?
Solved

VLAN Design - Metro Ethernet - 4 Sites to start with more to add on

Posted on 2008-10-03
22
Medium Priority
?
1,364 Views
Last Modified: 2012-05-05
Ok, so today is ZERO day.  We are moving forward with our fiber conversion and I would really like to keep my job.  This is a continuation from this abandoned post.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_23703126.html

Here are the details.  We are starting with 4 sites.

Site A is the center point and where all servers and internet are located.  We have a Cisco 2821 router (configs posited below).  This site will have traffic on VLANS, 1(native),10 , 20 and 30.

Site B is a security critical site.  We have a Cisco 2811 router (configs posted below).  This site will be on his very own VLAN 100, and should be able to access VLAN30

Site C is part of VLAN20, and should be able to access VLAN 30, and certain resources on VLAN 100.

Site D is part of VLAN 20 and only needs access to VLAN 30

----------------
Vlans
----------------

VLAN 1 native
VLAN 10 Management <------should be able to access everything
VLAN 20 Basic Users
VLAN 30 Servers
VLAN 40 High Security

Like I said above.  This is only a starting point.  We have several other sites that will either be part of VLAN20 or on there very own VLAN.  I firegure once I get these 4 up and talking the rest will fall in to place as needed.

Please see my diagram and the configs that I will post in comments below

Drawing1.jpg
0
Comment
Question by:CityofKerrville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 6
22 Comments
 

Author Comment

by:CityofKerrville
ID: 22633882
This is Site A's config.  Cisco 2821.

CHR1#sh conf
Using 3309 out of 245752 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CHR1
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-20.T1.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 "OMITTED"
enable password "OMITTED"
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
no ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
username "OMITTED" privilege 15 secret 5 "OMITTED"
archive
 log config
  hidekeys
! 
!
!
interface GigabitEthernet0/0
 description VLAN30 SERVERS
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description dot1q trunk port to METRO ETHERNET
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description VLAN80 UNUSED
 encapsulation dot1Q 80
 ip address 192.168.98.1 255.255.255.254
!
interface GigabitEthernet0/1.2
 description VLAN20 COURT, FIREADMIN, LIBRARY, KSP, STREETS, GOLF
 encapsulation dot1Q 20
 ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/1.3
 description VLAN40 WATER
 encapsulation dot1Q 40
 ip address 192.168.104.1 255.255.255.0
!
interface GigabitEthernet0/1.4
 description VLAN50 WASTEWATER
 encapsulation dot1Q 50
 ip address 192.168.105.1 255.255.255.0
!
interface GigabitEthernet0/1.5
 description VLAN90 UNUSED
 encapsulation dot1Q 90
 ip address 192.168.107.1 255.255.255.254
!
interface GigabitEthernet0/1.6
 description VLAN100 KPD
 encapsulation dot1Q 100
 ip address 192.168.109.1 255.255.255.248
!
interface FastEthernet0/0/0
 description VLAN10 MGMT-IT
 switchport access vlan 10
!
interface FastEthernet0/0/1
 description ASA 5510 FIREWALL
!
interface FastEthernet0/0/2
 description VLAN20 CITY HALL
 switchport access vlan 20
!
interface FastEthernet0/0/3
 description UNUSED
 shutdown
!
interface Serial0/1/0
 description VLAN60 AIRPORT
 ip address 192.168.1.25 255.255.255.248
!
interface FastEthernet0/2/0
 description LINK TO OLD NETWORK
 ip address 192.168.101.5 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description FASTETHERNET0/0/0
 ip address 192.168.96.1 255.255.255.0
 shutdown
!
interface Vlan20
 description FASTETHERNET0/0/2
 ip address 192.168.99.1 255.255.255.0
 no mop enabled
!
router eigrp 1
 network 192.168.96.0
 network 192.168.97.0
 network 192.168.98.0
 network 192.168.99.0
 network 192.168.100.0
 network 192.168.101.0
 network 192.168.102.0
 network 192.168.103.0
 network 192.168.104.0
 network 192.168.105.0
 network 192.168.106.0
 network 192.168.107.0
 network 192.168.108.0
 network 192.168.109.0
 network 192.168.110.0
 network 192.168.111.0
 auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0/1
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password "OMITTED"
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password "OMITTED"
 login local
 transport input telnet
!
scheduler allocate 20000 1000
end
 
CHR1#

Open in new window

0
 

Author Comment

by:CityofKerrville
ID: 22633886
This is Site B's config.  Cisco 2811.

PDR1#sh conf
Using 871 out of 245752 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PDR1
!
boot-start-marker
boot-end-marker
!
enable secret 5 "OMITTED"
enable password "OMITTED"
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
no ip cef
!
!
!
!
!
!
interface FastEthernet0/0
 description VLAN100 traffic from ge0/0.6 on CHR1
 ip address 192.168.109.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description KPD SWITCH
 ip address 192.168.111.1 255.255.255.0
 duplex half
 speed auto
 no mop enabled
!
router eigrp 1
 network 192.168.109.0
 network 192.168.111.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.109.1
!
no ip http server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password "OMITTED"
 login
!
scheduler allocate 20000 1000
!
end
 
PDR1#

Open in new window

0
 

Author Comment

by:CityofKerrville
ID: 22633899
This is Site C's config.  Catalyst 3560.

COURT#sh conf
Using 1526 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname COURT
!
enable secret 5 "OMITTED"
enable password "OMITTED"
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
~~INTERFACES OMITTED~~
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 description VLAN20 traffic from ge0/1.2 on CHR1
 no switchport
 ip address 192.168.100.2 255.255.255.0
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MGMT ACCESS
 ip address 192.168.96.51 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password "OMITTED"
 login
line vty 5 15
 password "OMITTED"
 login
!
end
 
COURT#

Open in new window

0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 

Author Comment

by:CityofKerrville
ID: 22633905
And this is Site D's config.  Catalyst 3560

FIREADMIN#sh conf
Using 1530 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname FIREADMIN
!
enable secret 5 "OMITTED"
enable password "OMITTED"
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
~~INTERFACES OMITTED~~
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 description VLAN20 traffic from ge0/1.2 on CHR1
 no switchport
 ip address 192.168.100.3 255.255.255.0
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MGMT ACCESS
 ip address 192.168.96.52 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password "OMITTED"
 login
line vty 5 15
 password "OMITTED"
 login
!
end
 
FIREADMIN#

Open in new window

0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 1000 total points
ID: 22635230
Is it an absolute requirement that the other sites be on the same broadcast domain as some of the VLAN's on Site A?

If not, don't trunk through the metro cloud. Simply put, treat the metro cloud as a separate network. Every device connect to the cloud is layer 3 capable.

I.E.
Site A:
int g0/1
 ip address 192.168.1.1 255.255.255.248

Site B:
int f0/0
 ip address 192.168.1.2 255.255.255.248

Site C:
int G0/2
 no switchport
 ip address 192.168.1.3 255.255.255.248

Site D:
int G0/2
no switchport
 ip address 192.168.1.4 255.255.255.248

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22635712
Agree with Don. Each site will have their own vlans designated with their own subnets on those vlans.
All interfaces touching the MetroE should be in the same subnet.
Just don't forget to enable routing. The 3560 can do basic EIGRP to advertise its locally connected subnets



0
 

Author Comment

by:CityofKerrville
ID: 22635895
"donjohnston: Is it an absolute requirement that the other sites be on the same broadcast domain as some of the VLAN's on Site A?If not, don't trunk through the metro cloud. Simply put, treat the metro cloud as a separate network. Every device connect to the cloud is layer 3 capable."

Outside of Site B (Police Department), and our Water Treatment facilities (Not included in this question), we would like every site to be on the same subnet (i.e. 192.168.100.X) and VLAN20 pulling DHCP.  Site C (Municipal Court) needs limited access to some resources at Site B (Police Department).  our MGMT (VLAN10) and our SERVER (VLAN30).  This is the way I have been planning it out for months and really don't have the time to tear down and start over.  I just need to know if the configs I have in place will work properly.
0
 

Author Comment

by:CityofKerrville
ID: 22635920
"lrmoore:            

Agree with Don. Each site will have their own vlans designated with their own subnets on those vlans.
All interfaces touching the MetroE should be in the same subnet.
Just don't forget to enable routing. The 3560 can do basic EIGRP to advertise its locally connected subnets"

So what you are saying is regardless of their VLAN, the ports plugged into the ME at all sites should all be on something like 192.168.1.x?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1000 total points
ID: 22636016
The metroE is typically a VLAN of its own, and every port assigned to you is assigned to this vlan, so yes they would all be in the same subnet unless you have other instructions or information from the MetroE provider that you have not shared with us.

If you want to do it the way you have planned, since you are vlan tagging and trunking at one site you have to do it at all sites. So site B would have to look something like this:

interface FastEthernet0/0
  no ip address
!
interface FastEthernet0/1.100
 description VLAN100 traffic from ge0/0.6 on CHR1
 encapsulation dot1Q 100
 ip address 192.168.109.2 255.255.255.248

Personally, I would do all L3 interfaces and not do any trunking across the MetroE. It is much more efficient use of the bandwidth and you can build in redundancy easier later if you need it.

0
 

Author Comment

by:CityofKerrville
ID: 22636060
"lrmoore:

Personally, I would do all L3 interfaces and not do any trunking across the MetroE. It is much more efficient use of the bandwidth and you can build in redundancy easier later if you need it."

Let say I choose to go this route;  how can I do it with having to put each site on their own subnet?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22636186
You can't do all Layer 3 without each site being in their own subnet.
you can still have a centralized DHCP server if you want, but each site has their own subnet or multiple subnets if they have multiple vlans.
0
 

Author Comment

by:CityofKerrville
ID: 22636272
I can appreciate you position.  For our purpose, I think I am going to press on down the road I am on.  We are a small city government with a whole whopping 3 people in IT.  That being said.  Back to what you said above...

"If you want to do it the way you have planned, since you are vlan tagging and trunking at one site you have to do it at all sites."

I have made the changes you suggested.  Now on the main router at Site A, you will notice I have not put any routes in the config yet.  Can you offer some guidance on routing VLAN traffic?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22636441
Since you have EIGRp enabled, you shouldn't need any other routing. Except..
  >ip route 0.0.0.0 0.0.0.0 FastEthernet0/0/1
This can't work. You need to use the upstream IP address of the ASA and not the interface
Interface Fast 0/0/1 needs to have an IP address in the same IP subnet as the ASA inside

And you need a vlan 10 interface at SiteA
!
interface GigabitEthernet0/1.10
 description MANAGEMENT VLAN
 encapsulation dot1Q 10
 ip address 192.168.96.1 255.255.255.254

On Switches C an D, use a trunked port, and define the vlans on each switch
Identical configs on both switches
Easier to configure an unused port than reconfigure what you have

interface GigabitEthernet0/1
 switch mode trunk
 switch trunk encap dot1q

ip default-gateway 192.168.96.1

vlan 10
vlan 20
vlan 30
vlan 40

all user-attached switchport should be in vlan 20

interface FastEthernet0/1
 switch mode access
 switch access vlan 20
 spanning-tree portfast

0
 

Author Comment

by:CityofKerrville
ID: 22636833
"lrmoore:

>ip route 0.0.0.0 0.0.0.0 FastEthernet0/0/1
This can't work. You need to use the upstream IP address of the ASA and not the interface
Interface Fast 0/0/1 needs to have an IP address in the same IP subnet as the ASA inside."
this has since been changed




"And you need a vlan 10 interface at SiteA
"
VLAN10 is local to Site A and used as a Management VLAN (IT and Virtual Server Management).  It is referenced later on in the config....see below

!
interface FastEthernet0/0/0
 description VLAN10 MGMT-IT
 switchport access vlan 10
!
!
interface Vlan10
 description FASTETHERNET0/0/0
 ip address 192.168.96.1 255.255.255.0
!




"On Switches C an D, use a trunked port, and define the vlans on each switch
Identical configs on both switches.interface GigabitEthernet0/1 switch mode trunk switch trunk encap dot1q"

Do I need and IP address on this interface still?




"ip default-gateway 192.168.96.1"


This address is not the default gateway.  It is the address on the Management VLAN interface.




"vlan 10
vlan 20vlan 30vlan 40"

Not sure what you are suggesting here....




"all user-attached switchport should be in vlan 20
interface FastEthernet0/1 switch mode access switch access vlan 20 spanning-tree portfast"

done

See new configs below
NEW SITE A CONFIG
 
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CHR1
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-20.T1.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$ydTM$2i8T9lHDPxVq2BZKwsz37.
enable password 1@maBle2
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
no ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
username netmaster privilege 15 secret 5 $1$opcE$by08koIp7qNOkIeqMwE5/1
archive
 log config
  hidekeys
!
!
interface GigabitEthernet0/0
 description VLAN30 SERVERS
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description dot1q trunk port to METRO ETHERNET
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description VLAN80 UNUSED
 encapsulation dot1Q 80
 ip address 192.168.98.1 255.255.255.254
!
interface GigabitEthernet0/1.2
 description VLAN20 COURT, FIREADMIN, LIBRARY, KSP, STREETS, GOLF
 encapsulation dot1Q 20
 ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/1.3
 description VLAN40 WATER
 encapsulation dot1Q 40
 ip address 192.168.104.1 255.255.255.0
 shutdown
!
interface GigabitEthernet0/1.4
 description VLAN50 WASTEWATER
 encapsulation dot1Q 50
 ip address 192.168.105.1 255.255.255.0
 shutdown
!
interface GigabitEthernet0/1.5
 description VLAN90 UNUSED
 encapsulation dot1Q 90
 ip address 192.168.107.1 255.255.255.254
!
interface GigabitEthernet0/1.6
 description VLAN100 KPD
 encapsulation dot1Q 100
 ip address 192.168.109.1 255.255.255.248
!
interface FastEthernet0/0/0
 description VLAN10 MGMT-IT
 switchport access vlan 10
!
interface FastEthernet0/0/1
 description ASA 5510 FIREWALL
!
interface FastEthernet0/0/2
 description VLAN20 CITY HALL
interface Serial0/1/0
 description VLAN60 AIRPORT
 ip address 192.168.1.25 255.255.255.248
!
interface FastEthernet0/2/0
 description LINK TO OLD NETWORK
 ip address 192.168.101.5 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description FASTETHERNET0/0/0
 ip address 192.168.96.1 255.255.255.0
 shutdown
!
interface Vlan20
 description FASTETHERNET0/0/2
 ip address 192.168.99.1 255.255.255.0
 no mop enabled
!
router eigrp 1
 network 192.168.96.0
 network 192.168.97.0
 network 192.168.98.0
 network 192.168.99.0
 network 192.168.100.0
 network 192.168.101.0
 network 192.168.102.0
 network 192.168.103.0
 network 192.168.104.0
 network 192.168.105.0
 network 192.168.106.0
 network 192.168.107.0
 network 192.168.108.0
 network 192.168.109.0
 network 192.168.110.0
 network 192.168.111.0
 auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.101.1
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password 1@maBle
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password 1@maBle
 login local
 transport input telnet
!
scheduler allocate 20000 1000
end
 
NEW SITE C CONFIG
 
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname COURT
!
enable secret 5 $1$72IH$X.yga1kNm4WV2kSR4JJEE1
enable password 1@maBle2
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/24
 description VLAN20 traffic from ge0/1.2 on CHR1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 ip address 192.168.100.2 255.255.255.0
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MGMT ACCESS
 ip address 192.168.96.51 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password 1@maBle
 login
line vty 5 15
 password 1@maBle
 login
!
end

Open in new window

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22637007
First, let's discuss the management vlan.
If the trunk port on Router A does not have a VLAN 10, then none of the remote switches with VLAN 10 will be accessible.
The default-gateway setting on the switch is for management purposes only and does need to point to the RTRA's vlan 10 interface. It is not the default route for end users. They will all point to the router A's corresponding vlan subinterface.

The 4-port switch on RTRA has no relevance to vlan tagging on the trunked port gig 0/0/0, so don't think that you can assign a switchport to a vlan and have it communicate with the dot1q tagged subinterfaces of the trunk port.

So right now, RTRA is a total mess. I'll work out my suggested configuration and post it shortly. Question - do you have another switch in Site A that you can connect the Gig 0/0 to and trunk to that switch?

On switches, do NOT put an ip address on the interface
interface FastEthernet0/24
 description VLAN20 traffic from ge0/1.2 on CHR1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 
You also must actually define the vlans on the switches. You do this by simply creating them in the config. I think that you only need 10 and 20 on these two switches.
switch(config)#vlan 10
switch(config-vlan)#exit
switch(config)#vlan 20
switch(config-vlan)#end
switch# show vlan
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22637102
The more I look at this, the more I'm inclined to say that the 2800 at Site A is unnecessary if you have another 3560 switch at that location.
It would make the whole scenario so much easier to configure and manage.

If you want to go that way, I'll work up a suggested configuration.

0
 

Author Comment

by:CityofKerrville
ID: 22637244
That's not really an option.  Beside it is necessary for the one site that will remain on a T1...hence the CSU/DSU serial interface.
0
 

Author Comment

by:CityofKerrville
ID: 22637387
Its go time in 10 minutes.  I am running with what I have and troubleshoot along the way.  I'll get back to you.
0
 

Author Comment

by:CityofKerrville
ID: 22651443
"donjohnston:

Is it an absolute requirement that the other sites be on the same broadcast domain as some of the VLAN's on Site A?"


Let say for the sake of 'I just want it to be done" that I would entertain going this way, can I still use VLAN tags?  I guess I should address the DHCP questions elsewhere also unless someone here want to tackle that.  I am just ready to get past this as painless as possible.  Here is what I have so far for the router.  I think I got a decent handle on it with exception of the local devices connected toto the 4-port switch hwic (I have marked them with <------ on the config below) and how to route traffic to devices on these ports.  Do I need to set up VLAN interfaces?

!
interface GigabitEthernet0/0
 description VLAN30 SERVERS
 ip address 192.168.101.6 255.255.255.0
 shutdown    <------shutdown until servers are migrated
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description METRO ETHERNET
 ip address 10.10.10.1 255.255.255.240
 duplex auto
 speed auto
!
interface FastEthernet0/0/0    <------4-port HWIC
 description VLAN10 MGMT-IT
 switchport access vlan 10
!
interface FastEthernet0/0/1    <------4-port HWIC
 description ASA 5510 FIREWALL
!
interface FastEthernet0/0/2    <------4-port HWIC
 description VLAN20 CITY HALL
 switchport access vlan 20
!
interface FastEthernet0/0/3    <------4-port HWIC
 description UNUSED
!
interface Serial0/1/0
 description VLAN60 AIRPORT
 ip address 192.168.1.25 255.255.255.248
!
interface FastEthernet0/2/0
 description LINK TO OLD NETWORK
 ip address 192.168.101.5 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 1
 network 192.168.96.0
 network 192.168.97.0
 network 192.168.98.0
 network 192.168.99.0
 network 192.168.100.0
 network 192.168.101.0
 network 192.168.102.0
 network 192.168.103.0
 network 192.168.104.0
 network 192.168.105.0
 network 192.168.106.0
 network 192.168.107.0
 network 192.168.108.0
 network 192.168.109.0
 network 192.168.110.0
 network 192.168.111.0
 network 192.168.112.0
 network 192.168.113.0
 network 192.168.114.0
 network 10.10.10.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/2/0
ip route 192.168.99.0 255.255.255.0 10.10.10.3
ip route 192.168.102.0 255.255.255.0 192.168.101.9
ip route 192.168.103.0 255.255.255.0 192.168.101.9
ip route 192.168.114.0 255.255.255.0 192.168.101.9
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 Serial0/1/0
ip route 192.168.110.0 255.255.255.0 10.10.10.8
ip route 192.168.111.0 255.255.255.0 10.10.10.2
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.4
no ip http server
no ip http secure-server
!

Open in new window

0
 

Author Comment

by:CityofKerrville
ID: 22651718
Here is diagram of the new idea.  I have grayed out site that are not important as of yet.  Still working with sites A, B, C, & D.



Drawing1.jpg
0
 

Author Closing Comment

by:CityofKerrville
ID: 31502755
Thanks Guys.  this is the direction we are going to move in.  I have more questions but will start new threads.
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question