switchport trunk encapsulation dot1q
Access configuration on both switches:
interface fx/x
switchport mode access
switchport access vlan 192
______________
On the switchport connected to the router:
interface fx/x
switchport mode access
switchport access vlan 192
______________
You should be able to ping from the 3550 to the router on the same Vlan.
______________
As for the gateway:
1) Make sure to turn IP Routing on the router with the command ip routing, since it's off by default
3) insert a static route pointing to the router
2) point the workstations to the 3550 as the gateway
12-18-2007 08:57 PM
So, you have:
[3550]->[2960G]->[Router]
Make believe you have F0/0 on router 192.168.1.1/24
Make believe this is Vlan 192
On the 3550, you configure Vlan 192 in Layer2 and Layer3 while in the 2960G, you configure Vlan 192 in layer 2.
Layer2 Vlan:
config t
vlan 192
Layer 3 Vlan:
interface vlan 192
ip address 192.168.1.2/24
______________
Configure a trunk or access switchport between 2960G and 3550. If you decide to carry more than one Vlan on this link, configure a trunk. If you decide to carry only one Vlan (Vlan 192), then configure access port.
Trunk configuration on both switches:
interface fx/x
switchport mode trunk
switchport trunk encapsulation dot1q
Access configuration on both switches:
interface fx/x
switchport mode access
switchport access vlan 192
______________
On the switchport connected to the router:
interface fx/x
switchport mode access
switchport access vlan 192
______________
You should be able to ping from the 3550 to the router on the same Vlan.
______________
As for the gateway:
1) Make sure to turn IP Routing on the router with the command ip routing, since it's off by default
3) insert a static route pointing to the router
2) point the workstations to the 3550 as the gateway
12-18-2007 09:01 PM
Thank you very much. That was just what I needed to know.
On the gateway router, though, should I configure static routes for each VLAN (we will have 8)?
12-18-2007 09:05 PM
If you are planning to have multiple Vlans on the 3550, I recommend configuring a dynamic routing protocol.
If you are running all Cisco devices, configure EIGRP in the 3550 and WAN router. It will dynamically learn all subnets.
12-18-2007 09:10 PM
Alas, I used the term 'router' for clarity, whereas the actual device is a gateway server running Windows 2003 and ISA. The rest of the network is entirely Cisco though (some 80 switches).
12-19-2007 07:41 AM
Then place static routes in the ISA server pointing to the 8 Vlans being hosted in the 3550 switch.
On the 3550 switch, place a static default route towards the ISA server.
12-20-2007 04:28 PM
Will that work, though? Considering that the link from the 2960 to the ISA server will be on one VLAN and not a trunk, will the traffic to the other VLANs be switched through? eg. the ISA server is plugged into a port configured for VLAN 2, but is has a static route directing traffic to the default gateway for VLAN 3, won't the VLAN 3 traffic just be dropped?
Or I suppose the 2960 port could be configured to accept traffic from all VLANs?
12-20-2007 04:55 PM
The ISA only cares about one Vlan and that's the common Vlan between the 3550 (Layer3 device) and itself.
The inter-Vlan is done at the 3550 and hosts on the respective subnets will point to the 3550 as the default-gateway. All packets from the 3550 will be Layer3 switched towards the ISA, which in turned send to the outside.
On the ISA, make sure to include routes back to those subnets with gateway pointing to the 3550 and also have NAT including those subnets for traffic going out to the internet (please remember that).
For instance, common subnet between 3550 and ISA: 192.168.1.1 = ISA / 192.168.1.2 = 3550.
On the ISA,
route add 192.168.2.0 mask 255.255.255.0 192.168.1.2 (Subnet Vlan 2)
route add 192.168.3.0 mask 255.255.255.0 192.168.1.2 (Subnet Vlan3)
etc ...
On the 3550
interface Vlan2
ip add 192.168.2.1 255.255.255.0
interface Vlan3
ip add 192.168.3.1 255.255.255.0
On the Clients from Vlan2
ip address: 192.168.2.10
subnet mask: 255.255.255.0
default gateway: 192.168.2.1
____________
No need to make any changes in the 2960 switchport, a common Vlan will flow thru between the switches with no problem.
For instance, common Vlan100
On the 3550
interface Vlan 100
ip add 192.168.1.2 255.255.255.0
interface fx/x
description connection to 2960
switchport mode access
switchport access vlan 100
On the 2960
interface fx/x
description connection to 3550
switchport mode access
switchport access vlan 100
interface fx/x
description connection to ISA
switchport mode access
switchport access vlan 100
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide