Solved

Setting up Core Switch & vlans

Posted on 2010-11-17
6
3,048 Views
Last Modified: 2012-05-10
I'm very much a novice with network equipment. Our current setup is for the most part pretty flat. We have one (default) vlan running on 10.1.1.x that just about everything is connected to. I think most of the switches are layer two and they are connected to a Cisco ASA 5510 that connects a router and out to the internet. For reference we are mostly a Windows shop and run windows dns/dhcp. I'm using a mix of Cisco Network Assistant, telent console, and web portal to do the configuration on the switches.

What I'm trying to do is add a layer 3 switch to act as a core switch and add a few vlans.

-=Current Breakdown=-
1x Cisco ASA 5510 (10.1.1.1)
3x Cisco WS-C2948-GE-TX (10.1.1.x)
1x Cisco WS-CBS3020-HPQ (10.1.1.x) (Blade Enclosure Switch)
1x Cisco WS-C2950-24 (10.1.1.x)
3x Linksys SRW2048 (10.1.1.x)

Currently the gateway for the switches and through DHCP for the 10.1.1.x network is the ASA (10.1.1.1). Also, from what I can tell it looks like none of the switches are connected via trunking... I think they are just strung together.

Adding into the mix
1x Cisco WS-C3560G-48TS-S (adding as core)

What I've done so far...

1) Added the Cisco WS-C3560G-48TS-S.
2) Created additional vlans on the 3560
   -vlan 1 default 10.1.1.x
   -vlan 2
   -vlan 3 10.1.2.x
   -vlan 4 10.1.3.x
   -vlan 5 10.1.10.x
   -Note: added the ip x.x.x.5 as the switche's ip on the different vlans. So example: switch ip on vlan 3 is 10.1.2.5, vlan 4 is 10.1.3.5, etc.

3) Setup trunk ports on 3560 and the other switches and connected them. The original connections between switches are sill connected I need to trace the lines and guessing should remove them/turn them into trunks.

4) Routing is enabled on the 3560 (via CNA's Inter-VLAN Routing Wizard). Gateway for the 3560 is set to the ASA 10.1.1.1.

5) Enabled VTP on the 5060 (server) and WS-CBS3020-HPQ (server) version 1. The cisco switches seem to be getting the vlan info correctly. Linksys switches only support GVRP so I added the vlans by hand on those switches.

6) Changed the gateway on most switches to point to the 3560 (10.1.1.5). Have a question on configuring a couple switches - see later.

7) Assigned a few ports on the 3560 to each vlan to be able to test with. Will add or move some of the switches over to other vlans later when everything is working.

-=Questions=-

1) The basics! Am I on the right track?

2) Since I want traffic to be able to flow from one vlan to another if needed I think I've covered the basics of what is needed. I'm also guessing that I will need to adjust my DHCP and systems static addresses with a new gateway pointing to the 3560's IP for that particular vlan. ie everything on vlan 1 10.1.1.x needs to be changed from 10.1.1.1 to 10.1.1.5. Is this correct? Is there a betterway I should be doing this?

3) How do I change the gateway entry via console (since CNA doesn't seem compatable) for the following switches (guessing its the same way)?
   -Cisco WS-C2948-GE-TX
   -Cisco WS-CBS3020-HPQ

4) I'd like to enable Jumbo Frames on vlan 5. How would I go about doing this for the various switches? Mostly needed for the 5060 but might be useful down the line for the others switches if I add any to that vlan.

5) vlan 5 will have only iSCSI traffic running on it. Even though traffic is alowed between vlans I'm guessing it shouldn't impact the other switches (or vis versa) even though it isn't locked off completly. Am I correct? For security I'm guessing I might want to look at removing vlan 5 from being available to inter-vlan communication? If so how would I go about doing this?

6) If I add aditional trunks between switches 5060-other switches or other switches-other switches will that increase available bandwidth and/or redundancy or do I need to look into link aggregation as well?

7) Related to question one... any other recomendations?

I appreciate the help!
0
Comment
Question by:randomsense
  • 4
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
ID: 34160070
Hi randomsense,

Thanks for detailed description of what you did and current status of network. Here are answers:
1. Yes, you're on right track. Basic connectivity is accomplished.

2. You're correct regarding new gateway for DHCP users, and defining that on DHCP server is the right way.

3. You don't need gateway address for those switches as they are L2 and in the same VLAN as Core switch 3560. But if want to here are the steps:
a) telnet to switches
b) enter enable mode by issuing enable
c) enter configuration mode by issuing configure terminal
d) enter command ip default-gateway 10.1.1.5
e) type end
d) save new configuration with write memory

4. Cisco 2950-24 doesn't support jumbo frames.
For Cisco 3560G command is: system mtu jumbo 9000 (you need to write memory and reboot switch to apply settings)
For Cisco CBS3020 is the same procedure as for 3560.
For Cisco 2948 I'm not sure that it supports jumbo frames but try with command from above, if it exists then it is supported.
For Linksys SRW2048 page 56 in PDF on following link.
http://www.cisco.com/en/US/docs/switches/lan/csbms/srw2048/administration/guide/SRW-US_v10_UG_A-Web.pdf


5. If iSCSI communication is only between hosts in same VLAN it will not impact other VLANs, but it will impact trunks if hosts are connected to different switches. If you want to disable routing for this VLAN just remove SVI interface (command: no interface vlan 5) on 3560.

6. Additional trunks will not increase bandwidth only redundancy. For bandwidth link aggregation is needed.

7. No recommandations for now. But I will re-check everything again and draw topology to better understand and see if anything can be improved.


I hope that you will find some of my answers useful. I'll keep you posted on improvements.

Regards,
--
Fidelius
0
 
LVL 4

Author Comment

by:randomsense
ID: 34160312
Thanks for your insight and I look forward to anything else you might provide!

2) Excellent - I just wanted to be sure I had it correct before I spent the time/downtime re-configuring everything.

3) I did some additional looking around and found the commands to add additional gateways (primary/backup). The one I ran across was a little different but I'm sure they both do the same thing.
   a) enable
   b) set ip route default 10.1.1.5 primary (or exclude primary for adding a backup)

4) I take it I'm enabling jumbo frames on the entire switch and not just vlan5? If thats the case I'm guessing that enabling jumbo frames on the switch just makes it compatable with them but doesn't force its use or cause issues for non-jumbo frame traffic?

5) The plan for iSCSI traffic is to have some ports on the 3560 configured on vlan 5. I would then connect some of the hosts/target to those ports. In addition I have a trunk connection to the HP blade servers switch (WS-CBS3020-HPQ). This blade server switch would have ports on vlan 1 and vlan 5. Each of the blades have two internal NICs. I'd attach one NIC to the vlan1 (general network connection) and the second to vlan5 (iSCSI). In this case I would probably want to use link aggregation to up the bandwidth between switches.

Thanks again!
0
 
LVL 4

Author Comment

by:randomsense
ID: 34160680
4) I've done the 'system mtu jumbo 9000' on both the 5060G core switch as well as the Cisco WS-CBS3020-HPQ blade switch. Had some trouble with it until I found out its a configure command.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Author Comment

by:randomsense
ID: 34161376
It seems I've got everything mostly working but I'm having trouble with DHCP on the other vlans (other than vlan1).

I think I've correctly added an ip helper address to all the vlans. DHCP (and DNS) as stated above are Windows based and the server is on the 10.1.1.x network (vlan1). The address of the server is 10.1.1.25. I have scopes setup for the different vlan IP ranges.

in config mode I did the folowing changing the vlan# to each of the vlans:
int vlan2
ip helper-address 10.1.1.25

I connected a laptop to one of the ports that setup on vlan3 (10.1.2.x) on the 5060G. The laptop is running Windows 7 and set to DHCP for network settings. When attempting to connect it spins for a while and then shows the warning icon on the network icon. At this point I have an address in the DHCP scope for this vlan but checking the DHCP server it isn't listed. I can ping other internal IPs but not get name resolution. I'm also seeing this error in the windows log:

Event ID: 4321
The name "ADVENTURE      :1d" could not be registered on the interface with IP address 10.1.2.50. The computer with the IP address 10.1.1.25 did not allow the name to be claimed by this computer.

The name of the laptop isn't ADVENTURE but since the switch is attempting to get the DHCP for the laptop (via ip helper-address) I'm guessing I'm still missing something on the router.

Oh, and I have changed the default gateway for the windows DHCP to the 10.1.1.5 (core switch) address.

If this problem seems more DHCP server related instead of network let me know and I'll post it in the proper area.
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 34169252
Hi!

Yes, you're right, jumbo frames is enabled for entire switch, more precisely for all gigabit ports. It does not force ports to use it, it is just allowing them to use it if necessary.


It sounds you configured network with "ip helper" OK. I'm not Windows Server guru, but I will try to help.
Check this:
http://www.eventid.net/display.asp?eventid=4321&eventno=1822&source=NetBT&phase=1

or

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20817516.html

I hope it helps. I'll try to find some more resolutions to this issue, if non of above helps.


Regards!
0
 
LVL 4

Author Closing Comment

by:randomsense
ID: 34193554
Turns out my problem with DHCP was none of our servers were currently running WINS to help along the broadcasts. Started WINS and that cleared things up.

I also ended up having a few changes that needed to be made to our Cisco ASA for internet traffic - some normal and some specific to our configuration.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now