Announcement

Collapse
No announcement yet.

Vlan Trouble

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vlan Trouble

    I'm having serious trouble trying to figure out how to make one port on one vlan and another port on a different vlan talk to each other. I'm using Cisco 3560 switches...if anyone can help it would be greatly appreciated!

    THX in advance

  • #2
    Re: Vlan Trouble

    Have you had a read of this? http://www.cisco.com/en/US/tech/tk38...8015f17a.shtml
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Vlan Trouble

      You need to have a router for sure, if you are running multiple switches connecting to one router (that is called router on a stick).

      Do not forget to configure sub interfaces on your router (Fa0/0.1, Fa0/0.2)

      You need to name your VLANS, and assign ports members.
      Do not forget to configure VTP (Server.Client,Transparent), with the appropiate trunking protocl, this should be the same on your switches.

      Best regards,
      Mostafa
      Best regards,
      Mostafa Itani

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Vlan Trouble

        Hi Infinite_Reality,

        Have you had any luck making this work? I think that the tips posted by Mostafa and Biggles were very helpful in your issue.

        Let us know how it went or if you need more help on this topic.

        Thanks,
        David
        David Davis - Petri Forums Moderator & Video Training Author
        Train Signal - The Global Leader in IT Video Training
        TrainSignalTraining.com - Free IT Training Products
        Personal Websites: HappyRouter.com & VMwareVideos.com

        Comment


        • #5
          Re: Vlan Trouble

          Hi David,
          Always there ready to help
          A small reputation will not harm

          Best regards,
          Mostafa
          Best regards,
          Mostafa Itani

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Vlan Trouble

            FYI, to anyone interested in learning more about VLAN's, the Petri Knowledgebase now has a new article to help you learn about the important topic of VLAN's.

            Take a look-
            http://www.petri.com/csc_setup_a_vla...sco_switch.htm
            David Davis - Petri Forums Moderator & Video Training Author
            Train Signal - The Global Leader in IT Video Training
            TrainSignalTraining.com - Free IT Training Products
            Personal Websites: HappyRouter.com & VMwareVideos.com

            Comment


            • #7
              Re: Vlan Trouble

              There is no need for the OP to use a router here. Even if he/she was going to, the router isn't going to speak VTP so that's irrelevant (and by the way VTP is generally not your friend anyway).

              The 3560 is a layer 3 switch and will do intervlan routing with a base image. Off the top of my head here's the config to do it.

              Let's assume vlan 2 is 192.168.2.0/24 and vlan 3 is 192.168.3.0/24.

              conf t
              ip routing
              int vlan2
              ip addr 192.168.2.1 255.255.255.0
              int vlan3
              ip addr 192.168.3.1 255.255.255.0
              exit
              copy run start

              Set the PC gateways to 192.168.2.1 or 192.168.3.1 whatever's appropriate and traffic will flow.

              You only need the ip routing command the first time you do this to enable it on the switch.
              Thanks,
              Brian Desmond
              Microsoft MVP - Directory Services
              www.briandesmond.com

              Comment


              • #8
                Re: Vlan Trouble

                Indeed. From Cisco.com:

                "The Cisco Catalyst 3560 is available with either the standard multilayer software image (SMI) or the enhanced multilayer software image (EMI). The SMI feature set includes advanced QoS, rate-limiting, ACLs, and basic routing functionality. The EMI provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR)."

                regards

                theterranaut

                Comment


                • #9
                  Re: Vlan Trouble

                  This is a great thread. I am going to attempt to put all of my workstations on .2 subnet while all of my network devices/server are on .1 Right now I have all of the switches configured to have 4 Vlans.

                  .1 is the main one
                  .2 is built but not being used
                  .3 is another building
                  .5 is my voice vlan

                  All of the switches are 3560's and I used VTP. They all end up going into a 3750 which is my "hub". I did not configure the 3750. I just did the sh ip route and got this:

                  Gateway of last resort is 192.168.1.1 to network 0.0.0.0

                  S 192.168.10.0/24 [1/0] via 192.168.5.4
                  S 192.168.4.0/24 [1/0] via 192.168.1.4
                  C 192.168.5.0/24 is directly connected, Vlan5
                  S 192.168.50.0/24 [1/0] via 192.168.1.1
                  C 192.168.1.0/24 is directly connected, Vlan1
                  C 192.168.3.0/24 is directly connected, Vlan2
                  S* 0.0.0.0/0 [1/0] via 192.168.1.1

                  FIRST QUESTION:
                  As you can see, they have Vlan2 as the .3 subnet. I am guessing that the 3750 and 3650s do not discuss which vlan is which as long as they have a port?

                  Is it as easy as renaming the vlan on the 3750 to vlan 3?

                  Ip routing
                  int vlan 3
                  ip addr 192.168.3.0/24

                  Will this bring down the connection to the other building?
                  Thank you,

                  Marc

                  Comment


                  • #10
                    Re: Vlan Trouble

                    Hi Marc,
                    without a detailed look at your topology- yes, it probably will break things!

                    I'd create another, separate VLAN on your core switch (VTP Master)
                    and have this as your 'new' VLAN. You've just got to choose another set of private addresses.
                    Best not to muck about with the current arrangement until the full ramifications are known (if it aint broke...), and this way, you get to do testing beforehand. Always a bonus.

                    Bear in mind that dividing up your network into a 'separate vlan per identity'
                    topology might not be the most efficient way to do things. These switches will
                    have to ROUTE every packet that originates on a server but is destined for a workstation instead of SWITCHING them. So, have a think about placement before you rush in. File servers, for example, might take an adverse hit on performance.

                    If you do it, you'll also have to set up DHCP forwarding- which I *think* 3560's can do, but will check.

                    regards

                    theterranaut

                    Comment


                    • #11
                      Re: Vlan Trouble

                      So I guess this bears a very basic question. Since this network (inherited) is outgrowing 254 ip addresses, how should I segment it? The other building being on another subnet was not my idea. It does have some problems with some apps timing out and could not figure out why since there is a Gig fiber connection between the two buildings.

                      How do I get more IP addr's without routing between subnets?

                      Apologize for the newbie fundamental questions.
                      Thank you,

                      Marc

                      Comment


                      • #12
                        Re: Vlan Trouble

                        Hi Marc,

                        easiest way, in that case, would just be to go for a 16-bit subnet for your whol internal network.
                        This would (obviously) involve readressing. So, you could choose, just for example:

                        172.16.0.0/16- thats a mask of 255.255.0.0, which would give you just shy of 65,000 possible addresses. (Bone up on RFC1918 addressess if you are not sure about this.)

                        As for apps timing out- could be your topology, but its difficult to say for sure. This is really becoming a design question.

                        HTH

                        theterranaut

                        Comment


                        • #13
                          Re: Vlan Trouble

                          Originally posted by theterranaut View Post
                          If you do it, you'll also have to set up DHCP forwarding- which I *think* 3560's can do, but will check.
                          Yes. Drop into the interface either the SVI or a layer 3 port (e.g. int vlan2 or int fa0/1) and do ip helper-address 1.2.3.4 where 1.2.3.4 is your DHCP server.
                          Thanks,
                          Brian Desmond
                          Microsoft MVP - Directory Services
                          www.briandesmond.com

                          Comment


                          • #14
                            Re: Vlan Trouble

                            Marc-

                            Segmenting the two buildings into different subnets is a good idea and the last thing you want is to end up with an old style campus network with vlans all over kingdom come. It's really a mess and it's hard to fix down the road.

                            It sounds like you have some issues with your network as to how it's wired together. Have you taken a look at error counters on interfaces (e.g. your building links, etc)? Spanning tree issues? Unexpected latency? I know nothing about your network but those are some easy ones to start with

                            Next, don't go for a /16 whether it gives you enough space or not. You don't need it and now you've chewed up a whole bunch of address space that isn't worth wasting. Move up to a /23 or a /22 whichever is appropriate, but do it right. Hierarchically build the subnet structure between the two buildings - Management network, server network, client networks, wireless, voip, etc. Use the same structure in each building and any new ones.

                            Also on one of these switches there is no difference between routing and switching after the first packet - it's all done in hardware - theterranaut is worng about this. The only time this will break is if you configure things such that every packet is punted to the CPU (which takes some work) or you do something like overload the route table (it has space for I believe ~8K routes on one of these switches though).

                            I'm not sure what you mean by renaming the vlan, but I suspect you will break things.

                            If you want, post the output of show run and show cdp neighbors from each device here and I can look. Please make sure you delete the strings (passwords) and anything else that links them to whereever you work.
                            Thanks,
                            Brian Desmond
                            Microsoft MVP - Directory Services
                            www.briandesmond.com

                            Comment


                            • #15
                              Re: Vlan Trouble

                              Thanks for correcting me Brian. I had assumed that these things were 'budget' devices, but it sounds like they are quite hefty, yes? The price tag makes me suspicious! However, Cisco say:

                              • 32 Gbps forwarding bandwidth

                              • Forwarding rate based on 64-byte packets: 38.7 Mpps (Cisco Catalyst 3560G-48TS and Catalyst 3560G-48PS, and Cisco Catalyst 3560G-24TS and Catalyst 3560G-24PS); 13.1 Mpps (Cisco Catalyst 3560-48TS and Catalyst 3560-48PS); and 6.5 Mpps (Cisco Catalyst 3560-24TS and Catalyst 3560-24PS)

                              • 128 MB DRAM

                              • 32 MB Flash memory (Cisco Catalyst 3560G-24TS, Catalyst 3560G-24PS, Cisco Catalyst 3560G-48TS, Catalyst 3560G-48PS, Catalyst 3560-24TS, and Catalyst 3560-48TS); and 16-MB Flash memory (Cisco Catalyst 3560-48PS and Catalyst 3560-24PS)

                              • Configurable up to 12,000 MAC addresses

                              • Configurable up to 11,000 unicast routes

                              • Configurable up to 1000 IGMP groups and multicast routes

                              • Configurable maximum transmission unit (MTU) of up to 9000 bytes, with a maximum Ethernet frame size of 9018 bytes (Jumbo frames), for bridging on Gigabit Ethernet ports, and up to 1546 bytes for bridging of Multiprotocol Label Switching (MPLS) tagged frames on 10/100 ports


                              So, even the basic model can do over 6Mpps- not too shabby! As you say, its per-packet for the routing, so there shouldn't be an enormous hit. I can see the need for these units from Cisco's standpoint, I've just been configuring some chassis-based 3Com units (7000 series) which offer a fairly incredible backplane, advanced routing, every feature under the sun- and at approximately 1/3rd to half the price of the equivalent Cisco unit. I'll have 2!

                              re: non-16 bit nets. You're right, they can get messy in the wrong hands, and constraining broadcast domains is never a bad idea. I stand corrected on this, and should have suggested a slightly larger mask for our friends needs instead of choosing the next biggest 'private' network for his needs.
                              As I said "this is becoming a design issue'!!
                              However- I still maintain that our friend needs to look carefully at placement and grouping, and not count overly on switching speed to get him out of it!

                              regards

                              theterranaut

                              BTW: good having you around here!
                              Last edited by theterranaut; 31st December 2006, 12:52. Reason: More info-

                              Comment

                              Working...
                              X