cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
5
Helpful
3
Replies

Need help with implementing Vlans in new network design

Mark Mattix
Level 2
Level 2

Currently the way part of my network is designed offers no type of redundancy and I think could be improved in regards to aggregating links and performing better switching with a change of wiring. In fact my main reason for redesigning my network is to offer better switching performance, hardware redundancy isn't extremely important because we can only afford to have 1 of some WAN links, but hardware redundancy will be nice to have. Anyway my question (please see attached diagram):

When looking at the old design, i will be replacing the router with the 2 L3 stacked 3750s. Currently all devices on the old design are on the native vlan 1. Part of my plans to implement the 2 L3 switches is to create 2 different Vlans to replace my current network which consists of 2 core networks divided by the router. I believe in order to do this I have no choice but to create 2 VLANs or combine the 2 into 1, so I'm choosing 2 different VLANs.

My concern is when I implement the dual L3 switchs the link going to the switch named "Switch 2" will have a vlan mismatch error, since it's currently on vlan 1. "Switch 2" does have it's vlan 1 SVI configured with an IP address but there is no "no switchport" command on the interface, which leads me to believe I will have the vlan mismatch error. This issue of concern also can be applied to my firewall.

My question is, what is the correct way of configuring this topology? Should I issue the command, "no switchport" on my stacked L3 and "Switch 2" and us IP addressing to communicate with each other? The problem that then arises from this configuration is, when data on different networks needs to access a location beyond the "Switch 2" how does the core know to forward it to "Switch 2"? Would an ip route command like, "ip route 192.168.1.0 0.0.0.0 192.168.1.2" be sufficient in saying, anything that requires network 192.168.1.0 and isn't already attached to me, send to "Switch 2". Network 192.168.1.0 is the majority of my network and connected directly to the core, it extends out to a different, local, building by "Switch 2".

Another question about the link that goes from the dual L3 switches to "Switch 2", if this link is an access port on Vlan 60 and "Switch 2's" other ports are all on native vlan 1, information can't be sent across just a L2 link with a different VLAN of 60, correct? I believe this could only be done using a trunk. I'm hesitent in changing all of "Switch 2's" port to Vlan 60 because I'm not sure how that will affect the 10-15 Lightweight APs I have connected to it.

I hope someone can shed some light on how this should best be configured. Thanks for any help and advice!   -Mark

1 Accepted Solution

Accepted Solutions

schaef350
Level 1
Level 1

The VLAN missmatch is not a major issue...  VLAN "numbers" (tags) only matter on trunks. Access VLANs are only locally significant. Obviously its not best practice to connect and cause the VLAN missmatch errors.   Connect the ports together and then all at once (off hours) just set all ports to access vlan 60 with an interface range command to match the access VLAN accross switches.

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts

View solution in original post

3 Replies 3

schaef350
Level 1
Level 1

The VLAN missmatch is not a major issue...  VLAN "numbers" (tags) only matter on trunks. Access VLANs are only locally significant. Obviously its not best practice to connect and cause the VLAN missmatch errors.   Connect the ports together and then all at once (off hours) just set all ports to access vlan 60 with an interface range command to match the access VLAN accross switches.

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts

schaef350
Level 1
Level 1

"I'm hesitent in changing all of "Switch 2's" port to Vlan 60 because I'm  not sure how that will affect the 10-15 Lightweight APs I have  connected to it."

Again, VLANs are only locally significant.  However, if your WLC connects on a trunk it will matter.

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts

Thank you for the help Schaef! After you mentioned how VLANs are only locally significant I found this article explaining it more, http://packetlife.net/blog/2008/apr/11/vlans-are-locally-significant/

I guess I forgot that access ports do not tag the frames with VLAN information. I'm glad I understand this now! Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco