04-18-2010 09:20 AM - edited 03-04-2019 08:12 AM
Unfortunately, I'm not in a position where I can configure and test because I don't have a test environment. So I have to get as much right as possible so that the router is plug and play.
Here's what I have to work with:
Here's what I need to do:
If I am correct, the imbedded GE ports aren't needed as they aren't vlan capable and I can do what I need to do with just the Etherswitch module. Here's my config so far:
vlan database
vlan 1
vlan 360
vlan 560
!--default LAN
int vlan 1
description OPS_LAN
ip address 172.89.49.2 255.255.255.0
int vlan 360
description MPLS_WAN
ip address 192.168.1.2
!--insert voice qos policy here
!--Trunk port out to ISP router
int fa0/0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport access vlan 360, 560
!--This is the public Internet to the Sonicwall device
int fa0/0/1
description TO_FIREWALL_UNTRUSTED
no shutdown
switchport access vlan 560
!--This is trusted MPLS_WAN traffic to our LAN
int fa0/0/2
description TO_LAN
no shutdow
!--Lets assume all my routes are correct
ip route 0.0.0.0 0.0.0.0 <sonicwall ip address>
.
.
.
!--End routing
I don't manage either the LAN switch or the Sonicwall. The Sonicwall is managed by a 3rd party, but I'll assume that the configuration can stay the same. The Dell switch I assume is an unmanaged "dumb" switch so nothing needs to be done on that end. Does this look okay?
04-18-2010 09:34 AM
Hello Frank,
when you configure an SVI you need also a no shut to enable it
int vlan 360
no shut
int vlan 560
no shut
and so on
the rest of configuration looks like correct if the HWIC can be configured in router mode, from router CLI I mean.
(some of these etherswitch modules have their own configuration environment and are derived from C3560)
For the routing you may need additional static routes to describe networks that are reachable over the internet link.
Edit:
checked ios configuration guide your template is fine for HWIC4E
Hope to help
Giuseppe
04-18-2010 11:42 AM
Guis, thanks for the reply. I have all the routes that I need to the Internet gateway on the provider side. It's a crap-ton of routes, that's why I omitted them. The big concern I had is the communication between the hwic switch, the Sonicwall and the unmanaged L2 switch.
04-19-2010 08:29 AM
Here's the completed config:
vlan database
vlan 1
vlan 360
vlan 560
int vlan 1
description OPS_LAN
ip address 172.87.49.2 255.255.255.0
no shut
int vlan 360
description MPLS_WAN
ip address 192.168.1.2
service-policy output voiceqos
no shut
!--Trunk port out to ISP router
int fa0/0/0
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
!--This is the public Internet to the Sonicwall device
int fa0/0/1
description TO_FIREWALL_UNTRuSTED
no shutdown
switchport access vlan 560
!--This is trusted MPLS_WAN traffic to our LAN
int fa0/0/2
description TO_LAN
no shutdown
The only thing I'm not sure about is how vlan 560 will behave. It's defined on the ISP router on the other end of the trunk. Hopefully our router knows to send the outbound ecapsulated traffic to the trunk port.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: