Cisco 3560 and 2960 interconnection

roshanverg · ‎07-13-2010

Hello

i have two 2960 switches with 48 10/100 mbps and 2 uplinks. 3560 L3 swich with 48 10/100 mbps ports and 4 uplinks. i want to connect two partitions of a ibm servers to 3560 uplinks, create two vlans.

LAN pc's connect to 2960 switch and two 2960 switches should connect to 3560 swicth.

how can i do this? also the two connections from Server should be on two VLANS.

Thank you

altheb_5 · ‎07-13-2010

Hi
I need some answers to provide you best configuration
Q1/ L2 switches connect to L3 switch with one link ?(meen each 2960 have one cable to 3560)
Q2/ IBM Server must have two connection with different VLAN ? (or can use one vlan)
Q3/ For Users in LAN, did you want create Vlan for them and should be different IBM Server Vlan ?

roshanverg · ‎07-13-2010

Q1 YES each 2960 has one cable

connect to 3560 total two cables

Q2 YES IBM server has two seperate logical partions (LPAR) which should connect to 3560 . two partitons should belong to two seperate VLANS

Q3 The actual goal of creating VLANS here is as follows. .

a set of pc users should access one server partition only. other users should access the other server partion only. also one user should access both partitions. also there should be required access between two partitons .

Thanx

altheb_5 · ‎07-13-2010

Example: SwA2960 Port F0/1 connect to 3560

SwB2960 Port F0/2 connect to 3560

Sw3560 Port F0/1 connect to SwA

Sw3560 Port F0/2 connect to SwB

Sw3560 Port F0/3 connect to IBM Server Network 1

Sw3560 Port F0/4 connect to IBM Server Network 2

Configuration:

SwA2960 :

vtp mode Clinet

vtp domain (name)

inter f0/1

sw mode trunk

sw trunk encap dot1q

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

SwB2960 :

vtp mode Clinet

vtp domain (name)

inter f0/1

sw mode trunk

sw trunk encap dot1q

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Sw3560 :

vtp mode Server

vtp domain ( name )

in global mode , inter (ip routing) ,,inter vlan 2 then exit

inter Vlan 1

ip address 192.168.1.1 255.255.255.0

ip helper-address ( DHCP ip Address)

inter Vlan 2

ip address 192.168.2.1 255.255.255.0

ip helper-address ( DHCP ip Address)

inter f0/1

sw mode trunk

sw trunk encap dot1q

inter f0/2

sw mode trunk

sw trunk encap dot1q

inter f0/3

sw access vlan 1

inter f0/4

sw access vlan 2

ip route 0.0.0.0 0.0.0.0 (Getway IP, Router IP, Fierwall IP ...) its for internet

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Know for user’s access port to any vlan you want

All users can communicate with other users

Use Extended ACL to deny users vlan 2 to access IBM Network in Vlan 3

Use Extended ACL to deny users vlan 3 to access IBM Network in Vlan 2

Remember default gateway for all users an servers same IP that use it in 3560 Sw (vlan 2 = 192.168.1.1 , vlan 3 = 192.168.2.1)

roshanverg · ‎07-14-2010

two IBM server partitions should connect to 3560 via Gbit ports. not through ethernet ports. what changes needs to be done ?

also is it possible to connect 2960 via gbit ports to 3560 as well?

Thanx

altheb_5 · ‎07-14-2010

Hi
Its example only, you can use Giga Port to IBM and no additional configuration need to do it
same in the example
about 2960 switch there is two ports Giga you can connect it to 3560
and you can connect Fast to Giga ports but make sure speed and duplex is set to Auto (to negotiate)
so if you connect Fast to Giga it will be Fast = 100 M ,, Giga = 100 M after negotiated

That’s it

roshanverg · ‎07-15-2010

is it possible to restrict pc users vlan access by trunk using " swichport trunk allowed vlan " command

Eg. vlan 1 access only to trunk between SWA and 3560 ( so that SWA users can only access vlan1)

in this case how the intervlan routing done?

is it required to use access list in this case