cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
481
Views
10
Helpful
6
Replies

Simple L3 config question

colinkiely1
Level 1
Level 1

Hi Chaps

Quick question here regarding a config I am working on. I am installing a small 3750 stack into a new branch office, replacing 3560's. I have changed the config a fair bit, as I didnt like the old config - example being that previously engineer had configured SVI's but had also configured router-on-a-stick, and was sending vlan 1 traffic up the trunk using the native vlan (no data vlan specfied on the port config)

I am just a little unsure as to the config between the router and switch. Would I need to convert the port to a L3 port, or can I just leave it as a switchport and assign a default gateway on the switch


Example config

interface GigabitEthernet1/0/1
description ROUTER LINK
speed 100
duplex full
!
interface GigabitEthernet1/0/2
description IP PHONES AND DATA
switchport access vlan 3
switchport mode access
switchport voice vlan 2
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
queue-set 2
mls qos trust cos
auto qos voip trust
no cdp enable
spanning-tree portfast

interface Vlan1
no ip address
shutdown
!
interface Vlan2
description VOICE
ip address 10.177.64.5 255.255.248.0
!        
interface Vlan3
description DATA
ip address 10.177.56.5 255.255.248.0
!
ip default-gateway 10.177.56.1
ip classless

I have obviously omitted a fair bit of the output. Thoughts welcome

6 Replies 6

Hi Colin,

From the config below, it looks like you have your voice and data vlans configured on the switch, with L3 SVI's also.

I imagine the previous configuration using the 3560's was to trunk upto the router, woith the router then splitting the vlans and performing the inter-vlan routing?

If it was me, I would keep the same design and configuration as all of my other branch sites to maintain a consistent template - aids support/troubleshooting etc.

If you want to bring layer 3 down from the router to the 3750, I would probably configure the 3750 to router port as Layer 3 also, and use IP routing rather than a Layer 2 IP default-gateway.  This would require a new point-to-point subnet however.

Or if you want, maybe you could add the uplink as an access port in vlan 3 (data) and use the default gateway 10.177.56.1 (the router i assume) which should also work.

Remember to advertise the voice network however on the wan router or connectivity may not be there!

Regards, Ash.

Ashley


Thanks for the quick response. I never really considered using the old setup, as I didnt want a 100Mb connection between my router and switch to limit intervlan traffic. But giving it more thought, with only 2 vlans there wont be any traffic traversing this anyway! I guess if I had a whole bunch more vlans, say servers for instance, then this would make more sense?

The current config is

interface FastEthernet0/1
description switch-router link
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
switchport mode trunk
duplex full
speed 100
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust cos
auto qos voip trust
no cdp enable

interface Vlan1
description Data
ip address 10.177.56.5 255.255.248.0
no ip route-cache
!
interface Vlan2
description Voice
ip address 10.177.64.5 255.255.248.0
no ip route-cache
!
ip default-gateway 10.177.56.1
ip classless

So it does have SVI's configured, which will be the DG of the devices, but why the need for the trunk port?

My current config (new config!) would work ok though? I could use a routed port but I would need to play with the subnets

Hi Colin,

I guess the only reason you would need a trunk up to the router is if it had a view of the vlans - i.e. wan provider had a sub-interface for each vlan which it would use to advertise each subnet into your wan.

Which is what you want of course!

I can't see why your coinfig wouldn't work - there is more than one way to skin a cat after all!  But without a copy of the wan router config we are left to second guess how the provider is doing it.

The only problem I can see (and it is minor) is if you needed to add a new vlan/subnet in the future, e.g. for servers etc.  There will be a required change with the provider to create the vlan subinterface on their router and update their routing.  If you used a routed link and peered using eighp or something then you would have control over what networeks to add and remove from the wan.

Regards, Ash.

Hi Ashley

Thanks again. I am not sure what the WAN provider policy is on sharing an AS, albeit a very small one is. Probably a question for another day - though, as you mentioned, this does allow us to add/remove vlans as we please

Even if the router is configured with subinterfaces, I wouldnt necessarily have to use them?? I mean at this moment the phones etc are pointing to the SVI, so why would the subinterfaces even be required?

Hi Colin,

I would expect phones/pcs to use the 3750 svi as their dfg, but if you think about it we have a trunk configured up to the wan router - this implies that that the wan router also has interfaces in each of the data and voice vlans.

Purely conjecture, but i cant see why else there would be a trunk!

I think the switch may be proxy-arping on the uplink to the router - it would be interesting to see what is happening at l2 and l3 on this link.

My personal preference for this design would be for an L3 point-to-point link from 3750 to router running a dynamic routing protocol - check out the SBA below for wan branch design:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/SBA_Enterprise_WAN_Configuration_Guide_H2CY10.pdf

Regards, Ash.

Great, thx Ashley. I will have a read. I still dont get why we would need subinterfaces on the router if we are using the SVI's

Thx for all your help. Rated!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco