it depends on what you want to achieve: is the core switch providing the inter-vlan routing as well ? If not, you need to configure a trunk between the switch and the router. If the core switch is providing the routing, I guess all you need is a default route from the core switch to the router or firewall, and the interface can be member of any VLAN, as long as that VLAN is routed on the core switch.
yes, it provides the inter vlan routing...but what i mean is, is the vlan connecting the router to the core must be a vlan with SINGLE member interface only ? (i am talking about the best practice, becoz i know also that it could also be a member of any vlan with users or servers and use that as default gateway as you mentioned.)..In p
If the router is doing interVLAN routing, you need to configure the connection between the core switch and the router as a trunk. A trunk interface will carry traffic from all VLANs. So basically, the router's interface will be in all VLANs. You use subinterfaces on the router like this:
Router(config)# interface fastethernet 2.1
Router(config-subif)# encap dot1q 1
Router(config-subif)# ip address 10.1.2.3 255.0.0.0
Router(config)# interface fastethernet 2.2
Router(config-subif)# encap dot1q 2
RRouter(config-subif)# ip address 10.1.2.3 255.0.0.1
its the core switch that is doing the inter vlan routing (not the router)
the only thing questionable on me is the vlan in the core switch where the router ethernet interface is connected. Should that Vlan be consisting only of that port. Because it could just be part of a vlan where servers are or where workstations are...am asking about the best practice in this scenario because both of the above are possible.
As long as you are not using VLAN1 I would say that putting the firewall interface in your core or server VLAN/subnet would be best. VLAN1 is discouraged because switches and other devices send CDP, BPDU and other administrative traffic in this VLAN.Putting the firewall in its own VLAN/subnet is not very scalable as it adds more routes/vlans to your core switches.
All users access servers in a centralized subnet. Basically all servers are in say VLAN 100 with subnet 192.168.1.0/24. Users are in misc VLANS, ie. 101,102,etc, with different subnets, 192.168.2.0/24, 192.168.3.0/24. You would then put all the servers interfaces and network device interfaces in VLAN 100. With your core switch doing Inter-VLAN routing and a static route to the firewall.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...