Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
10
Helpful
6
Replies

LAN Segmentation Design

zebranutz80
Level 1
Level 1

‎04-26-2012 12:09 PM - edited ‎03-07-2019 06:21 AM

Hello,

I've been tasked to come up with a design to segment our internal network to reduce broadcast domain size.  In addition, we are running out of DHCP available DHCP addresses.  I need to have a solution that will give me more available IP's, but reduce our broadcast domain.

We are Cisco VoIP shop.  Our current environment consists of dual 6509 chassis in a VSS config.  We have 10 access switches that are model 3750's.  Each 3750 has dual 1Gb fiber links to the VSS Core in an etherchannel configuration.  We have 2 VLANS (data and voice) that spread throughout every switch.  Both VLAN's have their own DHCP scope.

Our current broadcast domain is a 255.255.248.0, so we have over 2000 potential broadcast devices.  Cisco recommends not having larger than 512.  So my research has brought me to a design as follows:

          MY DESIGN:

>  Have individual voice and data VLANs for each closet switch. 

>  We have 10 closet switches so this would require 20 new vlans

>  With every separate VLAN we would need a different DHCP scope. 

>  Configure 20 new DHCP scopes for the 20 new VLANs. 

>  Each DHCP scope would have a 512 available addresses.

>  Enable IP Routing and configure EIGRP on the VSS Core and 3750's.

>  I'm tossing around the idea of have each 3750 be an EIGRP Stub.  Not sure yet.

          QUESTIONS:

1.  Can anyone verify what I described in my design? 

2.  Do you have an alternative solution that might be less complicated than configuring Layer 3 on all my access switches? 

3.  What are your thoughts on configuring EIGRP Stub vs. having the VSS Core do all the work?

4:  Does anyone have a template that I could base my 3750 config from?

Thank you experts for any assistance you may have!

-tom

Labels:
0 Helpful
6 Replies 6

Jonathancert_2
Level 1
Level 1

‎04-26-2012 01:09 PM

I am running a similar design to what you proposing.  I have 8 closets with 4510R-E's (access) with uplinks to two 6509's (distro).  Place all your switches in transparent mode and layer 2 trunk the uplinks.  You can also do layer 3 SVI's for management purposes and for routing of the SVI's in the closets.  I am running OPSF with loopback addresses on all the devices.  You can do a stub network but not sure if it would be necessary.  I have no on hand experience with VSS, so i don't know how my suggestion may affect it.

Jonathan,

0 Helpful

zebranutz80
Level 1
Level 1
In response to Jonathancert_2

‎04-26-2012 01:26 PM

Jonathan,

I was wondering about to do with my current VTP environment.  Thanks for answering that.

You mentioned that I should change my uplinks to L2 Trunks and use OSPF.  Is there any particular reason I should assign my uplinks and IP address and enable EIGRP?  Did your design allow for more flexibility?

Thanks for helping!

-tom

0 Helpful

Jonathancert_2
Level 1
Level 1
In response to Jonathancert_2

‎04-26-2012 02:07 PM

Didn't read what type of VTP environment you have.  My current design works for me.  Being using OSPF for past few years plus have some Juniper equipment on the network.  The network design was inherited but over the last year, have seen the benefits of it.  When i want to add another subnet to the closet switches, i just create the SVI, associate the interfaces and add the network to the routing protocol...done deal.  I just have a native VLAN on both ends on the layer 2 uplinks.  A  LAN or WAN can be your worst enemy if setup wrong, go with what you are comfortable with.

Jonathan,

vmiller
Level 7
Level 7

‎04-26-2012 01:15 PM

A llittle light reading:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0/BN_Campus_Models.html

You could just route in the core with l2 access links. Its a bit more planning from a l2 standpoint, but works like a charm.

Implemented that design in 13 buildings tied to a metro core.

0 Helpful

zebranutz80
Level 1
Level 1
In response to vmiller

‎04-26-2012 01:32 PM

That reading was as light as a brick!  ...but helpful.  Thanks.

We currently do VLAN routing on our Core for a few VLANS.  I'm curious if I should create a VLAN interface for every newly created VLAN.  This would require 20 new VLAN interfaces on my Core.  Alternatively, should I let my access switches do all the work by acting as EIGRP stubs?

0 Helpful

vmiller
Level 7
Level 7
In response to zebranutz80

‎04-26-2012 01:39 PM

EIGRP stub wouldn't do all that much. 20 SVI's is not that much work for a 65xx platform.

I wouldn't suggest switching routing protocols for this.

Can't comment on VSS, back in the day we used a pair of 65xx's as a building core. One was the root bridge for

odd vlans the other for the even. same held true for IP addressing/HSRP config.

This one is a bit easer to read, while it addresses campus design, it scales up and down.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns431/c649/ccmigration_09186a008093b876.pdf

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card