Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2793
Views
0
Helpful
2
Replies

vlan in two different physical locations via 3750's and metro ethernet?

monodactylus
Level 1
Level 1

‎11-23-2009 11:27 PM - edited ‎03-06-2019 08:42 AM

Hello,

I have a couple questions I'm looking for a point towards the right documentation, and some tips for best practices for what I want to accomplish.  First

I've inherited this network, and it's a work in progress.  There is this legacy network 10.10.0.0/16 that exists, this is really the current primary goal.  I need this to exist in two locations that will be connected via metro ethernet.  I'll say in Location A is a cisco 3750 stack running IOS 12.2(46)SE which the partial config below comes from.  In location B there is a single cisco 3750 running IOS 12.2(46)SE that is brand new and has yet to be config'ed.  I'd also like location B to act as a backup to location A.  Right now I'm envisioning using glbp on the two cisco switches.  Let me know if it would be better to use hsrp.  Essentially, I don't need location B to be completely operational except to receive replication data.  Another part of this is as long as I need to extend or stretch the vlan, I'm not sure what the correct terminology is.  I'd like to eliminate vlan1 if possible.  The 10.10.0.0/16 network currently exists in vlan1.  The other networks that are currently in vlan1 will end up following the 10.10.0.0/16 network.  See the current interface, vlan, ospf config below.

interface Port-channel23

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 20,30,40,50

switchport mode trunk

interface GigabitEthernet1/0/2

description Metro Ring LACP

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 20,30,40,50

switchport mode trunk

channel-group 23 mode active

interface GigabitEthernet2/0/2

description Metro Ring LACP

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 20,30,40,50

switchport mode trunk

channel-group 23 mode active

interface Vlan1

ip address 192.168.1.x 255.255.255.240 secondary

ip address 192.168.1.x 255.255.255.240 secondary

ip address 192.168.1.x 255.255.255.240 secondary

ip address 10.90.x.x 255.255.255.0 secondary

ip address 10.90.x.x 255.255.255.0 secondary

ip address 10.10.x.x 255.255.0.0

router ospf 100

router-id 10.10.x.x.

log-adjacency-changes

area 192.168.2.0 stub

area 192.168.3.0 stub

area 192.168.4.0 stub

area 192.168.5.0 stub

network 10.10.0.0 0.0.255.255 area 0.0.0.0

network 10.0.0.0 0.255.255.255 area 0.0.0.0

network 192.168.2.0 0.0.0.255 area 192.168.2.0

network 192.168.3.0 0.0.0.255 area 192.168.3.0

network 192.168.4.0 0.0.0.255 area 192.168.4.0

network 192.168.5.0 0.0.0.255 area 192.168.5.0

default-information originate

default-metric 10

So, right now I'm imagining the best practice would be to move vlan 1 to say vlan 11 and put all the ip's in there.  Set the new vlan up in location B, and enable glbp or hsrp on the interfaces.  I'm also wondering if I can put into place a temporary work around.  Only because of the scheduleing of down time for location A to change the configs on all the non-cisco switches, I can see being pushed back by other groups.  I'm wondering if I can setup the same vlan 11 and throw an ip that falls in the 10.10.0.0/16 range.  We'll say 10.10.10.1/16.  Since that range exists in ospf it should be able to see the rest of the 10.10.0.0/16 network?  I guess now that I think about this.  I'm not even sure if glbp or hsrp can be setup on a vlan interface.  Would I have to do that on the regular gigabit interfaces, and would that force me to put ip addresses onto the actual interfaces?

Thanks,

Will

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-23-2009 11:54 PM

Hello Will,

I think that it would be wise to remove all those secondary ip addresses and put them in separated vlans.

So instead of vlan1 you could deploy vlan11-15

Be also aware that OSPF provides a limited support for secondary IP addresses I have doubts that you can have primary ip address in one area and secondary ip address on a different area. Actually OSPF is able to route secondary IP addresses as follow up of primary ip addresses.

There is an impact on site A and this the biggest problem but it can pay back on the long term:

vlan1 is not recommended for security reasons

having multiple secondary IP addresses is not recommended too.

Also you need to clarify your requirements: if it is enough to have on site B IP subnets in same major network or you want to have vlan propagation on your metro links as appears from bundle configuration.

GLBP can be preferred if:

both sites have their own exit point to core or to internet

multiple clients per vlan exists (that is the vlans are actually client vlans)

this is because GLBP works by providing different answers to ARP requests of clients for VIP IP address

Hope to help

Giuseppe

0 Helpful

Richard Bradfield
Level 6
Level 6

‎11-24-2009 04:00 PM

Do you really require the  same vlans at each site,? We have our Disaster recovery site servers on a different vlan, the main servers can still replicate to them, there is no need for them to be on the same subnet.

Then you can make the metro-ethernet  a layer 3 link, makes everything a lot easier!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card