Vlans and Routers.... sigh

kileytre

I am currently working on my case study for Networks 3 - LAN Switching and Wireless. I am trying to implement a management Vlan throughout the entire network to allow telnet access to the switches, and this is where I am having problems. First off I'm not even sure if this is possible, but Ive exhausted many hours into researching it and have to know if it can be done.

Quick setup visual:
[Switch1]
...|
...|
[Router1]
...|
[Router2]
...|
...|
[Switch2]

Both routers are setup with ospf and have subinterfaces configured for appropriate vlans.


Switch 2 is configured with 4 vlans (1,10,20,30,99)
Switch 1 is configured with 1 vlan (1,99)

Switch 1:
...
vlan 99
name MANAGEMENT
!
interface FastEthernet0/1
switchport mode trunk
...
interface Vlan99
ip address 223.0.0.213 255.255.255.248
!

Switch 2:
...
interface FastEthernet0/1
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
...
!
interface Vlan99
ip address 223.0.0.193 255.255.255.240
!

All devices can ping one another across the network.
-- Devices on switch 2 can telnet in using the vlan 99 ip for corresponding network
-- Devices on switch 1 can also telnet in using vlan 99 ip for corresponding network

So, the actual question. Can devices from switch 1 telnet into switch 2 in this kind of network, and if so where did i go horribly wrong?

-Many thanks

Ryuksapple84

kileytre wrote: »

I am currently working on my case study for Networks 3 - LAN Switching and Wireless. I am trying to implement a management Vlan throughout the entire network to allow telnet access to the switches, and this is where I am having problems. First off I'm not even sure if this is possible, but Ive exhausted many hours into researching it and have to know if it can be done.

Quick setup visual:
[Switch1]
...|
...|
[Router1]
...|
[Router2]
...|
...|
[Switch2]

Both routers are setup with ospf and have subinterfaces configured for appropriate vlans.


Switch 2 is configured with 4 vlans (1,10,20,30,99)
Switch 1 is configured with 1 vlan (1,99)

Switch 1:
...
vlan 99
name MANAGEMENT
!
interface FastEthernet0/1
switchport mode trunk
...
interface Vlan99
ip address 223.0.0.213 255.255.255.248
!

Switch 2:
...
interface FastEthernet0/1
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
...
!
interface Vlan99
ip address 223.0.0.193 255.255.255.240
!

All devices can ping one another across the network.
-- Devices on switch 2 can telnet in using the vlan 99 ip for corresponding network
-- Devices on switch 1 can also telnet in using vlan 99 ip for corresponding network

So, the actual question. Can devices from switch 1 telnet into switch 2 in this kind of network, and if so where did i go horribly wrong?

-Many thanks

So here is what I am thinking and maybe some of the senior members can correct me if I am wrong.

You can have these switch telnet into each other but you need to have them on the same subnet.

can you put a pic of your network Topology on here for a better understanding? I am not sure how you are implementing this.

Let me know if this works.

erfolg255

Hi yes we need logical topology picture here and do you use a router in your lab?you might have blocked ports by Acl there is lots to check. I might be wrong if so pls senior members to correct me

alan2308

Yes, devices from switch one can telnet into switch two provided that the routers are configured correctly. R1 will need a subinterface on the VLAN that the devices for S1 reside in, and R2 will need one for the VLAN that the devices for S2 reside in.

One thing to note here though is that if the switches are separated by routers, you cannot have a single VLAN throughout the network (well, you technically can, but that involves things that are way beyond CCNA level material). All the switches can have a VLAN99 that is named Management, but they will all be different VLAN99's (does that make sense?).

chmorin

A few things come to mind:

1)-- Nevermind, I'm crazy.

2) The routers need to know where to point for the 223 network. You have one on both ends of the routers, so naturally that wont work. Routers, practically be definition, separate networks. You need to have what is on switch 1 be on a different network than what is on switch 2.

billyr

I think what you need to keep in mind here is that although you have 2 Vlans called 99 which you want to be a management Vlan. As they are seperated by routers even though they have the same name they are not actually the same Vlan. They are different broadcast domains.

It is possible but would need a bit of creativity involving some sort of tunnelling.





edited: sorry Alan2308, I think thats what you'd already said, i'll read all the posts next time.

alan2308

billyr wrote: »

I think what you need to keep in mind here is that although you have 2 Vlans called 99 which you want to be a management Vlan. As they are seperated by routers even though they have the same name they are not actually the same Vlan. They are different broadcast domains.

It is possible but would need a bit of creativity involving some sort of tunnelling.





edited: sorry Alan2308, I think thats what you'd already said, i'll read all the posts next time.

Don't worry, I do it all the time myself.

Forsaken_GA

chmorin wrote: »

A few things come to mind:

1) Are your switches layer 3? If you are using a layer 2 swtich (eg, 2950) you need to use vlan1 for your SVI.

Erm, not exactly. The 2950's don't require you to use vlan1, you can define another SVI, it just won't let you use more than one SVI at a time.

Forsaken_GA

alan2308 wrote: »

One thing to note here though is that if the switches are separated by routers, you cannot have a single VLAN throughout the network (well, you technically can, but that involves things that are way beyond CCNA level material). All the switches can have a VLAN99 that is named Management, but they will all be different VLAN99's (does that make sense?).

Could you maybe elaborate on what you're saying here? Because if I setup vlan99 on 3 different switches, and I have trunk links passing tagged frames with vlan99, as far as the network is concerned, it's all the same vlan. Maybe you're trying to say something else and I'm just not understanding it, but it seems like you're saying end-to-end VLAN's are not possible and/or horribly complicated, and that's simply not the case.

billyr

Yes in that scenario with the switches connected by trunks that would be fine.
Having a router sitting between the switches though as the o.p's post seems to suggest would complicate things greatly.

mikej412

Forsaken_GA wrote: »

Because if I setup vlan99 on 3 different switches, and I have trunk links passing tagged frames with vlan99, as far as the network is concerned, it's all the same vlan.

Big difference between switch-trunk-switch-trunk-switch and switch-router-router-switch.

When you replace those trunk links with routers and routed links, while it's still possible to have all the switches in the same VTP domain, it is way beyond the CCENT/CCNA level.

chmorin

Forsaken_GA wrote: »

Erm, not exactly. The 2950's don't require you to use vlan1, you can define another SVI, it just won't let you use more than one SVI at a time.

DANG IT! I made the same mistake twice. I'm retarded today. I thought the same thing a few months ago. You can make only one vlan, not only vlan 1. Grrr stupid brain. Thanks for keeping me on track.

Forsaken_GA

mikej412 wrote: »

Big difference between switch-trunk-switch-trunk-switch and switch-router-router-switch.

When you replace those trunk links with routers and routed links, while it's still possible to have all the switches in the same VTP domain, it is way beyond the CCENT/CCNA level.

Ah, my mistake, missed the part about routers being between the switches, yeah, that changes things.

Ryuksapple84

Forsaken_GA wrote: »

Ah, my mistake, missed the part about routers being between the switches, yeah, that changes things.

Yeah, I missed that one as well... but I was not sure from the design provided.