01-09-2008 10:51 AM - edited 03-05-2019 08:22 PM
I recently joined a small company that had all user, server and voice traffic in a single VLAN. The subnetting went something like this:
VLAN 1 - 172.16.4.x/22
Since starting, I began a migration to get all user, server and voice traffic segmented to their own VLANs to minimize broadcasts and traffic to devices that don't need it. The switches are 3750's (5 of them in a switch stack configuration). The subnetting is as follows:
User VLAN 128 - 172.16.128.x/23
Voice VLAN 130 - 172.16.130.x/24
Server VLAN 131 - 172.16.131.x/24
I turned on IP routing on the switch stack and made VLAN interfaces for each seperate VLAN along with gateway IP's, DHCP, etc, etc. I am about 1/4 of the way along in the migration. A few things that I am noticing is that:
a) When I do a packet capture, devices that are now on the 172.16.128.x subnet are still seeing broadcast traffic on the 172.16.x.x network outside of the 172.16.128.x subnet.
b) The Layer 3 VLAN interfaces on the 3750's are seeing very minimal traffic.
Any ideas why this is happening?
01-09-2008 11:47 AM
Michael
The broadcast symptom sounds like there is some device (perhaps several) which are configured with an incorrect mask.
On the second symptom - how much inter vlan traffic do you expect?
HTH
Rick
01-09-2008 01:49 PM
I re-checked the VLAN interfaces and the new VLANs (VLAN 128 and 130) are both configured with the correct subnet masks (/23 and /24 respectivly). All devices that have not been migrated are on the old 172.16.4.x/22 subnet.
As for the VLAN interfaces, since the 130 VLAN is voice and alot of traffic goes from corp to various branch sites, and because VLAN128 is doing alot of communication with the original VLAN (VLAN 1), I expect alot of inter VLAN traffic. But i'm not seeing it expressed on the VLAN interfaces.
01-09-2008 02:38 PM
Maybe somewhere in the middle there is a dumb access layer switch connected to two (or more) ports in different vlans.
01-09-2008 03:24 PM
I think the issue may be this. Here is a base configuration for migrated ports:
interface FastEthernetx/x/x
description Port xxxxx
switchport access vlan 128
switchport trunk encapsulation dot1q
switchport trunk native vlan 128
switchport mode trunk
switchport voice vlan 130
load-interval 30
mls qos trust cos
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
Since the phones and PC's are both using the same port (PC -> IP Phone -> Switch) and the port needs to be configured as a trunk, even though the native VLAN is set as 128 and voice is set as 130, since it is a trunk, all VLAN traffic is hitting the port and being transmitted to the device.
After including the command switchport trunk allowed vlan 128,130 to limit the trunk port VLAN's to only 128 and 130, i did a packet capture and it has cut down on that traffic significantly.
Although, the VLAN interface is still not showing traffic on the SVI.
01-09-2008 06:46 PM
You probably won't see a lot of traffic on the SVI , only traffic that has to be specifically routed by the cpu for one reason or another will hit the svi , most layer 3 traffic is hardware switched and won't hit the SVI .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: