Hi,

jwillis · ‎03-01-2017

Hi, I'm trying to figure out the best way to accomplish this. I've got to locations, each has a separate subset of VLANS used for management, voice data wireless, and wireless management. There are 4500X w/ IP services in each building connected to each other with dark fiber. Currently, those connecting ports are configured as trunks, allowing only a single VLAN between the two (VLAN doesn't exist elsewhere.) A picture to help explain...

So right now, the two te/0/2 ports are configured similarly to this

switchport mode trunk

switchport trunk native vlan 2

switchport trunk allowed vlans 2

all of the access VLANS have SVI's configured on their respective switches.

Switch 1:

int vlan 2

descr INTER BUILDING VLAN 2

ip address 192.168.2.1 255.255.255.0

int vlan10 mgmt

descr MANAGEMENT VLAN 10

ip address 192.168.10.1 255.255.255.0

int vlan 11

descrm DATA VLAN 11

ip address 192.168.11.1 255.255.255.0

etc...

Switch 2:

int vlan 2

descr INTER BUILDING VLAN 2

ip address 192.168.2.2 255.255.255.0

int vlan 20 mgmt

descr MANAGEMENT VLAN 20

ip address 192.168.20.1 255.255.255.0

int vlan 21

descrm DATA VLAN 21

ip address 192.168.21.1 255.255.255.0

etc...

Basic IP routing is setup like this, but I don't think it's appropriate.

Switch 1:

ip route 192.168.20.0 255.255.255.0 192.168.2.2

ip route 192.168.21.0 255.255.255.0 192.168.2.2

ip route 0.0.0.0 0.0.0.0 < routed wan interface ip >

switch 2:

ip route 0.0.0.0 0.0.0.0 192.168.22.1

-----------

So here is what my goals are:

1: keep cos/dscp tags on packets traversing switch 1 and switch 2 (mainly for VoIP voice gateway is on VLAN 22)

2: I need multicast routing to pass mDns from Switch1 Data VLAN11 to Switch1 Wireless VLAN13 and Switch2 Wireless VLAN23(for Airprint)

3: not overly complicate things.

Here are some questions I have:

1. being that traffic is currently routed over layer 3 from Switch1 to Switch 2, any COS Tags will be striped but TOS/DSCP would remain Correct?

2. On Switch1 instead of doing:

ip route 192.168.20.0 255.255.255.0 192.168.2.2

but rather:

ip route 192.168.20.0 255.255.255.0 VLAN 2

would that continue to be a layer 3 route? or would that be considered inter-VLAN routing?

3. Last but not least...What would you recommend as the best approach for this situation?

Thank You,
Joe

edit: I've attached the image if anyone is having trouble viewing.

Marcel Kamenz · ‎03-02-2017

Hi,

so first if there is routing between to SVI this is InterVLANrouting.

The picture is inaccessible :(

Next part is to design the network, should it be a Single LAN, for example a company with two offices in two buildings, or two independent LANs connected together?

So if you dont need the networks from building1 in building2 but need a connection in those networks I would do a L3 Routing with OSPF.v

If you want to all networks in all buildings available I would do a VSS across the 4500X, so you've got less management.

Or like I see, simply do a RIPv2. I mention that building 2 is using the WAN access in building 1?

Your questions:

1. Catalyst switches know DSCP und CoS - I would prefer DSCP

2. Routing between SVIs is inter-vlan routing. I think it continue to be a route (layer3).

3. Starting at line 1 :) - I know several customers where I've to ask in deep what they really want to do and not what design they want. So like here it's important to know in which way your customer way of work is like.

jwillis · ‎03-02-2017

Thank You Marcel,

That is correct building 2 uses wan from building 1.

The reason for the layer 3 between buildings is to cut down on the broadcast noise, and I agree that OSPF would be a better way of connecting the two.

I'm going to spin up some gns3 routers and work out a config and see where that goes.

Joe

Joseph W. Doherty · ‎03-02-2017

#1 Correct, although CoS tags are lost because VLAN 2 is defined to be the native VLAN.

#2 That would work, but using a next hop IP is a much, much better approach.

Yes, it's L3 route, as it what you have now.

#3

Change the inter-switch link ports to be routed ports.
Use a dynamic routing protocol between the 4500s.
Use ToS for QoS purposes.
If possible have a second link between the two 4500s, ideally same bandwidth so it can be an Etherchannel.

jwillis · ‎03-02-2017

Thank you Joseph, that is helpful.

Richard Burts · ‎03-02-2017

Joe

I agree with the previous responses that this is a layer 3 routed implementation. I wonder why the connection is configured as a trunk and agree with Joseph that I would suggest making it a routed port. With two vlans/two subnets in each building and a transit vlan/subnet I would think that static routing could be adequate. The reasons for using a dynamic routing protocol usually include:

- selecting the optimum path when there is more than one path available.

- reacting to a failure of a network path and directing traffic over an alternate path.

- determining when a network resource (subnet) is no longer available.

- help with scaling issues as the network grows larger.

Since there are no alternate paths in your network only once of those reasons applies to your situation.

As far as changing the static route I would state it a bit more strongly than Joseph, You should keep the static route with a next hop specified (or you could specify both interface and next hop). A static route specifying only the outbound interface, when that interface is Ethernet, will require that your switch arp for every destination that it forwards using that static route. This will increase CPU activity to do the arp request, increase the size of the arp table, and increase the CPU used to maintain the arp table. Since you are proposing this for only a subnet (or two) it is not a big deal. But it is very clear that it is better to have the static route with a next hop.

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎03-07-2017

Since you are proposing this for only a subnet (or two) it is not a big deal.

Don't overlook the default is likely also used to get to Internet addresses.

jwillis · ‎03-07-2017

Hi, I've taken your advice in to account, I've enabled OSPF on the switches, and changed the connecting links into routed ports.

Here is an updated diagram.

I've set the outbound port on swit1 and the next hop to be Area 0

My plan was to make the inter connecting links te/2 and te1/1 as area 1

then have area 3 and 4 local to each building and that would contain the networks of the svi's.

This seemed like it made sense to me but didn't seem like it did to the switches. I was getting updated routes on area 3 but not on area 4, that is, I could see the remote ospf networks advertised from area 3 on area 4 if i were to do a show ip ospf database. However, on area 3, I could only see the ones from area 1 and 0. This may be normal for all I know, do area's have some sort of a priority? like if area # is higher don't worry about it??

For now things are working I still have area 0, then area 1 contains the rest.

Thanks,
Joe

Joseph W. Doherty · ‎03-07-2017

OSPF has rules concerning how you use areas. The zero area is a "root" for other areas.

For a network as small as yours, one area is fine.

Question regarding connecting two buildings between two layer 3 switches VLAN vs Route

switchport mode trunk

switchport trunk native vlan 2

switchport trunk allowed vlans 2