TMonkeaMemberMarch 31, 2017 at 1:34 pm #166943
I was recently given the job of managing the shop floor switches and networks that run through our plant. I need to configure a switch in my office, a Cisco L3 WS-C3750G-48TS with IPBaseK9 and ver. 12.2 firmware (switch A), (192.168.254.252 for management). With that switch I want to be able to telnet into the switches on 3 different networks – 192.168.0.0/16, 126.96.36.199/24, and 10.43.1.0/24.
What is the best way to set these switches up so I can manage the switches on the 3 networks? I was told I could do it with Vlans and maybe access lists on the L3 switch but since the 3 core switches are in production, any changes I make on them would need to be non-invasive plus I cannot re-boot them easily.
The 3 switches that I need to connect to are:
Switch B – WSC3850-24S 192.168.254.253 core switch for 192 Net, has many other switches connected.
Switch C – WSC3750G-12S 188.8.131.52 core switch for 137 Net, has many other switches connected.
Switch D – WS-C3750V2-48TS core switch for 10.43 Net, has many other switches connected.
Note: All four switches are connected by fiber. I would like to use Vlan10 for the 192 net, Vlan20 for the 137 net, Vlan30 for the 10.43 net and Vlan99 for management.
Also, all four networks need to be completely isolated.
Thanks in advance.
AnonymousApril 1, 2017 at 4:40 am #372035
What you’re describing is basic network layout, with routing between multiple subnets. The kinds of command needed don’t require reboots, but any VLAN changes on a given access port that some piece of floor production equipment is plugged into, would have to be reset by shutting that port down and bringing it back up again. You wouldn’t happen to have a diagram of all this with IP ranges defined, would you? If you want all 4 networks isolated, then simply don’t route between them. If you already can get from 1 to another network, the routing already exists and so must be taken into account. If any of the separate networks require access to the internet, that’s almost certainly your router.
If all switches are connected now, all you need to do is establish an IP address in your chosen VLAN 99 on each device. Once any switch is a member of that VLAN, you should be able to telnet into that switch from the first one. But then again, you should be able to telnet into any of the switches directly, from the device you’re using to connect to the first one, assuming your not using the Console port on the first one. Your network isolation can be handled by simply not routing between the subnets. Set up an ACL to allow your VLAN99 to get into any of the other subnets for management/troubleshooting, but that’s it.
To simplify long-term changes with VLANs, you want to become familiar with Cisco’s VTP; one switch is defined as a master source for permitted VLANs and their names, and all other devices get that info from the master. You define a VLAN in one place, and any other VTP switch member can pass traffic on that VLAN, simply by adding that VLAN to whichever access port you want.
You must be logged in to reply to this topic.