I have a core switch connecting to two distribution switch(DS-A & DS-B) and each distribution switch connect with two access switch. The two access(AS-A & AS-B) switches which are connected with DS-A are on vlan 10 & vlan 20 respectively. And other two switches(AS-C & AS-D) which are connecting with DS-B are on vlan 30 & vlan 40. And all vlans are configured on core switch.
Now my question is if i configure port connecting b/w DS-A to core as trunk and only allow vlan 10 & vlan 20 and trunk port b/w core to DS-B allowing only vlan 30 & vlan 40 then in this case, would machine on vlan 10 will be able to communicate with machine in vlan 40.
Note - All vlans are configured on core switch and we are advertising their vlan IPs in routing protocol OSPF.
On core trunk port connecting to distribution switch(DS-A) we will also allow vlan 10&20 with encapsulation dot1Q, same would be for trunk port connecting to DS-B allowing only vlan 30&40 with same encapsulation.
So my question is what is purpose of allowing here specific vlan on trunk port if vlans can communicate to each other.
Is this happening due to routing on core which causing one vlan to coomunicate with other vlan even after allowing specific vlan on trunk port.
Also how could i create SVI on access switch which have you stated above.
If the inter vlan routing is done on the core switches it should work but it is not a good design at all.
Each access switch should connect to both distribution switches. The inter vlan routing should be done on the distribution switches. If the distibution switches are not stacked or running VSS then you can run HSRP/GLBP between the distribution switches which should be interconnected with either a L2 or L3 link.
In fact if this is a single building there is no need for a core at all. It does depend on what else is connected to the core switches but in the 3 tier design all inter vlan routing is done on the distribution switches not the core switches.
You also have no redundancy in your network ie. if DS-A fails then AS-A and AS-B have lost connectivity to anything. Same for DS-B with AS-C and AS-C. That is why you should connect each access switch to both distribution switches.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...