Working with a 3560

mattrgee

Hi all,

We have the following setup at work:

Router01 - fa0/1 > SW1 > SW2 > SW3 > SW4

The switches are 2950's and the router is a 2800, we do not manage the router but do manage the switches. The switches are fed off a single router interface, however there are redundant links between each of the switches.

We need to create a new vlan for hardware that is being tested by our development department. There are no available interfaces left on the router.

We could ask for the router to be reconfigured for 'router on a stick' but we've had problems with previous change requests so would prefer to avoid this option. Alternativily, we have been told we can by an additional switch and the cost of a 3560 has been approved.

Using a 3560, could it being connected to one of the existing 2950's and configured to route traffic from the existing vlan into the new vlan for the development department?

I suspect a routing change will still need to be made to the existing router.

Thanks

kryolla

if you are only talking about 2 vlans then any router that has 2 ports will do. You avoid using router on a stick. Then that new router can do NAT so nothing has to change on the providers 2800. To answer your question yes you can stick a 3560 to route between vlans.

mattrgee

Thanks.

With a 3560 in place, will I need to get the provider to add a static route to the 2800 in order to tell it where to route traffic destined for the new vlan?

Presumably a couple of ports on the 3560 will reside in the existing vlan with the rest of the switch allocated to the new vlan.

laidbackfreak

Matt the 3560 is a layer 3 device and will route between the vlan's for you.

Create a trunk port between the 3560 and the 2950 and job's a good un

The ports on the 3560 you can configure anyway you like and mix n match which vlan you need them to be in

ps this might help :-
How To Configure InterVLAN Routing on Layer 3 Switches - Cisco Systems

blackninja

mattrgee

great site,

keep meaning to do my own but not enough hours in the day but soon v. soon

half an hour well spent

networker050184

mattrgee wrote: »

Thanks.

With a 3560 in place, will I need to get the provider to add a static route to the 2800 in order to tell it where to route traffic destined for the new vlan?

Presumably a couple of ports on the 3560 will reside in the existing vlan with the rest of the switch allocated to the new vlan.

Yes, the provider router will need a way to get the new IP space back to you whether it be static or dynamic routing.

I agree with kryolla's suggestion of a router. This way you can control all of your own routing and NAT and not have to worry about the provider making changes for you.

mattrgee

Well the 3560 finally got ordered and I'm about to start configuring it.

Is it as simple as creating a couple of trunk ports on the 3560 and connecting these to two of the 2950's (for redundancy)?

Then create two or more vlan's on the 3560 and enable ip routing?

Do the vlans I create on the 3560 need to match the vlan id's in use on the 2950's? I guess they would.

Thanks.

dtlokee

you will also want to make sure you manupliate spanning tree on the network to make the 3560 your root (depends on how you are planning to connect it). You could also have the provider add a summary route to their router so you don't need NAT (which you can't do with the 3560) and you won't need to contact them each time you make a change.

mattrgee

Ok will do.

Also, the 3560 will need to be configured with address in the existing vlan that will serve as the next hop by the providers router for finding the new vlan. Will this address be configured as a vlan on the 3560?

Thanks.

mattrgee

Nearly there:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 xxxxxxxxxxxxxxxx
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
no ip domain-lookup
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 ip address 10.32.43.8 255.255.255.0
!
interface Vlan3
 ip address 10.32.44.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.43.1
ip http server
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 password xxxxxxxxx
 logging synchronous
 login
line vty 0 4
 exec-timeout 0 0
 password xxxxxxxxx
 logging synchronous
 login
line vty 5 15
 exec-timeout 0 0
 password xxxxxxxxx
 logging synchronous
 login
!
end

What I'm confused about is which interface on the new switch will be used as the next hop by the providers router? i.e. to reach the new network of 10.32.44.0/24 our providers router will need to forward traffic to an ip address in the 10.32.43.0 network which should be advertised by the 3560 switch. I've tried to advertise this address on the switch as vlan 2, but with no ports assigned the vlan is down. I'm guessing using a vlan isn't the right way to do it.

Any ideas?

Thanks.

mattrgee

Maybe a ports needs to be configured as a router interface?

ColbyG

mattrgee wrote: »

Nearly there:
What I'm confused about is which interface on the new switch will be used as the next hop by the providers router? i.e. to reach the new network of 10.32.44.0/24 our providers router will need to forward traffic to an ip address in the 10.32.43.0 network which should be advertised by the 3560 switch. I've tried to advertise this address on the switch as vlan 2, but with no ports assigned the vlan is down. I'm guessing using a vlan isn't the right way to do it.

Any ideas?

Thanks.

You could use a routed port or an SVI. You need a port connected to their router, and it needs to be routed, or in the VLAN you're using for the SVI. This interface will be in the same subnet as their router's interface. Your provider will need to add routes to your networks (dtlokee's summary route suggestion is the best, IMO).

mattrgee

Ok, so would I have the following interfaces configured on the 3560:

2 trunk ports - each connected to a different layer 2 switch for redundancy

and either

1 routed port connected to one of the layer 2 switches

or

1 port in a vlan connected to one of the layer 2 switches.

along with the neccessary routing change made on the providers router.

Thanks.