Solved: Standard lan network

silex · ‎02-04-2013

I was hoping for some advice on a simple lan we have. We currently have an overcomplicated lan network. I am looking to simplify it.

we have 2 core switches and 2 access switches. 1 router for internet and MPLS link to data center.

On the access switches there are 5 Vlans configured and they are performing the routing between devices on the different subnets. The core switches are hosting the servers.

Q1. I assume that the reason the access is doing the routing is to keep traffic local and to not do any routing at the router end.

Q2. On the router what config is needed on the Lan interface? How do I route external traffic onto our Lan?

Q3. The extrernal interface is on fastethernet 0 and has a sub interface for the MPLS link. but also has an ip adddress on the fastethernet 0 which will do the web traffic. Is this correct? I thought the main interface didn't have an ip address if you have sub interfaces on it.

Giuseppe Larosa · ‎02-04-2013

Hello Silex,

you don't need a trunk as the WAN router can stay on a separate IP subnet like 192.168.5.x just to make an example.

WAN router

int f0/0

ip address 192.168.5.4 255.255.255.0

description to core switches

plus a static route covering internal IP subnets

ip route 192.168.0.0 255.255.252.0 192.168.5.1

on core switches or directly the access switches

int vlan 5

ip address 192.168.5.2 255.255.255.0

standby 5 address 192.168.5.1

standby 5 preempt

where 192.168.5.1 can be an HSRP VIP of an HSRP group configured on the core switches

the core switches will have a default static route pointing to WAN router IP address

ip route 0.0.0.0 0.0.0.0 192.168.5.4

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎02-04-2013

Hello Silex,

q1) correct multilayer switches performances are far better then SW based routers' perf. So here the idea is to avoid to perform inter vlan routing on the WAN router, that should perform NAT for internet access and routing to the datacenter in a different logical interface.

q2) the router needs an internal interface connected to the core switches, either a dynamic routing protocol can be run on access layer switches, core switches and WAN router or you need to setup appropriate static routes on WAN router describing the internal networks and pointing to the core switches. A default static route is then needed on core switches and access layer switches.

q3) this is allowed, see the ip address under the main interface as functionally equivalent to an additional subinterface with the command encapsulation dot1q x native that means frames for vlan X are sent and received without 802.1Q vlan tag.

Hope to help

Giuseppe

silex · ‎02-04-2013

Thanks Giuseppe,

So on Q2. e.g if I had 192.168.1.X 192.168.2.x 192.168.3.x 192.168.4.x Subnets, configured with vlan I/F's on the access switches. I would obviously need to tell the router how to get to them. What I am not sure on. Is what config do I put on the Lan interface on the router? Do I make it a trunk interface with no ip address? or do I have to make 4 sub interfaces with matching ip addresses for each subnet?

Giuseppe Larosa · ‎02-04-2013

Hello Silex,

you don't need a trunk as the WAN router can stay on a separate IP subnet like 192.168.5.x just to make an example.

WAN router

int f0/0

ip address 192.168.5.4 255.255.255.0

description to core switches

plus a static route covering internal IP subnets

ip route 192.168.0.0 255.255.252.0 192.168.5.1

on core switches or directly the access switches

int vlan 5

ip address 192.168.5.2 255.255.255.0

standby 5 address 192.168.5.1

standby 5 preempt

where 192.168.5.1 can be an HSRP VIP of an HSRP group configured on the core switches

the core switches will have a default static route pointing to WAN router IP address

ip route 0.0.0.0 0.0.0.0 192.168.5.4

Hope to help

Giuseppe

silex · ‎02-04-2013

Thanks Giuseppe,

that makes perfect sense, thanks very much for your excellent help