bkrull72
asked on
Connecting Cisco 3750 to multiple networks
Hello,
We have recently purchased two Cisco 3750's to connect a new office to multiple, separate networks. The setup:
3750(new office) -> 3750(server room) ->Generic switch 1, Generic switch 2, etc.(server room).
The existing networks need to remain separate - there are separate runs for each existing network in the new office. Each existing network switch will connect to the 3750 in the server room via CAT6 patch cables.
The existing network switches are generic - no programming that I know of. There is one existing network that is running a Cisco 3750 with spanning tree.
Suffice to say, I tried to install the new switches and successfully choked the existing networks into submission creating havoc. I'm looking for the right way to do this with little to no changes to the programming of the existing switches - all 3rd party equipment.
We have recently purchased two Cisco 3750's to connect a new office to multiple, separate networks. The setup:
3750(new office) -> 3750(server room) ->Generic switch 1, Generic switch 2, etc.(server room).
The existing networks need to remain separate - there are separate runs for each existing network in the new office. Each existing network switch will connect to the 3750 in the server room via CAT6 patch cables.
The existing network switches are generic - no programming that I know of. There is one existing network that is running a Cisco 3750 with spanning tree.
Suffice to say, I tried to install the new switches and successfully choked the existing networks into submission creating havoc. I'm looking for the right way to do this with little to no changes to the programming of the existing switches - all 3rd party equipment.
Justin Ellenbecker
You will need to create VLANs on the 3750s and turn off Layer 3 switching. Do not assign IPs two VLANs you create and that should keep all of the traffic separate. If the vlan does not have an IP then it cannot route the traffic out of the VLAN in the switch itself. So if you have a 24 port switch after you create the VLANs without an IP and assign ports to test you can take two computers give them 2 static IPs on different networks and plug them into the switch you shouldn't be able to ping from one to the other since there will be no route available. Another way to do it if you want layer 3 switching is to create vlans with IPs and then create access points blocking the networks from communicating with each other.
ASKER
Thanks Strife. I believe I had the VLANs setup correctly - I could reach the intended network yet not touch the others (although I need to check if I gave them IPs). The problem that occured on all the existing networks, both generic switches and the existing Catalyst 3750, was that as soon as I connected them to the new switch, I started experiencing network lock ups, application hangs, etc on existing stations.
It could be that I just dont have the ports configured correctly, on the new 3750 in the server room, to connect to the existing networks.
It could be that I just dont have the ports configured correctly, on the new 3750 in the server room, to connect to the existing networks.
Sre you sure that you don't have any loops and spanning tree is not working correclty? Check the route bridge for each VLAN
show spanning tree
You imply that there may be multipe connections between switches, the default here will be to negotiate a trunk, but if you end up with a tunk at one end and an access port at the other you may get loops. Check the logs, cisco switches will show loops as mac address flapping between ports
show spanning tree
You imply that there may be multipe connections between switches, the default here will be to negotiate a trunk, but if you end up with a tunk at one end and an access port at the other you may get loops. Check the logs, cisco switches will show loops as mac address flapping between ports
Also make sure when you are using a simple non managed switches that the switchport is set to access mode and on proper vlan as well since the simple switch cannot handle the tagging you need to specify it so there is no tagging being done by the other protocols. When you set it to access mode it will not tage traffic as it leaves the port and won't try to set it up as a trunk. Trunks should only be used between two switches that do vlan tagging simple switches cannot handle the traffic which makes it hard for them to be used effectively. For example if you have a VLAN for only printers and make a switchport access to that VLAN t hen plug in a simple switch the only thing that can be plugged into it is printers because you need to make sure no tags make it to the unmanaged switch.
ASKER
The only programming I have for the ports on the server room 3750, that connect to the existing switches, is:
switchport access vlan 44
switchport mode access
I havent assigned IP's to the vlans. I'm pretty sure I'm getting loops and that the problem is somewhere with spanning tree. The problem occurs when the existing switches are plugged into the new switch - it's like the stations lose connectivity.
switchport access vlan 44
switchport mode access
I havent assigned IP's to the vlans. I'm pretty sure I'm getting loops and that the problem is somewhere with spanning tree. The problem occurs when the existing switches are plugged into the new switch - it's like the stations lose connectivity.
ASKER
I'm still stuck. I've attached the config of the new server room 3750. As you can tell, I created VLANs for each network that attaches to the new switch. Is the programming correct? Keep in mind that one of the switches I have to attach is an existing 3750 using VLAN 2. That is VLAN AAA on my side. The other switches are generic.
Building configuration...
Current configuration : 3920 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3750-SERVER
!
enable secret 5
enable password 7
!
no aaa new-model
switch 1 provision ws-c3750e-48td
system mtu routing 1500
vtp domain RDC
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree extend system-id
spanning-tree vlan 1,10-11,22,33,44 priority 24576
!
vlan internal allocation policy ascending
!
vlan 10
name Admin
!
vlan 11
name AAA
!
vlan 22
name BBB
!
vlan 33
name CCC
!
vlan 44
name DDD
!
interface Port-channel1
no switchport
ip address 172.10.20.10 255.255.255.0
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
description interface to AAA
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/2
description interface to BBB
switchport access vlan 22
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
description interface to DDD
switchport access vlan 44
switchport mode access
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
description interface to CCC
switchport access vlan 33
switchport mode access
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface TenGigabitEthernet1/0/1
description Trunked with TenGigabitEthernet 1/0/2 Channel-group 1
no switchport
no ip address
channel-group 1 mode active
!
interface TenGigabitEthernet1/0/2
description Trunked with TenGigabitEthernet 1/0/1 Channel-group 1
no switchport
no ip address
channel-group 1 mode active
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.11 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password 7
login
line vty 5 15
password 7
login
!
end
Are the other generic switches interconnected at all? Or do they only attach to the 3750? The 3750 should be handling the traffic properly from the config you have. If the layer 2 switches are ineterconnected there may be a problem with duplicates in the tables there. If you are doing IP routing and have no IP assigned to the VLAN then traffic that is on DDD will never leave DDD once it does get back to the 3750. If these networks need to talk and have reasons to be separated then i would assign an IP to VLAN 44 make sure all of the devices in VLAN 44 have the VLAN IP as their default gateway. Then if the DHCP server if used is not in VLAN 44 you will need to add ip-helper address lines to the VLAN. This will not work until the other vlans are setup with IPs though for where your DHCP resides. The way you have it now again though will keep all traffic on VLAN 44 and the others locked away from each other. They need some type of router whether it be the switch or not to get the traffic across to the other vlan. The traffic you are trying to segment into the VLANs was this at one time all in the same subnet? Also again make sure the L2 switches are only plugged into the 3750 that should help make sure there are no loops.
ASKER
Thanks Strife. The networks are all separated and dont need to see each other. They are completely independant of each other.
The problem I was having occurred after attaching any of these existing networks. I would immediately begin to have stations lock up, slow down, etc on the existing network. It's especially true of the older 3750. It has spanning-tree enabled on it's ports and uses VLAN2. I'm not sure if the connection between the two should be set to blocking and\or if I should change my VLAN AAA to VLAN2.
The problem I was having occurred after attaching any of these existing networks. I would immediately begin to have stations lock up, slow down, etc on the existing network. It's especially true of the older 3750. It has spanning-tree enabled on it's ports and uses VLAN2. I'm not sure if the connection between the two should be set to blocking and\or if I should change my VLAN AAA to VLAN2.
OK you said generic switches but ther is a another 3750 that has vlans? Then they have to match numbers so if the traffic from the new one which is in VLAN AAA is VLAN 2 that is why they are having issues even though they may not be doing layer three you will not want them to be access you need to make them a trunk and have all of your vlans matching on both 3750s. Also you will want the port to not be switchport mode access you will need it to be switchport mode trunk, and trunk encapsulation dot1q. You have the new 3750 with the config above. Then what is the next hop and is the switch managed and have vlans? If it does then it needs to be a trunk between them.
ASKER
Does this trunk, on the existing 3750, need to be set as blocking to prevent loops?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Strife. Setup the trunk, no problems.