vlans issue and multilayer switch

Answered Question
Sep 7th, 2009

Hi,

My company is using catalyst 3650G which we configured to route between vlans. ports 1-12 on the switch are configured to be in vlan 50 which serves as our servers vlan,

port 13-20 are configured to be in vlan 100 in which the 2960 switch connected to (end users are connected here). we have two 2960 swithces and they linked each other via the gigabit uplink port.

port 24 is configured as a routed port and connects to a 2811 router. 2811 router routes to our external branches.

part of the config is shown below:

(config)#ip routing

(config)#vlan 50

(config-vlan)#name server-vlan

(config)#vlan 100

(config-vlan)name HO-Lan

(config)# int vlan 50

(config-if)#ip addr 192.168.x.x 255.255.255.0

(config)#int vlan 100

(config-if)#ip addr 172.20.x.x 255.255.255.0

(config)#int G0/24

(config-if)#no switchport

(config-if)#ip addr 172.30.x.x 255.255.255.0

We are using static routing to route between the vlans and the external networks.

The network is doing quite fine but I am still looking at how to optimize it and make it more scalable.

We are using the default STP and no VTP configured. No trunk links used.

Please give me your idea of how you think i can improve on what i have. thanks

Tom

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 3 months ago

Tom

Yes, there is no problem uplinking each 2960 separately to the 3560 ie. the 2960 switches do not need to be connected together.

If you only have vlan 100 on both 2960 switches then you just need to make sure the uplink ports are in vlan 100 on both the 2960 and the 3560.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jon Marshall Mon, 09/07/2009 - 09:40

Tom

The one thing that really stands out is that your second 2960 switch is connected to the first so if the first 2960 switch fails then you also lose all of the clients on the second 2960 switch.

I would recommend connecting both 2960 switches directly to the 3560 switch. If you lose the 3560 then you lose all internal connectivity anyway but if the first 2960 fails then at least the clients on the second 2960 can still work.

Jon

tomocisco Mon, 09/07/2009 - 10:03

Hi Jon,

Thanks so much.

But can i link each of the 2960 switch to the 3650 swicth via their uplink port of the 2960. what i mean i instead of having the uplink port link the two 2960 together, can i have the uplink port linking to the 3650? (this mean it will connect to vlan 100 as an access port, which is the valn created for our end users and where one of the 2960 is presently linked). is such connection ok?

Thanks.

Tom

Correct Answer
Jon Marshall Mon, 09/07/2009 - 10:17

Tom

Yes, there is no problem uplinking each 2960 separately to the 3560 ie. the 2960 switches do not need to be connected together.

If you only have vlan 100 on both 2960 switches then you just need to make sure the uplink ports are in vlan 100 on both the 2960 and the 3560.

Jon

tomocisco Mon, 09/07/2009 - 23:27

Hi Jon,

Thanks.

I'll implement your suggestion.

But I'm just thinking of something. I did not create vlan 100 on the 2960 switches. I am using the default vlan 1 but i set the ip address of vlan 1 to be in the same subnet as the svi address on the 3650G switch and i made the default gateway of the 2960 switch to be the svi address of the 3650G switch. Is this a good design implementation?

see part of the switch config:

(config)#hostname switch1

(config)#int vlan 1

(config-if)#ip addr 172.20.X.9 255.255.255.0

(config)#ip default-gateway 172.20.x.1 (this is the ip address of the 3650G svi)

Also all the systems connecting to the 2960 have the svi address as default gateway.

The multilayer switch vlan 100 has an ip address of 172.20.x.1

Do you think i should create vlan 100 on the 2960 switch and make all the ports to be in vlan 100. the default gateway of the 2960 will still be the svi address of the 3650 switch and the address of the vlan 100 of the 2960 will be in the same subnet as vlan 100 on the 3650 switch.

Thanks once again for your input.

Tom

Joseph W. Doherty Mon, 09/07/2009 - 10:11

As Jon suggests, if your able to connect the second 2960 directly to the 3560, it should also offer slightly better performance since that 2960's traffic doesn't need to transit the other 2960.

Further, if you can connect each 2960 to the 3560, you might want to define Etherchannels between 2960s and the 3560, to increase bandwidth between them. You might also want to consider placing user ports, on the 3560, and each 2960, in their own VLANs. You might also want to consider enabling dynamic routing between the 3560 and the 2811.

Leo Laohoo Mon, 09/07/2009 - 14:25

How far or what is the physical location of the first and second 2960?

If both are co-located in the same rack, how about connecting both 2960s to each other (less expensive option is to use copper) as well as each 2960 has a direct connection to the 3560. My reason is in case either one of the link of each 2960 to the 3560 goes down, then there's an alternative method in place. Just let spanning-tree do it's job (hopefully).

In my humble opinion ...

Actions

This Discussion