Core switch and sub switch gateway

I have a Layer 3 core switch(backbone) 10.18.16.0/24, and the core switch needs to connect to multiple Layer 2 sub switches.
The Layer 2  sub switches will connect to multiple workstations. The sub switches network will be 172.20.10.0/24, 172.20.40/24 and so on.
 I use core switch IP 10.18.16.11 to connect to sub switch 172.20.10.0/24. Which gateway IP  should I use for 172.20.10.0/24 ? Should I use 172.20.10.1 or 10.18.16.11 ?
Thank you for your help in advance.

I am not sure what you mean by "sup switches", but usually you need a management IP/vlan segment, so you can use it to access the devices.  So if your management segment is 172.20.10.0/24 you assign an SVI to every layer-2 switch and give it an IP in this range and the gateway for all the SVIs should be on the core (172.20.10.1/24
example:
access switch-1 172.20.10.11/24
access switch-2 172.20.10.12/24
access switch-3 172.20.10.13/24
and so on
The default gateway for all your layer-2 switches should be the SVI on the core (172.20.10.1/24)
HTH

Similar Messages

  • Difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G?

    Hello All,
    I am new to this domain and yet have to look after the setup of our datacenter for a new branch. Could any one of you provide difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G!
    Thanks in advance!!

    N3K-C3524P-10G
    24 fixed 1/10-Gbps SFP+ ports; upgradeable to 48 with a valid license
    Line-rate Layer 2 and Layer 3 throughput of up to 480 Gbps
    Compact 1RU form factor
    Dual redundant color-coded power supplies
    Four redundant color-coded fans

  • Help me to choose Right Core switches and Edge switches as per my Spec

    Dear All
    Please help me to choose Core and Edge switches and all required hard ware and software. 
    the spec details as per below 
    Core Switches
    1. High performance, highly scalable core switch to provide multi-10GE connectivity to various segments in the network.
    2. Switch should have redundant switch fabric and routing engines or management / supervisor modules
    3.should have separate control and forwarding planes
    4.Each switch should have redundant power supplies in N+N or N+1 fashion
    5. Must allow for two spare slots once services, management, processing modules and line cards populated
    6. Easy to manage firmware- i.e. single code type enterprise/service provider) or train, and robust operating system
    7. Supports for the VRRP, NSR, GRES, BFD, STP, MSTP, RSTP, VSTP, LACP redundancy protocols
    8. Hot plugging and removal 
    9. The switch should have native switching architecture with up to sufficient performance such that the loss of one switching fabric should not lead to degraded performance
    10. Switch should support switching at least 400Mpps
    11. Switch should be able to support 40 10Gig line rate ports in a fully redundant configuration 
    12. Chassis that can scale to 700 Gbps
    13. The proposed Backbone switch should support, but not be limited to the following Layer 3 features:
    Static ip routing
    Routing information protocol (RIP) and RIP2
    Open shortest path first (OSPF)
    IGMP v1, v2 and v3
    IGMP Snooping 
    IP multicast routing protocol 
    14. The switch should support the following features at a minimum:
    Spanning Tree 802.1D, 802.1S, 802.1W
    GVRP
    802.1x single and multi-supplicant: VLAN and ACL assignment
    Dynamic ARP Inspection (DAI), DHCP snooping, IP Source gurard
    LLDP, LLDP-MED
    802.3X, 802.3ad
    Redundant Trunk Group (RTG)
    IGMP snooping 
    Unicast static, OSPF v1/v2, RIP v1/v2
    Multicast IGMPv1/v2, PIM
    Graceful Route Engine Switchover 

    I have gone through your document and I am surprised to see MORE information in the document than what you've posted.  I am so mildly suspicious about the authenticity of the document and spreadsheet you've attached.  
    So far, based on this document, the client wants a chassis that can support up to 700 Gbps backplane.  The only candidate, other than a full-blown Nexus solution, is the 6807-X.  
    Next, the document also states dual supervisor card with two spare slots.  Good luck trying to get that much empty space on a 6807-X.  This means 6509E.  You can't use a 6513E because of line-card-to-slot limitation.  
    If you look under the heading "Edge Switching", the first sentence already makes references to 6800ia switch.
    There's also a reference stating that the product should have a 100 Gbps backplane.  You can take the 6509E chassis out of the equation.  
    So you see, I am suspicious about the authenticity of the document.  I agree with mali's and devil's recommendation that if you are serious, you would be engaging Cisco SE/AM in your region.  There are only three reasons, that I can think of, why you've posted this here.  One of them is the intended purpose of this document (and the audience).

  • Looking for the list of maintaining and configuring tasks on Core switch.

    I have some experiences DMS switches, things like setting up zone, alias, zoneset etc, but never have any experiences on core switches or something between core and edge switches since the SAN environment here has not reached that scale.
    Would you please list those tasks that needs to be done in daily maintenance, and required configurations? or some related documents? including those on core switches or something between core and edge switches?
    Thank you very much for your ideas.

    Hello ciscomagic1,
    The definition of core and edge swicthes in a FC architecture is related the topology point of view.
    The core could be NPIV enabled switche and all edges running as NPV mode.
    Also the core could be the switch that will make the translation of FC to another protocol as FCoE, FCIP or iSCSI and should be licensed to those protocols.
    Normally the core is the more centralized switch in the entire fabric, with more backplane capacity, redundancy and high port density. Of course this is not a rule at all.
    Essentially the core and edge switches can perform the same tasks and have the same functionality, the point is how them will be better availed in a design.

  • SAN design : core edge and dual-homing access switch

    Hello all.
    It may sound as a dumb question (from a LAN guy) but when designing a core/edge or edge/ecore/edge design, why do we connect access switches to both core switches ? Doesn't it break the isolation of a dual fabric backbone ?
    If an access switch fails the fault (bug or anything else) will propagate to both core switches ? Am I wrong ?
    Example :
    http://www.cisco.com/en/US/prod/collateral/modules/ps5991/prod_white_paper0900aecd8044c807_ps5990_Products_White_Paper.html
    or from netrworkers sessions in 2006

    Answer also from LAN guy,
    Most likely this design diagram is due to assumption that there is no use of VSANs and SAN Multipathing drivers in host.
    Following is excerpt from same like yo posted.
    "SAN designs should always use two isolated fabrics  for high availability, with both hosts and storage connecting to both  fabrics. Multipathing software should be deployed on the hosts to manage  connectivity between the host and storage so that I/O uses both paths,  and there is non-disruptive failover between fabrics in the event of a  problem in one fabric. Fabric isolation can be achieved using either  VSANs, or dual physical switches. Both provide separation of fabric  services, although it could be argued that multiple physical fabrics  provide increased physical protection (e.g. protection against a  sprinkler head failing above a switch) and protection against equipment  failure. "

  • HSRP between 2 access switches and 2 core switches

    Hi I am looking for running HSRP between 2 access switches and 2 core switches for client PC and Server network’s next-hop redundancy as per attached setup.
    As you can see I have used one /29 network for connecting CORE & ACCESS switches & configure Interface VLAN10 (Layer 3 SVI) with shown IPs and standby IP (VIP).G0/1 on Access Switches & G2/1 on Core Switches are access ports for VLAN10.
    There is a L2 Trunk interconnecting Core-Main/Backup & as well as Access-Main/Backup Switches allowing VLAN10 to allow VLAN10’s HSRP packets to pass through (apart from other HSRP instances).
    Below are the HRSP & Trunk configuration on Core and Access Switches please have a look and suggest if they are correct in term of HSRP implementation, as I can see on both side HSRP master & standby status are fine as desired, but I can’t ping VIP of ACCESS Switch from CORE switch, but the VIP of CORE switch I can ping from ACCESS switch.
    Access-Main
    interface GigabitEthernet0/1
     description ***Connected to CR-SW-01 PORT G2/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet0/2
     description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,40
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to CR-SW-01 PORT G2/1***
     ip address 10.10.11.1 255.255.255.248
     standby 1 ip 10.10.11.2
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication accvlan10
    Access-Backup
    interface GigabitEthernet0/1
     description ***Connected to CR-SW-02 PORT G2/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet0/2
     description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,40
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to CR-SW-02 PORT G2/1***
     ip address 10.10.11.3 255.255.255.248
     standby 1 ip 10.10.11.2
     standby 1 priority 10
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication accvlan10
    Core-Main
    interface GigabitEthernet2/1
     description ***Connected to AC-SW-01 PORT G0/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet2/2
     description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,20
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to AC-SW-01 PORT G0/1***
     ip address 10.10.11.4 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10
    Core-Backup
    interface GigabitEthernet2/1
     description ***Connected to AC-SW-02 PORT G0/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet2/2
     description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,20
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to AC-SW-02 PORT G0/1***
     ip address 10.10.11.6 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 priority 10
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10

    Hi Rick thanks once again, so I am assuming I should use to configure as below and still one /29 subnet I can use to connect these Switches with the above static routings.
    Access Switch-Main
    interface Vlan10
     description ***Connected to CR-SW-01 PORT G2/1***
     ip address 10.10.11.1 255.255.255.248
     standby 2 ip 10.10.11.2
     standby 2 timers msec 200 msec 750
     standby 2 preempt delay minimum 180
     standby 2 authentication accvlan10
    ip route 192.168.20.0 255.255.255.0 10.10.11.5
    Access Switch-Backup
    interface Vlan10
     description ***Connected to CR-SW-02 PORT G2/1***
     ip address 10.10.11.3 255.255.255.248
     standby 2 ip 10.10.11.2
     standby 2 priority 10
     standby 2 timers msec 200 msec 750
     standby 2 preempt delay minimum 180
     standby 2 authentication accvlan10
    ip route 192.168.20.0 255.255.255.0 10.10.11.5
    Core Switch -Main
    interface Vlan10
     description ***Connected to AC-SW-01 PORT G0/1***
     ip address 10.10.11.4 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10
    ip route 192.168.40.0 255.255.255.0 10.10.11.2
    Core Switch -Backup
    interface Vlan10
     description ***Connected to AC-SW-02 PORT G0/1***
     ip address 10.10.11.6 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 priority 10
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10
    ip route 192.168.40.0 255.255.255.0 10.10.11.2

  • LAN design - how to implement a core switch?

    Hi all,
    First post here so please be gentle :-)
    I'm looking for a bit of advice with a LAN setup I've been tasked with.
    The basic requirements are to have a demonstration suite of servers/storage devices networked with internet access with certain devices segmented in different VLANs. Also, a separate VLAN is required for training and meeting rooms which will receive DHCP addresses from a WIN2K3 server.
    The kit I've inherited consists of:
    1 ADSL Modem/Router
    1 2611XM router
    2 Catalyst 4006 switches with Supervisor II engines (CatOS :-( ), one with a layer 3 routing module
    Several Catalyst 2950/3500xl switches
    Netscreen 100 Firewall
    F5 Firepass for VPN
    After a lot of fun resetting devices I've currently setup the LAN with a router on a stick configuration which routes between different VLANs (on the 3500/2950s) and which has internet access via the 2611 and ADSL modem router in turn. That's about as far as my current knowledge goes I'm afraid!
    What I have to do is incorporate the 4006s but I don't really know how to go about it or what's the best way to use them. How would I use them as core switches?
    I was hoping someone could point me in the right direction on the best way to connect the switches up, i.e. network design, cabling (fibre uplinks between switches) and some basic configuration advice with the layer 3 routing module.
    Any advice will be most appreciated!! It's my first networking job and I'm a bit lost.
    Thanks.

    Peter,
    I would do the same - with a twist...
    Have 1 4006 as a VTP server, also the spanningtree root for all vlans.
    Have a trunk between the two 4006's - and make it an etherchannel 2 or 3 ethernet links (redundancy).
    Make the second 4006 also a vtp server (redundancy) and have that 4006 the secondary 4006 for spanningtree (more redundancy!)
    That way if you decide to have a distribution layer - you have 2 uplinks into the core 1 into 4006-1 as the primary, and the second 4006-2 as the secondary.
    You could then have a trunk (etherchannel) between the distribution switches, then have a access layer into the distribution layer with duel links. This way you could have multiple switch and or link failures and still work!!!
    You use the layer 3 module to do the inter-vlan routing - correct. Then have your adsl modem/router as the gateway to the internet - you put a default route in the layer 3 module point to the adsl modem! then you have the routes for the various vlan subnets pointing from the modem back to the layer 3 module......done!
    HTH.

