Switch/Network Advice

harkinscisco · ‎05-18-2011

I need advice with my network setup mainly in regards to VLANS. I have three vlans setup on L2 switches (2950s). The servers that need to communicate between vlans have nic connections going to multiple vlans. I'm in the process of deciding on what switch to use for the Media network. I think 2960s (LAN LITE?) might work fine. Someone else is pushing us towards 3560s for the L3 abilities and inter-vlan. The Media network will only be used for uploading files (300GB) onto the server then moving those files to the media player. Would inter-vlans or L3 features help in my setup? Keep in mind we are only adding one switch and not replacing the 2950s. Also only the servers need to speak with multiple vlans. I don't want anything else on that vlan communicating with other vlans. Does inter-vlans let you route only one ip address to multiple vlans? or is it the entire vlan or nothing?

Thanks in advance

Jon Marshall · ‎05-18-2011

You can use access-lists on the 3560 to limit which devices can communicate across vlans so that would not be an issue.

Personally i would rather use vlans and inter-vlan routing than having multiple NICs in servers connecting to different vlans. It is a more scalable solution for any future network growth. For example what if you needed to increase the number of workstations and you needed more vlans. With your current setup you would then need to start usign 802.1q trunks on the servers to accomodate the extra vlans.

There are alternatives to the 3560 though -

1) the 2960 with correct feature set does support a limited amount of inter-vlan routing. Do a search on this forum for details.

2) the 1841 could be used to route between vlans ie. router on a stick. The only downside to this is that you are limiting throughput as you effectively split a single interface into multiple subinterfaces.

Both would be cheaper than purchasing a 3560.

It really boils down to anticipated growth of your network. You could indeed simply deploy another 2950 and have no inter-vlan routing at all but if your network continues to grow there will come a time when it makes sense to use a device that is capable of inter-vlan routing.

Jon

harkinscisco · ‎05-18-2011

Thanks for the input. Would adding only one 3560 to my current setup of 2950s limit my capabilities of inter-vlaning? Opposed to replacing all of the switches with 3560s?

Jon Marshall · ‎05-18-2011

harkinscisco wrote:

Thanks for the input. Would adding only one 3560 to my current setup of 2950s limit my capabilities of inter-vlaning? Opposed to replacing all of the switches with 3560s?

No it wouldn't limit your inter-vlan capabilities. Most network are made up of a combination of L2 and L3 switches. There would be no need and no significant benefit in replacing all your switches with 3560s.

One thing worth mentioning. A standard design is to have 2 L3 switch doing the inter-vlan routing running HSRP between them. Then you connect all your other switches to both 3560 switches for redundancy. However your network probably doesn't need this at the moment.

Jon

harkinscisco · ‎05-18-2011

Thanks you have been a lot of help. Right now i'm using VTP with one trunk port on each switch. Is only one trunk port the correct way of setting up my vlans? Should I have a seperate trunk port for each vlan?

Joseph W. Doherty · ‎05-18-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The major point of having a trunk is to allow multiple VLANs to cross it. If you're concerned about bandwidth, you can logically bind multiple ports, which can also be a logical trunk.

As Jon noted, the latest code for the 2960s support static routing, but a 8 or 12 port 3560 isn't very expensive and should be much more feature rich. For LAN routing a multilayer switch offers much, much higher routing throughput than the software based routers.

As Jon also noted, ideally we want redundancy so that a single device failure doesn't take out your whole network. Often such redundancy cost is a deterrent but if you can accept less performance during primary equipment failure, you can reduce cost. For instance, instead of having two 3560s, perhaps a 3560 and 8xx router.

Imran Ul Haq · ‎05-19-2011

I would agree with the above post and perhaps an etherchannel between two 3560s would be a good solution.

They can be statically configured to ensure that the bandwidth is set to 1000 full if possible.

Similarly, with regards to the 2950s - these should be ideally located at the access layer with a 3560 forming the core.

It may be an idea to post more of a scenario of your network - such that we can understand what would be suitable - though this may be limited.

intervlan routing is a scalable and neat idea and using the

switchport trunk allowed vlan command

it is possible to restrict traffic between hosts as and when you wish.

For more granular control - defining details such as source/dest port; src/dst ip address/mac address etc etc Extended ACLs could be an option.

Regards

Imran