DisclaimerThe Author of this

tvu150001 · ‎07-17-2014

I have 3 2960S and one Sonic Wall Router. The switches are in different bldgs linked together by fiber. My goal is to give each BLDG their own VLAN and allow everyone access to the server and Sonic Wall Router to the internet IN bLDG 1. I want to keep it L2 switching without using the SonicWall.

any examples would be helpful. The IP address would be 192.168.168.168 for default gateway of the sonicwall

Joseph W. Doherty · ‎07-17-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If each building (2960S) is to host its own edge VLAN, hosts on those VLAN won't be able to communicate with other building hosts at L2.

The 2960S do support static IP routing, so you could move traffic between the building VLANs at L3, but as I'm unfamiliar with the Sonic Wall router, I don't know how it would know of all the inside networks.

If your network only comprises 3 2960Ss, leave them all in the same VLAN/subnet. The switches will, more or less, keep most traffic as physically as restricted as possible.

sharonccie · ‎07-17-2014

Hi TVU,

If you are planning building based VLAN, u should have to specify one routing interface for each VLAN communication. for that either you can use one router or L3 switch. All L2 switch connect each other via trunk and another trunk can connect to the inter vlan routing router. all vlan traffic pass through the trunk and it can route each other VIA router. if you have only one interface you can create a sub-interface for each vlan and configure appropriate dot1Q tagging for the same (Router on stick).

devils_advocate · ‎07-17-2014

Depending on the model of SonicWall you are using, it may be capable of Dot1Q tagging.

If your 2960S switches are unable to do routing, I would probably look to setup subinterfaces on the SonicWall (one for each Vlan).

Effectively its a router on a stick type scenario but using the SonicWall rather than a Cisco Router.

This document may help with the SonicWall side:

https://www.sonicwall.com/downloads/configuring_vlans.pdf

tvu150001 · ‎07-18-2014

I am trying to prevent collision within the network and improve performance. So can I just activate one switch to L3 and do router on a stick with the rest of the Switches? I want to keep them on the same network. We use the Window Server 2012 for DHCP and DNS. I just want to keep one broadcast domain. Can I keep the server on VLAN 1 and allow other VLAN to access it?

Here is an example of configuration BLDG 1

config t# Ip routing

Vlan 1

Name Server

Int VLAN 1

ip address 192.168.168.254

Interface gi1/0/1

Switchport mode trunk

Switchport trunk native vlan 1

switchport trunk allowed all

Interface gi1/0/2

No shut

Int gi1/0/0.2

encap dot1q 2

ip address 192.168.168.212 255.255.255.0

Int gi1/0/0.3

encap dot1q 3

ip address 192.168.168.213 255.255.255.0

BLDG 2

Config t# Interface gi1/01

Switchport mode access

switchport access vlan 2

Bldg 3

Config t# Interface gi1/0/1

Switchport mode access

Swiitchport access vlan 3

Joseph W. Doherty · ‎07-19-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"I am trying to prevent collision . . ."

As you're using switches, what collisions?

You can have multiple subnets, to avoid the issue of large broadcast domains (which you shouldn't have with just 3 2960Ss), but you also say "I just want to keep one broadcast domain."

I understand you want to ". . . improve performance.", but you might not be pursuing the best approach.

Do your 2960Ss support SFP+ uplinks? If they do, are you running them at gig or 10g? Do your server(s) support 10g or channeling? If it/they do, do you take advantage of that?

PS:

Also are your 3 switches daisy-chained or do they have a central root switch which also has the server(s) and Internet access?

tvu150001 · ‎07-28-2014

They have the switches daisy chained.

VLAN configuration