moneyfacts
asked on
Cisco 3750 Switches Connectivity over VLANS
Hi
I am in the process of setting up a new network within our company and need to allow existing infrastructure to communicate with the new.
At present we use vlans on stacked switches and would like to get away from vlans and have seperate switches for each network.
The trouble is our dmz network is on vlan 2 on our existing infrastructure and because we want to get rid of vlans in the new, testing dmz connectivity between old and new (new being on native vlan1) we have no communication between them. Both have the same IP range and mask but because they are different vlans they cannot communicate.
Is there anyway round this? as we dont want to apply vlans to the new infrastructure.
Thanks
I am in the process of setting up a new network within our company and need to allow existing infrastructure to communicate with the new.
At present we use vlans on stacked switches and would like to get away from vlans and have seperate switches for each network.
The trouble is our dmz network is on vlan 2 on our existing infrastructure and because we want to get rid of vlans in the new, testing dmz connectivity between old and new (new being on native vlan1) we have no communication between them. Both have the same IP range and mask but because they are different vlans they cannot communicate.
Is there anyway round this? as we dont want to apply vlans to the new infrastructure.
Thanks
If you are using layer 3 sws u can you routing protocol.
If you trunk the connections on the various network devices and set up intra-VLAN routing, the VLAN's would start communicating.
ASKER
"If you trunk the connections on the various network devices and set up intra-VLAN routing, the VLAN's would start communicating."
Ive done this in the past with a router and sub interfaces but dont have a router, These are layer 3 switches, but unsure of the commands, anyone care to advise?
Ive done this in the past with a router and sub interfaces but dont have a router, These are layer 3 switches, but unsure of the commands, anyone care to advise?
Actually, you have a multilayer switch. Minor, but significant difference.
Create an SVI (VLAN interface) for each of your VLANs. Assign IP addresses to the SVI's, bring them up and you're in business.
Create an SVI (VLAN interface) for each of your VLANs. Assign IP addresses to the SVI's, bring them up and you're in business.
conf t
ip routing
int vlan 1
ip address 192.168.1.1 255.255.255.0
no shut
int vlan 2
ip address 192.168.2.1 255.255.255.0
no shut
int vlan 3
ip address 192.168.3.1 255.255.255.0
no shut
end
I don't quite follow what you are trying to achieve, but I don't think you need (or want) to be routing between VLANs. In hopes of understanding your question better I am going to rephrase it.
You have a stack of switches that have vlans configured on them, you have new switches that don't have VLANs configured on them. You don't want to use VLANs on the new switches, but you do want the devices connected to the new switches to be able to communicate with the devices on the old switches in the VLANs, at least one new switch per vlan on the old switch stack. Is this correct?
How many VLANs do you have and what purposes do they serve?
-CT
You have a stack of switches that have vlans configured on them, you have new switches that don't have VLANs configured on them. You don't want to use VLANs on the new switches, but you do want the devices connected to the new switches to be able to communicate with the devices on the old switches in the VLANs, at least one new switch per vlan on the old switch stack. Is this correct?
How many VLANs do you have and what purposes do they serve?
-CT
The proper way to do it would be to phisically connect one port of the old infrastructure sitting on vlan2, to one port of your new infrastructure, on vlan1.
By getting rid of the vlans, and using phisicaly switches, you'll infact need a physical cable for each of your vlans you want to reach from the old infrastructure to the new. If you were keeping the vlans infrastructure, you'd just need one physical cable, that would trunk all the vlans from one infrastructure to the other!
Cheers,
]\/[arco
By getting rid of the vlans, and using phisicaly switches, you'll infact need a physical cable for each of your vlans you want to reach from the old infrastructure to the new. If you were keeping the vlans infrastructure, you'd just need one physical cable, that would trunk all the vlans from one infrastructure to the other!
Cheers,
]\/[arco
ASKER
"I don't quite follow what you are trying to achieve, but I don't think you need (or want) to be routing between VLANs. In hopes of understanding your question better I am going to rephrase it.
You have a stack of switches that have vlans configured on them, you have new switches that don't have VLANs configured on them. You don't want to use VLANs on the new switches, but you do want the devices connected to the new switches to be able to communicate with the devices on the old switches in the VLANs, at least one new switch per vlan on the old switch stack. Is this correct?
How many VLANs do you have and what purposes do they serve?
-CT"
This is correct.
We have VLAN1 (Internal network), VLAN2 (DMZ Network), VLAN4 (Internet Connection)
You have a stack of switches that have vlans configured on them, you have new switches that don't have VLANs configured on them. You don't want to use VLANs on the new switches, but you do want the devices connected to the new switches to be able to communicate with the devices on the old switches in the VLANs, at least one new switch per vlan on the old switch stack. Is this correct?
How many VLANs do you have and what purposes do they serve?
-CT"
This is correct.
We have VLAN1 (Internal network), VLAN2 (DMZ Network), VLAN4 (Internet Connection)
ASKER
"The proper way to do it would be to phisically connect one port of the old infrastructure sitting on vlan2, to one port of your new infrastructure, on vlan1.
By getting rid of the vlans, and using phisicaly switches, you'll infact need a physical cable for each of your vlans you want to reach from the old infrastructure to the new. If you were keeping the vlans infrastructure, you'd just need one physical cable, that would trunk all the vlans from one infrastructure to the other!
Cheers,
]\/[arco"
I have tried physically patching the two infrastructure switches with trunk ports both ends but connectivity still fails. I believe this is because one switch (the old infrastructure) has VLAN2 where as the new switch does not, therefore is dropping the packet because it is tagged with VLAN2.
Even though the old and new switches have nodes in the same IP range (network) they cannot communicate between due to one switch having VLANS and the other does not.
By getting rid of the vlans, and using phisicaly switches, you'll infact need a physical cable for each of your vlans you want to reach from the old infrastructure to the new. If you were keeping the vlans infrastructure, you'd just need one physical cable, that would trunk all the vlans from one infrastructure to the other!
Cheers,
]\/[arco"
I have tried physically patching the two infrastructure switches with trunk ports both ends but connectivity still fails. I believe this is because one switch (the old infrastructure) has VLAN2 where as the new switch does not, therefore is dropping the packet because it is tagged with VLAN2.
Even though the old and new switches have nodes in the same IP range (network) they cannot communicate between due to one switch having VLANS and the other does not.
Hi Moneyfacts,
I probably did not explain well. You'd use trunking if you still wanted to use vlans on the new infrastructure, of at least if the vlan numbers match. We've seen this is not the case. What you'll need to do is to connect the two switches not with a trunk port but with a normal untagged port.
On the old infrastructure switch, you'll have to connect the cable into a port configured for vlan 2 (switchport mode access - switchport access vlan 2). On the new infrastructure switch you'd connect to a port configured for vlan 1 (that's the default, if not: switchport mode access - switchport access vlan 1)
You'll have to do the same for vlan4 when you'll need it!
Cheers,
]\/[arco
I probably did not explain well. You'd use trunking if you still wanted to use vlans on the new infrastructure, of at least if the vlan numbers match. We've seen this is not the case. What you'll need to do is to connect the two switches not with a trunk port but with a normal untagged port.
On the old infrastructure switch, you'll have to connect the cable into a port configured for vlan 2 (switchport mode access - switchport access vlan 2). On the new infrastructure switch you'd connect to a port configured for vlan 1 (that's the default, if not: switchport mode access - switchport access vlan 1)
You'll have to do the same for vlan4 when you'll need it!
Cheers,
]\/[arco
ASKER
"Hi Moneyfacts,
I probably did not explain well. You'd use trunking if you still wanted to use vlans on the new infrastructure, of at least if the vlan numbers match. We've seen this is not the case. What you'll need to do is to connect the two switches not with a trunk port but with a normal untagged port.
On the old infrastructure switch, you'll have to connect the cable into a port configured for vlan 2 (switchport mode access - switchport access vlan 2). On the new infrastructure switch you'd connect to a port configured for vlan 1 (that's the default, if not: switchport mode access - switchport access vlan 1)
You'll have to do the same for vlan4 when you'll need it!
Cheers,
]\/[arco"
Will I not get a VLAN mismatch error and bring the network down ?
I probably did not explain well. You'd use trunking if you still wanted to use vlans on the new infrastructure, of at least if the vlan numbers match. We've seen this is not the case. What you'll need to do is to connect the two switches not with a trunk port but with a normal untagged port.
On the old infrastructure switch, you'll have to connect the cable into a port configured for vlan 2 (switchport mode access - switchport access vlan 2). On the new infrastructure switch you'd connect to a port configured for vlan 1 (that's the default, if not: switchport mode access - switchport access vlan 1)
You'll have to do the same for vlan4 when you'll need it!
Cheers,
]\/[arco"
Will I not get a VLAN mismatch error and bring the network down ?
And why should you get a vlan mismatch? You're not sending tagged packets (remember, the port MUST NOT be tagged), so how could the switch know that the originating vlans is not the same as the destination one? You may have some warnings in the logs in case you have CDP enable, because in that case the switch will know that the vlan on the other end is different. But this is actually what you want, and won't bring the network down in any way!
Cheers,
]\/[arco
Cheers,
]\/[arco
ASKER
"And why should you get a vlan mismatch? You're not sending tagged packets (remember, the port MUST NOT be tagged), so how could the switch know that the originating vlans is not the same as the destination one? You may have some warnings in the logs in case you have CDP enable, because in that case the switch will know that the vlan on the other end is different. But this is actually what you want, and won't bring the network down in any way!
Cheers,
]\/[arco"
Hi Ive tried this and is now working however I am getting the VLAN mismatch error because each end has a different VLAN configured. Im trying this on a test network but have had this happend before in live and has brought down our network. 1step solved thankyou but cant have the miss matches.
Cheers,
]\/[arco"
Hi Ive tried this and is now working however I am getting the VLAN mismatch error because each end has a different VLAN configured. Im trying this on a test network but have had this happend before in live and has brought down our network. 1step solved thankyou but cant have the miss matches.
>And why should you get a vlan mismatch? You're not sending tagged packets
Cisco switches send the VLAN that a port is a member of in the CDP advertisement.
If you disable CDP on the port, you won't receive the VLAN mismatch messages.
Cisco switches send the VLAN that a port is a member of in the CDP advertisement.
If you disable CDP on the port, you won't receive the VLAN mismatch messages.
ASKER
">And why should you get a vlan mismatch? You're not sending tagged packets
Cisco switches send the VLAN that a port is a member of in the CDP advertisement.
If you disable CDP on the port, you won't receive the VLAN mismatch messages."
Disabling the messages wont stop our network going down though will it?
Cisco switches send the VLAN that a port is a member of in the CDP advertisement.
If you disable CDP on the port, you won't receive the VLAN mismatch messages."
Disabling the messages wont stop our network going down though will it?
No. The VLAN mismatch messages are informational only. Then again, why would you want a VLAN mismatch?
ASKER
Sorry its just I am nervous of doing this live on our infrastructure, In the past when we have mistakenly plugged a switch into another switch with different VLANs we recieved the miss match errors and the whole network started to drop out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thankyou very much, we tried this and all was good. Sorry just nervous due to previous outages suffered with same message. no doubt a loop caused by portfast being on ports it shouldn't be.
Thanks again for all your help
Thanks again for all your help