VLAN configs for Cisco 2821 and catlyst 3560

SITE A

!
interface GigabitEthernet0/0
 description VLAN30 SERVERS
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description METRO ETHERNET
 ip address 10.10.10.1 255.255.255.240
 ip helper-address 192.168.101.215
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description VLAN10 MGMT-IT
 switchport access vlan 10
!
interface FastEthernet0/0/1
 description ASA 5510 FIREWALL
!
interface FastEthernet0/0/2
 description VLAN20 CITY HALL
 switchport access vlan 20
!
interface Serial0/1/0
 description T1 DIRECT LINK AIRPORT
 ip address 192.168.1.25 255.255.255.248
!
interface FastEthernet0/2/0
 description LINK TO OLD NETWORK
 ip address 192.168.101.5 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
!
interface Vlan10
 description MGMT DEVICES CONNECTED TO FE0/0/0
 ip address 192.168.96.1 255.255.255.0
!
interface Vlan20
 description CITY HALL DEVICES CONNECTED TO FE0/0/2
 ip address 192.168.100.1 255.255.255.0
!
router eigrp 1
 network 192.168.96.0
 network 192.168.97.0
 network 192.168.98.0
 network 192.168.99.0
 network 192.168.100.0
 network 192.168.101.0
 network 192.168.102.0
 network 192.168.103.0
 network 192.168.104.0
 network 192.168.105.0
 network 192.168.106.0
 network 192.168.107.0
 network 192.168.108.0
 network 192.168.109.0
 network 192.168.110.0
 network 192.168.111.0
 network 192.168.112.0
 network 192.168.113.0
 network 192.168.114.0
 network 10.10.10.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/2/0
ip route 192.168.96.0 255.255.255.0 FastEthernet0/0/0
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0/2
ip route 192.168.101.0 255.255.255.0 GigabitEthernet0/0
ip route 192.168.102.0 255.255.255.0 192.168.101.9
ip route 192.168.103.0 255.255.255.0 192.168.101.9
ip route 192.168.114.0 255.255.255.0 192.168.101.9
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 Serial0/1/0
ip route 192.168.109.0 255.255.255.0 10.10.10.3
ip route 192.168.110.0 255.255.255.0 10.10.10.8
ip route 192.168.111.0 255.255.255.0 10.10.10.2
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.4
no ip http server
no ip http secure-server
!

Select all Open in new window

SITE B

!
interface FastEthernet0/0
 description VLAN100 traffic from CHR1
 ip address 10.10.10.2 255.255.255.240
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description KPD SWITCH
 ip address 192.168.111.1 255.255.255.0
 duplex half
 speed auto
 no mop enabled
!
router eigrp 1
 network 10.10.10.0
 network 192.168.111.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.96.0 255.255.255.0 10.10.10.1
ip route 192.168.100.0 255.255.255.0 10.10.10.1
ip route 192.168.101.0 255.255.255.0 10.10.10.1
ip route 192.168.102.0 255.255.255.0 10.10.10.1
ip route 192.168.103.0 255.255.255.0 10.10.10.1
ip route 192.168.114.0 255.255.255.0 10.10.10.1
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 10.10.10.1
ip route 192.168.109.0 255.255.255.0 10.10.10.3
ip route 192.168.110.0 255.255.255.0 10.10.10.8
ip route 192.168.111.0 255.255.255.0 FastEthernet0/1
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.4
no ip http server
no ip http secure-server
!

Select all Open in new window

SITE C

!
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/24
 description VLAN20 traffic from CHR1
 ip address 10.10.10.3 255.255.255.240
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MGMT ACCESS
 ip address 192.168.96.51 255.255.255.0
!
interface Vlan20
 description COURT
 ip address 192.168.109.1 255.255.255.224
!
ip classless
ip http server
!

Select all Open in new window

First, on Site A, the only network statements you need for EIGRP are:

network 10.10.10.1
network 192.168.1.0
network 192.168.101.0
network 192.168.96.0
network 102.168.100.0

For site C:

router eigrp 1
 network 10.10.10.0
 network 192.168.96.0
 network 192.168.109.0

DOH!!!  Looksl ike I forgot to take those networks out when I reverted from the failed dot1q trunk config.  I have a few other questions.

Can you offer some insite on the VLAN tags for the 3560's?

What needs to be dont on the 3560 switches (Sites C and D) and the 2811 at site B to insure proper DHCP addressing?  I have the helper address on the main router at Site A, but and unsure about the other sites.

On the Site C 3560, are the VLAN tags nessesary on of the ports on the switch?  How to i allow access to more than 1 VLAN?

Thats all for now...I'm sure there will be more

Are you using a single DHCP server for all the networks?

Where is the DHCP server?

yes only DHCP server located at site A.  On the router at site A I have the helper-address on the interface touching the Metro-E.  Is this correct?

No. You'll need a helper address statement on the interfaces of the site B, C and D routers that receive the request.

Site B:
int f0/1
 ip helper-address 192.168.96.111 (or whatever the servers address is)
 
Site C:
int vlan10
 ip helper-address 192.168.96.111 (or whatever the servers address is)
int vlan 20
 ip helper-address 192.168.96.111 (or whatever the servers address is)

Select all Open in new window

Int VLAN10 is there for management access to the switch.  I need a helper address on that?

In that case, you don't need it for VL:AN10.

cool.  any other ideas after looking at my configs?

Other than you can remove all the static routes since you're using EIGRP.

BTW, where is Kerrville? Texas?

Sounds good.  So if I have EIGRP running on all my devices I will not need static routes?  And all my sites on the metro-e should be able to route directly to each other without hitting my main router, correct?  You have been very helpful and I thank you.  Right now we are waiting to hear back from Time Warner and we will be pushing forward.  hopefully by the end of this week.  The whole VLAN concept has thrown me for a complete loop.  I think I slept that week in class.  

Yes, Kerrville is in Texas about 60ish miles NW of San Antonio.

>So if I have EIGRP running on all my devices I will not need static routes?

That is correct. Unless you're trying to get to a network that's not being advertised by EIGRP.

>And all my sites on the metro-e should be able to route directly to each other without hitting my main router, correct?

Correct.

>I think I slept that week in class.  

Yeah, I do that too... And I teach it! :-)

What class did you take?

It went to ITT Tech and took a 12 week Cisco WAN course.  It was pretty much just ICND 1 and 2.  At least that's the text book we used.

Ahh. Those courses don't cover the finer points of VLAN's and  trunking. :-)

HA!! That would be why I am so lost.  Thanks for the help.  I feel a little more confident in moving forward with this.  I am gonna leave the question open until my new equipment is up and in place.

On the Site C 3560, are the VLAN tags nessesary on of the ports on the switch?  How to i allow access to more than 1 VLAN?

I am thinking I should set the default route on all my remote switches to the main router.  Does that sound logical?

I thought I remembered something about VLAN databases needing to be identical on all devices.  Am I just crazy?

>On the Site C 3560, are the VLAN tags nessesary on of the ports on the switch?

A point of nomenclature... The term "tag" usually refers to a trunk. In your case, you don't have any trunks, only access links. A port becomes a member of a VLAN with the command
"switchport access vlan ##"

>How to i allow access to more than 1 VLAN?
On a single port? You would need a trunk for that.

>I am thinking I should set the default route on all my remote switches to the main router.  Does that sound logical?

Only if there are networks that are not advertised by EIGRP which you need to get to that are reachable through the main site.

>I thought I remembered something about VLAN databases needing to be identical on all devices.  Am I just crazy?

Yep. You're crazy. ;-)

They need to be identical if you're trunking between the switches AND the same VLANs exist on all the switches. In your case, you're not trunking. The VLANs are local to that switch only.

-dj

>In your case, you're not trunking. The VLANs are local to that switch only.

I am NOT trunking, True.  However, there are several (7  out of the 10) site on the metro that will be on the same VLAN.  This is VLAN 20.  the other three are segregated for security reasons.  The sites on VLAN20 all have this in their configs.

Am I over complicating it?

No, you're not over complicating it... it's just... complicated.

When you don't have a trunk between to switches, a VLAN number is just that; a number. No other switch will ever know that the other switch has a VLAN 20.

In fact, when I create a network like yours, I use different VLAN numbers at each site (even though I don't have) just to eliminate any possible confusion.

Since I am all about monopolizing your time today...

check this out..

http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_23794805.html

Ok, so we were working until after midnight last night.

Sites, A, B, and C were a breeze.  the configured 3560 switch a site C was nearly plug and play.  A small minor change to the dhcp settings and all worked perfectly.  The routers at site sites A, and B are working great.  Then we get to site D.  With the exception of the hostname, and the ip addresses, the config was identical to to the config at site C.  When I plugged it in and did a few housekeep procedures (i.e. removed eroneus routes) interface VLAN20 would not come up no matter what I tried.  fron the switch console i could ping everything on the network, but nobody else could see past the metro port at site D.  This was at 7:00pm last night.  the next 5 hours were spent doing the following.

blew away the vlan20 interface and started over - NOTHING
created a new vlan interface (VLAN220) and assigned the network ip address to that - NOTHING
reloaded the config from our TFTP server - NOTHING
reloaded the config from the switch at site c and changed hostname, ip's, etc - NOTHING
replaced with a whole different switch - NOTHING

nothing i did would bring that vlan interface up.  Finally our despiration and pure exhuastion, at 11:45, I desided to assigned the network ip to the vlan1 interface and what do you know, all the ports on the switch that were lit up amber all turned green and all the pc's at site D started grabbing DHCP.  We desided to leave it alone for now and research what went wrong.  so my question is this.

Why would the VLAN20 interface not come online?  Did it have something to do with an active VLAN20 running at site C.  an earlier post here suggests that the switches are oblivious to the VLANS on other switches in a setup like this.  What more should I be looking at?  What are the dangers of running traffice on VLAN1?  The hard part is done.  Now we need to work out the kinks before we move the other 7 sites over.

Contiued disgussion here:

http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_23891845.html

Thanks for the help getting me this far.