Adding VLANs and using 10.6.0.0 /16 subnets

Unanswered Question
Nov 2nd, 2009

Hi All,

We have 5 different locations with a centralized network using MPLS cloud.

Site 1 is Data Center with 10.1.1.0/24 network on WAN 172.16.x.x/30

Site 2 London using 10.5.1.0/24 subnet on LAN on WAN 172.16.x.x/30

Site3 Leeds using 10.6.1.0/24 subnet on LAN on WAN 172.16.x.x/30

On site on Fx/x routers interface we are using 10.6.1.0/24 i.e. in Leeds and router then connected to CICO 3750 stack switches using 10.6.1.10 IP and all users then using 10.6.1.x ips for printers, IP phones, PC's Video confercing.. (DHCP configured on DC to assign the IPs) switch then also connected to a pix firewall's interface using 10.6.1.2 ip to access another network. (Picture is attached)

Now we want to create VLANs on all sites and start from Leeds site with a minimum downtime..

On MPLS cloud I want to use for IP route 10.6.0.0/16 and for VLAN we want to use 10.6.1.0/24 for management VLANs so I think in this case I'll not change any thing on router except ip route for OSPF and will not change any IP on firewall. We will first add routes to the router after working hours

Current config for switch IP routes from the router is attached

Then I'll create VLANs like:

VLAN 2 name Data

VLAN3 name IP-Phones-VC

VLAN4 name Printers

And access switch i.e

Int vlan 2

Ip address 10.6.61.1 255.255.255.0

No shut

Ip routing

int fx/x

switchport mode access

switchport access vlan 2

ip routing

Int vlan 3

Ip address 10.6.62.1 255.255.255.0

No shut

Ip routing

Int vlan 2

Ip address 10.6.63.1 255.255.255.0

No shut

Ip routing

int fx/x switchport mode access

switchport access vlan 3

and for other ports one by one

my confusion is, is this the right procedure to do this, ? will all VLANs ping/reach others? What will be the gateway on the switch? Any other specific command am I missing? Goal is to create/configure VLANs without knowing users what happened in the network

Your advise and help will be highly appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 11/02/2009 - 03:32

Hello Sohail,

first of all you have a duplicated ip address issue at Leeds site

32w0d: %IP-4-DUPADDR: Duplicate address 10.6.1.10 on Vlan1, sourced by 0012.0084.a34

that should be addressed.

Second if you introduce multiple Vlans you may need to propagate them to access layer switches that is C2950 in your diagram.

also you plan to use DHCP services you need the appropriate ip helper-address command under each SVI vlan interface.

hope to help

Giuseppe

205000jag Mon, 11/02/2009 - 03:38

Thanks Giuseppe,

is there a way I can find a duplicate IP in the network,

2950 is part of another network we only have 3750 switches connected with cisco router...and i think when we configure VLANs duplicte IP isse will resolved there because we'll use 10.6.1.0 subnet for management only what do you think?

so the config is right on 3750 switches or no? and is there any thing I am missing?

lgijssel Mon, 11/02/2009 - 04:43

Another slight issue with the command script:

ip routing is a global command.

You only need to enter 'ip routing' once on a switch, not per vlan.

regards,

Leo

205000jag Mon, 11/02/2009 - 06:37

Thanks Leo,

I am testing this scenario on a simulator, create all vlans and they are successfully pinging each others but only default vlan users are able to reach across all the sites, new vlans can ping each others with in the switch bcoz of IP routing command but they are not able to reach to the router and the vlan gateway,default gatway on the switch is 10.6.1.1, I configure the switch as per my above post.

on router i add route for 10.6.0.0 and change nothing on the router and on switch create vlans assign ports and port which is connected to router made trunk port.

for example vlan 2 name data

int vlan 2

ip address 10.6.2.1 255.255.255.0

no shut

int f0/2

switchport mode access

switchport access vlan 2

user in this vlan have IP 10.6.2.10 which is able to ping neighbour vlans but unable to ping vlan gateway which is 10.6.2.1 and no able to ping router which is 10.6.1.1???

please advise what I need to do to fix this

Regards

Giuseppe Larosa Mon, 11/02/2009 - 06:53

Hello Sohail,

>> is there a way I can find a duplicate IP in the network,

yes look with

sh mac-address-table address

in your switches

you should be able to find out that device

in your case the MAC is:

0012.0084.a340

001200 OUI is cisco so it is another Cisco box

as noted by Leo

ip routing is a global config command to be given once.

apart from this config of vlans can be considered correct.

single switch ports have to be associated to the correct vlan.

About OSPF:

if you are using OSPF areas you are able to create a 10.6.0.0/16 summary at area border.

if you use single area OSPF this is not possible.

if 2950 is separated it doesn't need all the vlans but if VTP mode is transparent you need to create on it all the needed vlans.

Hope to help

Giuseppe

205000jag Mon, 11/02/2009 - 07:07

Hi Giuseppe,

Thanks again......

Goshhh you really speak pure technical language and truely a senior network engineer, I do understand about 68% what you advise, but I am still trying t figur out whay I am not able to ping VLAN gateways and the router.....

Please advise....

Actions

This Discussion