Thanks for the reply,

I was thinking more along the lines of how to configure the VLANs and routing on the 3500s (no routing protocol).

For example, do both 3500s need a vlan interface in each of the vlans that will be communicating or no?

I was able to get this patially working.

The trunk from the downstatis 6509 to the 3500s carried all vlans, but I did not create vlan interfaces in all of the vlans needing connection.

For example, one switch was all workstations, I did not create a vlan interface in the workstation vlan on that switch, but made all of the ports members of the workstation vlan and I could communicate with everything as long as the workstation (on the upstairs 3500 port) was pointing to the downstatis 6509 SVI as its default gateway.

The downstairs 6509 was capable of routing across all vlans configured.

Hi Richard,

In this case it is enough for 1 3500 to have vlan interfaces, that is connected to the 7206.

You should just make sure each vlan you have reaches into your 3500 on layer2 trunks.

For a router or a layer3 switch it is not necessary to have a routing protocol to route packets. If the 'ip routing' command is enabled, then it will route packets between its OWN (Connected) vlans right out of the box.

A routing protocol is necessary to learn about subnets located on OTHER routers or layer3 switches.

I think your question is not about the routing between the vlans, rather between the vlans and the branches.

For this, you either need a routing protocol to advertise your subnets or you may configure static routes on the 3500 to point to the 7206.

Without a routing protocol you will also need to configure static routes on the other side (at the branches) to the subnets contained within your vlans here at this side.

I hope this helps you.

Cheers:

Istvan

Thanks for the reply,

In the original scenario:

I have a 3500 trunked to a 6509 carying all vlans.

VTP configured and The 3500 is acting as a client.

I have no vlan interface configured on the 3500 for the workstations, but I put all ports in the workstation vlan.

I am assuming that since VTP is configured and the 3500 now knows about all vlans, I do not need an interface in the workstation vlan on the 3500 in order for the workstations to ping the workstation SVI on the downstairs 6509.

Correct? because this is what was happening.

But, the workstations on the 3500, which did not have a workstation vlan interface on it,

had to have one created and IP Helper configured on the interface before the workstation would get an IP address from the DHCP server in the server vlan.

Even though the 6509 had IP helper configured.

Hi Richard,

Yes that's correct.

But that's very interesting why the workstations needed to create a workstation vlan SVI on the 3500 to be able to get the ip address through the DHCP offer.

If the workstations can reach the 6509 on a layer2 trunk then they should get the DHCP offer without the SVI interface on the 3500 as well.

Strange behavior. I have no idea why it is occurring that way.

Thanks for the information and the ratings.

Istvan

You are wlcome,

This is what was needed on the 3500:

interface Vlan10

ip address 10.10.10.254 255.255.255.0

ip helper-address 10.1.10.2

Wilson:

I dont know if you are happy with the way things are now, but it seems to me that you had to do something pretty weird on the 3500 switch to get the workstations on vlan 10 to obtain an ip address.

If your 3500 switch has vlan 10 configured (Layer 2, not an SVI), and the workstations that use DHCP are connected to switch ports on the 3500 that have been placed in that vlan, and that vlan is being allowed on the trunk ports on both ends (3500 and 6509), and the vlan's SVI is configured on the 6509 -- with a helper address, then there is no reason why you should have to create another SVI for the same vlan on the 3500 to get DHCP to work for those workstations. If you did, somethings not right.

Perhaps it would be easier to help you if you attached all the configs for each device in question.

HTH

Victor

That is what I was thinking.

When you say Layer 2, you are talking only configuring the switchports as members of vlan 10 correct?

That is what I originally had on the 3500:

Trunk to 6509 passing all vlans

Management Vlan SVI only

All ports member of workstation vlan

I could connect to everything with the above config, and ping servers, as long as I manually configured IP Address on workstation using the 6509 SVI as default gateway.

But I could not get a DHCP address from server unless the SVI in workstation subnet was created on the 3500 with IP Helper address of DHCP server.

I will try to get configs tomorrow.

Also, what are your thoughts about "ip routing" being configured on the 3500?

Was it needed?

Richard

If you want the 3550 to act as purely L2 switches then you do not want to enable IP routing on it.

To answer your other question. The 3550 switches should be connected to each other via trunks and there should be a trunk between the 3550 and the 6500.

Vlan 10 needs to exist on all 3 switches and be allowed across the trunk links.

Jon

Thanks jon,

That is the thing, I am not sure if I need layer 3 or just layer 2.

If all ports on one 3550 ar workstations and I need to have the workstations get a DHCP address from another vlan, can the 3550 be a layer 2 or does it need to be layer 3?

The other 3550 trunked to the core replacement 3550 will have several vlans all accessing each other.

This is where I am getting stuck, If I create an SVI on the 3550s, then I make the Default gateway of each device in its respective vlan the SVI on the 3550 correct?

If that is the case, why did not having the SVI on the 3550 allow me to access everything that the 6509 sees but not get a DHCP address?

In that case the 3550 (what I had) was a layer 2, but I could get to everything but get a DHCP address.

"Vlan 10 needs to exist on all 3 switches"

Means SVI with an IP address in vlan 10?

Wilson:

Here is a sample of the configs that you might want to have.

