I'm upgrading my network from a router on a stick design using 3500xl and 2900xl to a full routed links from build to build using 3560 and 4500. I'm running 6513 with sup720 in the core. The switch upgrades are in the distribution, and currently all vlans span whole network, 18 builds in all. I have 10 vlans total but only need 4 vlans in all builds. Is there a way trunk vlans over routed links. what ios images do i need, and commands to uses.
There is no clean way that I know of to accomplish what you are asking. Anything designed to accomplish this would probably give you more trouble than it is worth.
With what you've stated I think your best choices are:
1- Configure trunking on the links. Manually prune the trunks to allow only the 4 VLANs that need to be everywhere and also create another VLAN specific to that link for routing purposes.
2- If you have enough ports/cable plant, have two connections to each switch. A L3 routed connection and the other a L2 trunk for the 4 VLANs that need to be everywhere. Once again, be sure to manually prune all other VLANs off.
I'm trying to create a cookie cut network, with all builds having the same vlan design and route all traffic back to my core. My guest network is a must have network to a building, if i can keep all that traffic in one vlan, I can trunk to my firewall. What would be the best way to set this up if just used routing to the core and new vlan domain in each build.
So if I understand you correctly, each building will follow the same design, each with its own set of VLANs and networks and with routed L3 connections back to the core. The exception being a single guest VLAN/network that needs to be in one or more buildings and will have it's gateway IP be the firewall interface.
If so then you need to make a decision:
You can give this guest network dedicated L2 access links from each building to the core separate from the L3 connections.
Or you can trunk single connections from each building allowing one VLAN to support the routing, and the other the guest network.
Also - just a thought, if you have available interfaces on the firewall, it may be best to connect this guest to a dedicated interface and create something of a DMZ for this network for better control and to better protect your internal network.
To accomplish what you are asking, I'd say you would have to have a separate router/L3 switch at each the building to provide a gateway for only the guest VLAN and then a separate L3 link back to the core or L3 aggregation device for all guest VLANs and then to the core.
This would allow you to control the routing for the guest VLANs and keep it separate from the rest of your network.
Grant it, there are probably other ways to accomplish this (tunneling, VPNs, etc) but I would try to avoid creating something that in the end becomes a bear to manage and could compromise your network.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...