I have a question that I hope someone on here can answer or atleast point me in the right direction. I have a cisco 5505 Catalyst Switch and a Cisco 3620 Router. The switch has 4 ws-x5224 24port ethernet cards in it and a supversior 3 card.
I have set up each blade to be a seperate vlans
Blade 3/1-24 vlan 300 Web
Blade 4/1-24 vlan 400 Management
Blade 5/1-24 vlan 500 Backup
These blades are then connecter to individual ports on the 3620 router ie
vlan 300 is connected to ethernet 1/2 ip addr 10.0.3.200
vlan 400 is connected to ethernet 1/3 ip addr 10.0.4.200
vlan 500 is connected to ethernet 1/4 ip addr 10.0.5.200
Now my problem is that the blades on the switch dont support ISL or 802.1Q. There are other blades that do ie fibre blade but I dont have the facility to us fibre on the Router. My most cost effect method is to have 3 of the ethernet ports on the router connected their respective cards on the switch.
So my question is how do I set these valns up on the router to route ? do I need to configure the vlans on the router ? At the moment all I have done is enabled the ports on the router and given them the above addresses. I have given SC0 an ip address and added that port to the management vlan (300) and I can telnet between the switch and the router via IP.
But I can figure out how to ping the other ports on the router across the different vlans. I need to be able to get access to the web vlans for management and I also need to be able to get to the web vlan from the backup vlan to enable for tape backups.
I dont want the web uses to have access to the other 2 vlans though.
Thanks in advance
Your setup should be working...
Try setting your gateways on your machine to the router interface address in each vlan.
In order to restrict access between the vlans, you will need to apply acl's on the interfaces on the router.
If you have each port based LAN on a separate physical Ethernet port on the router, all you should need to do to route between them is enable an IP address on each port that corresponds to the VLAN (which it appears you have done with the 10.0.x.200 addresses) and enable IP routing on the router.
Regarding your question about blocking the web VLAN to the other VLANs, this would be accomplished using an ACL attached to the router's e1/2 interface.
I'm very rusty concerning 5500 series, but I'm assuming you don't have a RSM? If you did, you could route on the 5500.
I recall some 5500s support MLS (multilayer switching) which can be also be performed using an external router. You might want to determine whether this can be done with your hardware.
Thanks for that.
when you say all you should need to do to route between them is enable an IP address on each port that corresponds to the VLAN" you mean on the router right or are you saying I need to allocate ip addresses to the vlans on the switch. I cant find anywhere in the switch where this is possible.
You are correct the switch doesnt have a RSM and as I already have a spare router not doing anything I figured may as well make use of what I have rather then investing in addidional hardware for a device that is too old to do any updates to anyway.
Correct, interface addresses just on the router. As Brett noted, devices on each VLAN should use the router's port address as the gateway address. (Traditionally usually .1)
The router should have a "ip routing" within its config. Assuming you don't have any additional routers, traffic should be forwarded between the VLANs.
The 3620 can only push about 10 to 20 Mbps, continuous. So it could become a bottleneck between the VLANs. If you can activate MLS, the switch will only use the router for the first packet of a flow, others will be switched between the VLANs within the 5500.
again thanks for you speedy reply, from what I understand the multi layer switching requires a Netflow feature card is this not correct?
I have a spare 7200 router but unfortunately it doesnt have any ethernet ports so I cant use that or maybe I can hmmmmm.
I will see what I can find out about the Multi layer switching but I dont think at the moment the 10-20MBS bandwith will be a problem as this is a setup I am doing at home and dont expect there to be alot of traffic to begin with as the traffic requirement increase then I can look at investing money to use newer technology.
Thanks again you are awesome.
Supposely MLS is supported with external routers, 3600 series is mentioned. RSM can do it all internal to the 5500. Other requirements, to support it through.
Using a 5500 at home, eh. Plan to heat the house with it too? ;)
Heat my house LOL well winter is on its way here in Australia so while my electric bill may increase maybe a trade off is that my house will be kept warm. Hey Cisco thinks of everything.
Thanks for all your help I will go home 2nite and see what I can get working. Worse comes to worse I guess I can use my 2900XL I know that supports Vlan routing but I want to do some configs on the 5505 as its been ages since I have done any config work with catOS.
Just on the point of the router doing the MLS from what I understand the router can function as a MLS routing process but the switch still need to have a netflow card to function as a MLS switching process. Thats how I read all the stuff on MLS and 5505 but I always interperet things incorrectly so I wouldn't be suprised if I am wrong yet again.
Guess I look like a dinosaur now.
Thanks again mate.
Catalyst 5500/5000 Series Switch
Catalyst 5000 series switches support MLS in Supervisor Engine III with Netflow Feature Card (NFFC) or NFFC II.
Catalyst 5000 also supports MLS using Route Switch Module (RSM), Route Switch Feature Card (RSFC), or external Cisco 7500, 7200, 4500, 4700, and 3600 series routers. The MSM or MSFC on a Catalyst 6000 switch can also be used as an external RP for Catalyst 5000.