cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
656
Views
18
Helpful
12
Replies

Upgrading Switch Questions

qbakies11
Level 1
Level 1

I currently have 5 Catalyst 3548XL switches as the backbone of my data center. I want to segment my network as was planning on doing it by using a combination of VLANs, VTP on the switches, and using my gateway router as a router-on-a-stick with virtual interfaces for each subnet. Then I decided that what we really need is to upgrade to a Gb LAN which would help alleviate some of the slow transfer times we have, network backups, and all the SQL replication we do.

That caused me to look at new switches and I'm trying to get some questions answered about the 3560 and 3750 switches. Any help is appreciated.

I think that both the 3560 and 3750 are layer three switches, is that correct?

If they are layer three does that eliminate the need of a router to route between VLANs?

I use a Netflow monitor for my routers. Would I be able to monitor the switches using Netflow?

According to the intro video on the Cisco website the 3560 is the stand-alone version of the 3750. Is the main difference between them just the stackwise technology? Is stackwise a VTP replacement?

Do the 3560s still use VTP since they don't have stackwise capability?

How are ACLs implemented on the switches? Are they VLAN based, port based, MAC based?

If I have a flat network (single subnet with no VLANs) could I use an ACL on a specific IP or port and restrict traffic to it?

1 Accepted Solution

Accepted Solutions

Quinton

No need to apologize, i just need to explain it more clearly.

Lets say you have 3 vlans

vlan 10 = 192.168.5.0/24

vlan 11 = 192.168.6.0/24

vlan 12 = 192.168.7.0/24

At the moment you have a router interface fa0/1 connected into your switch. This connection is a trunk link. So you should have something like this on your router

int fa0/1.10

encapsulation dot1q 10

ip address 192.168.5.1 255.255.255.0

int fa0/1.11

encapsulation dot1q 11

ip address 192.168.6.1 255.255.255.0

int fa0/1.12

encapsulation dot1q 12

ip address 192.168.7.1 255.255.255.0

So to replace this setup with a 3560. On the 3560 you need the vlans created at layer 2

3560(config)# vlan 10

3560(config-vlan)# name v10

and the same for vlan 11 and 12

then you create the L3 SVI's

int vlan 10

ip address 192.168.5.1 255.255.255.0

no shut

int vlan 11

ip address 192.168.6.1 255.255.255.0

no shut

int vlan 12

ip address 192.168.7.1 255.255.255.0

no shut

then you need another separate network for the router eg. 192.168.10.0/30. The connection between the switch and the router will now be a routed connection not a L2 trunk

on the interface on the 3560 that the router connects to

int gi0/1

no switchport

ip address 192.168.10.1 255.255.255.252

the router interface fa0/1

int fa0/1

ip address 192.168.10.2 255.255.255.252

then if you are not using a dynamic routing protocol ie. just statics. On the 3560

ip route 0.0.0.0 0.0.0.0 192.168.10.2

the vlans because they are directly connected to the 3560 will be able to route between each other. The default-route above is so these vlans can get to the rest of your network.

On the router

ip route 192.168.5.0 255.255.255.0 192.168.10.1

ip route 192.168.6.0 255.255.255.0 192.168.10.1

ip route 192.168.7.0 255.255.255.0 192.168.10.1

these are so the router knows how to get to the vlans on the 3560.

If you don't like the idea of statics you could use EIGRP on the 3560 to exchange routes.

Jon

View solution in original post

12 Replies 12

Jon Marshall
Hall of Fame
Hall of Fame

Quinton

"I think that both the 3560 and 3750 are layer three switches, is that correct ?"

Yes both switches are L3 capable. They support 2 images - the base image as static routing/RIP + EIGRP stub. The ipservices image has full routing support. However often the base is good enough - depends on your topology.

" If they are layer three does that eliminate the need of a router to route between VLANs?

Yes it does and it would be recommended from a performance perspective to do inter-vlan routing on the switches.

"I use a Netflow monitor for my routers. Would I be able to monitor the switches using Netflow?"

No, the 3560 and 3750 do not support Netflow.

"According to the intro video on the Cisco website the 3560 is the stand-alone version of the 3750. Is the main difference between them just the stackwise technology? Is stackwise a VTP replacement?"

Stackwise is merely a method of connecting multiple switches togther with a greater switch backplane. It has nothing to do with VTP. Both switches support VTP server/client/transparent.

"Do the 3560s still use VTP since they don't have stackwise capability?"

Yes - see previous answer.

"How are ACLs implemented on the switches? Are they VLAN based, port based, MAC based"

See this link for configuration on 3560, it covers the type of acl's available to you -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swacl.html

Jon

If I can't use Netflow to monitor is there something else that I can use to monitor bandwidth consumption on the LAN?

You can monitor the VLAN interface (with SNMP not Netflow), but only you'll get bandwidth usage in/out.

PS Sorry Jon, you beat me again.

Collin Clark
VIP Alumni
VIP Alumni

I think that both the 3560 and 3750 are layer three switches, is that correct?

You can purchase a layer 3 license for them or you can use the standard image which is layer 2 only.

If they are layer three does that eliminate the need of a router to route between VLANs?

Yes

I use a Netflow monitor for my routers. Would I be able to monitor the switches using Netflow?

I'm afraid not

According to the intro video on the Cisco website the 3560 is the stand-alone version of the 3750. Is the main difference between them just the stackwise technology? Is stackwise a VTP replacement?

Yes for the stacking. It just amkes the 3750 look like one big device instead of indiviual switches. Stackwise is not a replacement and they actually have nothing to do with one other.

