08-14-2008 01:07 PM - edited 03-06-2019 12:48 AM
I currently have a 1604 routing all traffic from one campus down a pt-pt. Behind the 1604 is 5 3550's. All 3550's are configured with and IP address on VLAN 1. All ports are default configuration. I would like to create a management VLAN and start Inter-VLAN routing using the first 3550 after the 1604 to do the Inter-VLAN routing. I know I need to turn on ip routing on that switch and create the VLAN in layer 2 (vlan 250, name) and in layer 3 (give it IP address). Do I have to turn on ip routing on the other connected switches or just tell them default gateway is the first switch with ip routing enabled and do have to make the switchport connected to the 1604 a routed port or will communication stop until I do make it a routed port. Kind of long winded but it's a live network and I have no lab to try this stuff in. People from another campus access some servers on this network 24 hours a day via terminal services and I don't want to break any communication during the change (if possible). Thanks.
08-14-2008 01:26 PM
Ansrew:
A vlan is a layer 2 construct. So, yes, you will create the management vlan in layer 2 on all switches and then create the L3 interface on each box. That is the interface for which you will assign an IP address so that you can access the device remotely.
You dont need to turn on IP routing on these boxes. The ip default-gateway command will suffice.
But on one of those 3550 boxes, or the 1604, you will want to advertise the management subnet so that you can have remote reachability to the devices that sit in that vlan.
Vlan 1 is the default vlan that all ports are placed in and it is also the native vlan for dot1q trunks. Moreover, it is this vlan that the control plane uses to exchange protocol information for CDP, PaGP, LACP, etc. So, I would recommend having separate data and management vlans in addition to the default vlan 1.
HTH
Victor
08-14-2008 02:04 PM
Just to clarify in my mind - I would do the following on each switch (different IP on each switch)?:
sw1#conf t
sw1(config)#vlan 250
sw1(config-vlan)#name Management-VLAN
sw1(config-vlan)#exit
sw1(config)#interface vlan 250
sw1(config-if)#ip address 192.168.250.1 255.255.255.0
sw1(config-if)#exit
sw1(config)#exit
sw1#wr mem
How do I then "advertise" the management subnet from either the switch or router? I would like to eventually follow your suggestion and have the data not on vlan 1 but I figure I better get myself squared away on how this works before I mess with the current data subnet.
08-14-2008 02:15 PM
Looks good....dont forget to add the ip default-gateway command or enable ip routing and use the ip route 0.0.0.0 0.0.0.0
Take note that this approach assumes that you have L2 adjacency between the switches and the layer 3 device.
08-14-2008 04:00 PM
Can you elaborate a bit on L2 adjacency? Thanks for putting up with these questions.
08-14-2008 04:47 PM
Devices in the same vlan are said to have L2 adjacency.
To make sure devices are in the same vlan, L2 connections (trunks) must exist between them.
So, imagine one 3550 configured for L3 with the SVI vlan interface configured on it. Lets say its the SVI for the management vlan (vlan 250).The other 4 3550s will all have SVIs on vlan 250 configured (as you showed earlier) and the default gateway or ip route command will have the IP address of the L3 SVI as the next hop.
The 4 3550s will be able to reach that L3 3550 and have it as the default gateway if there is a trunk built between them.
S1:
vlan 250
name mgmt_vlan
int vlan 250
ip address 10.10.250.1/24
ip default gateway 10.10.250.5/25
int gi1/0/1
description ***L2 trunk to Default Gateway switch***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
S2:
vlan 250
name mgmt_vlan
int vlan 250
ip address 10.10.250.2/24
ip default gateway 10.10.250.5/25
int gi1/0/1
description ***L2 trunk to Default Gateway switch***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
S3:
vlan 250
name mgmt_vlan
int vlan 250
ip address 10.10.250.3/24
ip default gateway 10.10.250.5/25
int gi1/0/1
description ***L2 trunk to Default Gateway switch***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
...S4...
S5:
vlan 250
name mgmt_vlan
int vlan 250
ip address 10.10.250.5/24
ip default gateway 10.10.250.5/25
int gi1/0/1
description ***L2 trunk to S1***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int gi1/0/2
description ***L2 trunk to S2***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int gi1/0/3
description ***L2 trunk to S3***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int gi1/0/4
description ***L2 trunk to S4***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int gi1/0/5
description ***Routed Connection to 1604 Router***
no switchport
ip address 1.1.1.1/30
router eigrp 100
network 10.10.250.0 0.0.0.255
1604:
int fa0/1
ip address 1.1.1.2/30
Description ***Routed Connection to L3 3550 Switch***
This is one way to do it.
Let someone else on here do a sanity check...
HTH
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide