Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

A very odd VLAN question -please help

Hi,

We have two subnets 10.1.1.0 and 10.1.2.0 and these subnets are phisically separated. we also have two VLANS, VLAN 2 and 3, please think of the VLAN 2 as the default VLAN 1. strenge, it has been like this when I took over. there is no trunking between these two VLANS. 10.1.1.0 is the main network and all the servers and users arfe on it and 10.1.2.0 is a Dev environment and some development severs are on it.

I have given an IP address from the maon subnet i.e. 10.1.1.0 to a switch which is used for Dev environment on its SC0 and have assigned it to VLAN 2 but the rest of the 10.1.2.0, i.e. the Dev environment is on VLAN 3. from the main network I cannot ping that IP address (naturally) and I don't know how to build on what we currently have without making major changes and build over time as transparant as possible.

I am sorry for this very long expalanation.

I guess I need to know if I can make trunking between these two VLANs, i.e. VLAN 2 (main 10.1.1.0) and VLAN 3 (Dev environment 10.1.2.0) with out needing a router? of if I need a router, how? so that I can build upon it over time.

well, I have given an IP address from main subnet from VLAN 2 to a swotch which is for VLAN 3 or Dev environment!!! I really didn't know how to do this in order to make it as trasnparant possible to others since I am not in charge of the AD and the servers.

Please forgive me for my somehow vague explanation and I hope I could have made a question.

Thanks,

Masood

28 REPLIES
New Member

Re: A very odd VLAN question -please help

As noted by you, you need to have a router for routing between both the VLANS. You will be connecting both the switches to the router on a trunk port, put the sub interfaces in the corresponding VLANs i.e. 2 and 3. So all the communication between VLAN 2 and 3 will pass through the router.

HTH

New Member

Re: A very odd VLAN question -please help

Basically you need layer 3 to do routing. Either Router or Layer 3 switch can do the job.

Please rate if this helps.

New Member

Re: A very odd VLAN question -please help

Thanks for getingback to me.

right now, both subnet have their own gateway, i.e. our router, s sinfle one have two FA Interfaces and each host a gateway IP address for each subnet.

In this case I need to add another router, correect?

is ther any other way, such as cxonfiguring botn VLAn on each swuitch and give the vlan its own gate way address?

would that work?

Thx,

Masood

New Member

Re: A very odd VLAN question -please help

Thanks for getingback to me.

right now, both subnet have their own gateway, i.e. our router, s sinfle one have two FA Interfaces and each host a gateway IP address for each subnet.

In this case I need to add another router, correect?

is ther any other way, such as cxonfiguring botn VLAn on each swuitch and give the vlan its own gate way address?

would that work?

Thx,

Masood

Re: A very odd VLAN question -please help

Hello Masood,

Returning on the initial question:

Trunks are used to connect 2 switches and pass traffic for more than 1 vlan. But it doesnt mean you can pass traffic from 1 vlan to the other.

As stated before , you'd need a router to do this.

But, from your last post I can see that you do have a router connecting these 2 vlans.

So, I dont see why it shouldnt be working.

could you give us more details on the configuration of this router?

Vlad

New Member

Re: A very odd VLAN question -please help

Thanks,

This router connects our Mclean office to our Richmond office using a pint to point T1 and i beleive is the best condidate for routing anoungst these two vlans since 10.1.1.0 and 10.1.4.1 subnets (VLAN 2) are on Fa0/1 and 10.1.2.0 subnet (vlan 30) ON THE fa0/0 BY ITSELF.

SO, I need help I guess on how to configure this router for vlan routing porposes but since its a production router, i must be carefull or i can use a totally new Cisco 2621 router that I have at my disposal.

also, on both my switches i have vlan 2 and vlan 3 configured, so i can use a posrt as a trunking port, i guess so they talk to each other, correct?

Please advise.

Thx,

Masood

Re: A very odd VLAN question -please help

HI

the thing u can do is on u r switch connect the respective ports from the vlan according to u r router ports.for e.g

on the switch

f0/10 ----it should be in vlan 2

f0/11 ----it shuold be in vlan 3

from the above ports connect f0/10 in fa0/1 on router and f0/11 to fa0/0 on router.

ensure the IP routing in enabled on the router.this is one scenario.

if u r using a single port on u r router then u can go for sub-interfaces.ensure that u have a trunk link from u r switch to the router.

router(config)#interfaces f0/0

router(config-if)#no ip address

router(config-if)# int f0/0.1

router(config-subif)#ip address x.y.z.1 subnetmask

router(config-subif)#encapsulation dot1q

u have to create sub-interfaces for each vlan.

Thanks

Mahmood

New Member

Re: A very odd VLAN question -please help

Hi,

Your 1st scenario should be working for us but one question?

You wrote:

on the switch

f0/10 ----it should be in vlan 2

f0/11 ----it shuold be in vlan 3

from the above ports connect f0/10 in fa0/1 on router and f0/11 to fa0/0 on router.

ensure the IP routing in enabled on the router.this is one scenario.

OK, if I do as the above then what should the rest of the ports be part of, i mean part of what VLAN?, can be mixed, basd on need? would these two VLAn talk to eachother?

I have three core switches, 1 CAT 4510R, and two CAt 4006 (one 4006 on each floor). the 4500 and a CAt 4006 are on the same floor. I also have many 3550 series and 2948s, do i need to have this done on all the switches or onnly the core?

many questions, I am sorry. I just want to immplement these vlans correctly and expand them as we go since I am not geting any cooperation from the AD guys (server guys). being safe is an issue. so how can I start small and then build upon it slowly?

thanks in advance.

Masood

Re: A very odd VLAN question -please help

Hello,

If you could use the switches you have, which are Multi-layer switches, it would be a simple job.

VLAN2---SW-ACCESS fa0/0---trunk----fa0/0 Distribution SW fa0/1 ------trunk----fa0/0-SW-ACCESS---VLAN3

then configure DISTRIBUTUION switch

ip routing

int fa0/0

switchport encap dot1q

switchport mode trunk

int fa0/1

switchport encap dot1q

switchport mode trunk

interface vlan 2

description gateway-to-vlan2

ip address 10.10.1.1 255.255.255.0

no shut

interface vlan 3

description gateway-to-vlan2

ip address 10.1.2.1 255.255.255.0

no shut

on the other switches (ACCESS SWITCH LAYER2 ONLY) remember to set the trunks too.

int fa0/0

description connection-to-Dist-switch

switchport encap dot1q

switchport mode trunk

quite simple, now you have vlan 2 and talking and you dont even need to configure routing !

you can have vlan 2 and 3 both on the same Access switch if you want and Still you'll be able to pass traffic between these 2.

Its hard to give you correct configs, if you dont give us the topology of your network,

but I guess this will help you.

vlad

New Member

Re: A very odd VLAN question -please help

This will certainly help. I do have mulyilayr switches and can try your solution. one thing though:

i don't understand your first line:

VLAN2---SW-ACCESS fa0/0---trunk----fa0/0 Distribution SW fa0/1 ------trunk----fa0/0-SW-ACCESS---VLAN3

what this means and on which switch this must go?

can my 4500 switch be used as the distribution switch? and if yes, do I need to configure other switches too?

I will send you my switch cloud from the LMS Campus Mnage topology services and that will tell you what and how many switches we have.

Thanks for your attention.

Masood

Re: A very odd VLAN question -please help

I'll be glad to help..

vladrac@mail2007.com

Vlad

Re: A very odd VLAN question -please help

Hello Masood,

I still dont understand this set up.

You state you have 2 subnets in F0/1 (so, I guess you already have fa0/1.1 and fa0/1.2 (or something like this) and you already have trunking setup in this sub-interfaces? and you say you have 10.1.2.0 on fa0/0.

If this was the case, I still dont see why the router wouldnt be doing its job?

Could you give us a sample of these routers configuration (just partial configs will suffice)?

Vlad

New Member

Re: A very odd VLAN question -please help

Hi,

sorry for the confusion.

I have a router that connects us to our remote office via a T1 line, think as it as as exoension to our main office. we use the FA0/1 interface of this router for our two main subnets, i.e. 10.1.1.0 and 10.1.4.0 with the interface IP addresses: 10.1.1.251 primary gateway address and 10.1.4.251 secondary gateway address.

on the same router, we have subnet 10.1.2.0 connected to FA0/0 with gateway ip address or interface ip address of 10.1.2.251 used for our Dev environment. our main and dev environment are physically separated and not talking. this is how who ever has designed it years ago and he or they have created VLAN 2 for main environment and VALAn 3 for the Dev environment with no Trunking at all.

when i took over this position, i saw this situation as being laghable and now have decided to build upon it and make the VLANs as they should be and create some other valns too but our Server or AD guys as opposing to this as they don't feel VLAn is needed. they are wrong as they don't see things the way i see and I see a big flat network which will be problem in not too far a future unless we start building real vlans with traunking, say putting all the servers on VLAN 2, users on VLAN 3, DEV environment on VLAn 4 and etc. but I want to do this slowly and want the these two currnt vlans working correcty using the router we have and explained above and slowly build upon it.

I hope I could explain the situation clearly..

Please advise as I can use all the help I can get being the only Network engineer and having AD guys opposing the Idea!

Thx,

Masood

Re: A very odd VLAN question -please help

Hello Masood,

My advice to you is to use the layer3 devices to do the job for you.

You can have many vlans and route between them with problem.

But again, this is what I see for you scenario.

router#

int fa0/0

ip address 10.1.2.251 255.255.255.0

int fa0/1

ip address 10.1.1.251 255.255.255.0

ip address 10.1.4.251 255.255.255.0 secondary

So, if you have traffic from these subnets already ending in this router, why cant it route between the 2 vlans?

you said they created the 2 vlans? where ? on a layer 2 device only?

if its not much trouble, could you please attach the configs on this router and the switches with the 2 vlans?

I'd be glad to try to present you with the solution for this problem.

Vlad

New Member

Re: A very odd VLAN question -please help

HI, here are the files. please let know what you think. or need more info or have any questions on these confiogurations.

Thx,

Masood

New Member

Re: A very odd VLAN question -please help

I had to reply twice sice only 3 files can be attached with each repley.

I have also attached a Viso diagram, it may help.

I beleive the Gw-Nettelco router is the one for routing between VLANS, your thoughts??????

Thx,

Masood

Thx,

Masood

Re: A very odd VLAN question -please help

Hello Masood,

could you please repost the topology diagram as a JPG.

My visio is quite old.

Vlad

New Member

Re: A very odd VLAN question -please help

here it is in a JPEG format. sorry man.

pls let me know if you have any questions.

Thx,

Masood

New Member

Re: A very odd VLAN question -please help

HI,

one more file for my second core switch supporting servers and users on a separate floor. this is a CAT 4006, 5 blades on VLAN 2. this swicth is connected via GBIC - fiber to the one in teh floor above it i.e. to CAT 4510R Cisco IOS core swicth. the second CAT 4006, 3 blades is also connected via GBIC interface and fiber to the CAT 4510R Cisco IOS on the VLAN 2.

the only switches on VLAN 3 for DEV environment are:

a CAT 3512 and a CAT 2948 fixed CATOS connected via gigi Interfaces using fiber. one at each floor.

the two CAT 4006 are also at two different floors but one with 3 blades is connected to the CAT 4510R using GBIC and fiber at the same floor and rack. all my main servers are on VLAN 2 connected to CAT 4510R plus users between the cat 4006 and the CAt 4510R.

on VLAN 3 are mostly servers connected to those two switches explained above.

Thx,

Masood

Re: A very odd VLAN question -please help

Hello Masood,

sorry for the delay I had lots of work in the office this week.

I'll be sending you the response shortly.

Vlad

Re: A very odd VLAN question -please help

Hello Massod,

I'm sending you a diagram with some switches and routers, which I think will clarify things for you.

You'll see routers, switches (layer2) and multi-layer switches.

You'll see different vlans distributed on the devices and routing between these vlans (done by both routers and multi-layer switches (mls)).

trunks will be used to carry more than 1 vlan between the switches

and "no switchport" will be used on the multi-layer switches to be used as routers ports.

I hope that with these configs, you'll be able to check different possibilities for the design you need.

Let me know.

Vlad

New Member

Re: A very odd VLAN question -please help

Hi Vlad,

Thanks for the files and I am sorry for not being able to check. I didn't get an email notification when you posted the stuff.

I will look at them and will let you know what I think.

Thanks man.

Masood

New Member

Re: A very odd VLAN question -please help

Hi Vlad,

I am looking at your diagram and see no connections between the CAT 3550s you have listed in the center of the dig connected to other, i beleive CAT 3550s or 3560s and the connection is shown in Green.

no connection between these switches and the rst of the network. Also, how VLAN 4 is connected to VLAN 2 and I don't see where VLAN 3 fits?

Also, I don't see any routers? are U using the L3 capabiities of the switches for routing between VLANs?

where is the edge of the network comparing your diag with that of mine?

Thanks,

Masood

Re: A very odd VLAN question -please help

Hello Masood,

I didnt check the jpg file create by visio, its really ugly , I'll send you a visio diag as soon as I get my machine back.

Let me try to respond your questions:

connection between the 2 catalyst is a trunk (in this case I used 2 links- etherchannel), this link will carry all vlans , 2,3,4,5.

the connection to the rest of the network from the cat3550 is done either by trunk (carrying more than 1 vlan), switchport (single vlan), or a router port( no switchport - configured with an IP)

vlan 2, 3, 4, 5 are "connected" through routing, the 3550 is doing the routing fuctions (commands: no ip routing , router eigrp,etc).

you can spread the vlans all around, 1 or more vlans going down any link, also you can connect routers directly to the 3550 as if it was another router.

I gave you a crazy sample of different possibilities to show you the use of the MLS 3550, so there's no hierarchy.

You can connect your edge router in any place in any vlan and still route using the 3550 or other router that connects to the 3550.

check the configurations I've sent, you'll see that the l3 switches will do the routing you need.

if you still need help, please send me a note directly. vladrac@mail2007.com

Vlad

New Member

Re: A very odd VLAN question -please help

Hi, This is Masood, did you get the Viso Diag completed?

Please send me that diag if you have it as I am sure it will help me understand what is going on so that I can make a test model before immplemeting on my network.

Thx,

Nasood

Re: A very odd VLAN question -please help

I think the solution for your problems will be better understood with the following link.

the best resource is always www.cisco.com

Configuring Layer 3 Interfaces:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800ddb2a.html#1029667

Let me know,

btw, if these post were in any help, I'd appreciate if you rated it.

Vlad

New Member

Re: A very odd VLAN question -please help

Hi Masood,

Trunking is the process of carrying multiple VLANS on a switch to switch link. My interpretation of your query is you need to 'route' traffic between to separate VLANS. In order to do this you need either a router or a layer 3 switch (essentially a router) and you need to declare this device probably as a default router in your environment. Some Catalyst switches can act as layer 3 switches. To determine if your switch is capable of acting as a layer 3 device try entering the global config command 'ip routing'.

New Member

Re: A very odd VLAN question -please help

Hi and thanks for responding. Almost all my switches are L2/L3 Cisco CAT switches with two 3560 at the edge with knowledge of public network located between my two border routers and my Firewalls. My main switch is a Cisco CAT 4510 R with is a layer 2 and 3 switch with Cisco IOS and a few 3550s and 3512s around. I also have two CAT 4006s with CAT OS but these aren't my current concern as I know that I need to either use one of these swithes or a router to route between my VLANs. I do have a Cisco Router, a 2621 as my main router with its fa 0/1 is used for my two mian subnets (servers, devices, and users are on these two subnets 10.1.1.0 and 10.1.4.0) and the DHCP server is givng out IPs out of these two private subnets. the other interface on this router fa0/0 is used for 10.1.2.0 which is totally isolated subnets with a bounch of servers on it called Dev Environment. The AD guys want it this way.

Ok, now, when I take over this network I realized that those people who were looking after this network had created two VLANs, VLAN 2 (acting as the default VLAN 1 actually and used for managemnt of devices too) and VLAN 3 (VLAN 3 is for 10.1.2.0, i.e. the DEv Evironment, so bacically all of my devices, servers and users are on VLAN 2!!! and no trunking.....

I have provided a Diag of my network topology.

what I need to do is to find the best way to create a few more VLANs on my main network (10.1.1.0 and 10.1.4.0) and put all the servers on one VLAN; say VLAN 2 and few other segments and ten start to route between them by trunking. My problem is that the AD guys do not want to get involve and do not want (one of them my boss) to do IP renumbering so i need to do this at the L2 (by MAC addrss may be) and then use the router or (I can upgrade my main router to provide more interfaces with more mem and processing power) and use t to route between VLANs. this router is also used to connect us to a remote office where we have our Web Servers hosted via a T1 point-to-point as we are an online business so I need to be very carefull with this mission and have all the server and web Servers at this locations and my remote locations (10.5.1.0) on a same VLAN and then user on different VLANs by segmenting departments.

Now, you see my delema and the challange that I am facing. how this can be done slowly and gradually. first adding one more VLAN put all the servers on it (also, back interfaces and clustering of servers in mind) and users on another, then, start trunking and see how it works. if all goes well then I can start creating more VLANs and that would be the easy part and point them to the trunk Interface / Link.

Your thoughts will be greataly apreciated.

Thx,

Masood

170
Views
0
Helpful
28
Replies
CreatePlease to create content