04-26-2018 10:55 AM - edited 03-08-2019 02:48 PM
Hello,
I am a system and software engineer, but had some networking stuff fall into a pretty unique project for some Egyptian Clients. I understand networking and VLANs, but mostly from an F5 LTM and VMWare perspective, so I've been struggling with what I feel should be pretty simple.
I have a Catalyst 4500x as the core switch, and 18 Catalyst 3650s powering 14 buidings. I have 4 stacks of 2 switches, and the campus is linked by OS2 Fiber and LC Connectors.
The entire network is on a private IP range of 134.177.0.0/16. The core switch is 134.177.255.1 the campus switches are 134.177.255.91, with the last octet representing the building number. Internally, the IP space is 134.177.91.0/24. These VLANs are managed by DHCP
Pretty straightforward setup, but I'm missing something.
All 3650 connections are on the Gi1/1/1 port. When I use that port as a trunk, the client PCs get an IP address from an upstream DHCP server. When I switch it to an access port, the PCs get IP addresses from the switches DHCP, and can talk to each other, but cannot reach anything outside the switch.
Seems like the configuration should be easy, but I'm probably using the wrong terminology in my searches, so any help would be appreciated!
Solved! Go to Solution.
04-27-2018 09:06 AM - edited 04-27-2018 09:08 AM
Thanks for the additional explanation. I find some things in the diagram confusing, but since the diagram deals with a high level view of the complete project and we are dealing with details of one building I believe that we can save any discussion of the diagram for a later time wen we have the one building working.
The first issue is about your having a single vlan. A single vlan will not support what you want to accomplish. Clearly the 3650 for each building will have at least two vlans (one for management and one for users) and the core will have at least a vlan for each building and a vlan for management. So you need to implement multiple vlans and to configure the connection from each building 3650 to core as a trunk.
It is good to know that you are configuring DHCP on the 3650 and that this is working. You have configured DHCP so that the gateway is 134.177.91.1, which sounds good. But where is that IP address? Is it on an SVI on the 3650 or is it on the core switch? The answer for that should be based on how you want the 3650 to operate. Do you want the 3650 to operate as a layer 2 switch? In that case the gateway address would be on the core switch and the 3650 only needs the vlans configured and a trunk to the core. If you want the 3650 to operate as a layer 3 switch then the gateway address can be on an SVI on the 3650 and the 3650 needs routing logic to forward traffic to the core switch.
When we get these questions about the architecture of the network resolved then we can address what is the next step for you.
HTH
Rick
04-26-2018 12:14 PM
Hi,
All 3650 connections are on the Gi1/1/1 port. When I use that port as a trunk, the client PCs get an IP address from an upstream DHCP server. When I switch it to an access port, the PCs get IP addresses from the switches DHCP, and can talk to each other, but cannot reach anything outside the switch.
The ports that connect the 3650s to the 4500 need to be configured as trunk if you have multiple vlans on each 3650. Can you verify?
HTH
04-26-2018 01:45 PM
Yes, However, when I configure it Gi1/1/1 as the trunk, the upstream DHCP server passes down the IP to client PCs.
So What I want:
ADSL Modem: 72.214.xxx.xxx
Generic Router w/DHCP: 192.168.1.1
Core 4500x: 134.177.255.1
Bldg 91 3650: 134.177.255.91
Bldg 91 Client PC: 134.177.91.100
What I get when I configure Gi1/1/1 on the 3650 as a trunk:
ADSL Modem: 72.214.xxx.xxx
Generic Router w/DHCP: 192.168.1.1
Core 4500x: 134.177.255.1
Bldg 91 3650: 134.177.255.91
Bldg 91 Client PC: 192.168.1.100
04-26-2018 02:19 PM
I agree with Reza that if you have multiple vlans that the interface needs to be configured as a trunk. Beyond that we do not have enough information to be able to identify your issue or to suggest solutions. What you have given so far suggests at least two vlans. One vlan for management using subnet 134.177.255.0 and a subnet for a building using 134.177.91.0. Are there other vlans and subnets? If so what are they? Is the routing between vlans done on the 4500 or on the generic router? How many DHCP scopes are configured? What are the address ranges of these scopes? On what device(s) are the scopes configured? At some point we will probably need to see the config of the 4500. But for now would you post the output of the following commands on the 4500
show ip interface brief
show interface status
show interface trunk
HTH
Rick
04-27-2018 08:25 AM
Hello, thanks for the reply! I currently only have one VLAN, although I've tried two to no avail. When I had two, I had Gi1/1/1 trunking on vlan 2, but ended up getting stuck there, and backed out.
I've attached a network diagram of what I'm trying to achieve.
Each switch will have it's own dhcp scope (giving out addresses in its 134.177.XX.yyy subnet, where XX is bldg number and yyy is 20-255). Currently, I've only worked on the 91 switch, and plan on using that as a baseline config for the rest. I am successfully configuring DHCP on the 3650, i.e. my client PC will pull down 134.177.91.23 with default gateway 134.177.91.1, but nothing is getting routed outside the network. My client PC cannot access the internet, or ping 134.177.255.1 (the 4500x), or the modem.
Right now, it seems like a communication issue. I feel like I should be routing 134.177.91.1 to 134.177.255.91 to 134.177.255.1 to modem. Which again feels like it should be simple, but I'm clearly doing something wrong!
04-27-2018 09:06 AM - edited 04-27-2018 09:08 AM
Thanks for the additional explanation. I find some things in the diagram confusing, but since the diagram deals with a high level view of the complete project and we are dealing with details of one building I believe that we can save any discussion of the diagram for a later time wen we have the one building working.
The first issue is about your having a single vlan. A single vlan will not support what you want to accomplish. Clearly the 3650 for each building will have at least two vlans (one for management and one for users) and the core will have at least a vlan for each building and a vlan for management. So you need to implement multiple vlans and to configure the connection from each building 3650 to core as a trunk.
It is good to know that you are configuring DHCP on the 3650 and that this is working. You have configured DHCP so that the gateway is 134.177.91.1, which sounds good. But where is that IP address? Is it on an SVI on the 3650 or is it on the core switch? The answer for that should be based on how you want the 3650 to operate. Do you want the 3650 to operate as a layer 2 switch? In that case the gateway address would be on the core switch and the 3650 only needs the vlans configured and a trunk to the core. If you want the 3650 to operate as a layer 3 switch then the gateway address can be on an SVI on the 3650 and the 3650 needs routing logic to forward traffic to the core switch.
When we get these questions about the architecture of the network resolved then we can address what is the next step for you.
HTH
Rick
04-27-2018 09:27 AM
Thank you so much! That was the "explanation for Dummys" that I needed! I saw info on the webui about SVI, but didn't do enough research, but that seems to be I needed. Also about the 134.177.91.1 IP Address, that was the IP I had given to VLAN 1, which when I write that out, seems like it would definitely be causing my problem!
04-27-2018 10:00 AM
I am glad that my explanation was helpful. I believe that once you have thought about and resolved some questions about architecture of this network then figuring out what and how to configure becomes much easier. Assigning 134.177.91.1 to vlan 1 on the 3650 is easy and seems intuitive. But it does have implications about needing to enable layer 3 routing on the 3650. If you move the gateway address for the subnet to the core switch then it does simplify configuration of the 3650. Then the 3650 needs access ports in a vlan for users (you could use the default vlan 1 or could choose to have the vlan number match the building number) and it needs the interface connecting the 3650 to core to be a trunk carrying the user vlan and the vlan for management traffic.The 3650 needs an SVI in the vlan for management traffic to have the IP for the switch.
HTH
Rick
04-27-2018 12:06 AM - edited 04-27-2018 10:48 AM
nvm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide