Vlan Trouble

This topic contains 21 replies, has 7 voices, and was last updated by Avatar bdesmond-mvp 12 years, 10 months ago.

Viewing 22 posts - 1 through 22 (of 22 total)
  • Author
    Posts
  • #118800

    I’m having serious trouble trying to figure out how to make one port on one vlan and another port on a different vlan talk to each other. I’m using Cisco 3560 switches…if anyone can help it would be greatly appreciated!

    THX in advance

    Avatar
    biggles77
    Spectator
    #205675

    Re: Vlan Trouble

    Have you had a read of this? http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

    Avatar
    sanvour
    Member
    #217164

    Re: Vlan Trouble

    You need to have a router for sure, if you are running multiple switches connecting to one router (that is called router on a stick).

    Do not forget to configure sub interfaces on your router (Fa0/0.1, Fa0/0.2)

    You need to name your VLANS, and assign ports members.
    Do not forget to configure VTP (Server.Client,Transparent), with the appropiate trunking protocl, this should be the same on your switches.

    Best regards,
    Mostafa

    Avatar
    daviddavis
    Member
    #263687

    Re: Vlan Trouble

    Hi Infinite_Reality,

    Have you had any luck making this work? I think that the tips posted by Mostafa and Biggles were very helpful in your issue.

    Let us know how it went or if you need more help on this topic.

    Thanks,
    David

    Avatar
    sanvour
    Member
    #217167

    Re: Vlan Trouble

    Hi David,
    Always there ready to help:)
    A small reputation will not harm:grin:

    Best regards,
    Mostafa

    Avatar
    daviddavis
    Member
    #263696

    Re: Vlan Trouble

    FYI, to anyone interested in learning more about VLAN’s, the Petri Knowledgebase now has a new article to help you learn about the important topic of VLAN’s.

    Take a look-
    http://www.petri.com/csc_setup_a_vlan_on_a_cisco_switch.htm

    Avatar
    bdesmond-mvp
    Member
    #291241

    Re: Vlan Trouble

    There is no need for the OP to use a router here. Even if he/she was going to, the router isn’t going to speak VTP so that’s irrelevant (and by the way VTP is generally not your friend anyway).

    The 3560 is a layer 3 switch and will do intervlan routing with a base image. Off the top of my head here’s the config to do it.

    Let’s assume vlan 2 is 192.168.2.0/24 and vlan 3 is 192.168.3.0/24.

    conf t
    ip routing
    int vlan2
    ip addr 192.168.2.1 255.255.255.0
    int vlan3
    ip addr 192.168.3.1 255.255.255.0
    exit
    copy run start

    Set the PC gateways to 192.168.2.1 or 192.168.3.1 whatever’s appropriate and traffic will flow.

    You only need the ip routing command the first time you do this to enable it on the switch.

    Avatar
    theterranaut
    Member
    #285880

    Re: Vlan Trouble

    Indeed. From Cisco.com:

    “The Cisco Catalyst 3560 is available with either the standard multilayer software image (SMI) or the enhanced multilayer software image (EMI). The SMI feature set includes advanced QoS, rate-limiting, ACLs, and basic routing functionality. The EMI provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR).”

    regards

    theterranaut

    Avatar
    tnshurtm
    Member
    #290075

    Re: Vlan Trouble

    This is a great thread. I am going to attempt to put all of my workstations on .2 subnet while all of my network devices/server are on .1 Right now I have all of the switches configured to have 4 Vlans.

    .1 is the main one
    .2 is built but not being used
    .3 is another building
    .5 is my voice vlan

    All of the switches are 3560’s and I used VTP. They all end up going into a 3750 which is my “hub”. I did not configure the 3750. I just did the sh ip route and got this:

    Gateway of last resort is 192.168.1.1 to network 0.0.0.0

    S 192.168.10.0/24 [1/0] via 192.168.5.4
    S 192.168.4.0/24 [1/0] via 192.168.1.4
    C 192.168.5.0/24 is directly connected, Vlan5
    S 192.168.50.0/24 [1/0] via 192.168.1.1
    C 192.168.1.0/24 is directly connected, Vlan1
    C 192.168.3.0/24 is directly connected, Vlan2
    S* 0.0.0.0/0 [1/0] via 192.168.1.1

    FIRST QUESTION:
    As you can see, they have Vlan2 as the .3 subnet. I am guessing that the 3750 and 3650s do not discuss which vlan is which as long as they have a port?

    Is it as easy as renaming the vlan on the 3750 to vlan 3?

    Ip routing
    int vlan 3
    ip addr 192.168.3.0/24

    Will this bring down the connection to the other building?

    Avatar
    theterranaut
    Member
    #285885

    Re: Vlan Trouble

    Hi Marc,
    without a detailed look at your topology- yes, it probably will break things!

    I’d create another, separate VLAN on your core switch (VTP Master)
    and have this as your ‘new’ VLAN. You’ve just got to choose another set of private addresses.
    Best not to muck about with the current arrangement until the full ramifications are known (if it aint broke…), and this way, you get to do testing beforehand. Always a bonus.

    Bear in mind that dividing up your network into a ‘separate vlan per identity’
    topology might not be the most efficient way to do things. These switches will
    have to ROUTE every packet that originates on a server but is destined for a workstation instead of SWITCHING them. So, have a think about placement before you rush in. File servers, for example, might take an adverse hit on performance.

    If you do it, you’ll also have to set up DHCP forwarding- which I *think* 3560’s can do, but will check.

    regards

    theterranaut

    Avatar
    tnshurtm
    Member
    #290076

    Re: Vlan Trouble

    So I guess this bears a very basic question. Since this network (inherited) is outgrowing 254 ip addresses, how should I segment it? The other building being on another subnet was not my idea. It does have some problems with some apps timing out and could not figure out why since there is a Gig fiber connection between the two buildings.

    How do I get more IP addr’s without routing between subnets?

    Apologize for the newbie fundamental questions.

    Avatar
    theterranaut
    Member
    #285887

    Re: Vlan Trouble

    Hi Marc,

    easiest way, in that case, would just be to go for a 16-bit subnet for your whol internal network.
    This would (obviously) involve readressing. So, you could choose, just for example:

    172.16.0.0/16- thats a mask of 255.255.0.0, which would give you just shy of 65,000 possible addresses. (Bone up on RFC1918 addressess if you are not sure about this.)

    As for apps timing out- could be your topology, but its difficult to say for sure. This is really becoming a design question.

    HTH

    theterranaut

    Avatar
    bdesmond-mvp
    Member
    #291244

    Re: Vlan Trouble

    theterranaut;50982 wrote:
    If you do it, you’ll also have to set up DHCP forwarding- which I *think* 3560’s can do, but will check.

    Yes. Drop into the interface either the SVI or a layer 3 port (e.g. int vlan2 or int fa0/1) and do ip helper-address 1.2.3.4 where 1.2.3.4 is your DHCP server.

    Avatar
    bdesmond-mvp
    Member
    #291245

    Re: Vlan Trouble

    Marc-

    Segmenting the two buildings into different subnets is a good idea and the last thing you want is to end up with an old style campus network with vlans all over kingdom come. It’s really a mess and it’s hard to fix down the road.

    It sounds like you have some issues with your network as to how it’s wired together. Have you taken a look at error counters on interfaces (e.g. your building links, etc)? Spanning tree issues? Unexpected latency? I know nothing about your network but those are some easy ones to start with

    Next, don’t go for a /16 whether it gives you enough space or not. You don’t need it and now you’ve chewed up a whole bunch of address space that isn’t worth wasting. Move up to a /23 or a /22 whichever is appropriate, but do it right. Hierarchically build the subnet structure between the two buildings – Management network, server network, client networks, wireless, voip, etc. Use the same structure in each building and any new ones.

    Also on one of these switches there is no difference between routing and switching after the first packet – it’s all done in hardware – theterranaut is worng about this. The only time this will break is if you configure things such that every packet is punted to the CPU (which takes some work) or you do something like overload the route table (it has space for I believe ~8K routes on one of these switches though).

    I’m not sure what you mean by renaming the vlan, but I suspect you will break things.

    If you want, post the output of show run and show cdp neighbors from each device here and I can look. Please make sure you delete the strings (passwords) and anything else that links them to whereever you work.

    Avatar
    theterranaut
    Member
    #285889

    Re: Vlan Trouble

    Thanks for correcting me Brian. I had assumed that these things were ‘budget’ devices, but it sounds like they are quite hefty, yes? The price tag makes me suspicious! However, Cisco say:

    • 32 Gbps forwarding bandwidth

    • Forwarding rate based on 64-byte packets: 38.7 Mpps (Cisco Catalyst 3560G-48TS and Catalyst 3560G-48PS, and Cisco Catalyst 3560G-24TS and Catalyst 3560G-24PS); 13.1 Mpps (Cisco Catalyst 3560-48TS and Catalyst 3560-48PS); and 6.5 Mpps (Cisco Catalyst 3560-24TS and Catalyst 3560-24PS)

    • 128 MB DRAM

    • 32 MB Flash memory (Cisco Catalyst 3560G-24TS, Catalyst 3560G-24PS, Cisco Catalyst 3560G-48TS, Catalyst 3560G-48PS, Catalyst 3560-24TS, and Catalyst 3560-48TS); and 16-MB Flash memory (Cisco Catalyst 3560-48PS and Catalyst 3560-24PS)

    • Configurable up to 12,000 MAC addresses

    • Configurable up to 11,000 unicast routes

    • Configurable up to 1000 IGMP groups and multicast routes

    • Configurable maximum transmission unit (MTU) of up to 9000 bytes, with a maximum Ethernet frame size of 9018 bytes (Jumbo frames), for bridging on Gigabit Ethernet ports, and up to 1546 bytes for bridging of Multiprotocol Label Switching (MPLS) tagged frames on 10/100 ports

    So, even the basic model can do over 6Mpps- not too shabby! As you say, its per-packet for the routing, so there shouldn’t be an enormous hit. I can see the need for these units from Cisco’s standpoint, I’ve just been configuring some chassis-based 3Com units (7000 series) which offer a fairly incredible backplane, advanced routing, every feature under the sun- and at approximately 1/3rd to half the price of the equivalent Cisco unit. I’ll have 2!

    re: non-16 bit nets. You’re right, they can get messy in the wrong hands, and constraining broadcast domains is never a bad idea. I stand corrected on this, and should have suggested a slightly larger mask for our friends needs instead of choosing the next biggest ‘private’ network for his needs.
    As I said “this is becoming a design issue’!!
    However- I still maintain that our friend needs to look carefully at placement and grouping, and not count overly on switching speed to get him out of it!

    regards

    theterranaut

    BTW: good having you around here!

    Avatar
    bdesmond-mvp
    Member
    #291251

    Re: Vlan Trouble

    They’re great devices and they’re the best thing until you get into the territory where you need a chassis switch. They’re priced like anything else from Cisco so keep that in mind and also keep in mind the numbers they give you are best case.

    3560 and 3750 are basically the same thing – only difference is the 3750 has a port on the backplane on the back aka a stacking connector so you can create a stacked cluster.

    Avatar
    tnshurtm
    Member
    #290077

    Re: Vlan Trouble

    My question about renaming thee vlan comes from this:
    I don’t plan on growing much bigger than this will allow for the next 5 years. I hope to just get one more vlan in.

    Sh vlan

    VLAN Name Status Ports
    —-




    1 default active Gi1/0/5, Gi1/0/6, Gi1/0/7
    Gi1/0/8, Gi1/0/9, Gi1/0/10
    Gi1/0/11, Gi1/0/12, Gi1/0/13
    Gi1/0/14, Gi1/0/15, Gi1/0/16
    Gi1/0/17, Gi1/0/18, Gi1/0/19
    Gi1/0/20, Gi1/0/22, Gi1/0/26
    Gi1/0/27, Gi1/0/28
    2 220_Workstations active
    3 25D active
    5 TLAN active

    sh ip routing

    Gateway of last resort is 192.168.1.1 to network 0.0.0.0

    S 192.168.10.0/24 [1/0] via 192.168.5.4
    S 192.168.4.0/24 [1/0] via 192.168.1.4
    C 192.168.5.0/24 is directly connected, Vlan5
    S 192.168.50.0/24 [1/0] via 192.168.1.1
    C 192.168.1.0/24 is directly connected, Vlan1
    C 192.168.2.0/24 is directly connected, Vlan3
    C 192.168.3.0/24 is directly connected, Vlan2
    S* 0.0.0.0/0 [1/0] via 192.168.1.1

    As you can see in the routing Vlan2 is .3 sub and Vlan3 is .2. In the other building, all of the workstations are in Vlan2. I want to change it to Vlan3. Just the name, not the IP range. I want them to stay in the .3 subnet. I want to free up the .2 sub to use in the main building.

    Avatar
    tnshurtm
    Member
    #290078

    Re: Vlan Trouble

    Here is my sh run for the core switch:

    BaumCore3750-1#sh ru
    Building configuration…

    Current configuration : 3650 bytes
    !
    ! Last configuration change at 10:17:26 EST Fri Dec
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec localtime
    service timestamps log datetime msec localtime
    service password-encryption
    !
    hostname BaumCore3750-1
    !
    no logging console
    !
    clock timezone EST -5
    clock summer-time EST recurring
    switch 1 provision ws-c3750g-24ts-1u
    ip subnet-zero
    ip routing
    !
    !
    !
    !
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    !
    interface GigabitEthernet1/0/1
    description ***Connection to Back Closet***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/2
    description ***Connection to Main Switch Rack***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/3
    description ***Connection to Data1 Rack***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/4
    description ***Connection to Data2 Rack***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/5
    !
    interface GigabitEthernet1/0/6
    !
    interface GigabitEthernet1/0/7
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/8
    !
    interface GigabitEthernet1/0/9
    !
    interface GigabitEthernet1/0/10
    !
    interface GigabitEthernet1/0/11
    !
    interface GigabitEthernet1/0/12
    !
    interface GigabitEthernet1/0/13
    !
    interface GigabitEthernet1/0/14
    !
    interface GigabitEthernet1/0/15
    !
    interface GigabitEthernet1/0/16
    !
    interface GigabitEthernet1/0/17
    !
    interface GigabitEthernet1/0/18
    !
    interface GigabitEthernet1/0/19
    !
    interface GigabitEthernet1/0/20
    !
    interface GigabitEthernet1/0/21
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/22
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/23
    description ***Connection to Voice Rack***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/24
    description ***Connection to BAUM3845GW***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/25
    description *** Connection to 25D Single Mode Fiber
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface GigabitEthernet1/0/26
    !
    interface GigabitEthernet1/0/27
    !
    interface GigabitEthernet1/0/28
    !
    interface Vlan1
    description *** CLAN RTR ***
    ip address 192.168.1.2 255.255.255.0
    !
    interface Vlan2
    description ***220 Workstations***
    ip address 192.168.3.8 255.255.255.0
    !
    interface Vlan3
    description *** 25D ***
    ip address 192.168.2.1 255.255.255.0
    !
    interface Vlan5
    description *** TLAN RTR ***
    ip address 192.168.5.1 255.255.255.0
    ip helper-address 192.168.1.186
    !
    ip default-gateway 192.168.1.1
    ip classless
    no ip forward-protocol udp nameserver
    no ip forward-protocol udp domain
    no ip forward-protocol udp time
    no ip forward-protocol udp netbios-ns
    no ip forward-protocol udp netbios-dgm
    no ip forward-protocol udp tacacs
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    ip route 192.168.2.0 255.255.255.0 Vlan3
    ip route 192.168.4.0 255.255.255.0 192.168.1.4
    ip route 192.168.10.0 255.255.255.0 192.168.5.4
    ip route 192.168.50.0 255.255.255.0 192.168.1.1
    ip http server

    Avatar
    bdesmond-mvp
    Member
    #291252

    Re: Vlan Trouble

    Marc-

    There’s something screwy with your setup and I haven’t quite placed it yet. Honestly my recommendation is that you clean up and start from scratch one day. Your setup sounds small enough that you could make a Saturday project out of it or a weekday evening.

    That said, unless you are planning to span vlans between buildings which I genuinely think is a poor idea, don’t worry about the numbers overlapping.

    Avatar
    tnshurtm
    Member
    #290079

    Re: Vlan Trouble

    If you can point in the general direction of the screwiness, I could give more information. I would love to get this network solid (to keep the developers from pointing fingers when their apps don’t work)

    Avatar
    tnshurtm
    Member
    #290080

    Re: Vlan Trouble

    Putting my physical topology aside,

    What are the positives/negatives for either putting everything under one subnet or splitting the workstations onto one subnet and the infrastructure (servers/switches/routers) on another?

    Thank you,

    Marc

    Avatar
    daviddavis
    Member
    #263706

    Re: Vlan Trouble

    Hi Marc,

    To me, whenever you are spillting traffic into multiple VLAN’s, you really need to know your traffic patterns. Who is talking to who? What % of traffic is server to server vs server to workstation?

    When you split some systems away from other systems you could-
    1. create a latency or bandwidth bottle neck by causing important traffic to have to now be routed instead of switched
    OR
    2. improve performance by limiting broadcast packets on your networks

    Hopefully, you can do #2 by segmenting the right systems away from other systems but you have to be careful not to create situation #1.

    If you have a fast Layer 3 switch (like a Cisco 3750/3760, 4xxx series, or 6xxx series), you should be able to use the Layer 3 routing in the switch to not create any additional latency and still improve performance by reducing broadcasts.

    I hope that helps you out.

    Thanks,
    David

Viewing 22 posts - 1 through 22 (of 22 total)

You must be logged in to reply to this topic.