VLAN , Catalyst 3750G, Layer 3

Unanswered Question
Jun 23rd, 2009

Hello,


i have 4 different ip networks like:

layer 3 switch:

192.168.0.0/26 GW 192.168.0.1

192.168.0.64/26 GW 192.168.0.65

192.168.0.128/26 GW 192.168.0.129


this one is on a layer 2 switch

192.168.0.0/24 GW 192.168.1.1


all the communication should use vlan 2!

on the layer 2 switch

port 1: access vlan 2

port 2: vlan trunk 2


on the layer 3 switch

port 1: ip address 192.168.0.1

port 2: ip address 192.168.0.65

port 3: ip address 192.168.0.129

port 4: vlan trunk 2

vlan 2: ip address 192.168.1.1


is it possible to say all traffic over port 1,2,3 on layer 3 switch should have the vlan2 attached and can so only communication on the layer 2 switch with all other vlan2 ports?


thanks for help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 06/23/2009 - 00:38

Hello Christian,


>> is it possible to say all traffic over port 1,2,3 on layer 3 switch should have the vlan2 attached and can so only communication on the layer 2 switch with all other vlan2 ports?


if ports 1,2,3 are used as L2 ports this is possible with


int fasx/y

switchport

switchport mode access

switchport access vlan 2


if you want to use the ports as routed ports as you write this is not possible and not recommended.


The recommended design rule is:

one to one corrispondence between an IP subnet and a Vlan (a L2 broadcast domain).


in this case you can define 4 L2 objects vlans


conf t

vlan 2

vlan 3

vlan 4

vlan 5


then you create for each a L3 interface


int vlan 2

ip address 192.168.0.1 255.255.255.192

! important

no shut


int vlan 3

ip address 192.168.0.65 255.255.255.192

! important

no shut


and so on


and at the same mode for each then you associate ports 1-3 to vlan 2 as explained above.


Edit:

port 4 in trunk mode has to connect to L2 switch and you are fine



the key is that a multilayer switch can be used also as L2 switch when needed on a per port basis.


Hope to help

Giuseppe




christianrauch Tue, 06/23/2009 - 01:32

okay thanks for information.


But the config on the layer switch is then like:


interface GigabitEthernet1/0/1

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/2

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/3

switchport access vlan 2

switchport mode access

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

!

interface Vlan21

ip address 192.168.0.1 255.255.255.192

!

interface Vlan22

ip address 192.168.1.65 255.255.255.192

!


i tested it:

connect a pc with ip 192.168.1.2 gw 192.168.1.1 and could not reach the router.


but when i say in config:

interface GigabitEthernet1/0/1

switchport access vlan 21

switchport mode access


i can reach the router


hope you understand my issue




Giuseppe Larosa Tue, 06/23/2009 - 03:37

Hello Christian,


interface Vlan22 ip subnet overlaps with vlan2 this config shouldn't be accepted I guess you have just mistyped.


You need to verify that the L2 path in Vlan2 is complete and correct:


check the trunk ports on the L3 switch and L2 switch


use

sh int typex/y switchport


verify that both ports are trunking, using the same encapsulation, and if 802.1Q (dot1q) you need to verify they agree on native vlan (untagged) identity. And both sides of the trunk have to allow vlan2


if you like you can post

sh cdp n

sh int typex/y switchport





Hope to help

Giuseppe


Giuseppe Larosa Tue, 06/23/2009 - 04:37

Hello Christian,

the short answer is no


IPv4 hosts cannot talk to each other in different IP subnet without the help of a router/multilayer


to accomodate multiple ip subnets on the same L2 vlan you need something like:


int vlan2

ip address 192.168.0.1 255.255.255.0

ip address 192.168.1.1 255.255.255.0 secondary


this is not recommended in switched environment

each host has to be connected to a port that is associated to the right vlan (if its address is statically configured)


Hope to help

Giuseppe


Actions

This Discussion