Solved

Cisco 3550 VLANs, Trunking & Routing

Posted on 2013-10-23
13
663 Views
Last Modified: 2013-10-28
I have been tasked with creating the following scenario on a Cisco 3550.  We are using all public address.  

Setup Management VLAN with a /30

Setup 4 separate VLANs with a /29

VLAN Config  ::  (IP Addresses Changed to protect the innocent)

Management (VLAN1)  177.205.12.24/30
VLAN 3  ::  177.205.27.224/29     (Ports 5 - 9)
VLAN 4  ::  177.205.27.240/29     (Ports 10 - 14)
VLAN 5  ::  177.205.27.248/29     (Ports 15 - 19)
VLAN 6  ::  177.205.27.136/29     (Ports 20 - 24)

Port FA0/2 is the uplink to the service provider

So, my questions are these.

1.  After configuring the switch for the VLANS.  How do I trunk the VLANs out the the web?
     a.  Do I need to physically cross connect each VLAN to a VLAN that I create to trunk all traffic to the web?
     b.  Or is there a way to do this in the IOS?

2.  I do not understand why they didn't just go with a /26 and leave all the Machines on 1 sub-net.  What is the logic behind doing something like this with multiple sub-nets on a public switch?
0
Comment
Question by:Daeta42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39595153
Is this 3550 only layer 2? Will it be routing these vlans or just layer 2 to the ISP hardware?
0
 

Author Comment

by:Daeta42
ID: 39595179
If we could route on the switch that would be great using Layer 2.

I would rather get the ISP hardware to do all the routing if possible.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39595210
Ok, so if the isp is doing all the routing for the vlans, then you just need to set up a normal trunk to their switch or router

int fa0/2
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3-6  (optional)
switchport trunk nonnegotiate

You just need to make sure you know the setting on the ISP side.

The only reason I can see them doing this is to be able to control security/access between the different vlans.
0
 Database Backup and Recovery Best Practices

Join Percona’s, Architect, Manjot Singh as he presents Database Backup and Recovery Best Practices (with a Focus on MySQL) on Thursday, July 27, 2017 at 11:00 am PDT / 2:00 pm EDT (UTC-7). In the case of a failure, do you know how long it will take to restore your database?

 

Author Comment

by:Daeta42
ID: 39595250
So, we've tried to do all that you said previously.  Here is specifically what we've done.  (We did not do the nonnegotiate command)

int fa0/2
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 6

This did not work...  

In testing we just enabled ip-routing and lost access to the site it seems.  Looks like we have to go onsite to get us remote access again.

I could see doing this for security / access between different VLANS if they were all private addresses.  But we are working off public addresses.  So, there's no security / access control to the IPs....
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39595262
if the switch is only layer 2, you need to disable ip routing.

conf t
no ip routing


Also, by only allowing vlan 6, I assume you knocked out the management vlan.

Can you post the switch config?
0
 

Author Comment

by:Daeta42
ID: 39595299
We are heading to the site right now and will post the switch config in an hour or so.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39595366
Do you have the ISP config also?
0
 

Author Comment

by:Daeta42
ID: 39595427
As in what the IP assignments are, default gateway, subnet mask,  etc.?   Then yes.
0
 

Author Comment

by:Daeta42
ID: 39595589
Here is the running Config.

 
Building configuration...

Current configuration : 3823 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname DL-3550
!
enable secret 5 $1$fdsfd0
enable password fdsafdsafff
!
ip subnet-zero
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
 no ip address
!
interface FastEthernet0/2
 switchport access vlan 6
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,3-6
 switchport mode trunk
 no ip address
!
interface FastEthernet0/3
 no ip address
!
interface FastEthernet0/4
 no ip address
!
interface FastEthernet0/5
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/6
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/7
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/8
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/9
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/10
 switchport access vlan 4
 no ip address
!
interface FastEthernet0/11
 switchport access vlan 4
 no ip address
!
interface FastEthernet0/12
 switchport access vlan 4
 no ip address
!
interface FastEthernet0/13
 switchport access vlan 4
 no ip address
!
interface FastEthernet0/14
 switchport access vlan 4
 no ip address
!
interface FastEthernet0/15
 switchport access vlan 5
 no ip address
!
interface FastEthernet0/16
 switchport access vlan 5
 no ip address
!
interface FastEthernet0/17
 switchport access vlan 5
 no ip address
!
interface FastEthernet0/18
 switchport access vlan 5
 no ip address
!
interface FastEthernet0/19
 switchport access vlan 5
 no ip address
!
interface FastEthernet0/20
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/21
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/22
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/23
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/24
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/25
 no ip address
!
interface FastEthernet0/26
 no ip address
!
interface FastEthernet0/27
 no ip address
!
interface FastEthernet0/28
 no ip address
!
interface FastEthernet0/29
 no ip address
!
interface FastEthernet0/30
 no ip address
!
interface FastEthernet0/31
 no ip address
!
interface FastEthernet0/32
 no ip address
!
interface FastEthernet0/33
 no ip address
!
interface FastEthernet0/34
 no ip address
!
interface FastEthernet0/35
 no ip address
!
interface FastEthernet0/36
 no ip address
!
interface FastEthernet0/37
 no ip address
!
interface FastEthernet0/38
 no ip address
!
interface FastEthernet0/39
 no ip address
!
interface FastEthernet0/40
 no ip address
!
interface FastEthernet0/41
 no ip address
!
interface FastEthernet0/42
 no ip address
!
interface FastEthernet0/43
 no ip address
!
interface FastEthernet0/44
 no ip address
!
interface FastEthernet0/45
 no ip address
!
interface FastEthernet0/46
 no ip address
!
interface FastEthernet0/47
 no ip address
!
interface FastEthernet0/48
 no ip address
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface Vlan1
 ip address 177.205.16.26 255.255.255.252
 no ip route-cache
!
interface Vlan3
 ip address 177.205.23.226 255.255.255.248
 no ip route-cache
!
interface Vlan4
 ip address 177.205.23.242 255.255.255.248
 no ip route-cache
!
interface Vlan5
 ip address 177.205.23.250 255.255.255.248
 no ip route-cache
!
interface Vlan6
 ip address 177.205.23.138 255.255.255.248
 no ip route-cache
!
ip default-gateway 177.205.16.25
ip classless
ip http server
!
!
!
line con 0
line vty 0 4
 password fdsafdsafdsa!
 login
line vty 5 15
 password fdsafdsads
 login
!
end

Open in new window

0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 500 total points
ID: 39595734
I thought this switch was layer 2 only? Based on your config you are trying to use it as layer3. If so you need to configure ip  routing and ad a default route
ip route 0.0.0.0 0.0.0.0  x.x.x.x
x being isp next hop
Als
Can you provide the isp's switch interface config? Are you connecting to a switch or router?
0
 

Author Comment

by:Daeta42
ID: 39595747
We are connecting to the Colo's Router.  (Betting there is a switch in between)  But I do not have access to their devices.  

I will get the IP route command in there right now and test.
0
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39595818
Ok, if you are infact going to enable routing there are some considerations and configuration changes.

1.  I would change fa0/2 to an access port for vlan 1 since your next hop is part of that same subnet.

Enable routing -  ip routing

2. Add ip route 0.0.0.0 0.0.0.0 177.205.16.25

3. remove ip default gateway 177.205.16.25

no ip default-gateway 177.205.16.25

The big question is do the colo router have a route back to your switch.
0
 

Author Closing Comment

by:Daeta42
ID: 39605834
Thank you for your assistance!  I've never used the switch to do routing before so I was a bit lost!

Cheers!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question