01-25-2012 03:05 AM - edited 03-07-2019 04:32 AM
Hi.
I have a stacked Cisco Catalyst 3750 configuration that currently has one VLAN configured.
VLAN 192 - 10.192.0.0/16
The Catalyst has an ip on this range of 10.192.0.1
I would like to configured a few more VLAN's to be able to run some more network ranges through this device. Would it be a case of just adding the VLAN's to the master and then configuring an IP for each VLAN within the inter-vlan routing section? Some VLAN's will require access to eachother but not all.
Solved! Go to Solution.
01-26-2012 10:01 AM
Hey Jamie,
Yes the ip address you assign to the VLAN will be the gateway address (e.g. 10.196.0.1).
On a side note... each vlan will represent a single broadcast domain. With that in mind your /16 is probably WAY to large because its broadcast domain represents a potential of approx. 65536 hosts!! Of course I have no idea what you are doing however based on my experience this approach has a very high potential of needing a future disruptive maintenance to reduce the block size if not addressed before going into production. Just my 2 cents
01-25-2012 10:22 AM
That should be all you need. Create the vlan on the switch, create a vlan interface and put an address on it. Then you'll put whatever ports you need in that certain vlan and their gateway will be the ip address that you put on the vlan interface for their corresponding vlan.
01-25-2012 11:28 AM
Hey Jamie,
So here are my thoughts.
A catalyst 3750 provides both layer 2 switching and layer 3 routing support...so yes you can add additional VLAN interfaces and allow inter-vlan routing. Keep in mind you will need to create ACLs on your 3750's for any ip's or blocks you don't want communicating with one another.
A few things to consider with your environment.
- VTP: used to control adding, removing and propagating VLANS to devices in a VTP domain.
To create VLANs on a switch it must be in VTP server or VTP transparent mode. When VTP server mode is configured you'll also need to define a VTP domain name prior to adding any VLANs. Note if VTP is not used VLANs will need to be added manually to each device on the segment.
- verify the VLANs you want to create interfaces for exist in the vlan database using the "sh vlan brief" command. If they do not exist in the vlan database you will need to add them...
- now identify the ip addresses you want to use for each and create each VLAN interfaces accordingly. Note for inter-vlan routing to work the VLAN interface must be configured with an IP address. If the VLAN ID does not exist in the vlan database before creating the relative interface you will need to issue the "no shut" command at the interface level to bring that VLAN interface up.
- Inter-vlan routing: To allow inter-vlan routing you must enable routing on your device by using the "ip routing" command. If this command is not accepted you might need to look at upgrading your Cisco IOS Software to Release12.1(11)EA1 or later.
- If applicable you should also a default route for the switch
Hope this helps...have fun!!
01-25-2012 12:21 PM
If you plan on dividing up that 10.192. space which is huge then you will have to change the mask on vlan 192 and change any dhcp server settings to reflect that unless everything is hardcoded . Then you can make smaller say /24 out of that space . Not sure why they would have made that a /16 .
01-25-2012 02:05 PM
so just to be clear. You cannot create multiple vlans with all of them using the same IP space/block (e.g. 10.192.0.0/16). The devices connected to ports configured for different access vlans must also be on different networks or subnets. For example:
10.192.0.0/16 can only belong to a single VLAN thus so do the hosts. If you want to create two vlans you must have two different IP block. If using only the 10.192.0.0/16 block this means it will need to be subnetted into two separate blocks.
For the ease of getting my point across we'll just create two /17 subnets using your 10.192.0.0/16, which by the way is equivalent to 256 class C subnets.
10.192.0.0/16 has a mask of 255.255.0.0 assigned to vlan 192 = 1 network
10.192.0.0/17 assigned to vlan 192 & 10.192.128.0/17 assigned to vlan 193 (or any other vlan id) = 2 networks each using a mask of 255.255.128.0
if you want more vlans you'll need more networks
here is what your 10.192.0.0/16 looks subnetted into 4 networks;
10.192.0.0/18, 10.192.64.0/18, 10.192.128.0/18, 10.192.192.0/18 all using a mask of 255.255.192.0 -- in this case you will assign each block to a vlan thus giving you 4 vlans.
I hope this adds a little more clarity.
01-26-2012 09:29 AM
Thanks guy's.
I plan to create the additional VLAN's using new ip ranges. For example:
VLAN 192 - 10.192.0.0/16
VLAN 193 - 10.193.0.0/23
VLAN 194 - 10.194.0.0/23
VLAN 195 - 10.195.0.0/23
VLAN 196 - 10.196.0.0/23
It sounds pretty straight forward from the posts here with what i need to do. In terms of the ACL's... I'm assuming that without creating any ACL's, all VLAN's will be able to talk ot eachother? I would just need to apply a deny rule to the VLAN's i would want to segregate?
Also, when assigning an IP for the VLAN on the switch. For instance:
For VLAN 196, the switch was be assigned an IP of 10.196.0.1... Would this be gateway for any devices on this VLAN / subnet?
Thanks.
01-26-2012 10:01 AM
Hey Jamie,
Yes the ip address you assign to the VLAN will be the gateway address (e.g. 10.196.0.1).
On a side note... each vlan will represent a single broadcast domain. With that in mind your /16 is probably WAY to large because its broadcast domain represents a potential of approx. 65536 hosts!! Of course I have no idea what you are doing however based on my experience this approach has a very high potential of needing a future disruptive maintenance to reduce the block size if not addressed before going into production. Just my 2 cents
01-30-2012 09:37 AM
Hey Jamie,
Please don't forget to update the posting if/when your question gets answered so we know if any of our help was useful and/or accurate. On the other hand if you still need assistance please let us (forum community) know.
Thanks and hope everything is working out.
01-31-2012 01:07 AM
Thanks Everyone... Great answers and just what i needed! : )
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide