04-08-2010 07:17 AM - edited 03-06-2019 10:31 AM
I am starting down the path to subnet my network using Vlans and I am new to this setup. Here is our current config.
We have a 6509e core. We have a VTP domain setup on the core. We have a 16 closets that are connected back to the core via fiber. Everything currently is setup on Vlan1 with a class B 128.1.x.x ip address. I have the switches connected to the core using 802.1q trunk.
I went out to one my switches (3560) and created a new Vlan, assigned my new IP address (192.168.204.0/24). After doing this I can see the Vlan on the core.
Couple of questions,
Do I need to IP address the two interfaces that connect the core to the 3560 switch with a /30 ip address so I can route to the new ip address or what do I need to put into place to be able to make this happen?
The other question is as we are moving over to the new ip addresses there is a lot of manual config that has to be done, mainly address and setup printers. Can I create another Vlan (that will be deleted later) so the 128.1 network will continue to function so I can have more time to move the printers?
04-08-2010 07:25 AM
Couple of questions,
Do I need to IP address the two interfaces that connect the core to the 3560 switch with a /30 ip address so I can route to the new ip address or what do I need to put into place to be able to make this happen?
The other question is as we are moving over to the new ip addresses there is a lot of manual config that has to be done, mainly address and setup printers. Can I create another Vlan (that will be deleted later) so the 128.1 network will continue to function so I can have more time to move the printers?
Are you routing on the 3560 switches ? If so yes you could use a L3 P2P link back to your 6500s and then advertise the subnet from the 3560 to the 6500s with a dynamic routing protocol such as EIGRP.
However if you are routing from the 3560s then you cannot have a vlan that spans multiple 3560 switches so you would not be able to keep the 128.1 network on all your 3560 switches. If you connected the L3 switches back to the 6500s with L2 trunks and the 6500s did the routing for the vlans on the 3560 switches then you could keep your 128.1 vlan across your network.
Jon
04-08-2010 07:34 AM
Thanks for the quick response.
Currently no, I am not routing on the 3560's. The only thing setup on them is the "IP Default-Gateway 128.1.x.x" command. The guy that set all this up just slapped them in with just the basic settings.
Thanks,
Danny R.
04-08-2010 07:39 AM
rumseyda1 wrote:
Thanks for the quick response.
Currently no, I am not routing on the 3560's. The only thing setup on them is the "IP Default-Gateway 128.1.x.x" command. The guy that set all this up just slapped them in with just the basic settings.
Thanks,
Danny R.
Danny
If you are not proposing to route from the 3560's then you don't want to be creating vlans on the 3560s except for management unless you are using VTP transparent.
If you make the 6500s VTP servers and the 3560s VTP clients then you can create all your vlans on the 6500s and if you use trunk links from the 3560s to the 6500s all the vlans will get propogated to your 3560 switches.
If you do use L2 trunks you don't need to address the point to point fiber connection. All you need is to pick one vlan for management of the switches and create a L3 vlan interface on each 3560 switch for this vlan. Give it an IP address and set the default-gateway on each switch to point to the IP address attached to this vlan interface on your 6500 or the VIP if you are using HSRP.
Edit - if you are proposing to use L3 from the 3560s then none of the above applies.
Jon
04-08-2010 07:46 AM
I think this might be where I messed up. I had them both set as server and I setup the Vlan on the 3560. I posted my VTP status from both switches on another post.
Thanks,
Danny R.
04-08-2010 08:03 AM
rumseyda1 wrote:
I think this might be where I messed up. I had them both set as server and I setup the Vlan on the 3560. I posted my VTP status from both switches on another post.
Thanks,
Danny R.
Danny
Don't worry, it's not a problem.
Basically for each vlan you want to add you need to add it on the 6500 at layer 2 ie.
6500(config)# vlan 10
6500(config-vlan)# name v10
and then create a routed vlan interface for that vlan on the 6500 as well
6500(config)# int vlan 10
6500(config-if)# ip address 192.168.5.1 255.255.255.0
then you can allocate ports on the 3560 into vlan and give each client an IP address from 192.168.5.x/24 and ech client in vlan 10 will have a default-gateway of 192.168.5.1 ie. the L3 IP for vlan 10 on the 6500.
Jon
04-08-2010 09:51 AM
Did the changes that we discussed and I is now working. I had to go to my firewall (that is one the 128.1.x.x network) and enter a route for the 192.168.x.x network and I can now see both networks. On last thing, when I disable Vlan 1 I will not be able to get to the switch to manage it (the 3560) Do I need to add it to the 192.168 network?
Thanks,
Danny R.
04-08-2010 07:28 AM
Sounds like you are off to a good start.
"I went out to one my switches (3560) and created a new Vlan, assigned my new IP address (192.168.204.0/24). After doing this I can see the Vlan on the core"
Be sure you check your VTP configuration. You may want to have your core switch be the VTP server, not your access switches. This could cause you a ton of headache later on.
"Do I need to IP address the two interfaces that connect the core to the 3560 switch with a /30 ip address so I can route to the new ip address"
No. The VLAN will be seen as locally attached on the core switch. If you issue a "sh ip route", you should see a bunch of lines like this "1.2.3.4/24 is directly connected, Vlan51" and so on.
You will need to create the layer 3 VLAN interface on your core switch which will allow traffic to be routed between subnets (intervlan routing).
"Can I create another Vlan (that will be deleted later) so the 128.1 network will continue to function so I can have more time to move the printers?"
Sure. Probably the easiest way would be to configure a vlan, and an interface vlan for the 128.1 network on your switch. You will need to ensure that the 128.1 VLAN is trunked to all of your switches (that need access to the printer VLAN 128.1).
My suggestion is that you get your VTP configuration setup, then the rest should fall into place very nicely.
04-08-2010 07:41 AM
"You will need to create the layer 3 VLAN interface which will allow traffic to be routed between subnets (intervlan routing)."
Will this need to be done on the 3560 or 6500?
" My suggestion is that you get your VTP configuration setup, then the rest should fall into place very nicely."
Below is my VTP setup on the two switches. Does this look correct?
Here is my VTP setup currently on the 3560.
VTP Version : 2
Configuration Revision : 8
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : BRHS
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE5 0x19 0x3B 0x0E 0x03 0x31 0x0D 0xAA
Configuration last modified by 128.1.3.28 at 4-7-10 21:29:26
Local updater ID is 128.1.3.28 on interface Vl1 (lowest numbered VLAN interface found)
On the 6500.
VTP Version : 2
Configuration Revision : 8
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : BRHS
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0xE5 0x19 0x3B 0x0E 0x03 0x31 0x0D 0xAA
Configuration last modified by 128.1.3.28 at 4-7-10 21:29:26
Local updater ID is 128.1.3.27 on interface Vl1 (lowest numbered VLAN interface
Thanks,
Danny R.
04-08-2010 07:46 AM
Danny
"You will need to create the layer 3 VLAN interface which will allow traffic to be routed between subnets (intervlan routing)."
Will this need to be done on the 3560 or 6500?
Depends on whether you are running L2 or L3 from the 3560 switches - see my previous post.
Assuming L2 then you would do it on the 6500 switches.
As for the VTP, make the 6500 VTP server (which it is) and change the 3560 switches to VTP clients. The connection from each 3560 to the 6500 must be configured as a trunk for VTP to work.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide