No announcement yet.

Inter VLAN configuration Using Layer 3 switch with two 2960 Cisco switches

  • Filter
  • Time
  • Show
Clear All
new posts

  • Inter VLAN configuration Using Layer 3 switch with two 2960 Cisco switches

    Hello Everyone. This is my first post.I am currently working in private company and asked to design a network with Two 2960 Cisco switch and one Sg300 layer three Switch as Ip routing .
    The VLANs also get their IP address from DHCP Server. The over all picture and assumed design will looks like the picture I attached.
    We need to have : VLAN 15_Work station on SW1
    VLAN 99_MGT on SW1
    VLAN 150_ VOIP on SW2
    VLAN 40_Guest(connected to Wifi) on SW2
    All VLANs must get their IP from DHCP server which is a part of VLAN 15
    All VLAN need to be communicate using Layer 3 _SG 300 switch

    I want any one help me with the detail configuration steps.

    I have attached the sample Packet tracer diagram
    Attached Files

  • #2
    *-All of your VLANs will have their gateway addresses (SVIs) on the SG300. It is the router, therefore must know about every subnet it routes to, either by direct access or by routing statements. Since your other devices are layer-2 only, they can't route.
    *-All of the SVIs should have 'ip-helper' statements to point the DHCP request traffic to the IP for your DHCP server, or the DHCP requests will go nowhere.
    *-Your DHCP server will have a different scope for each VLAN it issues addresses for; the originating subnet of the request packet tells the DHCP server which scope to issue an address lease from.
    *-You should set up VTP, prob set with the SG300 as your master and both 2960s as slaves; this is so you configure a VLAN once (name, etc.) and all VTP members on your switching domain know about the changes--you configure once, less chance of making mistakes when you repeat it.
    *-Both the 2960 switches must communicate with the SG300 using trunks so any VLAN can go anywhere. You determine which VLANs are on which switches by which VLANs you assign to which access ports on the switches. Example: you give VLAN99 on SW1. If you assign a single port on SW2 to VLAN99, it becomes a member of that VLAN. If you want to restrict which VLANs can physically go to which switch, you can use the command set as shown as this Cisco reference to configure the trunks to limit the VLAN traffic: or you can use VTP Pruning--your choice.

    Assuming you have some prior experience with Cisco configs, you have enough info to get things going. If most of what I wrote above went over your head (not an insult, you simply may not have learned any of the above yet), you really should think about getting somebody in to at least show you the ropes.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      Thank you Pickles for your valuable reply. It is very helpful. I have some more questions.
      1. Is it necessary to put my DHCP server in a separate VLAN ? What if it will be the member of one of the VLANs which may require DHCP addressing.
      2. Do I need to use IP helper address for VLAN where my DHCP belongs to?
      3. Why I need the management VLAN? What special configuration will it need different from other VLANs?

      Thank you again


      • #4
        1. No. A single DHCP server can satisfy address needs for any VLAN you decide needs dynamic addresses being issued You've chosen 15--your call.
        2. No. DHCP requests from members inside VLAN 15 are considered local to that server. It's only when traffic must be routed into VLAN 15 from any other network that you need the ip helper.
        3. VLANs are usually used to group together devices with similar functions (all Finance in one, all Sales in another, etc) or similar traffic routing needs (special limitations on internet access, for example). Someone obviously decided to isolate specific devices/people into their own VLAN and call it Management. If you don't want it any longer, that's your call.
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **