08-11-2020 01:51 PM - edited 08-11-2020 01:53 PM
Hi all,
I'm configuring a Nexus 3064 on our network which I want to use as a core switch and have the other 2 Cisco Catalyst 2960's connected to it via 10G. The 2960's have the 10G SPF modules in them.
The desired network looks like this:
At present the 2960's are only Layer 2 and the fortigate 80E is routing all the VLANS, 6 in total. The two 2960's are connecter via a 10g connection and the fortigate is connected via 1000mbps to one of the 2960's.
When I connect the two 2960's via a trunk port to a port on the Nexus. I allow all 6 vlans on these two trunk ports.
The problem is when I install the Nexus 3064 as the core. I cant see other vlans even though I have a trunk port configured for each 2960 passing all vlans though it. Do I need to use layer 3 on the nexus? Or can I keep using the Fortigate as the layer 3 routing?
I cant seem to ping anything from the nexus switch either? Is this the best way to do this?
Thanks,
08-11-2020 02:04 PM
if you looking Nexus as Core (single or dual ?) , Hope cisco 2960 access switches with clients connected.
you can re-design like below
Fortigate----nexus---2960 switches (they act as access switch for your users).
If you looking to be nexus as Pure L2, you do not need any special config, just Layer to configuration with trunk
But you do need the Layer 3 interface to management for mange these devices.
as per your setup, it should work, but i do best as per the above suggested changing things.
make sure you created VLAN inside nexus also for that VLAN to transit.
best to look is post the configuration all device so we can understand better what is configured.,
08-11-2020 02:15 PM - edited 08-11-2020 02:29 PM
Thanks for the reply.
Correct at present Nexus will be a single core and the clients are all connecting to the 2960's. All servers and NAS are connected to the 10G nexus ports.
So when you say a layer 3 interface for management you mean create a new vlan interface for all vlans and then assign an ip address to those interfaces?
Attached the configs form the switches. I had to roll back because I had problems. So on the 2960's the TE ports are not configured currently to the nexus.
I had something like that for the port:
interface TenGigabitEthernet1/0/1
description TRUNK_TO_CORE01
switchport trunk allowed vlan 1-9
switchport trunk native vlan 2
switchport mode trunk
Thanks,
08-11-2020 04:05 PM
what was the issue you encountered ? can you give more information.
08-11-2020 04:26 PM
1. I can't ping anything from the nexus on the lan. I'm thinking possible gateway config problem?
2. I can't reach sw_studio3 and visa versa
08-12-2020 05:41 AM
i suspect it is Pure Layer 2 if you configured, you wont be able to ping other VLAN
but you can ping your default gateway as configured.
When you next time do the change :
1. make sure you check end device able to ping Gateway.
2. cross check all the VLAN allowed and created on all device in the path.
3. check is there any MAC and ARP learning. in each device.
i do not see any Loops here so it should work as expected.
08-12-2020 08:27 AM
I have my 2960's setup like that. Layer 2 with the fortigate as the default gateway and this routes the VLANS and makes everything reachable.
Can't I do the same with the Nexus? It seems not. If I set a default gateway if should find the fortigate and route the traffic right?
Is this the best way to do it?
08-12-2020 08:55 AM
So now Nexus out of the way in your network right ?
can you post current Config along with diagram to understand.
Its not complicated setup it should work as Layer 2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide