10-21-2009 03:45 AM - edited 03-06-2019 08:13 AM
Intiallay ISP commited to provide link connectivty for over 6 sites on seperate access ports but than they are providing on a single trunk link with different vlan id for each site. I need to terminate it on 3560 (as WAN routing device)that would connect to Core switch 3750 and in turn connect to LAN access swiches.
As per my understanding i cannot make subinterfaces on 3560. I am really confused how to terminate it on 3560 ?
Any suggestion ???
Solved! Go to Solution.
10-21-2009 05:35 AM
As per Joseph's post, make the port a trunk port.
If you want to route the vlans off this 3560 then you don't create subinterfaces you simply create L3 SVI's on the 3560 ie.
int vlan 2
ip address x.x.x.x x.x.x.x
int vlan 3
ip address x.x.x.x x.x.x.x
etc...
If you are routing off the core 3750 switch then no need to create L3 SVIs, just trunk back to the 3750 from the 3560.
Jon
10-21-2009 03:52 AM
Define the 3560's port as a trunk port.
10-21-2009 05:35 AM
As per Joseph's post, make the port a trunk port.
If you want to route the vlans off this 3560 then you don't create subinterfaces you simply create L3 SVI's on the 3560 ie.
int vlan 2
ip address x.x.x.x x.x.x.x
int vlan 3
ip address x.x.x.x x.x.x.x
etc...
If you are routing off the core 3750 switch then no need to create L3 SVIs, just trunk back to the 3750 from the 3560.
Jon
10-21-2009 09:08 AM
Thanks a lot ....that helps a lot.
Yes i do understand that on one side of 3560 i need trunk. For SVI, can u elaborate how routing will work. on remote sites we have routers and we intend to run OSPF on it. Also the provider is throwing internet on same trunk,
Packet goes from HeadOffice to branch
1 -a user on access layer send packet to access switch.
2- Access Switch will send it to core (3750) using default route.
3- Core(3750) running ospf know next hop is 3560 WAN Aggregation Switch.
4- Now on 3560 how routing will send packet to internet and branches???
10-21-2009 09:56 AM
For 3560 (and 3750) SVI OSPF routing, works about the same using routed ports, i.e. you just define the SVI interface IP address to OSPF as you would a routed port IP address.
10-21-2009 11:33 AM
Thanks joseph & Jon
Its Almost clear, Last thing is that i also recall now that i do also have ASA 5510 where i will have to secure servers and prevents attacks from internet.
What if i make sub interfaces on ASA to make it work. By design and security point of view which one seems more logical.
10-21-2009 11:56 AM
I'm unfamilar with ASA, so am unable to comment.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: