Network switch infra design

This is a design for new network using 7 switches - 5 x Cisco 2960 (with 4 SFPs), and 2 x HP Procurve V1910-24 switches, plus 2 12-port 100-based switches. All are gigabit switches. The areas and number of network points needed include, basement (12), 1st floor (7), 2nd floor (28), 3rd floor (18), and 4th floor (55).

Network cables of Cat6 are planned to running through the above areas. 2nd and 3rd floors are admin & business departments, in which high-ranking management personels positioned. 4th floor is computer lab, and a Internet line/router/firewall, are located. One of the major objective is, all users of any floor must able to access to Internet without problem.

Distances between 4th floor to basement is about 220 m, to 1st floor is about 120 m, to 2nd floor is 30 m, and to 3rd floor is 15 m. I'm thinking to set up 2 2-layer switch infra, with 1 core/distribution switch located at 4th floor, and the rest of the 6 switches as access-layer switches.

For 4th floor, 1 Cisco 2960 switch as core, plus 2 HP v1910 24-port switches uplinked with cat6 cable to the core switch; for 3rd floor, 1 Cisco 2960 switch as access-layer, and uplinked with cat6 cable to core switch; for 2nd floor, 1 Cisco 2960 switch as access-layer, and uplinked with cat6 cable to core switch, plus a 12-port 100-based switch cat6 cable uplinked to core switch; for 1st floor, 1 Cisco 2960 switch fibre-optic uplinked to core switch; for basement, 1 cisco 2960 switch fibre-optic uplinked to core switch.

The fibre-optic is multi-mode, so it should support up to 400 m? Any problem with the design? Can it be better? Does any VLAN and trunking are needed?

thanks,
LVL 1
MichaelBalackAsked:
Who is Participating?
 
InfamusConnect With a Mentor Commented:
This is basically what Soulja is recommending.

Let's say you have the following:

Router: 10.1.1.254

On the core switch:

config t

interface vlan 1
description vlan1
ip address 10.1.1.1 255.255.255.0

vlan 2
description vlan2

interface vlan 2
description vlan2
ip address 10.1.2.1 255.255.255.0
exit

vlan 3
description vlan3

interface vlan 3
description vlan3
ip address 10.1.3.1 255.255.255.0
exit

vlan 4
description vlan4

interface vlan4
ip address 10.1.4.1 255.255.255.0
exit

vlan 5
description vlan5

interface vlan5
ip address 10.1.5.1 255.255.255.0
exit

interface gi0/1 --->Interface which router is connected
switchport mode access
 (no need to assign vlan because it will be on vlan 1 by default unless you don't want to use vlan 1 as native)

ip route 0.0.0.0 0.0.0.0 10.1.1.254

On the router

config t

ip route 10.1.2.0 255.255.255.0 10.1.1.1
ip route 10.1.3.0 255.255.255.0 10.1.1.1
ip route 10.1.4.0 255.255.255.0 10.1.1.1
ip route 10.1.5.0 255.255.255.0 10.1.1.1

Soulja, can you confirm?

Thanks.
0
 
SouljaCommented:
MM Fiber should be sufficient. You definitely want to include VLANs and trunking between the switches. I would also run port channels between all of the switches. I somewhat question using the 2960 as the core  since more purposed an an access layer switch. It's routing capabilities are limited also.
0
 
MichaelBalackAuthor Commented:
Hi Soulja,

These hardware inventory was passed down from my ex-colleague, and I got no choice, but  take it. Please detail on VLANs, trunking, and port-channel among the switches.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
SouljaCommented:
VLANS can be organized however you want them. Some organized them by location or department or both. You will want to trunk the vlans between each of the switches. As for the port channels you will require at least two interfaces per switch, so if you are running fiber, you are talking about two fibers per run.
0
 
InfamusCommented:
As soulja mentioned, 2960's are more for access switch and you will have to make sure that you have proper IOS version installed to enable routing.  However the routing capabilities are very limited.  I would recommend getting a low end layer 3 switch for the core such as 3560.
Make sure to create layer 2 and layer 3 VLAN if you want to enable interVLAN routing and make sure to set the core switch as VTP server and the rest as client.  I would set VTP password as well.
0
 
MichaelBalackAuthor Commented:
Hi Soulja/Infamus,

On top the above 7 switches, with the connectivity as stated, there is one router. I am not sure if this is a Cisco Router 881 or other model (will confirm later). Just take it a Cisco 881 (with 4 LAN ports), can I use it to be my layer 3 router, for all the vlans, beside as a main gateway to the Internet?

How to set it up on router?

So the setting of VLANs and trunking is to segmenting so as a broadcast (such as from DHCP), won't be spread campus-wide?
0
 
SouljaCommented:
I would set up vlan routing on the 2960 before resorting to a router on stick design. Let the router worry about Internet traffic .
0
 
MichaelBalackAuthor Commented:
Hi Soulja,

Let's assume i go for 5 vlans, please see my questions:

Q1. Do all 5 inter-vlans routing can be setup on the 2960?
Q2. For the connection between this 2960 and router, i only need a trunk that carry all 5 vlans?
0
 
MichaelBalackAuthor Commented:
Hi Soulja,

Does this means that i can set up svi - switched virtual interfaces on 2960?
0
 
SouljaConnect With a Mentor Commented:
Q1. Do all 5 inter-vlans routing can be setup on the 2960?
Yes, all 5 vlan SVI's will reside on the 2960.

Q2. For the connection between this 2960 and router, i only need a trunk that carry all 5 vlans?

No, the connection to the router will be an access port with the vlan that the router's inside interface sits on.


The summarize:
- Create all 5 VLAN svi's on the 2960.
- Create a default route on the 2960 pointing to the ip of the inside interface of the router.
- Create an access port on the 2960 and assign the vlan that the router ip is part of. Connect this port to the router.
- On the router create a static router for each vlan subnet that you created on the 2960. For each static router set the next hop to the SVI on the 2960 in which the router interface is part of.
0
 
InfamusCommented:
Oh...obviously..turn on routing....

config t

ip routing
0
 
SouljaCommented:
Yep, that's exactly what I am suggesting.
0
 
MichaelBalackAuthor Commented:
Thanks for the very details explanation.

One last question (it could be stupid question), so, Cisco router 881 can do the routing job for all VLANs?
0
 
SouljaCommented:
Yes, but the design is not optimal. Keep the vlan routing on the 2960.
0
 
InfamusCommented:
Why would you want the router to handle the inter-vlan routing when the switch is already doing the vlan routing with the above configuration?
0
 
MichaelBalackAuthor Commented:
Hi Infamus,

I need to use cisco router 881 because it is stable. Since inter-vlan routing is done on 2960, this cisco router will be used as Internet router with NAT.

One last question - I need to have a dhcp server to serve all the vlans, where should set it?
0
 
SouljaCommented:
I need to use cisco router 881 because it is stable. Since inter-vlan routing is done on 2960, this cisco router will be used as Internet router with NAT.

So you are not using the router to route vlans, just internet traffic correct?

One last question - I need to have a dhcp server to serve all the vlans, where should set it?

Put the dhcp server on whichever vlan you desire. For all other vlan interfaces you will have to add a helper statement:
 
for example

Interface vlan 2
ip helper-address x.x.x.x (address of dhcp server)
0
 
MichaelBalackAuthor Commented:
Thanks Soulja
0
 
MichaelBalackAuthor Commented:
Thanks both
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.