Understanding an existing setup, 2 x 3750's

rbrown1979 · ‎01-11-2013

We've recently inherited a platform with little handover and also minimal networking experience.

We're going 100 miles an hour in learning, but I'm a bit confused with the idea of a L2 switch with no IP assignments to ports, so using VLANs, and a L3 switch with IP assignments. (please correct me if I even got that idea wrong). And the combination of both.

We have 2 Cisco 3750 switches, along with a whole host of other hardware, so we're starting at this "gateway" to start breaking things down.

You can view some "handover" we did get at https://www.intelcompute.com/stuff/core-switch.png

We're basically after a general overview of what all this means, in English

All help and advice is greatly appreciated, with no time to plough through CCNA, etc. we're currently riding my the seats of our pants.

Discussion of physically how all this is probably plugged in and why would be great too.

We've started configuring a couple of other cisco routers (just creating accounts really) so we're basically familiar with some usage.

I understand this a big ask, but unsure where to go next, apart from getting in a consultant for a few days.

Thanks again,

Rob

John Blakley · ‎01-11-2013

Okay...here's the way that I'm interpreting this:

Not sure if you have VRFs configured, but the column VRF states Internet and internal. I would assume that if you were to do a "show ip vrf", you would see 2 vrfs configured on the box. One of them is assigned to the internet (g0) and the other is the lan (g1)

g1/0/3 and 4 are configured with an etherchannel on Po1 that I also assume is connected to Netscaler and in vlan 201

Etherchannels 3 and 7 (Po3 and Po7) are configured as trunk ports. Po3 looks like it connects to Po2 on the other switch which then connects to the internet? (This one is a little confusing to me without seeing how your network is laid out.)

g1/11 and 1/14 - 16 are part of vlan 101

g1/7 and 1/8 are pat of vlan 103

It's quite possible to configure a L3 switch with L2 only vlans (vlans that don't have a L3 interface to route for them). In cases like this, the hosts that are in the same vlan don't necessarily need to talk to any hosts outside of their own vlan so all broadcasts/multicasts are confined to the vlan that they're members of. I have iscsi traffic configured for our L3 switch to use a L2 vlan because it doesn't need to get to other vlans. Now if you need to get to other vlans, you'll need something to route outside of that vlan which means a gateway will be needed for your hosts. This is where the L3 interfaces come in that attach to the vlan. (int vlan 200) Hosts in vlan 200 will use this L3 svi as their default gateway and then the switch can route between vlans for thoses hosts. If you have an ip address directly on a port, it's considered a routed port and it's added to its own internal vlan. To see these, type "show vlan internal usage" and it will show you the vlan that it's attached to. This vlan doesn't need to be on all switches to route because it's only local to the switch.

VRFs create separate routing tables per instance. The routing tables cannot share information without leaking routes between the vrf. So, it makes sense why your switch has an internet connection in one vrf and your internal network is in another vrf. It creates somewhat of a dmz. To see your routes in the vrf, type "show ip route vrf ".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

rbrown1979 · ‎01-11-2013

Thanks John,

Think I've got the hang of the VRF now, just letting the rest of that sink in now

rbrown1979 · ‎01-11-2013

I'm a bit confused also as to the 1st port, gig1/0/1, having a public IP, with the internet VRF, but then linking to a proxy machine on the same public ip range.

I'm thinking there should be an "internet" cable coming into the switch, with one of our publicly assinged IPs, that's the bit I seem to be missing, or getting confused with. And all other devices within our network would be on our 10. private subnet.

It's that "first step" of how our kit is connected the data centre I seem to be missing.

John Blakley · ‎01-11-2013

Can you draw a quick diagram of what you see?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

rbrown1979 · ‎01-11-2013

Ahhhh they have actually documented the internet connection much lower down on port 48, I just missed it.

https://www.intelcompute.com/stuff/core-switch.png

But these are on a completely difference range to our "public" range.

We have 212.x.x.x but the data centre ip range is on 46.x.x.x

I assume the "gateway" at the datacentre just has (static?) routes to also send requests for our public range to our switch(es)?

My mistake, i guess we have a single ip from the data centre and our own switch is routing to our own bigger range. I wonder what IS configured by the datacenter tho?

Thankfully we'll get a trip over there soon to go through the setup with them in a bit more detail.

Leo Laohoo · ‎01-11-2013

Errrr ... 3750 only supports VRF-lite.

rbrown1979 · ‎01-11-2013

And that means what?

What does that mean to us in real terms?

What capability are we missing?

Will we miss it?

We're basically 50+ blades load-balanced plus a filer.