10-28-2008 05:24 PM - edited 03-06-2019 02:11 AM
Looking for advice and Cisco âbest practiceâ for setting up a L3 switching LAN. The below is the solution I have setup in a lab environment.
Q. Is there a better way to design this solution?
Q. Will this solution work?
Q. Advantages/ disadvantages of design?
Inventory
Core switches: 2x6509 & 1x4500
Access Switches 3560 POE-SW
LAN Overview
All core and access switches are connected over L2 dot1q trunk links. (Cannot use L3 routing ports between core switches because of legacy devices communicate over L2 dot1q links)
All switches use native vlan 1 for trunk links and management VLANS
All Voice and Data VLANs for access switches are terminated on the core switches (Default Gateway)
All Core switches will be running Eigrp routing for the Data and Voice VLANS terminating on the core switches.
All edge switches do not support Eigrp routing.
! Core_1
vlan 1 MGMT
vlan 10 DATA
vlan 110 Voice
int vlan 1
ip address 10.0.0.1/24
int vlan 10
ip address 192.168.10.0/24
int vlan 110
ip address 192.168.110.1/25
router eigrp 250
no auto-sum
network 10.0.0.0
network 192.168.10.0
network 192.168.110.0
! AS_1
int vlan
ip address 10.0.0.10
! Core_2
vlan 1 MGMT
vlan 20 DATA
vlan 120 Voice
int vlan 1
ip address 10.0.0.1/24
int vlan 20
ip address 192.168.20.0/24
int vlan 120
ip address 192.168.120.1/25
router eigrp 250
no auto-sum
network 10.0.0.0
network 192.168.20.0
network 192.168.120.0
! AS_2
int vlan 1
ip address 10.0.0.20
! Core_3
vlan 1 MGMT
vlan 30 DATA
vlan 130 Voice
int vlan 1
ip address 10.0.0.3/24
int vlan 20
ip address 192.168.30.0/24
int vlan 120
ip address 192.168.130.1/25
router eigrp 250
no auto-sum
network 10.0.0.0
network 192.168.30.0
network 192.168.130.0
! AS_3
int vlan 1
ip address 10.0.0.30
10-28-2008 06:20 PM
I would not use vlan 1 , make it a different vlan . vlan 1 is the default vlan and runs a lot of the control info such as cdp,vtp etc.. and it is best not to use vlan for data. Any other vlan number is fine .
10-28-2008 11:01 PM
Colm
There are a number of things here that are unclear.
Firstly i agree totally with Glen. You should
1) Use a vlan other than vlan 1 for managing the switches.
2) Use a vlan other than vlan 1 and not the vlan you use for managing the switches for the native vlan. This vlan does not need a L3 vlan interface in your core because there is no need to route the native vlan.
Attached is a link to best practice for 4500/6500 IOS configuration. It's worth a look in terms of native vlan/management vlan/STP/VTP etc..
http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml
It's a fairly long read - you don't need to read it all just the bits relevant to your setup.
Core/Distribution layer
=======================
1) What is the purpose of the 4500. I'm not sure what you gain by having a core 3 switch. I would just use your 6500 switches as the core and relegate your 4500 to an access-layer switch and migrate the L3 svi's on the 4500 to the 6500's. Note obviously you will still need a L3 svi on the 4500 for managment.
2) You have no redundancy for your L3 gateway's in your design because each switch (6500 x 2 + 4500) are running different L3 SVI's. You should create the same L3 vlan interface on both 6500 switches and run HSRP or GLBP between the 2 6500 switches.
Access layer
============
1) You have no redundancy from the access to the distro/core layer. Each access-later switch should be dual connected to the 6500 switches so if one of the 6500 switches fails each access-layer switch still has a path and the end clients can still access their gateways.
General
=======
If you do relegate the 4500 to the access-layer then you don't necessarily need to run EIGRP but you can with no problems.
The above are some things to think about. The key ones are lack of redundancy and the use of the 4500. Note that what you have proposed would work and my advice is just that, advice.
If you have further queries please come back.