  • HSRP core switches

    Hello,
    If i have two core switches running HSRP that have a 4 links trunk connected between two the two core switches.  My question on that trunk that connects the two core switches what kind of data goes thru from one core to another core.  I know HRSP sends Hello packets for in case if one core goes down the other becomes active however does data from one server connected to core 1 go thru the trunk link to communicate to another server connected on core 2 or is just for HSRP?
    Thanks,

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    A host connected to core 1 but with its HSRP gateway on core 2, if sending to a host not on its subnet, would send it (at least) first packet to the HSRP gateway on core 2.  Whether this might use a trunk between core 1 and core 2 would depend on your L2 topology.
    You asked about a server also on core 2, and the what I wrote applies, but it would also apply if that second server was also on core 1 (again, on a different subnet).
    I wrote this applies to the first packet, but to be more precise it's the first packet that's first to the destination.  Depending on your configuration, and L3 topology, the HSRP gateway on core 2 could send a redirect to your sending server on core 1 to redirect its packets to a different gateway on core 1 (for example, using mHSRP).

  • How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

    Hellp Everyone,
    I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
    I want to allow the whole Intranet but few intranet websites also needs access to the internet.
    Can we create such Access-List with the above requirement.
    I tried to create the ACL on the switch but it blocks the whole internet access.
    i want to do it for a subnet not for a specific IP.
    Can someone help me in creating such access list.
    Thanks in Advance

    The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
    In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
    The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
    You would then use them as follows:
    ip access-list extended main_acl
    permit any object-group intranet any
    permit object-group allowed_servers object-group allowed_sites any
    interface vlan
    ip access-group main_acl in
    More details on the syntax and examples can be found here:
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

  • Steps to upgrade Cisco MDS core switch

    Hello,
    We wanted to upgrade our Cisco SAN core switch firmware. Currently we are running below firmware version. We wanted to go to latest version NX OS 5.2 (x) but as per the white paper i need to go to 5.0 (X) and after that i need to upgrade it to 5.2 (x). Can some help me with the steps to follow the upgrade. I have th cook book but just need the main steps to perform the upgrade.
    kickstart: version 4.1(1c)
      system:    version 4.1(1c)

    are you using IVR non-NAT, if you are you need to convert to IVR-NAT before you go to 5.2. Other than that you just follow the  normal procedure, look at the release notes for each firmware to make sure your hardware is supported and then do the usual
    install all system bootflash:m9x00-xxx.bin kickstart bootflash:m9x00-xxx-kickstart-xx.bin
    as a side note, i know you don't mark people replies to your questions as helpful/correct on EMC ECN ..at least do it here to show your appreciation.
    @dynamoxxx

  • Connecting core switch to the internet ?

    Hi,
    We have 2 6506's connected through an ether-channel trunk.
    On these 6506's we have configured a vlan, vlan interface and 2 access ports for 2 ASA's.
    These ASA's run in failover mode but only one ASA is physically connected at the moment.
    We want to be more resilient so our provider has provided us with a redundant setup of routers for our internet connection.
    However, for this construction they would need a layer 2 connection on our side to have HSRP running.
    There are 2 options in my opinion :
    - Buy a set of switches to facilitate the layer-2 connection between te routers and to connect the outside of the ASA's.
    - Instead of buying 2 new switches, create a new unrouted vlan on our core 6506's and use access-ports for the routers and the ASA's.
    But how safe is it to connected the core switch with an unrouted vlan to the internet router ?
    In terms of vlan hopping or other possible attacks ?
    I think i have to disable DTP, Spanning-Tree, CDP and maybe a lot more ?

