Trunk Question

Anukalp S · ‎01-28-2014

Hello..

I need assitance on below scenario.

I have a core switch connecting to two distribution switch(DS-A & DS-B) and each distribution switch connect with two access switch. The two access(AS-A & AS-B) switches which are connected with DS-A are on vlan 10 & vlan 20 respectively. And other two switches(AS-C & AS-D) which are connecting with DS-B are on vlan 30 & vlan 40. And all vlans are configured on core switch.

Now my question is if i configure port connecting b/w DS-A to core as trunk and only allow vlan 10 & vlan 20 and trunk port b/w core to DS-B allowing only vlan 30 & vlan 40 then in this case, would machine on vlan 10 will be able to communicate with machine in vlan 40.

Note - All vlans are configured on core switch and we are advertising their vlan IPs in routing protocol OSPF.

Pls help me out here.

kozorezdi · ‎01-28-2014

Hi Anukalp_S,

On L2 all vlans will be separeated. You need to create SVI for each vlan 10, 20, 30, 40 and assign some ip addresses.

To let PC from vlan 10 to communicate with PC from vlan 40 you need to create intervlan routing on your core L3 switch.

--

Dmitry

Anukalp S · ‎01-28-2014

Hi kozorezdi,

On core trunk port connecting to distribution switch(DS-A) we will also allow vlan 10&20 with encapsulation dot1Q, same would be for trunk port connecting to DS-B allowing only vlan 30&40 with same encapsulation.

So my question is what is purpose of allowing here specific vlan on trunk port if vlans can communicate to each other.

Is this happening due to routing on core which causing one vlan to coomunicate with other vlan even after allowing specific vlan on trunk port.

Also how could i create SVI on access switch which have you stated above.

kozorezdi · ‎01-28-2014

Hi Anukalp_S,

you have L2 between AS-A, DS-A and your Core Switch and between AS-D, DS-B and the Core Switch.

I guess, your Core Switch is L3 (you wrote about OSPF)...

You need create 4 SVI interfaces. A PC will use an IP-address of SVI as a default gateway.

The Core switch(different IPs) will be a def. gateway for all PC from all 4 vlans.

Maybe this link will tell you more:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

You need only one SVI on your L2 switches(AS-A; AS-B; AS-C; AS-D; DS-A; DS-B) to get access via ssh and for other services such as NTP, SYSLOG, etc.

P.S. You can use the current scheme for now, but you need to think about the scheme as described Jon.Marshall.

--

Dmitry

Jon Marshall · ‎01-28-2014

If the inter vlan routing is done on the core switches it should work but it is not a good design at all.

Each access switch should connect to both distribution switches. The inter vlan routing should be done on the distribution switches. If the distibution switches are not stacked or running VSS then you can run HSRP/GLBP between the distribution switches which should be interconnected with either a L2 or L3 link.

In fact if this is a single building there is no need for a core at all. It does depend on what else is connected to the core switches but in the 3 tier design all inter vlan routing is done on the distribution switches not the core switches.

You also have no redundancy in your network ie. if DS-A fails then AS-A and AS-B have lost connectivity to anything. Same for DS-B with AS-C and AS-C. That is why you should connect each access switch to both distribution switches.

Jon