3500 switch

[This will be a Layer 2 switch that does NOT do any inter-vlan routing.

IP routing will NOT be enabled.

The only Layer 3 interface that should be configured is the management interface to support remote access.

The management interface can be placed in the same vlan as the user vlan, although, oftentimes, administrators create separate management vlans.

Since no IP routing will be enabled on the Layer 2 device, you will need to configure the default gateway for this switch so it will know how to return IP traffic being sent to it from the network manager's telnet session.

I will not show it now for simplicity's sake, but since it will be part of a switched access layer design, you should configure RPVST+, with ancillary features, like UDLD aggressive, bpduguard, port fast, etc.]

[configure the vlan in Layer 2]

vlan 10

name user-vlan

[configure typical end-user interface that user PCs will plug into]

interface xxxx

switchport

switchport mode access

switchport access vlan 10

speed auto

duplex auto

no shutdown

[configure dot1q trunk between the 3500 and the 6509. All vlans will be allowed by default]

interface yyyyy

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

speed auto

duplex auto

no shutdown

interface vlan 10

description MANAGEMENT INTERFACE FOR THIS SWITCH

ip address 10.10.20.5 255.255.255.0

no shut

ip default-gateway 10.10.20.2 [SVI INTERFACE ON 6509]

6509 Switch

[IP routing will be configured on the 6509 switch to support inter-vlan routing and enterprise-wide communication]

ip routing

vlan 10

name user_vlan

interface yyyyy

description dot1q trunk between 3500 and 6509

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

speed auto

duplex auto

no shutdown

interface vlan 10

description Layer 3 SVI for vlan 10

ip address 10.10.20.2 255.255.255.0

ip helper-address x.x.x.x

no shut

Remember, this is just a general approach, but I have addressed the major points that you need to think of. I did not address the routing protocol config, but I am sure the 6509 is already configure for that.

HTH

Victor

Wilson:

I edited my post above a bit after you rated it (Im assuming it was you), so Im letting you know so you can read it again and make sure you got it all.

Thanks

Victor

Thanks,I had this for jon, but not sure if he will see it:

That is the thing, I am not sure if I need layer 3 or just layer 2.

If all ports on one 3550 ar workstations and I need to have the workstations get a DHCP address from another vlan, can the 3550 be a layer 2 or does it need to be layer 3?

The other 3550 trunked to the core replacement 3550 will have several vlans all accessing each other.

This is where I am getting stuck, If I create an SVI on the 3550s, then I make the Default gateway of each device in its respective vlan the SVI on the 3550 correct?

If that is the case, why did not having the SVI on the 3550 allow me to access everything that the 6509 sees but not get a DHCP address?

In that case the 3550 (what I had) was a layer 2, but I could get to everything but get a DHCP address.

"Vlan 10 needs to exist on all 3 switches"

Means SVI with an IP address in vlan 10?

Wilson:

That is the thing, I am not sure if I need layer 3 or just layer 2.

If all ports on one 3550 are workstations and I need to have the workstations get a DHCP address from another vlan, can the 3550 be a layer 2 or does it need to be layer 3?

Wilson, I think the problem is that you dont understand how DHCP works and what a vlan is.

A vlan is a Layer 2 braodcast domain. That means all devices that are part of the same vlan will receive the layer 2 broadcast traffic from any sender on that vlan.

When a DHCP-configured client (be it a computer or any other network aware device) connects to a network, the DHCP client sends a layer 2 broadcast query requesting necessary information from a DHCP server. Thats how it announces its presence on the network.

If the DHCP server is sitting on that vlan, just like every other host on the vlan, it will receive the DHCP request packet and respond. BUT,if it is not located on the same vlan, you will need to configure the helper address on the SVI interface for that vlan. The SVI interface will receive the DHCP broadcast (remember, it IS a host on the vlan) and forward it to the helper address. It will act as a proxy between the DHCP client and the DHCP server, which sits on ANOTHER vlan.

So, go back to you inititial questions...

Do you need to configure an L3 SVI on the 3500? No, not at all. The client's DHCP request will be broadcast throughout the vlan to the SVI interface on the 6509, which will forward the DHCP traffic to the DHCP server (the helper address).

All the L2 broadcast traffic will travel up the trunk and into the 6509's vlan domain.

As far as your other 3500, its the same thing. Leave it an L2 switch, configure all the vlans you want, and trunk them all to the 6509. Thats it.

I hope you dont think of this as a schizophrenic dissociation, but just try to think of the vlan members in an L2 switch as prisoners sitting in locked cell blocks in a jail. Can they communicate with each other? No. They are isolated.

BUT, when they all travel on the chow line (a trunk) to the chow hall (the 6509 switch), THEN they can talk to each other. So, all the prisoners in cell block A (vlan 10) and all the prisoners in cell block B (vlan 20) and all the prisoners in cell block C (vlan 30), have to get out of their cells in their layer 2 cell blocks, travel up the chow line to the chow hall (6509), and THEN they can talk to each other and plan a riot.

Get it?

The 6509 will do all the intervlan routing for all the vlans configured on the 3500 switches.

Lastly, a vlan must be configured/activated on ALL switches that are meant to carry its traffic. Either the config is a L2 config or L3 SVI config. I have displayed how to do both.

HTH

Victor