Thanks ganeshh, for a quick reply. In the document you have provided me, i have notice that we have to create vlan's on the router vlan database as well.

All these days i thought we only create it on L3 switch. Then comes my other question. What vlan should i use to be the native vlan? I want to minimize all unwanted traffics from all the trunk ports, like STP,CDP and so on.

Your native VLAN is by default VLAN 1.  You can change this with the trunk interface command "native vlan x," where x is the vlan you want to be used natively.  You have to remember to set that on all trunk ports connected to other Cisco switches and routers.

You can assign this to be your management VLAN, so that things like STP and CDP are only transmitted through the native VLAN.

See my other post.  You don't need to do your routing with the router in this configuration, and doing so would severly bottleneck your entire network.

Thanks ganeshh, for a quick
reply. In the document you have provided me, i have notice that we have
to create vlan's on the router vlan database as well.
All these
days i thought we only create it on L3 switch. Then comes my other
question. What vlan should i use to be the native vlan? I want to
minimize all unwanted traffics from all the trunk ports, like STP,CDP
and so on.

Hi,

As suggested the best way would be to use 4948 L3 switch for interval routing and drop a default route tiwards the router interface for traffic going out from your network and as far as STP consderation switch runs default PVST for each vlan so that will be taken care by the switch itself.

Check out the below link for configuring the L3 switch for intervlan routing

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

For Management vlan configuration  by default vlan 1 is the management and the native vlan. It also the vlan in which all ports by default are assigned to.Network traffic and user traffic are not really to do with the native vlan as such. The native vlan is there purely for backwards compatability with 802.1d switches that do not understand vlan tagging.If you change the native vlan and shutdown vlan 1 CDP/PagP/VTP will still be sent on vlan 1 - this won't change. STP is slightly different as nowadays you tend to run per-vlan STP.The idea of having a separate management vlan is to ensure that user traffic is not in the same vlan. With a dedicated vlan you can control who can or cannot access that vlan.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Thank you all very much for the information. I have attached a diagram that i have decided to setup now after reading and doing some search of my own.

I have attach the file with configuration i will be using. According to you all, i have decided to do VLAN routing on the cisco 4849 catalyst switch.

I will brife my configuration

On the router i define a IP address in fa0/0 10.10.10.1

On the SW_A(switch), the port thats connected to router I made it an access port and define a IP address fa1/0 10.10.10.2 and then enable IP routing on global configuration mode. Ports that all other switches connected are in trunk mode.I have setup VTP mode,domain,version,password on all the switches so that i dont have to create vlan on all the switches. I also created vlan interface and gave ip addresses ash in the diagram, these will be the gateway address of all the pc that belongs to respective VLANS.

I just want to make sure, is this what only i have to do to make the LAN work.. i mean this will not create any network bottelneck or vlan leak, or any trouble.

What if i have all servers on the Vlan1, i saw on a site cisco recommends not to have any pc or users in vlan1 not even to use vlan1 for management.There are lots of servers.

Also if a PC, lets say that PC is in Vlan 400, and its ip address is 192.168.4.100 and i want to addess an additional ip address to that list, say 192.168.0.1 which isnt in any vlan. will this work? Or we can use only one ip address per vlan?

That looks a bit better, but I think you might have problems with two VTP servers, unless you're doing that for redundancy and SW_B has a lower priority than SW_A. (I don't have STP enabled in my network, so I don't really know how it works all too well)

Either way, VLAN is a Layer2 protocol, which means it's independent of Layer 3 things, so you can technically have multiple IP Address ranges going in a single VLAN.  It's perhaps not the cleanest solution, but it would work.  Your best bet is to define a whole new VLAN per IP Address range, that way you have better control over things, and a better overview.  That being said, on SW_A you can define secondary IP Addresses to a VLAN Interface, so you could, for example, have VLAN 50 with the IP ranges 192.168.50.0/24 and 172.16.0.0/12 or any other different range.  Just use the command "ip address secondary."  Also, be sure to assign all access points to the appropriate VLAN via switchport access vlan xxx.

I think you mean 10.10.10.0/30, which would be a mask of 255.255.255.252, not 242...  Assign 10.10.10.0/30 to a unique VLAN, that way it will be tagged and all your internet traffic will be isolated to just

But this looks a lot better.  Just be sure to assign all switches with interfaces in the management VLAN and unique IP addresses, so you can get to them remotely!

You can set up the VLAN interfaces and verify that they will be routed with the SHOW IP ROUTE command:

------------------------------

SW_A#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

     192.168.0.0/16 is variably subnetted, 4 subnets, 4 masks
C       192.168.1.0/24 is directly connected, Vlan100
C       192.168.2.0/24 is directly connected, Vlan200

C       192.168.3.0/24 is directly connected, Vlan300

C       192.168.4.0/24 is directly connected, Vlan400

------------------------------

You don't need to worry too much about routing protocols and such, just set static routes to let your router know where your 192.168.x.0 networks are, and your default gateway already looks OK on SW_A, so it should be fine.

Thanks alot Michael,

I just want to knw what you mean by SW_B has a lower priority than SW_A and how to configure it. And yes I want SW_B is for redundancy.

Also please help me out how to change default native vlan to management vlan acording to the diagram i have send lately.

Thank you

I haven't really played aroudn much with VTP and STP, but from what I understand, there is some kind of way to assign a priority level in STP.  The default is something like 32768, with lower numbers meaning the device with the lower number has priority.  It helps to set up a kind of Master/Slave relationship, where if the Master isn't available, the Slave takes over or something like that.  Like I said though, I haven't dealt too much with VTP and STP, so please look into that.  It shouldn't be too overly complicated.

In order to create a management VLAN, you only really need to give all your switches interfaces on common VLANs. For example:

SW_A:

int vlan 500

ip address 192.168.200.1 255.255.255.0

SW_B:

int vlan 500

ip address 192.168.200.2 255.255.255.0

Edge Switch1:

int vlan 500

ip address 192.168.200.10 255.255.255.0

Edge Switch2:

int vlan 500

ip address 192.168.200.11 255.255.255.0

and so on...

Those IP addresses will be the addresses you use to access management features on the switches (Telnet, SSH, HTTP, etc..).  The edge switches need to use SW_A as an ip default-gateway, otherwise they won't be able to send packets outside of VLAN 500.

You can leave the default VLAN as VLAN 1.  It won't harm anything, and really doesn't have anything to do with management unless you actually specify an interface for VLAN 1.  When you don't, then the switch will not react at all to packets coming in on VLAN 1. Just don't use VLAN 1 for anything and you'll be fine!

So i create the management vlan 500 as like i created other vlans. But is there anything else i sould do, like should i have to tell the switch that management vlan is 500 not vlan 1. Or do i have to shutdown vlan1. As from what i have read, STP is used in redundancy path, so if my network topology is star then i dont have to worry about STP. Right?

You won't have to worry about STP.  It's enabled by default and will be enabled on all ports unless you turn it off.  Don't worry about turning it off, you really shouldn't do that.  However, for access ports, spanning-tree portfast is definitely a good thing.

Basically, STP is only used if you have multiple, individual links connecting two switches together.  That will basically say "Ok, I have a link to SW_A on this interface, plus I also have another link to SW_A on this other interface.  I'll not use the other interface until something goes wrong with the first interface."  Basically, you'd have to have multiple connections to every single switch from every single switch in your topology in order to effectively use STP.  It just so happens that the "ideal" topology for STP is the one that involves buying as many Cisco switches as possible

Other than that, as long as you don't actually activate interface Vlan 1 and give it an IP address, you'll be fine.  Just creating the management VLAN and assigning interfaces in that VLAN for all switches will be enough (don't forget the Switch(config)#ip default gateway !!!)

Thanks alot guys, will try this out let you know..