vlans on catalyst 4507 & 4503

Answered Question
Feb 17th, 2007

i have redundant 4507 and 4503 connected by 2 gigabit in the main bulding and 4 other bukding contains 4503 , i want to make vlans "around 8 vlans" for my campus. how can i start making this vlans and which protocol i use.

and how can i use vtp in this design.

all catalyst connected to the main 4507 and 4503 by fiber optic.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 7 months ago

Hi

Could i just clarify what you mean by dynamic and static vlans.

Presumably by dynamic you mean that when a user logs in the mac-address of their machine determines what vlan they are put into.

Whereas static means you assign the port on the switch to the vlan regardless of which machine connects to the port.

It depends on your users. If most of them work from the same desk every day then static vlans are generally a better option. This is what most people tend to go with.

If you have a highly mobile workforce within your buildings and you have to allocate them into the same vlan wherever they are then you need to go with dynamic vlans but there is an administrative overhead with this in that you have to maintain a mac-address to vlan mapping on Vlan Membership Policy Server.

Unless there is a very good reason to go with dynamic i would recommend static.

Hope i have understood correctly.

Oh and here is the link i forgot in the first post.

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_book09186a008011c8a5.html

Many thanks for the rating.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Sun, 02/18/2007 - 05:58

Hi

Assuming that you want your links from your other switches to be Layer 2.

1) You need to make the links between your other switches and your two core switches trunk links.

2) You need to make the 4507 & the 4503 switches vtp servers. You will need to setup a vtp domain name (and optionally a password)

3) Make your other switches are setup as vtp clients using the same vtp domain name. To be absolutely sure you don't mess up the network firstly put your other switches back into VTP transparent mode. Then make them vtp clients.

4) Create your vlans on one of the vtp server switches. You should then see these get propogated to the other switches.

5) Set spanning-tree root for the vlans to be one of your core 4500 switches and spanning-tree secondary to be the other switch.

6) Create Layer 3 SVI's on the 4507 & 4503 and run HSRP between them. ie. if you have created a vlan 10 and the subnet range is 192.168.1.0/24 your SVI config would look like:

4507 switch

interface vlan 10

ip address 192.168.1.2

standby 10 ip 192.168.1.1

standby 10 prio 110

standby 10 auth "add a string here"

standby 10 preempt

4503 switch

interface vlan 10

ip address 192.168.1.3

standby 10 ip 192.168.1.1

standby 10 prio 100

standby 10 auth "add a string here"

Do this for all the vlans. Do a no shut on the interfaces.

6) If all your layer 3 interfaces are on the 4507 & 4503 then you don't need to run a dynamic routing protocol. If you do want to run one i suggest EIGRP as it is easy to configure and fast to converge but as i say you don't really need one in your setup.

I have attached a link to the 4500 config guide for IOS. Your IOS may differ but most of it is pretty much the same.

HTH

Jon

abdo2000a Sun, 02/18/2007 - 06:18

Thank you sir for your reply.

but what the best way to create vlans , dynamic vlan or static vlan in my design, i have around 400 users in my network.

Correct Answer
Jon Marshall Sun, 02/18/2007 - 09:23

Hi

Could i just clarify what you mean by dynamic and static vlans.

Presumably by dynamic you mean that when a user logs in the mac-address of their machine determines what vlan they are put into.

Whereas static means you assign the port on the switch to the vlan regardless of which machine connects to the port.

It depends on your users. If most of them work from the same desk every day then static vlans are generally a better option. This is what most people tend to go with.

If you have a highly mobile workforce within your buildings and you have to allocate them into the same vlan wherever they are then you need to go with dynamic vlans but there is an administrative overhead with this in that you have to maintain a mac-address to vlan mapping on Vlan Membership Policy Server.

Unless there is a very good reason to go with dynamic i would recommend static.

Hope i have understood correctly.

Oh and here is the link i forgot in the first post.

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_book09186a008011c8a5.html

Many thanks for the rating.

Jon

Actions

This Discussion