Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
697
Views
0
Helpful
6
Replies

layer 3 vlan extension

mahesh18
Level 6
Level 6

‎12-09-2015 06:22 PM - edited ‎03-08-2019 03:03 AM

Hi Everyone,

Here is current network setup

Server1----Vlan 10  ----Switch1-----SVI  vlan 10------------Firewall

Server1 gateway IP address is Firewall so that server can go to rest of the network.

Now i need to connect a new network that needs to be isolated but it need to talk to Server1

I need to connect new switch2 to switch1.

new appliance will connect to switch2 .

What network design i can create so that new server2 connected to switch2 can talk to server1 on vlan10 subnet say 10.0.0.0/24?

Option1

IF i create new svi between switch1 and 2 assign it subnet 11.0.0.0/24 and config static route on switch1 and 2 so that they can reach other

is this right way?

Option2

If i connect switch 1 and 2 via vlan10 as trunk port.

I will create layer 2 vlan on switch 2 .

New server2 will be assigned IP in vlan 10 subnet.

then server2 and server1 be able to ping each other as they are on same vlan10/subnet right?

But then issue comes what gateway ip address i will assign to server2?

Regards

MAhesh

Labels:
0 Helpful
6 Replies 6

julijime
Cisco Employee
Cisco Employee

‎12-09-2015 06:44 PM

Hi Mahesh,

Based on your description Option2 would be the easiest way to get the connectivity between your two servers without much effort. Regarding the gateway, as server2 will be in the same vlan10 you should use the same gateway as in server1, in this case the firewall.

HTH 

Julio

0 Helpful

mahesh18
Level 6
Level 6
In response to julijime

‎12-09-2015 07:15 PM

Hi Julio,

Is there any way if i go with option2 but with different gateway for server2?

we do no want that firewall IP as gateway for server 2.

Regards

MAhesh

0 Helpful

julijime
Cisco Employee
Cisco Employee
In response to mahesh18

‎12-09-2015 07:58 PM

Hi Mahesh, 

You can configure a different gateway for server2 and connectivity with server1 should remain as they won't need to use the default gateway to connect between each other, however I don't see the reason why this is needed.

HTH

Julio

0 Helpful

mahesh18
Level 6
Level 6
In response to julijime

‎12-10-2015 10:11 AM

Hi Julio,

Only reason is that we do not want the existing gateway of server 1 to be same as of server2.

We are only doing this way as per network design requirement.

Regards

Mahesh

0 Helpful

Moh Mogh
Level 1
Level 1
In response to mahesh18

‎12-17-2015 06:18 AM

Hi,

If you really wanna make it so complex, then create a SVI for VLAN10 on SW2 and assign an IP address in the same subnet. Use that IP as the default gateway for the server.

Then, you also have to add a default route on SW2 having firewall as nexthop.

Regards,
Mohammad Moghaddas

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-10-2015 10:34 AM

Hi Mahesh,

If you want to keep it really simple and there is no need for separation, you can simply connect sw2 to sw1 and add vlan 10 to it and connect the new server to sw2 and give it an IP address in vlan 10.

If you want to maintain separation, you can connect sw2 to sw1 and add a new vlan (vlan 11) to it.  You than need to add vlan 11 to the link between sw1 and sw2 and sw1 and the firewall and put the default gateway for the new vlan on the firewall.  Please note, if this is already in production and the connection between sw1 and the firewall is configured as access port, there will be a short outage when changing the port from access to trunk.  So, you should not make the change during business hours.

Thanks,

Reza

0 Helpful
Customers Also Viewed These Support Documents