Subnetting from Flat Network

Unanswered Question
Apr 8th, 2010

I am starting down the path to subnet my network using Vlans and I am new to this setup.  Here is our current config.

We have a 6509e core.  We have a VTP domain setup on the core.  We have a 16 closets that are connected back to the core via fiber.  Everything currently is setup on Vlan1 with a class B 128.1.x.x ip address.  I have the switches connected to the core using 802.1q trunk.

I went out to one my switches (3560) and created a new Vlan, assigned my new IP address (192.168.204.0/24).  After doing this I can see the Vlan on the core.

Couple of questions,

Do I need to IP address the two interfaces that connect the core to the 3560 switch with a /30 ip address so I can route to the new ip address or what do I need to put into place to be able to make this happen?

The other question is as we are moving over to the new ip addresses there is a lot of manual config that has to be done, mainly address and setup printers.  Can I create another Vlan (that will be deleted later) so the 128.1 network will continue to function so I can have more time to move the printers?    

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 04/08/2010 - 07:25

Couple of questions,

Do I need to IP address the two interfaces that connect the core to the 3560 switch with a /30 ip address so I can route to the new ip address or what do I need to put into place to be able to make this happen?

The other question is as we are moving over to the new ip addresses there is a lot of manual config that has to be done, mainly address and setup printers.  Can I create another Vlan (that will be deleted later) so the 128.1 network will continue to function so I can have more time to move the printers?    

Are you routing on the 3560 switches ? If so yes you could use a L3 P2P link back to your 6500s and then advertise the subnet from the 3560 to the 6500s with a dynamic routing protocol such as EIGRP.

However if you are routing from the 3560s then you cannot have a vlan that spans multiple 3560 switches so you would not be able to keep the 128.1 network on all your 3560 switches. If you connected the L3 switches back to the 6500s with L2 trunks and the 6500s did the routing for the vlans on the 3560 switches then you could keep your 128.1 vlan across your network.

Jon

rumseyda1 Thu, 04/08/2010 - 07:34

Thanks for the quick response.

Currently no, I am not routing on the 3560's. The only thing setup on them is the "IP Default-Gateway 128.1.x.x" command. The guy that set all this up just slapped them in with just the basic settings.

Thanks,

Danny R.

Jon Marshall Thu, 04/08/2010 - 07:39

rumseyda1 wrote:

Thanks for the quick response. 

Currently no, I am not routing on the 3560's. The only thing setup on them is the "IP Default-Gateway 128.1.x.x" command.  The guy that set all this up just slapped them in with just the basic settings.

Thanks,

Danny R.

Danny

If you are not proposing to route from the 3560's then you don't want to be creating vlans on the 3560s except for management unless you are using VTP transparent.

If you make the 6500s VTP servers and the 3560s VTP clients then you can create all your vlans on the 6500s and if you use trunk links from the 3560s to the 6500s all the vlans will get propogated to your 3560 switches.

If you do use L2 trunks you don't need to address the point to point fiber connection. All you need is to pick one vlan for management of the switches and create a L3 vlan interface on each 3560 switch for this vlan. Give it an IP address and set the default-gateway on each switch to point to the IP address attached to this vlan interface on your 6500 or the VIP if you are using HSRP.

Edit - if you are proposing to use L3 from the 3560s then none of the above applies.

Jon

rumseyda1 Thu, 04/08/2010 - 07:46

I think this might be where I messed up. I had them both set as server and I setup the Vlan on the 3560. I posted my VTP status from both switches on another post.

Thanks,

Danny R.

Jon Marshall Thu, 04/08/2010 - 08:03

rumseyda1 wrote:

I think this might be where I messed up.  I had them both set as server and I setup the Vlan on the 3560.  I posted my VTP status from both switches on another post.

Thanks,

Danny R.

Danny

Don't worry, it's not a problem.

Basically for each vlan you want to add you need to add it on the 6500 at layer 2 ie.

6500(config)# vlan 10

6500(config-vlan)# name v10

and then create a routed vlan interface for that vlan on the 6500 as well

6500(config)# int vlan 10

6500(config-if)# ip address 192.168.5.1 255.255.255.0

then you can allocate ports on the 3560 into vlan and give each client an IP address from 192.168.5.x/24 and ech client in vlan 10 will have a default-gateway of 192.168.5.1 ie. the L3 IP for vlan 10 on the 6500.

Jon

rumseyda1 Thu, 04/08/2010 - 09:51

Did the changes that we discussed and I is now working. I had to go to my firewall (that is one the 128.1.x.x network) and enter a route for the 192.168.x.x network and I can now see both networks. On last thing, when I disable Vlan 1 I will not be able to get to the switch to manage it (the 3560) Do I need to add it to the 192.168 network?

Thanks,

Danny R.

Jason Fraioli Thu, 04/08/2010 - 07:28

Sounds like you are off to a good start.

"I went out to one my switches (3560) and created a new Vlan, assigned my new IP address (192.168.204.0/24).  After doing this I can see the Vlan on the core"

Be sure you check your VTP configuration.  You may want to have your core switch be the VTP server, not your access switches.  This could cause you a ton of headache later on.

"Do I need to IP address the two interfaces that connect the core to the 3560 switch with a /30 ip address so I can route to the new ip address"

No.  The VLAN will be seen as locally attached on the core switch.  If you issue a "sh ip route", you should see a bunch of lines like this "1.2.3.4/24 is directly connected, Vlan51" and so on.

You will need to create the layer 3 VLAN interface on your core switch which will allow traffic to be routed between subnets (intervlan routing).

"Can I create another Vlan (that will be deleted later) so the 128.1 network will continue to function so I can have more time to move the printers?"

Sure.  Probably the easiest way would be to configure a vlan, and an interface vlan for the 128.1 network on your switch.  You will need to ensure that the 128.1 VLAN is trunked to all of your switches (that need access to the printer VLAN 128.1).

My suggestion is that you get your VTP configuration setup, then the rest should fall into place very nicely.

rumseyda1 Thu, 04/08/2010 - 07:41

"You will need to create the layer 3 VLAN interface which will allow traffic to be routed between subnets (intervlan routing)."

Will this need to be done on the 3560 or 6500?

" My suggestion is that you get your VTP configuration setup, then the rest should fall into place very nicely."

Below is my VTP setup on the two switches. Does this look correct?

Here is my VTP setup currently on the 3560.

VTP Version : 2

Configuration Revision : 8

Maximum VLANs supported locally : 1005

Number of existing VLANs : 9

VTP Operating Mode : Server

VTP Domain Name : BRHS

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xE5 0x19 0x3B 0x0E 0x03 0x31 0x0D 0xAA

Configuration last modified by 128.1.3.28 at 4-7-10 21:29:26

Local updater ID is 128.1.3.28 on interface Vl1 (lowest numbered VLAN interface found)

On the 6500.

VTP Version : 2

Configuration Revision : 8

Maximum VLANs supported locally : 1005

Number of existing VLANs : 9

VTP Operating Mode : Server

VTP Domain Name : BRHS

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Enabled

MD5 digest : 0xE5 0x19 0x3B 0x0E 0x03 0x31 0x0D 0xAA

Configuration last modified by 128.1.3.28 at 4-7-10 21:29:26

Local updater ID is 128.1.3.27 on interface Vl1 (lowest numbered VLAN interface

Thanks,

Danny R.

Jon Marshall Thu, 04/08/2010 - 07:46

Danny

"You will need to create the layer 3 VLAN interface which will allow traffic to be routed between subnets (intervlan routing)."

Will this need to be done on the 3560 or 6500?

Depends on whether you are running L2 or L3 from the 3560 switches - see my previous post.

Assuming L2 then you would do it on the 6500 switches.

As for the VTP, make the 6500 VTP server (which it is) and change the 3560 switches to VTP clients. The connection from each 3560 to the 6500 must be configured as a trunk for VTP to work.

Jon

Actions

This Discussion