Solved: Using 3750 as Router

GuidoBarendse88 · ‎08-23-2011

Hello,

I am replacing an Cisco 4006 with a Routing module. The replacement switch will be an stack of one 3750G and two 3750V2.

The Routing module of the 4006 has 192.168.1.3 as IP address. And does some routing to two gateways. all traffic for network 10.0.0.0 goed to 192.168.1.1(Cisco 2600) and the rest goes to 192.168.1.4(Firewall).

Both devices are connected to the routing module of the Cisco 4006.

How would I need to configure the new 3750 stack so it will function as a router and will be able to be used as gateway. And how to connect the other devices to the 3750 stack

Thanks in advance.

Amit Aneja · ‎08-23-2011

I am guessing that L3 routing module that you have in chassis right now is 4232-L3 blade.

For 3750 to route the traffic similarly as 4006:

1) Enable "ip routing" on the switch.

2) Add two routes on the 3750 which should be there on 4006 as well.

ip route 10.0.0.0 255.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.1.4

2600 & Firewall will be connected to the switch (any two ports in the same vlan, let's say vlan 1).

The IP address 192.168.1.3 will be given on the SVI of vlan 1.

int vlan 1

ip address 192.168.1.3 255.x.x.x

Rest of the devices continue to be in the same vlan as they were on 4006. So, just configure the same vlans on 3750 as you have on 4006, configure the ports in the app vlans & connect the devices.

Regards,

Amit

View solution in original post

Jon Marshall · ‎08-23-2011

Understood.

Well you can either -

1) emulate that on the 3750 ie. do what has been suggested by Amit and me and it should work fine

or

2) if you have the IP services feature set on the 3750s then you could use the DG 192.168.1.3 and use PBR (Policy Based Routing) for the devices that need to go via the 192.168.1.4 firewall.

I am not a huge fan of the setup you currently have because it is confusing and presumably you have to maually set the DG of the clients that you want to go via the 192.168.1.4 firewall ? but emulating this on the 3750 would cause the least disruption to your network.

Personally if PBR was supported i would make the 192.168.1.3 vlan 1 interface the DG for all clients then you don't have to manually set any DGs on the clients.

Jon

View solution in original post

Jon Marshall · ‎08-23-2011

Guido

1) turn on ip routing -

switch(config)# ip routing

2) add the routes you need ie. -

ip route 10.0.0.0 255.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.1.4

3) connect the devices to the 3750 and use a L3 vlan interface on the 3750 ie. vlan 10 will be used for connectivity -

switch(config)# vlan 10

switch(config)# int vlan 10

switch(config-if)# ip address 192.168.5.3 255.255.255.0

4) the port the devices (router + firewall) connect to on the 3750 -

int gi0/1/1 <-- this connects to router

switchport mode access

switchport access vlan 10

spanning-tree portfast

int gi0/1/2 <-- to firewall

switchport mode access

switchport access vlan 10

spanning-tree portfast

Jon

GuidoBarendse88 · ‎08-23-2011

Hello Jon,

Thank you for your answer.

Is it necessary to use a diffirent VLAN? right now we are only using the default VLAN (I know it's not recommended)

Amit Aneja · ‎08-23-2011

I am guessing that L3 routing module that you have in chassis right now is 4232-L3 blade.

For 3750 to route the traffic similarly as 4006:

1) Enable "ip routing" on the switch.

2) Add two routes on the 3750 which should be there on 4006 as well.

ip route 10.0.0.0 255.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.1.4

2600 & Firewall will be connected to the switch (any two ports in the same vlan, let's say vlan 1).

The IP address 192.168.1.3 will be given on the SVI of vlan 1.

int vlan 1

ip address 192.168.1.3 255.x.x.x

Rest of the devices continue to be in the same vlan as they were on 4006. So, just configure the same vlans on 3750 as you have on 4006, configure the ports in the app vlans & connect the devices.

Regards,

Amit

GuidoBarendse88 · ‎08-23-2011

Yes, thats correct it is the 4232-L3.

I see your sollution is diffirent then jon's answer. Is the result the same?

If I configure the way you say, will 192.168.1.3 also be the IP address for managment?

Do you recommend to create a new vlan for the 192.168.1.3 address and the Cisco 2600 and Firewall?

And let the rest stay in vlan 1. Will vlan 1 and the new vlan be able to communicate with eachother?

Jon Marshall · ‎08-23-2011

Guido

The answer is not different it is the same other than the fact Amit has assumed vlan 1 for the connection vlan and i used vlan 10.

If everything is in vlan 1 then just use either config. The only thing you don't need to do is create vlan 10 and it's vlan interface. Just assign the vlan 1 interface with the ip of 192.168.1.3 as in Amit's example.

Jon

GuidoBarendse88 · ‎08-23-2011

During the express installation I also gave the switch an IP address. Is this the same interface as the VLAN 1 interface?

Jon Marshall · ‎08-23-2011

Why don't you logon to the switch and find out ??

If you are talking about the 3750 then yes it probably would be vlan 1 but the only way to find out is to logon and check ie. "sh ip int brief" will show you.

Jon

Amit Aneja · ‎08-23-2011

Yes, the IP that you give in express install goes on vlan 1.

Amit Aneja · ‎08-23-2011

Guido,

As Jon mentioned, both of the solutions would work. It just depends on how your network is setup right now. If you want to segregate the management vlan from the data vlan which would be recommended, you should create another vlan let's say 10 & assign the IP 192.168.5.3 on that SVI, let 192.168.1.3 be on management vlan SVI.

Regrads,

Amit

GuidoBarendse88 · ‎08-23-2011

Amit,

Where do you get 192.168.5.3 from?

Amit Aneja · ‎08-23-2011

If you create two different vlans, Management (Vlan 1) & Data (Vlan 10), you should have two SVI for vlan 1 & 10.

int vlan 1

ip address 192.168.5.3

int vlan 10

ip address 192.168.1.3

All you data traffic remains in vlan 10. If you use the above config, all the devices in vlan 10 should have 192.168.1.x IP address. This way you don;t really need to change any DHCP thing(if configured) or change the IP addresses on the devices manually. What you need to decide is whether you want to segregate the vlans or not & whether you want to go with flat n/w (only vlan1) or not.

Regards,

Amit

GuidoBarendse88 · ‎08-23-2011

Amit,

For the moment we want to use only one VLAN.

Amit Aneja · ‎08-23-2011

In that case, configure 1.3 on SVI of vlan 10 & put all the ports in vlan 10. You should be good.

Add those routes as well with ip routing configured

Jon Marshall · ‎08-23-2011

Guido

Just be aware that if you did use vlan 10 for data then you would need to change ALL your switchports to be in vlan 10 as currently they are in vlan 1.

Just make the changes already suggested ie. use vlan 1 and assign 192.168.1.3 to it and add the routes. When you are sure that is working then you can think and plan for a management vlan, and possibly getting rid of vlan 1.

Jon