I have a facility that is currently running a single class C network with a mix of hubs and switches. We are upgrading their infrastructure to be completely switched and implementing VLANS at the same time. I am planning to use a 3560 as the core switched attached to the router and have all the remote switches connected to it. The 3560 will support all my VLAN configuration stuff. I will have a VLAN for the user population, a management VLAN and a VLAN for some of the production machines. I am planning on keeping their existing class C for the user population to avoid have readdressing issues and split up a new address space for the rest.
My question concerns the link between the router and the switch. I am thinking a simple point to point network between the two and then use eigrp between them for routing. I am thinking that I can carve up the new space and have a portion for several point to points and then a portion for my management VLAN and finally a portion for the production machines.
I am used to everything havving its one Class C space just for simplicity but would hate to start that model since what I do here I want to apply to 30 other facilities. I figure this was each facility with be contained within two to four Class C and make the over all management and routing simplier.
Do you have a specific goal in mind by establishing separate VLANs? If not, it would not appear to harm anything by sticking with a single Class C space (/25 or /26 mask if you don't need it all) and not readdress at all. I would recommend moving to DHCP though. Painful at first but will simplify things (e.g., change management) a lot in the long term.
A single subnet wouldn't even need a dynamic routing protocol between the switch and router - just a static route. In fact - you don't even need to use the switch's routing image. Just let it act as a L2 switch only and set up your routing (again with only a static route - assuming you have only one WAN interface) on the router.
I'm a fan of simplicity - only add/turn on functions where you have a business need or can articulate added value. Especially if you have to do it over and over ("30 other facilities"). Make it so any tech can walk in and grasp what the setup is and how to troubleshoot it.
The end goal is to seperate the newly planned production environment as well as their planned wireless environment from everything else. The production presses, monitors , etc. are extremely chatty as well as the concern from a security standpoint. With VLANs I can give them something they do not have today without going the complete independent network route.
They are currently running DHCP in the router to support the existing network.
OK, no problem on the separate VLANs. You could still route between them in the router (configure router-switch as a 802.1q trunk). If you don't then you could still run the router-switch link using a default static route, even possibly over an ip-unnumbered link.
If you are separating due to security what is now all together, you need to introduce some ACLs or such on whatever your decide to route with between the VLANs. Characterize the traffic as best you can ahead of time then implement for testing in a parallel environment if possible.
hhmm ... I did not think about ip-unnumbered. I was thinking about simply taking a few /30 from the new address space and use for any needed point to points. The only concern I have with a simple static route is gettig the VLANs advertized out to the rest of the WAN as needed. I run BGP between my routers and the provider's so need to make sure I get the necessary address space redistributed into that. I am thinking that if I run a routing protocol, any new VLAN would be automatically added.
I am planning on keeping the existing address space in tact and either migrating specific devices from that to new space or place new devices directly in the new space.
bberry- Regarding using a /30 for the point to point links, yes that's a perfectly viable option. You are also correct with respect to a dynamic routing protocol ensuring the advertisement of new subnets more seamlessly. If the subnets are contiguous, you can/should summarize them to the outside world as their respective /24 or /25 whichever the case may be.
ccovell - Regarding use of ISL, I would counsel against it. While it will work (assuming the platforms support it), it is becoming obsolete. I'm not aware of any advantages of ISL over 802.1q and newer platforms do not support it at all in their code base.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.