Solved: Re: How would you setup this LAN?

egua5261 · ‎07-12-2010

Hi There,

Looking forward to some assistance. I have the following devices on our LAN,

1 x 24 Cisco 2960G

1 x 24 Cisco 3560

1 x 48 Cisco Cat 6503

4 x 96 Cisco Cat 4500

The Cat 6503 Switch is acting as a core switch, so all the other switches are connected to it via fibre links (port-channel interfaces set in trunking mode); except the 3560 switch, which is only connected to the 2960G switch in trunking mode. The requirement is to have the VLAN environment on the Cisco 2960 and 3560 separated from the VLAN environment in the 4500 switches. But still have Layer 3 connection across some users on both environments.

I was thinking to run two different VTP domains. Will that be possible in the 6500?

I will appreciate can offer some other ideas as well?

Many Thanks,

Esteban

Ganesh Hariharan · ‎07-12-2010

Hi There,

Looking forward to some assistance. I have the following devices on our LAN,

1 x 24 Cisco 2960G

1 x 24 Cisco 3560

1 x 48 Cisco Cat 6503

4 x 96 Cisco Cat 4500

The Cat 6503 Switch is acting as a core switch, so all the other switches are connected to it via fibre links (port-channel interfaces set in trunking mode); except the 3560 switch, which is only connected to the 2960G switch in trunking mode. The requirement is to have the VLAN environment on the Cisco 2960 and 3560 separated from the VLAN environment in the 4500 switches. But still have Layer 3 connection across some users on both environments.

I was thinking to run two different VTP domains. Will that be possible in the 6500?

I will appreciate can offer some other ideas as well?

Many Thanks,

Esteban

Hi Esteban,

A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in one and only one VTP domain.So with the above requirement you can have single domain and remaing in client mode and making routing at 6500 series level with trunk connection from other switches.

If you want restrict some host to access a vlan then you can achive via acl or vacl.

Hope to Help !!

Ganesh.H

View solution in original post

Leo Laohoo · ‎07-12-2010

Configure VTP Domain "B" with VTP mode Transparent.

View solution in original post

altheb_5 · ‎07-14-2010

Ok, first you can’t use to VTP domain Because the trunk will not come up between two different VTP domain
So I will give you configuration for all LAN
,,,,,,,,,,,,,,,,,,,,,,,,,,
6500 SW:
IP Routing
Vtp mode Server
Vtp domain A
Vtp Purning
All links between Core and access switches must configure trunk port
by using under interface switchport mode trunk --- switchpoert trunk encap dot1q
Now cerate all vlan in LAN A and B in this switch
Then give IP address for each Vlan to act as default gateway for all hosts ( if you dont know how to do it tell me ) and if you use DHCP remember the ip helper-address command
in global mode
spanning-tree vlan 1,2,3,.. Priority 1 ( to insure the core switch act as the Root Bridge For STP Domain)
ip route 0.0.0.0 0.0.0.0 (IP address for internet gateway)
,,,,,,,,,,,,,,,,,,,,,,,
All other switches :
vtp mode clint
vtp domain A
All links between Access and Core switches must configure trunk port (also between 2960 and 3560)
by using under interface switchport mode trunk --- switchpoert trunk encap dot1q
in global mode
Spanning-tree portfast defualt
Spanning-tree portfast bpdufilter defualt
,,,,,,,,,,,,,,,,,,,,,,,

This is the configuration
Hope this help you

View solution in original post

Ganesh Hariharan · ‎07-12-2010

Hi There,

Looking forward to some assistance. I have the following devices on our LAN,

1 x 24 Cisco 2960G

1 x 24 Cisco 3560

1 x 48 Cisco Cat 6503

4 x 96 Cisco Cat 4500

The Cat 6503 Switch is acting as a core switch, so all the other switches are connected to it via fibre links (port-channel interfaces set in trunking mode); except the 3560 switch, which is only connected to the 2960G switch in trunking mode. The requirement is to have the VLAN environment on the Cisco 2960 and 3560 separated from the VLAN environment in the 4500 switches. But still have Layer 3 connection across some users on both environments.

I was thinking to run two different VTP domains. Will that be possible in the 6500?

I will appreciate can offer some other ideas as well?

Many Thanks,

Esteban

Hi Esteban,

A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in one and only one VTP domain.So with the above requirement you can have single domain and remaing in client mode and making routing at 6500 series level with trunk connection from other switches.

If you want restrict some host to access a vlan then you can achive via acl or vacl.

Hope to Help !!

Ganesh.H

nqtran1979 · ‎07-12-2010

If you connect all your switches back to the 6500 and use that as the boundary then 1. you will keep the VLANs separated and 2. you will provide the L3 routing between which ever VLAN's you choose.

although this doesn't sound like a very resilient solution ... only having one core switch that is.

As the firs response mentioned ... you don't do multiple VTP domains

altheb_5 · ‎07-12-2010

I don’t understand your point ,,, you need the Vlan in Cisco 2960G and 3560 ,, and other Vlan in Cat 6503 and 4500

did you want Routing between Vlans ? ( all users in each VLAN can ping to others)

please advice with diagram , so i can provide you all configuration you need

egua5261 · ‎07-12-2010

Hi Khaled,

Please see the attached diagram. In a nutshell there are two LANs wich contain a number of VLANs each; they run two different VTP domains. The requirement is to enable the trunking between the 6500 switch and the 2960 G switch as shown in the diagram without causing any issues between the two VTP domains and enable Layer 3 connectivity between VLANs in the two different LANs.

Cheers,

Esteban

Leo Laohoo · ‎07-12-2010

Configure VTP Domain "B" with VTP mode Transparent.

Ganesh Hariharan · ‎07-12-2010

Hi Khaled,

Please see the attached diagram. In a nutshell there are two LANs wich contain a number of VLANs each; they run two different VTP domains. The requirement is to enable the trunking between the 6500 switch and the 2960 G switch as shown in the diagram without causing any issues between the two VTP domains and enable Layer 3 connectivity between VLANs in the two different LANs.

Cheers,

Esteban

Hi Esteban,

Switches that belong to two different VTP domains. For example, there are two switches called Switch1 and Switch2. Switch1 belongs to VTP domain test and Switch2 belongs to VTP domain test1. When you configure trunk between these two switches with the Dynamic Trunk Negotiation (DTP), the trunk negotiation fails and the trunk between the switches does not form, because the DTP sends the VTP domain name in a DTP packet. Because of this, the data traffic does not pass between the switches.

In order to send the traffic between the vtp domain over the trunk is to manually force the trunking instead in order to rely on the DTP. Configure the trunk ports between the switches with the switchport mode trunk command.

Switch1(config)#interface fastethernet 8/7
switch1(config-if)#switchport mode trunk

Switch2(config)#interface fastethernet 3/3
switch2(config-if)#switchport mode trunk

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

altheb_5 · ‎07-12-2010

HI
please advice the internet were is connected
it is connected in 6500 switch ?
and all Vlan in A,B will be apple to access internet

give me the answer and i will give best configuration .

egua5261 · ‎07-13-2010

Hi Khaled,

Internet access is enabled via the 6500 however; there is not need for the vlans on LAN B to access the internet. The equipment in LAN B are used for storage so the only requirement is the communication between the two so that data is tranferred between LAN A to LAN B. Hope this clarifies things.

Esteban

altheb_5 · ‎07-14-2010

Ok, first you can’t use to VTP domain Because the trunk will not come up between two different VTP domain
So I will give you configuration for all LAN
,,,,,,,,,,,,,,,,,,,,,,,,,,
6500 SW:
IP Routing
Vtp mode Server
Vtp domain A
Vtp Purning
All links between Core and access switches must configure trunk port
by using under interface switchport mode trunk --- switchpoert trunk encap dot1q
Now cerate all vlan in LAN A and B in this switch
Then give IP address for each Vlan to act as default gateway for all hosts ( if you dont know how to do it tell me ) and if you use DHCP remember the ip helper-address command
in global mode
spanning-tree vlan 1,2,3,.. Priority 1 ( to insure the core switch act as the Root Bridge For STP Domain)
ip route 0.0.0.0 0.0.0.0 (IP address for internet gateway)
,,,,,,,,,,,,,,,,,,,,,,,
All other switches :
vtp mode clint
vtp domain A
All links between Access and Core switches must configure trunk port (also between 2960 and 3560)
by using under interface switchport mode trunk --- switchpoert trunk encap dot1q
in global mode
Spanning-tree portfast defualt
Spanning-tree portfast bpdufilter defualt
,,,,,,,,,,,,,,,,,,,,,,,

This is the configuration
Hope this help you

egua5261 · ‎07-14-2010

It looks good; the only thing however, i think, will be the impact to LAN B if in any case the 6500 switch loses power for instance, or if it goes down for any other reason. The devices connected in both LANs will lose connectivity. Hence devices in LAN B will not be able to connect to devices within the same LAN as their gateway (VLAN interface in 6500) will be down. My goal is to keep LAN B isolated for this reason.

So in order to achieve this may need to have one VTP domain, domain A. Then set the 6500 as the VTP server, 2960 G and 3560 in VTP transparent mode and all the other switches in client mode. Create an extra VLAN in the 3560 and 2960 switches and assign an IP address to VLAN interface in the 3560 switch to be the gateway for devices in LAN B.

Do you think this will work?

Regards,

Esteban

altheb_5 · ‎07-15-2010

Did you have one 6500 switch , or two?

,,,,,

you want LAN A default gateway 6500 , LAN B default gateway 3560

if the gateway for LAN B go down ? its same issue

VTP it’s for easy mange VLAN only.

,,,,,,,,,,,,,,

you can use to separate Network , if you connect 3560 and 6500 directly you can use L3 Port to connect it

but is the same if 3560 go down or 6500 go down, the users in network cant access users in other network

And remember any tow to device in the same switch or other switch with trunk in same VLAN need to communicate it will done

without L3

egua5261 · ‎07-16-2010

I understand that having extra switches will be a good way to providing redundancy.

Hey can you clarify what do you mean with the below? What do you mean by L3 Port?

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

you can use to separate Network , if you connect 3560 and 6500 directly you can use L3 Port to connect it

but is the same if 3560 go down or 6500 go down, the users in network cant access users in other network

And remember any tow to device in the same switch or other switch with trunk in same VLAN need to communicate it will done

without L3

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Regards,

Esteban

altheb_5 · ‎07-16-2010

If there are two cores you can use VRRP

,,,,,,,,,,,

In L3 Switch there are two kinds of ports

L2 Ports this is default

or L3 Ports = 1. SVI its virtual interface... Example: inter VLAN 1

2. Native Routed interface... To configure it go under any interface and use this command (no switchport)

after this you can assign IP address in this L3 Port . (Same Router Port)

Mohamed Sobair · ‎07-13-2010

Khaled,

Dont change your VTP config as per your requirment.

you should create the vlans belongs to domain A in Domain B and vice verss. and configure trunking between both switches 6500 and 2960.

lets assume the 2960 has vlans 2 and 3 configured repectively. the 6500 has to have vlans 2 and 3 in its vlan database to enable communication.

lets assume the 6500 has vlans 4 , 5 and 6 respectively configured, the 2960 has to have vlans 4 , 5 and 6 in its vlan database to enable communication.

HTH

Mohamed