cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
5
Replies

3750 VLAN questions

mrocha
Level 1
Level 1

I recently joined a small company that had all user, server and voice traffic in a single VLAN. The subnetting went something like this:

VLAN 1 - 172.16.4.x/22

Since starting, I began a migration to get all user, server and voice traffic segmented to their own VLANs to minimize broadcasts and traffic to devices that don't need it. The switches are 3750's (5 of them in a switch stack configuration). The subnetting is as follows:

User VLAN 128 - 172.16.128.x/23

Voice VLAN 130 - 172.16.130.x/24

Server VLAN 131 - 172.16.131.x/24

I turned on IP routing on the switch stack and made VLAN interfaces for each seperate VLAN along with gateway IP's, DHCP, etc, etc. I am about 1/4 of the way along in the migration. A few things that I am noticing is that:

a) When I do a packet capture, devices that are now on the 172.16.128.x subnet are still seeing broadcast traffic on the 172.16.x.x network outside of the 172.16.128.x subnet.

b) The Layer 3 VLAN interfaces on the 3750's are seeing very minimal traffic.

Any ideas why this is happening?

5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

Michael

The broadcast symptom sounds like there is some device (perhaps several) which are configured with an incorrect mask.

On the second symptom - how much inter vlan traffic do you expect?

HTH

Rick

HTH

Rick

I re-checked the VLAN interfaces and the new VLANs (VLAN 128 and 130) are both configured with the correct subnet masks (/23 and /24 respectivly). All devices that have not been migrated are on the old 172.16.4.x/22 subnet.

As for the VLAN interfaces, since the 130 VLAN is voice and alot of traffic goes from corp to various branch sites, and because VLAN128 is doing alot of communication with the original VLAN (VLAN 1), I expect alot of inter VLAN traffic. But i'm not seeing it expressed on the VLAN interfaces.

Maybe somewhere in the middle there is a dumb access layer switch connected to two (or more) ports in different vlans.

I think the issue may be this. Here is a base configuration for migrated ports:

interface FastEthernetx/x/x

description Port xxxxx

switchport access vlan 128

switchport trunk encapsulation dot1q

switchport trunk native vlan 128

switchport mode trunk

switchport voice vlan 130

load-interval 30

mls qos trust cos

no cdp enable

spanning-tree portfast

spanning-tree bpdufilter enable

Since the phones and PC's are both using the same port (PC -> IP Phone -> Switch) and the port needs to be configured as a trunk, even though the native VLAN is set as 128 and voice is set as 130, since it is a trunk, all VLAN traffic is hitting the port and being transmitted to the device.

After including the command switchport trunk allowed vlan 128,130 to limit the trunk port VLAN's to only 128 and 130, i did a packet capture and it has cut down on that traffic significantly.

Although, the VLAN interface is still not showing traffic on the SVI.

You probably won't see a lot of traffic on the SVI , only traffic that has to be specifically routed by the cpu for one reason or another will hit the svi , most layer 3 traffic is hardware switched and won't hit the SVI .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco