Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2224
Views
20
Helpful
6
Replies

Verify routing Catalyst 3650

Go to solution
ptukey
Level 1
Level 1

‎07-11-2018 12:18 PM - edited ‎03-08-2019 03:38 PM

I just got a new Catalyst 3650 and was able to copy the configuration from our current switch to our new switch. The current switch has 3 ports each using a specific VLAN that are connected to a separate port on our firewall. I am trying to consolidate this so that the switch uses only one port for all VLANs and connects to a single port on the Firewall that also handles all VLANs. I am unsure if the current switch is doing any routing so that any traffic going to a specific VLANs goes out a specific port. Can someone help me make sure that all traffic on the switch goes out the right, single, port.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎07-11-2018 01:54 PM

If the current switch has an SVI for each vlan with IP and also a routed connection between the switch and the firewall then the switch is routing between vlans, if not then the switch is layer-2 and each vlan is using a separate port (access port) to connect to the firewall and firewall is doing the routing. Whiteout posting the config from the current switch, it is hard to tell if the switch is later-2 or 3.

HTH

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to ptukey

‎07-11-2018 02:44 PM

Just looked at the config

 

interface TenGigabitEthernet1/0/48
 description To Firewall
 switchport mode trunk
 channel-protocol pagp
 channel-group 1 mode desirable
!

This is the interface you like to connect to FW, is this correct.

 

As you said you have FW before and connected to switch each interface sepaeatly and you want to consolidate.

 

In case always add 2 interface to port-channel so you have redundacy for the link failure.

 

suggest is LACP always for the best practice, until you have specific requirement.

 

and you need to have that VLAN SVI interface configured in the switch and they should allowed in the trunk. same on FW also.

 

Make sense ?

 

BB

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to ptukey

‎07-11-2018 06:39 PM

Ok, looking at your config, it appears that the switch is layer-2 with a default route pointing to the firewall.

I also see interfaces 1/0/47 and 48 are part of Portchannel 1 and the Portchannel is configured as trunk which is sending all vlans to the firewall for routing.  So, it seems to be all correct and no need to change anything unless I understand it wrong.

HTH

View solution in original post

6 Replies 6

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎07-11-2018 01:54 PM

If the current switch has an SVI for each vlan with IP and also a routed connection between the switch and the firewall then the switch is routing between vlans, if not then the switch is layer-2 and each vlan is using a separate port (access port) to connect to the firewall and firewall is doing the routing. Whiteout posting the config from the current switch, it is hard to tell if the switch is later-2 or 3.

HTH

Go to solution
ptukey
Level 1
Level 1
In response to Reza Sharifi

‎07-11-2018 02:14 PM

Reza Sharifi - per your suggestion, I have attached the config on our switch. Do you mind looking at it, please?

Preview file
20 KB
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to ptukey

‎07-11-2018 02:44 PM

Just looked at the config

 

interface TenGigabitEthernet1/0/48
 description To Firewall
 switchport mode trunk
 channel-protocol pagp
 channel-group 1 mode desirable
!

This is the interface you like to connect to FW, is this correct.

 

As you said you have FW before and connected to switch each interface sepaeatly and you want to consolidate.

 

In case always add 2 interface to port-channel so you have redundacy for the link failure.

 

suggest is LACP always for the best practice, until you have specific requirement.

 

and you need to have that VLAN SVI interface configured in the switch and they should allowed in the trunk. same on FW also.

 

Make sense ?

 

BB

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to ptukey

‎07-11-2018 06:39 PM

Ok, looking at your config, it appears that the switch is layer-2 with a default route pointing to the firewall.

I also see interfaces 1/0/47 and 48 are part of Portchannel 1 and the Portchannel is configured as trunk which is sending all vlans to the firewall for routing.  So, it seems to be all correct and no need to change anything unless I understand it wrong.

HTH

Go to solution
ptukey
Level 1
Level 1
In response to Reza Sharifi

‎07-12-2018 07:40 AM - edited ‎07-12-2018 07:49 AM

I tested the configuration in a test environment and everything seems to be working. Thank you for your help.

0 Helpful

Go to solution
Alan Ng'ethe
Level 3
Level 3

‎07-11-2018 08:17 PM

Lools like the port 48 is set up to do just that. But remember to create the vlans as well.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
Customers Also Viewed These Support Documents