    I am as far as applying this to secure the port :
    switchport
    switchport mode access
    switchport access vlan X
    switchport nonegotiate
    spanning-tree bpdufilter enable
    spanning-tree portfast edge
    switchport port-security
    switchport port-security maximum 3
    switchport port-security violation restrict
    no cdp enable
    Any additions to this ?

  • Choosing a Core Switch

    Hi,
    What are the criterias when choosing a core switch? For example, in the Cisco product pages - the Catalyst 4500 and 6500 are already distribution/core switches while the Catalyst 3750 are access/edge switches.
    Can I make a stack of Catalyst 3750 my core switch? What makes a core switch a "core" switch - what features does it have, performance, etc.?
    Does Cisco have a guide - for example, you have X number of users - use Cisco Y model as your core switch?
    Thanks,
    Tony

    There's many criteria one can use choosing a core device, but since such a device, by being at the center of your network, may carry the most traffic, performance is often given additional weight for core device choice.
    With regard to making a choice on some X number of users, choice of core is often made more toward bandwidth usage of core ports. There's often a large difference between the nomimal bandwidth of a port and the substainable bandwidth to/from a port. (E.g. the difference between a 6500 with Sup32 and 6148 10/100/1000 Ethernet vs. 6500 with Sup720 with 6748 and DFC 10/100/1000 Ethernet. The former is suited as an edge device, the latter more suited for core device.)
    A stack of 3750 might be used as a core for a very small and/or light usage network. Consider that a single 48 port 3750, I believe, is not an every port wire rate device, and the performance limitation of the stack ring. However similar performance limitations are also true for certain 4500 or 6500 hardware configurations.
    Although performance is often a major factor, other considerations, such as other features, might be important too. For instance, a dual 48 port 3750G stack might be a viable choice vs. a 6704 with dual Sup32s and two 6148 line cards, but the 6500 likely will offer features not available with the 3750. For instance, believe 3750s only support 32 HSRP groups and don't support GLBP.

  • Hyper-v cluster with core switch downtime... what to do?

    Is there a way to essentially "pause" the hyper-v cluster and keep things running but do NOT attempt to failover anything for any reason?
    We have one Procurve 5412zl switch with two c7000 enclosures. In each c7000 enclosure there are two switches that connect all the blade servers within the enclosure. Those two switches are interconnected internally so they can communicate within the enclosure.
    So if the core switch goes down the hyper-v servers in the same c7000 enclosure can still communicate but they will be seperated from the others in the other enclosure.
    So we have 4 hyper-v servers in one enclosure and 3 in another. If i disconnect the core switch i'm wondering what will happen (if I reboot the switch which is what I need to do).
    How can I avoid having to shut down everything for this and just tell hyper-v cluster to not do anything when the network is lost?

    Hi Quadrantids,
    " to essentially "pause" the hyper-v cluster and keep things running but
    do NOT attempt to failover anything for any reason"
    Based on my understanding  you need to keep cluster running on the same C7000 enclosure , in another words before you cut the connection between the C7000 enclosures  you may migrate VMs to same enclosure to keep running (I assume that the
    storage will not be affected by the restart ).
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • 6509 core switch

    Hello,
    I'm configuring a 6509 core switch that has 4 blades and each blade has 48 ports by default the ports are shutdown.  I know I can do a port range with a no shutdown command to brings all ports up for each blade. However is there only one command that can make all ports active on each blade or a module command that can bring all ports for each 48 port blade?
    Thanks,

    Horacio
    From memory the int range command can be used to specify ports on different linecards so you could try one command that includes the range for all ports on all linecards. Cant say for sure it will work but i seem to remember doing something like this before.
    Jon

  • Where to install CCM, access or core switch?

    What's the recommendation on where the CCM server should be, in access switch or core switch? Based on ipt readiness assessment seems servers should be on access switch. Thanks

    If you have many wiring closets (access layer) that has phones plugged into them, its better to centrally colocate CCM and such to the core, or in a distribution block that is connected to the core.
    HTh
    Sankar.
    PS: please remember to rate posts!

Maybe you are looking for