Campus LAN with 2500 ports - Configuration issues

Unanswered Question
Apr 6th, 2008
User Badges:

Hi to All.


My name is Alex, an I am sort of a Cisco newbie...


This is the situation I am facing: a campus lan of around 2500 ports, distributed in 8 separate buildings.


The network infrastructure is as follows:

1. Core:

a. Cisco 2821 Adv Sec Bundle Router

b. Cisco 3750G switch (3 units stacked together)


2. Distribution

a. Cisco 3560G switch


3. Access

a. Lot's of Cisco 2960 switches


All the access level switches are connected to the distribution switch via gigabit ether channels (2 x 1GB link). All the distribution switches are connected to the core using fiber-optics ether channel (2 x 1GB FO link). The router is connected to the main switch.


Please give me any ideas about how to configure these machines in order to achieve:

- A different V-Lan for each building, with a different class of IP addresses (i am now using 10.x.0.0/255.255.252.0 where x is the building number)

- DHCP server on each of the 3560G switches

- All the traffic from one building to another be routed using only switches

- All the Internet traffic be routed using the 2821 core router


Sorry about my bad english and if my problems are too simple for you.


Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Istvan_Rabai Sun, 04/06/2008 - 05:05
User Badges:
  • Gold, 750 points or more

Hi Alex,


First, your English is not bad at all. There are people posting problems with much worse English, giving us a conundrum to figure out their intentions. The problem is not too simple, either.


First, I would suggest starting with the layer 3 design of your network:


1.

You would decide to configure the 3560G switches as layer3 switches as well. This way the traffic between vlans on the same 3560G switch would not have to travel across the core 3750G switches.

( I assume the 3560G switches are not cross-connected with each other, are they? If they are, please provide the topology of your network to more clearly see the whole picture)



2.

Then you would design the ip addressing scheme of the network:


For example, you could choose 10.0.1.0/24 address space for the transit network connections between the layer3 switches and between the layer3 switches and the router.


a. Between the 3750G and the 2821 router the subnet could be: 10.0.1.0 /30


b. Between the 3750G switch and the 3560G switches the subnets could be:

10.0.1.4/30; 10.0.1.8/30; 10.0.1.12/30 .... and so on, depending on the number of 3560G switches.


c. The subnets for the vlans could be as you suggested:

Vlan 1: 10.1.0.0/22

Vlan 2: 10.2.0.0/22

Vlan 3: 10.3.0.0/22

.

.

etc.


Routing protocol:

I would use OSPF for routing, as you will be able to configure different areas and a backbone for address summarization. In addition, OSPF is a standards based protocol.


On router 2821 you will need to configure NAT address translation and a default route pointing to the ISP.


Knowing this, we can start configuring the layer2 2960 switches first:

Example for vlan 2 follows:


conf t

vlan 2

exit

interface range fa1/1 - 48

switchport access vlan 2

switchport mode access


interface range gig1/1 - 2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2

switchport mode dynamic desirable

channel-protocol pagp

channel-group 2 mode desirable nonsilent



The respective configuration on the 3560G switch is as follows:


vlan 2

exit

interface vlan 2

ip address 10.2.0.1 255.255.252.0


interface range gig1/3 - 4

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2

switchport mode dynamic desirable

channel-protocol pagp

channel-group 2 mode desirable nonsilent


You can configure all the 2960 and all the 3560G switches for all the vlans like this.


You can check if your config so far is working by pinging the hosts on the same vlans and hosts on the other vlans on the same 3560G switches.


If this config is working, then we can continue configuring routing between the layer3 switches.

Please send an email when you're ready to go on.


If you encounter any problem in configuring, please post the problem and I will try help to you.


Cheers:

Istvan

alex.grigorescu... Sun, 04/06/2008 - 06:07
User Badges:

Thanks.


You gave me a lot of information that I have to process right now.


I will post later in the evening all the developments I have made.

I will also include information (I hope pictures too :) ) about the current network topology.


Thanks again for the detailed info.

Joseph W. Doherty Sun, 04/06/2008 - 11:38
User Badges:
  • Super Bronze, 10000 points or more

Some suggestions:


When using Etherchannel between your 3750G stack and other devices, try to have links connected to different individual 3750Gs (to avoid single point of failures).


It's also possible to configure the two 2821 ports in a cross stack Etherchannel with the 3750G stack.


Use HSRP for gateways within the 3750G stack; this avoids gateway MAC change if master fails.


If you are going to only have one subnet/VLAN per building, there's no real advantage to route in the building assuming the distribution is only connected to the 3750G stack.


It is a good idea to be able to reserve one address block for each building (which you may already have done).


If there are over a hundred hosts in a building, probably worthwhile placing them into separate subnets (this would also be a reason to use the building's 3560G as a router). All the building subnets should be within the building's address block.


When using Etherchannel between routers, insure the channel hash algorithm isn't using just MACs.


Suggest using a routing protocol between routers. What's available on the 3650/3750 is dependent on the feature set. If only base level, you're topology is small enough RIP should be alright.


Have the 2821 router advertise a default route to your network. Have its default route go to the Internet.


You might look into using VTP to manage VLANs within a building.


PS:

If possible, you might consider replacing your distribution 3560Gs with dual stacks of 3750Gs. This too so your Etherchannels (connections across stack members) from the access 2960s to distribution avoid a single point of failure for the building.

Actions

This Discussion