Do the 3560s still use VTP since they don't have stackwise capability?

Yes

How are ACLs implemented on the switches? Are they VLAN based, port based, MAC based?

You can use MAC based or IP access lists, just like on a router!

If I have a flat network (single subnet with no VLANs) could I use an ACL on a specific IP or port and restrict traffic to it?

Yes at the gateway. If you're trying to restrict between two hosts in the same IP subnet, you'll have to use something like 'private vlans'.

Hope that helps.

Would I need to purchase the L3 licensing in order to eliminate the router to do VLAN routing or could I do that with the base image?

The base image will support static routing + RIP. So you can create all your L3 vlan interfaces on the switch and then just add a static default-route pointing to your router. The base image is fine for this.

If the switch is just one of many L3 devices in your network and they all need to exchange routes with each other then you may well want the IPServices imageto support a dynamic routing protocol like full EIGRP/OSPF.

Jon

Thanks for all the help and I'm sorry I'm not quite getting this but I need a bit of a better explanation.

The way I understand VLAN routing (I have never actually done it) is that I have have, say, 3 VLANs all on separate subnets. Then I have to have virtual interfaces created on my router so it can route between them (router on a stick). I don't get what you mean when you state "you can create all your L3 vlan interfaces on the switch and then just add a static default-route pointing to your router." Do I still need a virtual interface on the router for each VLAN subnet?

FYI, I only have one router on my LAN, but it connects to my three remote offices and forms my WAN. Each of the offices have one router that connects it to the WAN and acts as the default gateway for the LAN. I use EIGRP for WAN routing.

Thank again for the help.

Quinton

No need to apologize, i just need to explain it more clearly.

Lets say you have 3 vlans

vlan 10 = 192.168.5.0/24

vlan 11 = 192.168.6.0/24

vlan 12 = 192.168.7.0/24

At the moment you have a router interface fa0/1 connected into your switch. This connection is a trunk link. So you should have something like this on your router

int fa0/1.10

encapsulation dot1q 10

ip address 192.168.5.1 255.255.255.0

int fa0/1.11

encapsulation dot1q 11

ip address 192.168.6.1 255.255.255.0

int fa0/1.12

encapsulation dot1q 12

ip address 192.168.7.1 255.255.255.0

So to replace this setup with a 3560. On the 3560 you need the vlans created at layer 2

3560(config)# vlan 10

3560(config-vlan)# name v10

and the same for vlan 11 and 12

then you create the L3 SVI's

int vlan 10

ip address 192.168.5.1 255.255.255.0

no shut

int vlan 11

ip address 192.168.6.1 255.255.255.0

no shut

int vlan 12

ip address 192.168.7.1 255.255.255.0

no shut

then you need another separate network for the router eg. 192.168.10.0/30. The connection between the switch and the router will now be a routed connection not a L2 trunk

on the interface on the 3560 that the router connects to

int gi0/1

no switchport

ip address 192.168.10.1 255.255.255.252

the router interface fa0/1

int fa0/1

ip address 192.168.10.2 255.255.255.252

then if you are not using a dynamic routing protocol ie. just statics. On the 3560

ip route 0.0.0.0 0.0.0.0 192.168.10.2

the vlans because they are directly connected to the 3560 will be able to route between each other. The default-route above is so these vlans can get to the rest of your network.

On the router

ip route 192.168.5.0 255.255.255.0 192.168.10.1

ip route 192.168.6.0 255.255.255.0 192.168.10.1

ip route 192.168.7.0 255.255.255.0 192.168.10.1

these are so the router knows how to get to the vlans on the 3560.

If you don't like the idea of statics you could use EIGRP on the 3560 to exchange routes.

Jon

More clarification:

"then you create the L3 SVI's"

What does this mean? Do I create this on the 3560 or the router?

I have a need for about 120 ports so I will need multiple switches. If the VLANs span three switches do I need to use VTP? Do I need to have trunk ports connecting the 3560s?

Quinton

L3 SVI = Switched Virtual Interface. These are the switch equivalent of routed interfaces on a router (altho you can also have routed ports on a switch)

int vlan 10 <------- this is the L3 SVI for vlan 10

ip address 192.168.5.1 255.255.255.0

So you create them on the 3560 switch.

Yes you could connect the switches up with L2 trunks. You just need one switch to have the L3 SVI's on it if you only have singly honed clients.

You should use VTP. Either

1) Set up 1 of the 3560's to be VTP and the others to be VTP client. You then create new vlans on the VTP server and these will be sent to the VTP clients

OR

2) Make all switches VTP transparent. Then if you add a new vlan you need to create it on all 3 switches, assuming all 3 switches need that vlan.

Jon

Thank you so much. You have been a huge help.

Joseph W. Doherty
Hall of Fame
Hall of Fame

One point of difference between the 3560 and the 3750 is you can stack the latter. If the multiple switches are physically near each other, this offers some advantages. Jon mentioned the "greater switch backplane" and Collin mentioned "makes the 3750 look like one big device instead of indiviual switches".

If you're moving to gig ports, you might want to be able to move a good bit of that bandwidth between switches. Stackwise is marketed as 32 Gb, so its a nice increase from single gig uplinks without moving to 10 gig uplinks. Also the technology creates dual rings, so even if one member in a stack fails, the rest of the stack continues to work.

As one "virtual" device, a 3750 stack is configured as just a single device. You might not need to extend VLANs via VTP and trunks, worry about STP, worry about virtual gateways, nor route with many other L3 devices. Also, the stack will function with one lost stack member and you can define multiple stack member etherchannels.

Stacking is a very potent feature.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: