Re: INTER-VLAN ROUTING - SLB-HSRP

sijune789 · ‎08-01-2006

Hello to all cisco ppl. This is my first "post" so plz be gentle.

I have 2 WS-C6503-E with ios v12.2(18).

I have allready setup etherchannel and i post here the configurations of the switches to tell me if they r correct,make suggestions and other.

My target is high availability,bandwith,security.

Ok let's go

Switch 1

ip-routing

ip slb Serverfarm www

predictor leastconns

real 201.xxx.xxx.2

inservice

real 201.xxx.xxx.3

inservice

ip slb Serverfarm dns

predictor leastcons

real 200.xxx.xxx.19

inservice

real 200.xxx.xxx.20

inservice

real 200.xxx.xxx.21

inservice

real 200.xxx.xxx.22

inservice

ip slb Serverfarm mail

predictor leastconns

real 201.xxx.xxx.33

inservice

real 201.xxx.xxx.34

inservice

ip slb vserver virtual_www

virtual 200.xxx.xxx.4 tcp 0

serverfarm www

no advertise

inservce standby w_vlan

ip slb vserver virtual_dns

virtual 200.xxx.xxx.23

serverfarm dns

no advertise

inservice standby d_vlan

ip slb vserver virtual_mail

virtual 200.xxx.xxx.35

serverfarm dns

no advertise

inservice standby m_vlan

interface gigabitethernet range 2/18

switchport

switchport mode access

switchport access vlan 12

no ip address

speed 1000

duplex full

spanning-tree portfast

interface range gigabitethernet 2/20-21

switchport

switchport mode access

switchport access vlan 13

no ip address

speed 1000

duplex full

spanning-tree portfast

interface gigabitethernet range 2/16

switchport

switchport mode access

switchport access vlan 14

no ip address

speed 1000

duplex full

spanning-tree portfast

interface vlan 12

ip address 200.xxx.xxx.10 255.255.255.240

ip route-cache flow

standby 12 ip 200.xxx.xxx.11

standby 12 priority 150

standby 12 preempt

standby 12 name w_vlan

interface vlan 13

ip address 200.xxx.xxx.26 255.255.255.240

ip route-cache flow

standby 13 ip 200.xxx.xxx.27

standby 13 priority 150

standby 13 preempt

standby 13 name d_vlan

interface vlan 14

ip address 200.xxx.xxx.38 255.255.255.240

ip route-cache flow

standby 13 ip 200.xxx.xxx.35

standby 13 priority 150

standby 13 preempt

standby 13 name m_vlan

Switch 2

The slb conf is the same.

interface gigabitethernet range 2/19

switchport

switchport mode access

switchport access vlan 12

no ip address

speed 1000

duplex full

spanning-tree portfast

interface range gigabitethernet 2/22-23

switchport

switchport mode access

switchport access vlan 13

no ip address

speed 1000

duplex full

spanning-tree portfast

interface gigabitethernet range 2/17

switchport

switchport mode access

switchport access vlan 14

no ip address

speed 1000

duplex full

spanning-tree portfast

interface vlan 12

ip address 200.xxx.xxx.12 255.255.255.240

ip route-cache flow

standby 12 ip 200.xxx.xxx.11

standby 12 priority 150

standby 12 preempt

standby 12 name w_vlan

interface vlan 13

ip address 200.xxx.xxx.28 255.255.255.240

ip route-cache flow

standby 13 ip 200.xxx.xxx.27

standby 13 priority 150

standby 13 preempt

standby 13 name d_vlan

interface vlan 14

ip address 200.xxx.xxx.39 255.255.255.240

ip route-cache flow

standby 13 ip 200.xxx.xxx.35

standby 13 priority 150

standby 13 preempt

standby 13 name m_vlan

Okei. Will inter-vlan routing work or do i need to add :

router eigrp

network 200.xxx.xxx.xxx

Thanx from advance.

farkascsgy · ‎08-01-2006

InterVlan should be work since your VLAN interfaces are connected L3 interfaces on your multilayer switch.

