Quick question here regarding a config I am working on. I am installing a small 3750 stack into a new branch office, replacing 3560's. I have changed the config a fair bit, as I didnt like the old config - example being that previously engineer had configured SVI's but had also configured router-on-a-stick, and was sending vlan 1 traffic up the trunk using the native vlan (no data vlan specfied on the port config)
I am just a little unsure as to the config between the router and switch. Would I need to convert the port to a L3 port, or can I just leave it as a switchport and assign a default gateway on the switch
interface GigabitEthernet1/0/1 description ROUTER LINK speed 100 duplex full ! interface GigabitEthernet1/0/2 description IP PHONES AND DATA switchport access vlan 3 switchport mode access switchport voice vlan 2 duplex full srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos auto qos voip trust no cdp enable spanning-tree portfast
interface Vlan1 no ip address shutdown ! interface Vlan2 description VOICE ip address 10.177.64.5 255.255.248.0 ! interface Vlan3 description DATA ip address 10.177.56.5 255.255.248.0 ! ip default-gateway 10.177.56.1 ip classless
I have obviously omitted a fair bit of the output. Thoughts welcome
From the config below, it looks like you have your voice and data vlans configured on the switch, with L3 SVI's also.
I imagine the previous configuration using the 3560's was to trunk upto the router, woith the router then splitting the vlans and performing the inter-vlan routing?
If it was me, I would keep the same design and configuration as all of my other branch sites to maintain a consistent template - aids support/troubleshooting etc.
If you want to bring layer 3 down from the router to the 3750, I would probably configure the 3750 to router port as Layer 3 also, and use IP routing rather than a Layer 2 IP default-gateway. This would require a new point-to-point subnet however.
Or if you want, maybe you could add the uplink as an access port in vlan 3 (data) and use the default gateway 10.177.56.1 (the router i assume) which should also work.
Remember to advertise the voice network however on the wan router or connectivity may not be there!
Thanks for the quick response. I never really considered using the old setup, as I didnt want a 100Mb connection between my router and switch to limit intervlan traffic. But giving it more thought, with only 2 vlans there wont be any traffic traversing this anyway! I guess if I had a whole bunch more vlans, say servers for instance, then this would make more sense?
The current config is
interface FastEthernet0/1 description switch-router link switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2 switchport mode trunk duplex full speed 100 srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 mls qos trust cos auto qos voip trust no cdp enable
interface Vlan1 description Data ip address 10.177.56.5 255.255.248.0 no ip route-cache ! interface Vlan2 description Voice ip address 10.177.64.5 255.255.248.0 no ip route-cache ! ip default-gateway 10.177.56.1 ip classless
So it does have SVI's configured, which will be the DG of the devices, but why the need for the trunk port?
My current config (new config!) would work ok though? I could use a routed port but I would need to play with the subnets
I guess the only reason you would need a trunk up to the router is if it had a view of the vlans - i.e. wan provider had a sub-interface for each vlan which it would use to advertise each subnet into your wan.
Which is what you want of course!
I can't see why your coinfig wouldn't work - there is more than one way to skin a cat after all! But without a copy of the wan router config we are left to second guess how the provider is doing it.
The only problem I can see (and it is minor) is if you needed to add a new vlan/subnet in the future, e.g. for servers etc. There will be a required change with the provider to create the vlan subinterface on their router and update their routing. If you used a routed link and peered using eighp or something then you would have control over what networeks to add and remove from the wan.
Thanks again. I am not sure what the WAN provider policy is on sharing an AS, albeit a very small one is. Probably a question for another day - though, as you mentioned, this does allow us to add/remove vlans as we please
Even if the router is configured with subinterfaces, I wouldnt necessarily have to use them?? I mean at this moment the phones etc are pointing to the SVI, so why would the subinterfaces even be required?
I would expect phones/pcs to use the 3750 svi as their dfg, but if you think about it we have a trunk configured up to the wan router - this implies that that the wan router also has interfaces in each of the data and voice vlans.
Purely conjecture, but i cant see why else there would be a trunk!
I think the switch may be proxy-arping on the uplink to the router - it would be interesting to see what is happening at l2 and l3 on this link.
My personal preference for this design would be for an L3 point-to-point link from 3750 to router running a dynamic routing protocol - check out the SBA below for wan branch design:
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...