Migrate branch from 16 bit subnet mask

Unanswered Question
Feb 27th, 2009

We have our remote branches set up in a 16 bit mask configuration.

I would like to move this over to 24 bit and isolate everything in seperate VLANs.

We have Cisco VoIP for each branch with Call Manager in the Main site branch.

Currently the switch is configured with all devices in VLAN1

The workstations that have phones are configured with voice vlan 2 and get an IP address from the scope configured on the router:

ip dhcp excluded-address 10.254.12.0 10.244.255.255

ip dhcp excluded-address 10.254.0.0 10.244.12.0

!

ip dhcp pool VOICE-DHCP

network 10.244.0.0 255.255.0.0

default-router 10.254.10.1

Both of these vlans have a subinterface on the router, both are 16 bit.

There is a trunk configured from the router to the switch trunking only these two vlans.

router:

interface FastEthernet0/0.1

description DATA VLAN

encapsulation dot1Q 1 native

ip address 10.10.10.1 255.255.0.0

!

interface FastEthernet0/0.2

description VOICE VLAN

encapsulation dot1Q 2

ip address 10.254.10.1 255.255.0.0

h323-gateway voip bind srcaddr 10.254.10.1

I would like to create vlans on the switch

SVIs and device all devices into different vlans:

servers

workstations

printers

My question is regarding making the routed connection from the SVIs to the router.

I am thinking I can leave the voice config in a 16 bit mask.

But, if I have SVIs created on the 3560 switch, how can I route the vlans up to the router?

Would I create a vlan for the router interface and uplink the switch to the router (I would need routes from the SVI interfaces to the router interface)?

Or would I need to add subinterfaces for each one of the SVIs and trunk them up to the router?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Jon Marshall Fri, 02/27/2009 - 18:58

Richard

If you want to migrate the L3 interfaces for these vlans to the 3560 switch then i would suggest

1) Create the L3 vlan interfaces on the 3560 for both vlans

2) Make the connection between the 3560 and the router a L3 P2P link using a /30 subnet

3) You then either

a) run a routing protocol between the 3560 and the router

OR

b) add routes on the router for the subnets on the switch pointing to the end of the L3 link of the switch and add something like a default-route on the switch pointing to the end of the L3 link on the router.

Jon

wilson_1234_2 Fri, 02/27/2009 - 19:23

Thanks jon.

That is what I was thinking for the data traffic, was what you suggested, but I still have to have the interface for the voice and the router acting as the DHCP server for the phones.

What are your thoughts of doing exactly what you suggested for the data traffic and using the second etherent interface on the router for the voice gateway/DHCP interface?

I would have bothe ethernet interfaces on the router being used and uplinked to the switch (keeping the voice config as it currently is).

I know it would work this way, but it is a sloppy way to accomplish what I want?

Jon Marshall Sun, 03/01/2009 - 04:34

Richard

That would work but you may also want to just migrate the voice vlan onto the 3560 as well and then have an IP helper-address on the 3560 voice vlan pointing to the router end of the L3 link. I can't see why this wouldn't work altho it would need testing.

Is there something particular that you are worried about with the voice vlan other than the DHCP addresses ?

Jon

wilson_1234_2 Sun, 03/01/2009 - 10:15

That is the main thing jon.

I was concerned the phones would not get the ip address from the Voice gateway.

This is why I alsway ask all these creazy questions, I never seem to "see" the things you guys do.

Please check my logic here derived from the questions you have answered:

So you are saying to create a layer three link is the "router" subnet and link all the created vlans up to the router.

Each svi on the switch will point to the router end of the layer three link, including the voice subnet.

But,

Each branch currently has two (sub) interfaces, the data interface and the voice interface.

If I am not using the subinterface any longer, do I create a loopback for the voice interface (that is why I asked about using the seconon etherent interface)?

Also, why did you suggest NOT using the second interface(just curious, and also is why I asked about it in my previous post)?

Jon Marshall Sun, 03/01/2009 - 11:39

Richard

"So you are saying to create a layer three link is the "router" subnet and link all the created vlans up to the router"

Yes so assuming router interface fa0/1 and switchport that router connects into fa0/0

router

int fa0/1

ip address 192.168.5.1 255.255.255.252

switch

int fa0/0

no switchport

ip address 192.168.5.2 255.255.255.252

"Each svi on the switch will point to the router end of the layer three link, including the voice subnet."

Not sure what you mean here. Each SVI will exist on the 3560 switch and then the 3560 needs to know where to route any packets no for a local vlan so you add to the 3560

ip route 0.0.0.0 0.0.0.0 192.168.5.1

The router also needs to know how to get to the vlans on the 3560

router

ip route 192.168.5.2

or instead of static routes you can just run a routing protocol between the router and the 3560 switch.

"If I am not using the subinterface any longer, do I create a loopback for the voice interface (that is why I asked about using the seconon etherent interface)? "

Don't understand this. If you migrate all the L3 interfaces for all your vlans to the 3560 then why do you need a loopback ?

"Also, why did you suggest NOT using the second interface"

You can if you want. In fact a phased migration might be to leave the voice vlan as it for the moment and use the L3 routed link for all your data vlans. Make sure that is all working and then look to migrate the voice vlan over later.

Or you can just leave the voice vlan on the 2nd interface. The reason i suggested moving them all to the 3560 was for consistency. And the voice part would need to tested to ensure you are still getting an IP address from the router.

Your concern about getting the IP addresses from the router is a valid one. It should work fine but then that's why things needs testing. Another option would be to simply migrate the DHCP scope to the 3560.

There is nothing wrong with using both interfaces if it works and it is properly documented. What you are proposing will work so you should have more faith in your abilities because i know from previous posting you have a very good grasp of these things.

And always bear in mind that we are not always right. I think it's fair to say we all make mistakes and some of the advice i have given on these forums has been somewhat "dodgy" :-)

Jon

wilson_1234_2 Sun, 03/01/2009 - 12:05

No way jon, you are always an excellent source and eager to help.

I know when you help me, it is ALWAYS great assistance.

Usually, I have ideas of ways to do things, but I have had no formal training.

There is always in the back of my mind that I may be missing something.

And, I always like to know pretty much that I understand exactly what I am going to do before I start to amke changes.

Please see below

Me:

"If I am not using the subinterface any longer, do I create a loopback for the voice interface (that is why I asked about using the seconon etherent interface)? "

You:

Don't understand this. If you migrate all the L3 interfaces for all your vlans to the 3560 then why do you need a loopback ?

My follow up:

Currently each branch is set up as follows with the Data router interface and the Voice router interface.

router:

interface FastEthernet0/0.1

description DATA VLAN

encapsulation dot1Q 1 native

ip address 10.10.10.1 255.255.0.0

!

interface FastEthernet0/0.2

description VOICE VLAN

encapsulation dot1Q 2

ip address 10.254.10.1 255.255.0.0

h323-gateway voip bind srcaddr 10.254.10.1

In the scenario you are assisting with, we have created the LAN interface for the router and all SVIs will use that for the default gateway for Data.

But, I still need the voice gateway to stay with the existing Call Manager config and addressing convention for voice.

If I am linking everything on the L3 data interface and I don't use the second ethernet (I have removed the subinterfaces), I am missing the voice gateway.

UPDATE:

I see, you are talking about moving the Voice Gateway over also. Thanks Jon

Jon Marshall Sun, 03/01/2009 - 12:16

Richard

Ahh okay, now we get to a bit i am unclear about not being experienced with voice. So you are saying that

"h323-gateway voip bind srcaddr 10.254.10.1" makes the router interface fa0/0.2 the voice gateway ??

If so and the 3560 cannot use this command then i would implement what we previously discussed for the data vlans and leave the voice vlan as is. This is assuming you have another unused ethernet interface which you say you do.

Apologies for the confusion, VOIP is not a strength of mine. See "dodgy" advice after all :-).

Jon

wilson_1234_2 Sun, 03/01/2009 - 12:20

No problem jon,

I am familiar with our set up, you are not.

I know it is difficult to visualize the layout when going by sketchy descriptions from someone else.

That was one of my concerns, so you think using the second etherent is the way to go then?

Jon Marshall Sun, 03/01/2009 - 12:28

Richard

I think for the voice vlan answer you need a VOIP person to answer that. Certainly there will be no problems with the data side of things being migrated to the 3560 in the way we have discussed.

When i get the time i will have a look at the "h323-gateway voip bind srcaddr 10.254.10.1" command to see exactly what it does but in the meantime i would use the 2nd interface for voice unless someone else can confirm.

Jon

wilson_1234_2 Sun, 03/01/2009 - 12:34

It allows you to attach the h323-gateway service to an ip, any ip of

any interface on the router.

It can be bound to a loopback address.

Actions

This Discussion