If you don't need advertise your VLANs you don't need EIGRP, anyway if you want to access to VLANs from other subnets, which is not directly connected to this swicth you need EIGRP (or other dynamic routing protocol)

bye

FCS

Please rate me if I helped.

devang_etcom · ‎08-01-2006

just issue command "ip routing" on switch2, in HSRP configuration you have confiuger the all vlan interface with the same Priority so just change the priority of one siwthc or you can have load balncinging also ...all other configuration looks okay...

rate this post if it helps

regards

Devang

sijune789 · ‎08-01-2006

Yes i must change the priorities in the second switch.

Do i need to issue ip routing command on the second switch too ?

I also use spanning-tree and mls.

1)Since the ip's r public i don't need to advertise them, is this correct ?

2)The ip's on the virtual servers could be anything i like e.g 192.168.1.x ?

farkascsgy · ‎08-01-2006

Yes, you need enable routing (ip routing) on your second switch also. Anyway no traffic will traverse between VLANs.

bye

FCS

Please rate me if I helped.

sijune789 · ‎08-01-2006

U mean i will cannot ping servers from vlan 12 to vlan 13 ?

devang_etcom · ‎08-01-2006

hi...

yes first of all change your priority for HSRP so one will become active and other standby...

yes "ip routing" enable the routing on multilayer switches...

about public IPs its depends... but yes you have to advertise in your local topology so each and every host can reachble to each other...

and as per SLB concern you need to assing IP addresses to the actul server and virtual IP reperesneting the all the actul server... client send the requrest to Virtual IP address ... and that request heandle by the SLB switch and send the request to the appropriate server on the basis of your SLB configuration...SLB is some wht like NAT and PAT... so you have to be carefull during the assignment of your Virtual IP address and make sure you have advertise your Virtual IP address so any client from internal network as well as form other network can reach to the server...

hope this will helps you

rate this post if it helps

regards

Devang

sijune789 · ‎08-01-2006

Okay, on switch 2

interface vlan 12

ip address 200.xxx.xxx.12 255.255.255.240

ip route-cache flow

standby 12 ip 200.xxx.xxx.11

standby 12 priority 200

standby 12 preempt

standby 12 name w_vlan

interface vlan 13

ip address 200.xxx.xxx.28 255.255.255.240

ip route-cache flow

standby 13 ip 200.xxx.xxx.27

standby 13 priority 200

standby 13 preempt

standby 13 name d_vlan

interface vlan 14

ip address 200.xxx.xxx.39 255.255.255.240

ip route-cache flow

standby 14 ip 200.xxx.xxx.35

standby 14 priority 200

standby 14 preempt

standby 14 name m_vlan

Ι will also delete the no advertise command so hosts from different vlans can ping each other.

devang_etcom · ‎08-01-2006

yes now its look okay... actully if you configure the different vlan interface and not enable "ip routing" then no vlan can communicate as ip routing enable the layer-3 routing on switches... so after fireing this ip routing command you can make communication between two different vlan...

hope this helps you

remember to rate all the posts..

regards

Devang

sijune789 · ‎08-01-2006

What default gw the servers in the vlans must have ?

devang_etcom · ‎08-01-2006

you can configure server with the default gateway as the virtual interface IP address...

regards

Devang

rate this post if it helps

mahmoodmkl · ‎08-01-2006

Hi

Just to point out arent the Vlan interfaces on the same subnet.vlan should have differnet subnets i assume.

Thanks

Mahmood

sijune789 · ‎08-02-2006

well i choose 200.xxx.xxx.0/240 for vlan 12,13,14. What is wrong of that ?

Also if i have mls commands like

mls flow ip full

mls qos

mls verify ip length mimimum

mls verify ip length maximim

is it necessary to issue ip routing command to have inter vlan communication ?

devang_etcom · ‎08-02-2006

yes... what ever IP address you use in your VLAN you need to enable routing inorder to make you intervlan routing working properly...

so please enter command...

"ip routing"

regards

Devang