10-01-2013 02:39 AM - last edited on 03-25-2019 04:26 PM by ciscomoderator
Hi Everyone,
I'm currently configuring switches mentioned in the title and need some advice on the conifguration. The network consists of two core switches (Catalyst 3560X 24) and three access switches (Catalyst 2960S 48). Core switch 1 is the gateway for all devices on the network. There are two vlans: 340 for data traffic and 341 for voice traffic. Core switch 1 will host servers from vlan 340 and core switch 2 from vlan 341. There is one DHCP server for both vlans as configured in the vlan interfaces however there are two different gateways for those same vlans. My question is whether the ip helper-address and ip route commands are used correctly.
Best regards,
Marcin
CORE SWITCH 1
CoreSwitch1#show conf
Using 6338 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CoreSwitch1
!
boot-start-marker
boot-end-marker
!
enable secret 5 ****
!
username admin privilege 15 secret 5 ****
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
ip domain-name antenna.cisco
!
!
crypto pki trustpoint TP-self-signed-3930416384
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3930416384
revocation-check none
rsakeypair TP-self-signed-3930416384
!
!
crypto pki certificate chain TP-self-signed-3930416384
certificate self-signed 01 nvram:IOS-Self-Sig#3435.cer
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 340 priority 24576
spanning-tree vlan 341 priority 28672
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel3
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel22
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet0/1
switchport access vlan 340
switchport mode access
spanning-tree portfast
............
interface GigabitEthernet0/14
switchport access vlan 340
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
description LINK_TO_CORE_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 22 mode desirable
!
interface GigabitEthernet0/16
description LINK_TO_CORE_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 22 mode desirable
!
interface GigabitEthernet0/17
description LINK_TO_CORE_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 22 mode desirable
!
interface GigabitEthernet0/18
description LINK_TO_CORE_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 22 mode desirable
!
interface GigabitEthernet0/19
description LINK_TO_ACCESS_SWITCH_3
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 3 mode desirable
!
interface GigabitEthernet0/20
description LINK_TO_ACCESS_SWITCH_3
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 3 mode desirable
!
interface GigabitEthernet0/21
description LINK_TO_ACCESS_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode desirable
!
interface GigabitEthernet0/22
description LINK_TO_ACCESS_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode desirable
!
interface GigabitEthernet0/23
description LINK_TO_ACCESS_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 1 mode desirable
!
interface GigabitEthernet0/24
description LINK_TO_ACCESS_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 1 mode desirable
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
no ip mroute-cache
!
interface Vlan340
ip address 172.16.34.1 255.255.255.0
ip helper-address 172.16.34.25
no ip mroute-cache
!
interface Vlan341
ip address 172.16.35.1 255.255.255.0
ip helper-address 172.16.34.25
no ip mroute-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.35.252
ip route 0.0.0.0 0.0.0.0 172.16.34.21
!
ip http server
ip http secure-server
!
!
!
banner login ^C
**********************************************************
This is a restricted system
No unauthorised access allowed
**********************************************************
^C
!
line con 0
password 7 ****
logging synchronous
login local
line vty 0 4
password 7 ****
logging synchronous
login local
transport input ssh
line vty 5 15
password 7 ****
logging synchronous
login local
transport input ssh
!
end
CORE SWITCH 2
CoreSwitch2#show conf
Using 6247 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CoreSwitch2
!
boot-start-marker
boot-end-marker
!
enable secret 5 ****
!
username admin privilege 15 secret 5 ****
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
ip domain-name antenna.local
!
!
crypto pki trustpoint TP-self-signed-3930416384
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3930416384
revocation-check none
rsakeypair TP-self-signed-3930416384
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 340 priority 28672
spanning-tree vlan 341 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel3
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel11
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 341
switchport mode access
spanning-tree portfast
!
.............
!
interface GigabitEthernet0/14
switchport access vlan 341
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
description LINK_TO_CORE_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 11 mode desirable
!
interface GigabitEthernet0/16
description LINK_TO_CORE_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 11 mode desirable
!
interface GigabitEthernet0/17
description LINK_TO_CORE_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 11 mode desirable
!
interface GigabitEthernet0/18
description LINK_TO_CORE_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 11 mode desirable
!
interface GigabitEthernet0/19
description LINK_TO_ACCESS_SWITCH_3
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 3 mode desirable
!
interface GigabitEthernet0/20
description LINK_TO_ACCESS_SWITCH_3
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 3 mode desirable
!
interface GigabitEthernet0/21
description LINK_TO_ACCESS_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode desirable
!
interface GigabitEthernet0/22
description LINK_TO_ACCESS_SWITCH_2
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode desirable
!
interface GigabitEthernet0/23
description LINK_TO_ACCESS_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 1 mode desirable
!
interface GigabitEthernet0/24
description LINK_TO_ACCESS_SWITCH_1
switchport trunk encapsulation dot1q
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 1 mode desirable
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
no ip mroute-cache
shutdown
!
interface Vlan340
ip address 172.16.34.2 255.255.255.0
ip helper-address 172.16.34.25
no ip mroute-cache
!
interface Vlan341
ip address 172.16.35.2 255.255.255.0
ip helper-address 172.16.34.25
no ip mroute-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.35.252
ip route 0.0.0.0 0.0.0.0 172.16.34.21
!
ip http server
ip http secure-server
!
!
!
banner login ^C
**********************************************************
This is a restricted system
No unauthorised access allowed
**********************************************************
^C
!
line con 0
password 7 ****
logging synchronous
login local
line vty 0 4
password 7 ****
logging synchronous
login local
transport input ssh
line vty 5 15
password 7 ****
logging synchronous
login local
transport input ssh
!
end
CoreSwitch2#
ACCESS SWITCH 1
AccessSwitch1#show conf
Using 10196 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AccessSwitch1
!
boot-start-marker
boot-end-marker
!
enable secret 5 ****
!
username admin privilege 15 secret 5 ****
!
!
no aaa new-model
switch 1 provision ws-c2960s-48lps-l
!
!
ip domain-name antenna.local
!
!
crypto pki trustpoint TP-self-signed-59782272
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-59782272
revocation-check none
rsakeypair TP-self-signed-59782272
!
!
crypto pki certificate chain TP-self-signed-59782272
certificate self-signed 01 nvram:IOS-Self-Sig#3233.cer
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
interface Port-channel1
switchport trunk native vlan 340
switchport mode trunk
!
interface Port-channel2
switchport trunk native vlan 340
switchport mode trunk
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 340
switchport trunk native vlan 340
switchport mode trunk
switchport voice vlan 341
spanning-tree portfast
!
............
!
interface GigabitEthernet1/0/44
switchport access vlan 340
switchport trunk native vlan 340
switchport mode trunk
switchport voice vlan 341
spanning-tree portfast
!
interface GigabitEthernet1/0/45
description LINK_TO_CORE_SWITCH_2
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode desirable
!
interface GigabitEthernet1/0/46
description LINK_TO_CORE_SWITCH_2
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode desirable
!
interface GigabitEthernet1/0/47
description LINK_TO_CORE_SWITCH_1
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 1 mode desirable
!
interface GigabitEthernet1/0/48
description LINK_TO_CORE_SWITCH_1
switchport trunk native vlan 340
switchport mode trunk
speed 1000
duplex full
channel-group 1 mode desirable
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
shutdown
!
interface Vlan340
ip address 172.16.34.3 255.255.255.0
no ip route-cache
!
interface Vlan341
ip address 172.16.35.3 255.255.255.0
no ip route-cache
!
ip http server
ip http secure-server
banner login ^C
**********************************************************
This is a restricted system
No unauthorised access allowed
**********************************************************
^C
!
line con 0
password 7 ****
logging synchronous
login local
line vty 0 4
password 7 ****
logging synchronous
login local
transport input ssh
line vty 5 15
password 7 ****
logging synchronous
login local
transport input ssh
!
end
10-01-2013 05:26 AM
Hi,
Your DHCP config is correct, however you don't need 2 default routes, you just need one.
ip route 0.0.0.0 0.0.0.0 172.16.35.252
Also, are you planning to manage your devices via vlan 340 or 341? It is usually a good practice to have a separate vlan for management and not use your data or voice vlan. If you decide to add a management vlan, change the default route to use that subnet.
HTH
10-01-2013 05:35 AM
Hi Reza Sharifi,
Thank you for prompt reply.
I've just realized I didn't explain the whole situation with default routes well enough.
The reason I added two default routes is because traffic from devices on the vlan 340 (172.16.34.0) will have their default gateway set to Core Switch 1 (172.16.34.1) and then the traffic needs to be redirected to a gateway with IP address of 172.16.34.21.
As for the vlan 341 (172.16.35.0) the default gateway for the devices will be Core Switch 1 as well but with the vlan 341 address. (172.16.35.1). Then the traffic needs to go to 172.16.35.252.
If I leave only one default route as specified how will the switch know to redirect traffic for vlan 340 to the ip address 172.16.34.21 ?
I hope I didn't make it too confusing.
Best regards,
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide