cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1582
Views
0
Helpful
8
Replies

Noob Campus Switching Question

justincG2
Level 1
Level 1

Hello, 

 

I am a system and software engineer, but had some networking stuff fall into a pretty unique project for some Egyptian Clients.  I understand networking and VLANs, but mostly from an F5 LTM and VMWare perspective, so I've been struggling with what I feel should be pretty simple. 

 

I have a Catalyst 4500x as the core switch, and 18 Catalyst 3650s powering 14 buidings.  I have 4 stacks of 2 switches, and the campus is linked by OS2 Fiber and LC Connectors. 

 

The entire network is on a private IP range of 134.177.0.0/16.  The core switch is 134.177.255.1 the campus switches are 134.177.255.91, with the last octet representing the building number.  Internally, the IP space is 134.177.91.0/24.  These VLANs are managed by DHCP

 

Pretty straightforward setup, but I'm missing something.  

 

All 3650 connections are on the Gi1/1/1 port.  When I use that port as a trunk, the client PCs get an IP address from an upstream DHCP server.  When I switch it to an access port, the PCs get IP addresses from the switches DHCP, and can talk to each other, but cannot reach anything outside the switch. 

 

Seems like the configuration should be easy, but I'm probably using the wrong terminology in my searches, so any help would be appreciated!

1 Accepted Solution

Accepted Solutions

Thanks for the additional explanation. I find some things in the diagram confusing, but since the diagram deals with a high level view of the complete project and we are dealing with details of one building I believe that we can save any discussion of the diagram for a later time wen we have the one building working.

 

The first issue is about your having a single vlan. A single vlan will not support what you want to accomplish. Clearly the 3650 for each building will have at least two vlans (one for management and one for users) and the core will have at least a vlan for each building and a vlan for management. So you need to implement multiple vlans and to configure the connection from each building 3650 to core as a trunk.

 

It is good to know that you are configuring DHCP on the 3650 and that this is working. You have configured DHCP so that the gateway is 134.177.91.1, which sounds good. But where is that IP address? Is it on an SVI on the 3650 or is it on the core switch? The answer for that should be based on how you want the 3650 to operate. Do you want the 3650 to operate as a layer 2 switch? In that case the gateway address would be on the core switch and the 3650 only needs the vlans configured and a trunk to the core. If you want the 3650 to operate as a layer 3 switch then the gateway address can be on an SVI on the 3650 and the 3650 needs routing logic to forward traffic to the core switch.

 

When we get these questions about the architecture of the network resolved then we can address what is the next step for you.

 

HTH

 

Rick

HTH

Rick

View solution in original post

8 Replies 8

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

All 3650 connections are on the Gi1/1/1 port.  When I use that port as a trunk, the client PCs get an IP address from an upstream DHCP server.  When I switch it to an access port, the PCs get IP addresses from the switches DHCP, and can talk to each other, but cannot reach anything outside the switch. 

 

The ports that connect the 3650s to the 4500 need to be configured as trunk if you have multiple vlans on each 3650. Can you verify?

HTH

Yes, However, when I configure it Gi1/1/1 as the trunk, the upstream DHCP server passes down the IP to client PCs.

 

So What I want:

ADSL Modem: 72.214.xxx.xxx

Generic Router w/DHCP: 192.168.1.1

Core 4500x: 134.177.255.1

Bldg 91 3650: 134.177.255.91

Bldg 91 Client PC: 134.177.91.100

 

What I get when I configure Gi1/1/1 on the 3650 as a trunk:

ADSL Modem: 72.214.xxx.xxx

Generic Router w/DHCP: 192.168.1.1

Core 4500x: 134.177.255.1

Bldg 91 3650: 134.177.255.91

Bldg 91 Client PC: 192.168.1.100

I agree with Reza that if you have multiple vlans that the interface needs to be configured as a trunk. Beyond that we do not have enough information to be able to identify your issue or to suggest solutions. What you have given so far suggests at least two vlans. One vlan for management using subnet 134.177.255.0 and a subnet for a building using 134.177.91.0. Are there other vlans and subnets? If so what are they? Is the routing between vlans done on the 4500 or on the generic router? How many DHCP scopes are configured? What are the address ranges of these scopes? On what device(s) are the scopes configured? At some point we will probably need to see the config of the 4500. But for now would you post the output of the following commands on the 4500

show ip interface brief

show interface status

show interface trunk

 

HTH

 

Rick

HTH

Rick

Hello, thanks for the reply!  I currently only have one VLAN, although I've tried two to no avail. When I had two, I had Gi1/1/1 trunking on vlan 2, but ended up getting stuck there, and backed out. 

 

 

I've attached a network diagram of what I'm trying to achieve. 

 

Each switch will have it's own dhcp scope (giving out addresses in its 134.177.XX.yyy subnet, where XX is bldg number and yyy is 20-255). Currently, I've only worked on the 91 switch, and plan on using that as a baseline config for the rest.  I am successfully configuring DHCP on the 3650, i.e. my client PC will pull down 134.177.91.23 with default gateway 134.177.91.1, but nothing is getting routed outside the network.  My client PC cannot access the internet, or ping 134.177.255.1 (the 4500x), or the modem.  

 

Right now, it seems like a communication issue.  I feel like I should be routing 134.177.91.1 to 134.177.255.91 to 134.177.255.1 to modem.  Which again feels like it should be simple, but I'm clearly doing something wrong!

 

 

 

Thanks for the additional explanation. I find some things in the diagram confusing, but since the diagram deals with a high level view of the complete project and we are dealing with details of one building I believe that we can save any discussion of the diagram for a later time wen we have the one building working.

 

The first issue is about your having a single vlan. A single vlan will not support what you want to accomplish. Clearly the 3650 for each building will have at least two vlans (one for management and one for users) and the core will have at least a vlan for each building and a vlan for management. So you need to implement multiple vlans and to configure the connection from each building 3650 to core as a trunk.

 

It is good to know that you are configuring DHCP on the 3650 and that this is working. You have configured DHCP so that the gateway is 134.177.91.1, which sounds good. But where is that IP address? Is it on an SVI on the 3650 or is it on the core switch? The answer for that should be based on how you want the 3650 to operate. Do you want the 3650 to operate as a layer 2 switch? In that case the gateway address would be on the core switch and the 3650 only needs the vlans configured and a trunk to the core. If you want the 3650 to operate as a layer 3 switch then the gateway address can be on an SVI on the 3650 and the 3650 needs routing logic to forward traffic to the core switch.

 

When we get these questions about the architecture of the network resolved then we can address what is the next step for you.

 

HTH

 

Rick

HTH

Rick

Thank you so much!  That was the "explanation for Dummys" that I needed!  I saw info on the webui about SVI, but didn't do enough research, but that seems to be I needed.  Also about the 134.177.91.1 IP Address, that was the IP I had given to VLAN 1, which when I write that out, seems like it would definitely be causing my problem!

I am glad that my explanation was helpful. I believe that once you have thought about and resolved some questions about architecture of this network then figuring out what and how to configure becomes much easier. Assigning 134.177.91.1 to vlan 1 on the 3650 is easy and seems intuitive. But it does have implications about needing to enable layer 3 routing on the 3650. If you move the gateway address for the subnet to the core switch then it does simplify configuration of the 3650.  Then the 3650 needs access ports in a vlan for users (you could use the default vlan 1 or could choose to have the vlan number match the building number) and it needs the interface connecting the 3650 to core to be a trunk carrying the user vlan and the vlan for management traffic.The 3650 needs an SVI in the vlan for management traffic to have the IP for the switch.

 

HTH

 

Rick

HTH

Rick

Alan_4
Level 1
Level 1

 

nvm 

Review Cisco Networking for a $25 gift card