Configure VLANs on Flat Class B network
I have an issue... I just moved into managing a network which is configured haphazardly. The network is a Class B ( /16) set up with one VLAN (VLAN1) being used across about 12 switches - including a 6-switch stack. My questions are these... given the attached configuration, what would I need to do/change in order to make this into a routed and multi-VLANed Class C type network? The Gateway currently is set to be the firewall... I don't think this is a proper way to have it set up and would like to remove the firewall from being the gateway because when or if it drops, the whole network is affected. It seems that when the network here was configured, it was done very basically with Cisco-defined templates for voice and data. Currently, even though the attached config shows multiple VLANs configured, it seems that everything is actually working on VLAN1. I need to make this is into a more managed system where I can create seperate VLANS for each switch, do the routing through here, and stop this from being a flat, one dimensional network which iseems to be pushing voice and data across one vlan. Can anyone help? Thanks in advance!
data-stack.txt
data-stack.txt
ASKER
Flakier,
Thanks for the info - it does help me get thoughts in order. I also was trying to get some perspective on the current setup I have and whether or not it is feasible or possible to do "in place" changes to the network via config changes on the access switches and core stack. Given the next two configs (Access switches in place currently), I guess I would be looking for help building a basic configuration (or guidelines toward one) that will put routing on the core, and change the access switches currently in place to be on their own VLANS (with voice and data). Does this make sense? I have a fairly good understanding of data switching, but I haven't worked with VoIP much and could use the guidance on an effecient and practical setup.
Thanks again!
access-switch-1.txt access-switch-2.txt
Thanks for the info - it does help me get thoughts in order. I also was trying to get some perspective on the current setup I have and whether or not it is feasible or possible to do "in place" changes to the network via config changes on the access switches and core stack. Given the next two configs (Access switches in place currently), I guess I would be looking for help building a basic configuration (or guidelines toward one) that will put routing on the core, and change the access switches currently in place to be on their own VLANS (with voice and data). Does this make sense? I have a fairly good understanding of data switching, but I haven't worked with VoIP much and could use the guidance on an effecient and practical setup.
Thanks again!
access-switch-1.txt access-switch-2.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is excellent help - thanks very much! So if I wanted to essentially also shut down VLAN 1 and move the access switches into their own VLANs, would I then, on the access switches, do something like what is attached as a config? In the attached config, would the default GW still be 10.1.0.1 or would it be 10.4.4.1? Is my thought process on this config similar to what you are proposing, or am I headed in the wrong direction with it? Should I just scrap it and go with the config additions that you have proposed? ;) The end user devices are Cisco phones (7975) with PCs hooled through them... given that info. do the proposed changes make sense? Would I also have to set up static routes on the core for each VLAN created or is this not necessary?
Sorry if these all seem like basic and silly questions... I appreciate the help and just want to make sure that my thoughts are correct before trying anything.
New-access-switch-config.txt
Sorry if these all seem like basic and silly questions... I appreciate the help and just want to make sure that my thoughts are correct before trying anything.
New-access-switch-config.txt
The IP address of vlan1 on the access switches is purely to manage the switch itself. There is no real requirement that you change it's IP address to vlan4. You might consider creating a network management vlan and using that vlan IP addresses on the switches and disable vlan1
Example:
CORE:
Vlan 23
name NET_MGMT
interface vlan 23
ip address 10.4.23.1 255.255.255.0
ACCESS (best to do this via CONSOLE):
interface vlan 23
ip address 10.4.23.XX 255.255.255.0
no shut
interface vlan 1
no ip address
shut
ip default-gateway 10.4.23.1
No, you do not have to add any route commands on the core stack. All VLAN's are directly connected.
Yes, the proposed switch interface config looks good, but as above, you do not have to put the switch itself into vlan4 or create a vlan4 interface at all. Phones will still be in VLAN 800 and any PC connected to the phone will be in VLAN4.
Example:
CORE:
Vlan 23
name NET_MGMT
interface vlan 23
ip address 10.4.23.1 255.255.255.0
ACCESS (best to do this via CONSOLE):
interface vlan 23
ip address 10.4.23.XX 255.255.255.0
no shut
interface vlan 1
no ip address
shut
ip default-gateway 10.4.23.1
No, you do not have to add any route commands on the core stack. All VLAN's are directly connected.
Yes, the proposed switch interface config looks good, but as above, you do not have to put the switch itself into vlan4 or create a vlan4 interface at all. Phones will still be in VLAN 800 and any PC connected to the phone will be in VLAN4.
ASKER
Thank you very much for your help! You are definitely an asset to the Experts-Exchange site!
1. Think up a new IP addressing scheme for client access vlans. Maybe use a /24 for each in the 192.168.x.x space. Don't forget your voice vlans, so minimum of 2 vlans per client access switch, not including management vlan. Also think about the IP addressing between the core and client access switches and between the core and firewall. Here it makes sense to use a /30 for each connection. Maybe set aside the 192.168.0.x for all your /30s
2. Find out where the spanning tree root bridge is. Try to keep an L2 star topology through the transition with the switch-to-switch interconnections.
3. Setup network core with the 0.0.0.0/0 route pointing at the firewall inside. Add static routes for the all the new client data and voice vlans.
4. Set up a routed port on an existing client access switch and hook it to a corresponding routed port the new core. Set the default route on the client access switch pointing to the new core switch IP.
5. As you can, transition the client ports to the new vlans. Probably best to work one switch at a time starting from a less crucial one or a test one if you can.
A fully redundant design approach is here:
http://www.cisco.com/appli