Intervlan Routing with 6500 switch
I am designing an upgrade to our current network that will contain a 6500 switch and i wanted to setup vlans with the switch. I know that this switch has the ability to perform routing on its own so i do not need an external router to route between the vlans but if that is the case what default gateway do i give each vlan? Do i give the vlan ip address as the default gateway for the end devices or do i use an IP address in the switch somehow as the default gateway?
Thanks.
Pete
Hi,
Think of the MSFC as a router with many different interfaces. Your router itself would only have one default gateway for all those interfaces. For the clients, they will sit in each VLAN that you create. The clients default gateway will be the VLAN IP address (or HSRP address) on the 6500 that they sit. So, if you create vlan100 and put an IP address of 10.10.10.1 on the vlan100 interface..the 10.10.10.1 address would be the gateway for the clients in vlan 100. If you create a vlan200 and put an IP address of 10.11.11.1 on that interface..all the clients that are in vlan200 would have the gateway address of 10.11.11.1.
Hope that helps.
Similar Messages
-
Help with simple interVlan routing on L3 switch
Hi all - I just can't get my head around this really simple interVlan routing issue. I have two VLANs (1 & 6) on a 3560 L3 switch. I simply need to route between them. Here is how I have it set up:
Firewall is the VLAN1 client's default gateway:
10.10.22.1 /255.255.255.0
3560switch config:
ip subnet-zero
ip routing
VLAN1:
(hosts on 10.10.22.x/255.255.255.0; gateway 10.10.22.1)
int vlan1
ip address 10.10.22.254 255.255.255.0
no shutdown
VLAN6: (hosts on 192.168.25.x/255.255.255.0; gateway 192.168.25.1)
ip address 192.168.25.1 255.255.255.0
no shutdown
ip classless
int gi0/31 (an available unused port)
no switchport
ip address ?.?.?.?
no shutdown
Is the issue that all my 10.10.22.x clients are going to 10.10.22.1 trying to find 192.168.25.x, when they would need to go to 10.10.22.254; then the switch should have an ip route of 0.0.0.0 0.0.0.0 10.10.22.1? Then give the router on gi0/31 the 10.10.22.254 address?
(as a side note, it would be easier for me to change the gateway's IP than to change each VLAN1 client's IP.)
Thanks for any help!Hi all - I just can't get my head
around this really simple interVlan routing issue. I have two VLANs (1
& 6) on a 3560 L3 switch. I simply need to route between them.
Here is how I have it set up:Firewall is the VLAN1 client's default gateway:
10.10.22.1 /255.255.255.03560switch config:
ip subnet-zero
ip routingVLAN1:
(hosts on 10.10.22.x/255.255.255.0; gateway 10.10.22.1)
int vlan1
ip address 10.10.22.254 255.255.255.0
no shutdownVLAN6: (hosts on 192.168.25.x/255.255.255.0; gateway 192.168.25.1)
ip address 192.168.25.1 255.255.255.0
no shutdownip classlessint gi0/31 (an available unused port)
no switchport
ip address ?.?.?.?
no shutdown***Is
the issue that all my 10.10.22.x clients are going to 10.10.22.1 trying
to find 192.168.25.x, when they would need to go to 10.10.22.254; then
the switch should have an ip route of 0.0.0.0 0.0.0.0 10.10.22.1? Then
give the router on gi0/31 the 10.10.22.254 address?(as a side note, it would be easier for me to change the gateway's IP than to change each VLAN1 client's IP.)Thanks for any help!
Hi,
With the above configuuration vlan 1 users will be going to firewll and if they want to reach vlan 6 firewall should have rule to permit for vlan 6 subnet and route towards vlan 6 interface and which is not there is your network.
Just clarify few things you want firewall to come into picture for every traffic which goes between vlan or not and in interface gi0/31 you will be connecting router also is this router is sending traffic to outside world if yes then you need to change some design configuration to route tha traffic from vlans to outside world.
If you want only inter vlan routing between vlan 1 and vlan 6 via firewall then make another zone in firewall and place that in vlan 6 with ip address as given in vlan 1 so that vlan 6 users can point traffic towards vlan 6 interface of firewall and in firewall just permit the vlan 6 communication with vlan 1 and drop a route for vlan 6 towards switch vlan 6 interface.
and if between vlans you dont want firewall to come into picture then the best is create three vlan one for vlan 1,vlan 6 and outside vlan between router and firewall and drop a default route towards firewall.In this case inter vlan routing will be taken care by switch and traffic towards outside world will scaaned as per rule given in firewall.
Hope to help
If helpful do rate the post
Ganesh.H -
Linksys router with cisco switch
Hello everyone,
Just wondering if i can connect a cisco switch to my linksys router. Any info will be helpful. Thanks.Well, you should be more specific what info you need.
Your question is answered with: yes, you connect a cisco switch to a linksys router. You can connect pretty much any ethernet switch or hub to a linksys router.
Beyond that I don't know what you want to know and thus cannot really give you more info. -
SGE2010 layer 3 problem with intervlan routing setup
I am new to the small business switches and could use some assistance in configuring intervlan routing between multiple vlans on the switch. I have changed the mode to layer 3 and setup the vlans. When I enter an IP address for VLAN2, I am disconnecting from the configuration interface (VLAN1 ip) on the switch and I cannot access the switch unless I reset it. I have tried this several times and each time it behaves the same. Is there something else I need to setup before configuring the ip address for the other VLANs?
Hi Jacqueline,
Thank you for participating in the Small Business support community. My name is Nico Muselle from Cisco Sofia SBSC.
This is the normal way for the switch to behave. There are 2 ways to work around this.
You assign a port to VLAN2. After configuration of the IP address, you connect your PC to this port and make sure it is in the same subnet as the VLAN 2 IP address.
You assign a static IP to the default vlan first and make sure your connected PC is in the same subnet.
The reason for this behaviour is, that the switch has it's DHCP client enabled, if no DHCP server is available it will revert to it's default IP 192.168.1.254 (through which I assume you connect for configuration).
However, once you configure a static IP on the switch, the DHCP client and the default IP are disabled, which means that the IP address obtained from the DHCP or the default IP of 192.168.1.254 are no longer reachable.
I would go with step 2, as this is the easiest workaround for your issue and you would want a static IP in the default VLAN anyway I suppose.
Hope this helps !
Best regards,
Nico Muselle
Sr. Network Engineer - CCNA -
Routing Issue with 3550 Switch
I am having an issue with routing with one of my Cisco 3550 switches. I know the 3550s are EoL but some of us have to work with what we have.
I am using a 3550 on either side of a Layer 2 link. The Layer 2 link is 2 Extreme Summit X-440 switches with Microwave between the switches. I have a VLAN configured on both switches and tagged on the ports connected to the Microwave. The 3550 switch on each end is configured for IP routing but I cannot pass traffic between the switches. If I unplug the switch on the local end and plug in a laptop, I can ping the switch on the remote end and access devices at the remote end.
I know this should work because I am doing the same thing over another Microwave link and Layer 2 link using another 3550 and a HP ProCurve at the remote end.
Here are the configs for each 3550:
Local end; Port Fa0/23 goes to the Remote Side. Port Fa0/24 goes to the rest of the network
Current configuration : 5417 bytes
! No configuration change since last restart
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
hostname Brindley3550
enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring 1 Sun Apr 2:00 1 Sun Nov 2:00
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 10
mls qos min-reserve 7 65
mls qos min-reserve 8 26
mls qos
ip subnet-zero
ip routing
ip domain-name morgan911.net
ip name-server 1.2.150.11
ip name-server 1.2.150.5
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 18
switchport mode dynamic desirable
spanning-tree portfast
{Removed for Brevity}
|
interface FastEthernet0/7
switchport access vlan 13
switchport mode dynamic desirable
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 13
switchport mode dynamic desirable
spanning-tree portfast
{Removed for Brevity}
interface FastEthernet0/23
description To Gum Springs via Extreme P10
no switchport
ip address 1.2.147.1 255.255.255.252
speed 100
duplex full
interface FastEthernet0/24
description To Flint via Ceragon Eth 2
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
mls qos trust cos
auto qos voip trust
wrr-queue bandwidth 20 1 80 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
spanning-tree link-type point-to-point
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport access vlan 10
switchport trunk native vlan 50
switchport mode dynamic desirable
spanning-tree portfast trunk
interface Vlan1
ip address 1.2.145.2 255.255.255.0
ip default-gateway 1.2.145.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.145.1
ip route 1.2.165.0 255.255.255.240 1.2.147.2
ip route 1.2.166.0 255.255.255.240 1.2.147.2
ip http server
snmp-server community public RO
snmp-server community public/RO RO
snmp-server location Brindlee Mountain Tower Site
snmp-server contact Jamey Wright
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps mac-notification
snmp-server enable traps vlan-membership
snmp-server host 1.2.150.100 public tty envmon syslog snmp
control-plane
ntp clock-period 17180143
ntp server 1.2.150.21
end
And this is the config for the remote end. Port Fa0/24 is the port for the link back to the local end.
Current configuration : 5058 bytes
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
hostname GS3550
enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring
mls qos map cos-dscp 0 8 16 24 32 46 46 56
udld aggressive
ip subnet-zero
ip routing
ip domain-name morgan911.net
ip name-server 1.2.150.11
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 21
switchport mode dynamic desirable
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 21
switchport mode dynamic desirable
power inline delay shutdown 20 initial 300
spanning-tree portfast
{Removed for Brevity}
interface FastEthernet0/23
switchport access vlan 22
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
interface FastEthernet0/24
description To Brindlee via Extreme P10
switchport mode dynamic desirable
(Is a member of VLAN 1)
speed 100
spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport mode dynamic desirable
spanning-tree portfast
interface Vlan1
ip address 1.2.147.2 255.255.255.252
interface Vlan21
ip address 1.2.165.1 255.255.255.240
ip helper-address 1.2.150.11
ip helper-address 1.2.150.5
interface Vlan22
ip address 1.2.166.1 255.255.255.240
ip helper-address 1.2.150.5
ip helper-address 1.2.150.11
ip default-gateway 1.2.147.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.147.1 10
ip http server
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps mac-notification
snmp-server enable traps vlan-membership
snmp-server host 1.2.150.100 public envmon syslog snmp
control-plane
ntp clock-period 17180192
ntp server 1.2.150.21 key 0 prefer
Ideas? Anything stand out as grossly wrong? I have worked on this for 2 days and am at a loss.
Thanks
JameySorry for the delay in replying. Other items at the office took priority over this project. I tried that and no change. I pulled the switch from the remote site and took it back to the local end and connected the switches with a crossover cable and everything works fine. I have pretty much determined that it is an issue with the config in one of the Extreme switches. The config in those look pretty normal but there are a few things I am unsure of. Guess I'll see if there is a similar site for Extreme gear.
Thanks
Jamey -
Branch office setup with L3 switch and router with IOS security
Hello,
I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
Any input would be appreciated.
Thanks,
AustinThanks for the input.
1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3.
3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid. -
Who is anybody using a WISM with FWSM on a CAT 6500 Switch?
Hi
Who is anybody using a WISM with FWSM on CAT 6500 switch ?
Are there any problem,if use?
And How can I set them to connecting each other ?
I have founded a document relate it on the cisco website that name is Integrating Cisco WiSM and Firewall Service Module.
I have a question concern it.
Why do I have make a VRF to communication each other ?
Please let me know.As far as the FWSM is concerned you can have each of the wireless vlans come in to the same context of the FWSM and then just add those vlans to the FWSM as separate vlans.
-
Need a new wireless router with switching
I would like to purchase a new wireless router with 4 port switch. I have an Intel iMac with 2 pc's and have spent hours trying to configure my existing Linksys router to work properly and need to make a change. I have not been able to use iChat with Powerbook users and have had other problems as well and have given up...
The recommended router list on the iChat website does not specifically mention wireless routers with 4 port switching...
Does anyone have any suggestions for a router which is easy to use and configure?
Thanks,
cjHi Herpestes,
If you mean which method of opening the ports should you use for those computers it will be the UPnP setting found in the Adminstarion tab
Log on to the Linksys by typing 192.168.1.1 into a web browser
Type admin as User ID and Password.
Go to Administration
Enable UPnP
10:10 PM Wednesday; June 28, 2006 -
Dear All,
Please help me about it ...
The same network I have designed and working fine on the RIPV2 but I want it on the OSPF but it works on the packet tracer but not on the GNS3. In this diagram there are multiple areas and there are three ABRs connected to the backbone area. The others interfaces are in the area1, area2 and area3 respectfully and in that side I need the intervlan routing.
Is it possible in the ospf the same like in the diagram ?
What type of OSPF (Point to Point or Point to Multipoint ) will be required as the R1 is the backbone router further connected with the Internet on the BGP. ?
Please sir, advise me about it.
Thanks
Best Regards
Ali KhanHi Jon,
Thank you very much,
1) The link between the ABRs and R1 is the wireless 1.4gig bridge link on the 5Km distand and the interface is configured with IP ospf network point-to-point.
2) On the packet tracer all the neibour displayed with its router-id, even on GNS3 but it does not show the route of other interface like area 1 or area 2.. Means the backbone router do not show the routes of other areas..(area 1 or area 2 and area 3)
3) i have tried alot and i dont think that i missed any route but the backbone area do not show the routes of subnterface (for Vlan, Router on the Stack).
Thanks
Ali -
No 'ip routing' command on switch and yet intervlan routing.
Hi,
In my companies 4500 switch I see there is intervlan routing configured for the 4 Vlans it has but I do not see any 'ip routing' command on it
to enable routing on the switch. Can a switch route even though the command isnt there?Ran the 'show run all' command and it was there. Thought '
sh run | i ip' would display it but didn't.
Thanks for the command.
We just turned enterprise. I keep forgetting that. -
Using another switch or router with TC???
Do you use another ethernet switch or router with an integrated ethernet switch with your TC??? How do you have things setup?
BTW: I'm running out of physical ethernet ports and I need to use Vonage...
RIf you're out of LAN ports then yes, you need a switch. Plug it into your TC and plug other stuff into the switch. Simple.
When buying a switch, remember one of its ports will be occupied by the connection to the TC. For example, if you're using all three TC LAN ports, buying a five port switch results in a net gain of only three ports: one of them is needed for the uplink, and the one you had to unplug from the TC must now be connected to the switch... three remain.
Fortunately they're not expensive. -
Asymmetric routing seen in WAE when using 6500 switch
Hi all,
When we do self diagnostic test for WAE connected to the 6500 switch i get warning as below. Due to this alert there is no major acceleration benfits by the WAAS
Test WARN [tfo]
WARN ASYMMETRIC Asymmetric routing is seen in the device
Action:
Check router's network configuration and WCCP redirection on the router.
usevwa1#
6509 switches has only L2 capability and does not do WCCP redirection. The WCCP re-direction is done by 2821 routers.
Is there any command which needs to be given in 6500 switch to solve the issueHi Dhanasekaran,
unfortunately you have to check the redirection policies and the routing table of the devices and force both the directions to pass through the same WAE.
If you have a topology diagram please send it to me also the configuration of the devices that do WCCP redirection.
Thanks,
Alessandro -
Configuring the Catalyst 6500 Switch for IPS Inline Operation of the IDSM
I understand how to configure the Catalyst 6500 switch so that the monitoring ports are access ports in two separate VLAN's for inline operation.
However, I don't see any documentation that describes how the desired VLAN traffic gets forced through the IPS.
In promiscuous mode, you can use VACL's to copy/capture and forward the desired traffic to the IDSM for analysis. I'm not seeing how to get the desired traffic through the IPS.
Note that the host 6500 is running native IOS 12.2(18)SXE.
