Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Inter-VLAN Switching on Cat4506

Hi,

I'm struggling to come up with a workable solution for VLANs within a messy network.

There's currently 3 subnets (effective class Cs), no VLANs, roughly 350 hosts, spread over some low end switches which in turn link to a pair of 4506s (Supervisor II). The 4506s in turn pass traffic through a firewall on it's way to the HSRP virtual router. The firewall is badly placed due to some overbearing security specifications and is currently creating problems due to its session limit. Once the network gets busy, the number of sessions passing through the firewall shoots up and network responses plumit.

I want to implement VLANs and enable Layer3 switching with the result that only extranet/internet bound traffic need hit the firewall - everything else stays on the switch fabric.

Basically I need to enable VLANs, implement Layer 3 switching between them using static routes and then maybe tighten things up a little with ACLs.

My main questions are around configuring Layer3 switching and where to asign IP addresses:

1. Do I need to setup three SVIs (one for each VLAN) or is the SVI purely for switch management, thus only ever requiring one

2. Does the switch route all incoming traffic regardless of whether an IP address is set on that interface?

I'm new to the bigger switches and have been tearing through the BCMSN guide and various Internet sites but can't find a solution.

Thanks

Duncan

3 REPLIES

Re: Inter-VLAN Switching on Cat4506

hi, this should be relitivley simple to configure. Create VLAN interfaces on the 4506's. These are logical interfaces which are assigned IP addresses. If you setup trunks between your low end switches and the 4506's then you can assign access ports to VLANs as required. You will also need to trunk between the 4506's.

To add some redundency into this you could configure hsrp on the VLAN interfaces between the 4506 interfaces.

hope this helps!

Re: Inter-VLAN Switching on Cat4506

You need to configure ip routing on the vlan as follows:

interface Vlan1

description Management vlan

ip address 10.8.1.252 255.255.255.0

no ip redirects

standby ip 10.8.1.254

standby priority 50

standby preempt

From then on, all traffic that originates from vlan1 will be routed by the switch.

The standby config is optional but recommended when you have a dual core.

You can do the same for each vlan that needs to be L3-switched. A trunk link between the two switches is required also to allow data from one switch to the other. Also make sure that your vtp domain is synchronized so that all nodes know about all vlans.

Regards,

Leo

New Member

Re: Inter-VLAN Switching on Cat4506

Thanks guys, I'm working on a design based on your feedback.

183
Views
9
Helpful
3
Replies
CreatePlease to create content