I recently joined a small company that had all user, server and voice traffic in a single VLAN. The subnetting went something like this:
VLAN 1 - 172.16.4.x/22
Since starting, I began a migration to get all user, server and voice traffic segmented to their own VLANs to minimize broadcasts and traffic to devices that don't need it. The switches are 3750's (5 of them in a switch stack configuration). The subnetting is as follows:
User VLAN 128 - 172.16.128.x/23
Voice VLAN 130 - 172.16.130.x/24
Server VLAN 131 - 172.16.131.x/24
I turned on IP routing on the switch stack and made VLAN interfaces for each seperate VLAN along with gateway IP's, DHCP, etc, etc. I am about 1/4 of the way along in the migration. A few things that I am noticing is that:
a) When I do a packet capture, devices that are now on the 172.16.128.x subnet are still seeing broadcast traffic on the 172.16.x.x network outside of the 172.16.128.x subnet.
b) The Layer 3 VLAN interfaces on the 3750's are seeing very minimal traffic.
I re-checked the VLAN interfaces and the new VLANs (VLAN 128 and 130) are both configured with the correct subnet masks (/23 and /24 respectivly). All devices that have not been migrated are on the old 172.16.4.x/22 subnet.
As for the VLAN interfaces, since the 130 VLAN is voice and alot of traffic goes from corp to various branch sites, and because VLAN128 is doing alot of communication with the original VLAN (VLAN 1), I expect alot of inter VLAN traffic. But i'm not seeing it expressed on the VLAN interfaces.
I think the issue may be this. Here is a base configuration for migrated ports:
description Port xxxxx
switchport access vlan 128
switchport trunk encapsulation dot1q
switchport trunk native vlan 128
switchport mode trunk
switchport voice vlan 130
mls qos trust cos
no cdp enable
spanning-tree bpdufilter enable
Since the phones and PC's are both using the same port (PC -> IP Phone -> Switch) and the port needs to be configured as a trunk, even though the native VLAN is set as 128 and voice is set as 130, since it is a trunk, all VLAN traffic is hitting the port and being transmitted to the device.
After including the command switchport trunk allowed vlan 128,130 to limit the trunk port VLAN's to only 128 and 130, i did a packet capture and it has cut down on that traffic significantly.
Although, the VLAN interface is still not showing traffic on the SVI.
You probably won't see a lot of traffic on the SVI , only traffic that has to be specifically routed by the cpu for one reason or another will hit the svi , most layer 3 traffic is hardware switched and won't hit the SVI .
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...