Thanks for any assistance.A tranparent firewall is a fairly good comparison.
Let's say you have vlan 10 with 100 PCs and 1 Router for the network.
If you want to apply a transparent firewall on that vlan you can not simply put one interface of the firewall on vlan 10. Nothing would go through the firewall.
Instead you have to create a new vlan, let's say 1010. Now you place one interface of the firewall on vlan 10 and the other on vlan 1010. Still nothing is going through the firewall. So now you move that Router from vlan 10 to vlan 1010. All you do is change the vlan, the IP Address and netmask of the router stay the same.
The transparent firewall bridges vlan 10 and vlan 1010. The PCs on vlan 10 ae still able to communicate to and through the router, but must go through the transparent firewall to do so.
The firewall is transparent because it does not IP Route between 2 vlans, instead the same IP subnet exists on both vlans and the firewall transparently beidges traffic between the 2 vlans.
The transparent firewall can do firewalling between the PCs on vlan 10 and the Router on vlan 1010. But is PC A on vlan 10 talks to PC B on vlan 10, then the transparent firewall does not see and can not block that traffic.
An InLine sensor is very similar to the transparent firewall and will bridge between the 2 vlans. And similarly an InLine sensor is able to InLine monitor traffic between PCs on vlan 10 and the Router on vlan 1010, but will not be able to monitor traffic between 2 PCs on vlan 10.
Now the router on one vlan and the PCs on the other vlan is a typical deployment for inline sensors, but your vlans do not Have to be divided that way. You could choose to place some servers in one vlan, and desktop PCs in the other vlan. You subdivide the vlans in what ever method makes sense for your deployment.
Now for monitoring multiple vlans the same principle still applies. You can't monitor traffic between machines on the same vlan. So for each of the vlans you want to monitor you will need to create a new vlan and split the machines between the 2 vlans.
In your case with Native IOS you are limited to only 1 pair of vlans for InLine monitoring, but your desired deployment would require 20 vlan pairs.
The 5.1 IPS software has now the capability to handle the 20 pairs, but the Native IOS software does not have the capability to send the 40 vlans (20 pairs) to the IDSM-2.
The Native IOS changes are in testing right now, but I have not heard a release date for those changes.
Now Cat OS has already made these changes. So here is a basic breakdown of what you could do in Cat OS and you can use in preparation for a Native IOS deployment when it gets released.
For vlans 10-20, and 300-310 that you want monitored you will need to break each of those vlans in to 2 vlans.
Let's say we make it simple and add 500 to each vlan in order to create the new vlan for each pair.
So you have the following pairs:
10/510, 11/511, 12/512, etc...
300/800, 301/801, 302/802, etc....
You set up the sensor port to trunk all 40 vlans:
set trunk 5/7 10-20,300-310,510-520,800-810
(Then clear all other vlans off that trunk to keep things clean)
In the IDSM-2 configuration create the 20 inline vlan pairs on interface GigabitEthernet0/7
Nw on each of the 20 original vlans move the default router for each vlan from the original vlan to the 500+ vlan.
At this point you should ordinarily be good to go. The IDSM-2 won't be monitoring traffic that stays within each of the original 20 vlans, but Would monitor traffic getting routed in and out of each of the 20 vlans.
Because of a switch bug you may have to have an additional PC moved to the same vlan as the router if the switch/MSFC is being used as the router and you are deploying with an IDSM-2. -
Assigning multiple areas to SVI's created on 6500 Switch
Hey, We are having Cisco 6500 Switch at aggregation layer where all our SVIs are created and we need to advertise them in OSPF for reachability purpose. Now we are using L2 campus model so access layer is not running any routing protocol but we need to segregate our SVIs traffic based on different buildings. We are doing this by assigning unique areas to a group of SVIs while advertising in OSPF. My question is, is this a recommended way ? or we have to advertise all the SVIs in Area 0? because we don't have multiple areas but still we are adding them while advertising at 6500 switch. Thanks.
Having said that, i am still confused whether is it a good approach or we should advertise all our SVIs directly into OSPF Area0.
Using an area per building seems unnecessary because all the L3 routing is done on the aggregation layer so it doesn't really make a lot of sense, at least to me.
I think using one area for all SVIs may be a good idea because then you can simply advertise one summary for the all the SVI subnets into area 0 towards the core.
This is assuming you can summarise all the aggregation IP subnets with one summary address.
Even that may not be necessary as it depends on the rest of your topology.
For example if your core connected multiple buildings as in a campus and each building had a distribution pair of switches connected back to the core then yes it would make sense to use an area per building/site and only advertise a summary to the core.
Up to you really.
Jon -
Best practice for intervlan routing?
are there some best practices for intervlan routing ?
I've been reading allot and I have seen these scenarios
router on a stick
intervlan at core layer
intervlan at distribution layer.
or is intervlan needed at all if the switches will do the routing?
I've done all of the above but I just want to know what's current.The simple answer is it depends because there is no one right solution for everyone.
So there are no specific best practices. For example in a small setup where you may only need a couple of vlans you could use a L2 switch connected to a router or firewall using subinterfaces to route between the vlans.
But that is not a scalable solution. The commonest approach in any network where there are multiple vlans is to use L3 switches to do this. This could be a pair of switches interconnected and using HSRP/GLBP/VRRP for the vlans or it could be stacked switches/VSS etc. You would then dual connect your access layer switches to them.
In terms of core/distro/access layer in general if you have separate switches performing each function you would have the inter vlan routing done on the distribution switches for all the vlans on the access layer switches. The core switches would be used to route between the disribution switches and other devices eg. WAN routers, firewalls, maybe other distribution switch pairs.
Again, generally speaking, you may well not need vlans on the core switches at all ie. you can simply use routed links between the core switches and everything else.
The above is quite a common setup but there are variations eg. -
1) a collapsed core design where the core and distribution switches are the same pair. For a single building with maybe a WAN connection plus internet this is quite a common design because having a completely separate core is usually quite hard to justify in terms of cost etc.
2) a routed access layer. Here the access layer switches are L3 and the vlans are routed at the access layer. In this instance you may not not even need vlans on the distribution switches although again to save cost often servers are deployed onto those switches so you may.
So a lot of it comes down to the size of the network and the budget involved as to which solution you go with.
All of the above is really concerned with non DC environments.
In the DC the traditional core/distro or aggregation/access layer was also used and still is widely deployed but in relatively recent times new designs and technologies are changing the environment which could have a big impact on vlans.
It's mainly to do with network virtualisation, where the vlans are defined and where they are not only routed but where the network services such as firewalling, load balancing etc. are performed.
It's quite a big subject so i didn't want to confuse the general answer by going into it but feel free to ask if you want more details.
Jon
Maybe you are looking for
-
Generating a Price based on 2 Fields. Multipart Arrays?
I'm working on a pricing form for a print company that carries about 50 different papers in 5 different sizes. I would like LiveCycle Designer to populate a drop-down list based on the company's current paper offerings. I would also like for the user
-
If I go in using safe mode the menus work fine. If I don't the time it takes to get the sub-menu is several minutes. I've tried "disabling the add-ons" and "resetting the controls" but that doesn't affect it. It is still slow if I'm out of safe mode.
-
How to create unique constraint in ODI
Hi I have view at source side, I want to store source data to target interface table. For that I need to create UNIQUE constraint at source side to identify the unique records. I have composite primary key example as follow desc Test_V; orderID NUMBE
-
Download Webdynpro ABAP application(component) on desktop
Hi All, How do I download Webdynpro ABAP application(component) on desktop(hard drive) from SAP system? I couldn't find a feature in SAP that I could use to achieve this functionality. Also after downloading the Webdynpro ABAP application(component)
-
Aperture not seeing iPhoto Libraries on external drive when trying to do a REFERENCED import.
I am trying to bring all my iPhoto libraries (one for each year) together into one REFERENCED Aperture library. I have the iPhoto libraries on an external hard drive and want the Aperture Library on my main drive. Whe I go to the Import window I do