Jon
10-29-2008 01:31 AM
In Addition to Jon's post another design would be a routed access design as all the switches are L3 capable. Make each access switch dual uplink to Cat6500's and configure all the ports as L3 and run a routing protocol among all the switches. This design is best sutited in a big campus LAN design. I dont know if that can suit you but just an advise on the design front.
Please see whitepaper on routed access design.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/routed-ex.html
-amit singh
10-29-2008 03:07 AM
Thanks to all that replied. Sorry I did not explain the problem Im having with upgrading LAN design.
Please advise on proposed upgrade.
Overview
The customer has an existing network consisting of the 3 buildings; each building has a core switch (2x6509 & 1x4500).
Each core switch has about 20 access switches connected. There are some access switches which have other switches daisy chained to it.
All switches are using vlan 1 for native VLAN.
The customer will not upgrade the 4500 switch at this time.
Access switches do not have dual connects to the core switches. Therefore no redundancy for any access switches.
All core switches will be connected over Layer2 dot1q trunk link. (Some customer equipment only runs over l2 links). Therefore cannot use l3 ports between the core switches
Proposed Upgrade Design.
This is what I plan to use.
Each access switch will have a unique Data and Voice Vlan. The Core switch connected to the access switches will be the Default Gateway for the Data and Voice vlans on each access switch
Each core switches will run Eigrp between them.
All access switches will be connected over vlan 100 (Native Vlan)
10-29-2008 05:44 AM
Colm
Could you just explain what the setup is now as opposed to your proposed upgrade.
You setup will work and it may be the best option with the kit but i would still be concerned the complete lack of redundancy.
Jon
10-29-2008 08:48 AM
10-29-2008 09:01 AM
Okay, so what you are trying to do in effect is trying to limit the extent of the L2 broadcast domains by terminating the vlans on each core switch respective to their buildings ?
The only problem is you are still running a L2 trunk between the buildings - what are these for ? if you are containing the vlans within each building why can you not use L3 routed links between the 4500 and the 6500 switches ? I know you talk about legacy L2 - could you expand on that a bit.
Do you have spare fibres between all the buildings ?
Jon
10-29-2008 04:41 PM
There is one spare fibre between all buildings.
The LAN is based in a hospital environment and legacy medicial equipement will only communicate over L2 links. This has been tested over layer3 links and will not work.
Is it still a good idea to use Eigrp routing over L2 trunk for the core switches?
Thanks again,
Colm
10-30-2008 04:58 PM
Colm
Apologies for not getting back sooner.
So can i assume that this L2 legacy equipment runs across all 3 buildings and that means you must have L2 adjacency between all buildings ?
If so how does this equipment work. Is it a server based application ?. Where i am a little confused is that you have dedicated vlans/subnets in each building for clients so they would not be L2 adjacent for the servers anyway.
One possible use of the extra fibre would be to have both L3 and L2 links between buildings with most of the traffic going via L3 links which would protect you somewhat from STP loops and if the legacy equipment is finally replaced you have a L3 routed design to go forward with.
But without understanding the legacy application and how it works between buildings it's difficult to say.
Jon
10-30-2008 09:26 PM
I had a very similar hospital setup with a very similar setup and everything ran just fine but there are a few things I think you should look at.
1. The point of HSRP is to provide multiple layer 3 gateways in case of failure. If the equipment(core) fails, the line will be dead and no one will get out regardless, so you might as well scrap it.
2. Trunks between buildings is a good thing. You may want to consider running what I'll call 'local VLANs'. Use the same VLAN in each building for the users, let's say VLAN 100, but don't allow it over the core to core links(e.g. switchport trunk vlan allowed 1-99,101-2000). Limit some of the heavier traffic from spilling over your links. Each site will have it's own subnet, which will also make locating problems slightly easier.
3. If you want to run more bandwidth between buildings or you can convince them to have dual/redundant cores in each building, I would suggest you take a look at CWDM
multiple links over a single fiber. If you did have multiple cores, then you would want to run HSRP or GLBP between them.
4. EIGRP is Cisco only. As much as I like Cisco products I never want to be 100% bound to anything too proprietary. OSPF is almost as fast and is an industry standard. If you ever have to implement any non-Cisco equipment in the future it'll make your life a lot easier.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide