I'm working on a flat network covering 3 floors with a stack of four
3550 switches per floor and one 4507 at the logical center. The gig ports of each stack are daisy-chained with the top and bottom switches linked back to the 4507. Each switch has a /24 private IP address applied to VLAN 1.
I want to segment the network into three class c type subnets, one per floor, and have the 4507 route between them. I configured the IP addresses of the 3550s with the third octet designating the floor number. Then I configured the 4507 interfaces as no switchport and applied IP addresses.
My logic is obviously wrong because the addresses of the top and bottom 3550s in each stack overlap each other and the new 4507 port address overlap with the VLAN. Could someone please explain how to design a valid addressing scheme?
If we want to use Windows Server 2000 DHCP to assign all the client addresses, how can it determine which subnet the client should be part of?
This is how I'd do it. We'll use "172.22.0.0/24" as the addressing scheme.
How many hosts per floor? 4 x 48 port switch = 192 worst case so "/24" is fine.
Define a VLAN and address block per floor, a vlan for switch management and a vlan for the native vlan of trunk ports:
vlan101 name Floor-1 172.22.1.0 / 24 vlan102 name Floor-2 172.22.2.0 / 24 vlan103 name Floor-3 172.22.3.0 / 24 vlan2 name Switch-Management 172.22.2.0 / 24 vlan 999 name Native na
Add the appropriate floor vlan to each switch stack ie. add vlan 101 to switches on floor 1, vlan 102 to switches on floor 2 and vlan 103 to switches on floor 3. vlan 2 and vlan 999 to all switches.
Create vlan 2 interfaces to manage the switches and assign a default-gateway.
ip default-gateway 172.22.2.254 int vlan 2 ip address 172.22.2.250 255.255.255.0
If the switches on each floor are set up as a logical stack then only 1 ip address is needed per stack ...
ip address 172.22.2.249 255.255.255.0 ip address 172.22.2.248 255.255.255.0
Create all these vlans on the 4507 and vlan interfaces to provide lan gateways:
int vlan 101 ip address 172.22.101.254 255.255.255.0
int vlan 102 ip address 172.22.102.254 255.255.255.0
int vlan 103 ip address 172.22.103.254 255.255.255.0
int vlan 2 ip address 172.22.2.254 255.255.255.0
Creat a management vlan interface
int vlan 2 ip address 172.22.2.254 255.255.255.0
The links to the switches should be trunks and trunk only the floors vlan and the switch management vlan:
4507 ports for the top switches of each stack
int gi1/1 description primary link to Floor-1 switchport switchport trunk encapulation dot1q switchport mode trunk switchport nonegotiate switchport trunk allowed vlan 2,101 switchport trunk native vlan 999 no spanning-tree portfast spanning-tree bpduguard disable no speed no duplex
int gi1/2 description primary link to Floor-2 switchport switchport trunk encapulation dot1q switchport mode trunk switchport nonegotiate switchport trunk allowed vlan 2,101 switchport trunk native vlan 999 no spanning-tree portfast spanning-tree bpduguard disable no speed no duplex
int gi1/3 description primary link to Floor-3 switchport switchport trunk encapulation dot1q switchport mode trunk switchport nonegotiate switchport trunk allowed vlan 2,101 switchport trunk native vlan 999 no spanning-tree portfast spanning-tree bpduguard disable no speed no duplex
4507 ports for the bottom switches of each stack
int gi1/4 description secondary link to Floor-1 switchport switchport trunk encapulation dot1q switchport mode trunk switchport nonegotiate switchport trunk allowed vlan 2,101 switchport trunk native vlan 999 no spanning-tree portfast spanning-tree bpduguard disable no speed no duplex
int gi1/5 description secondary link to Floor-2 switchport switchport trunk encapulation dot1q switchport mode trunk switchport nonegotiate switchport trunk allowed vlan 2,101 switchport trunk native vlan 999 no spanning-tree portfast spanning-tree bpduguard disable no speed no duplex
int gi1/6 description secondary link to Floor-3 switchport switchport trunk encapulation dot1q switchport mode trunk switchport nonegotiate switchport trunk allowed vlan 2,101 switchport trunk native vlan 999 no spanning-tree portfast spanning-tree bpduguard disable no speed no duplex
How about you handle the configs for the trunks on the floor switches.
Here's a config for their access ports.
switchport switchport mode access switchport access vlan spanning-tree portfast spanning-tree bpduguard enable no speed no duplex
Bernie, Thank you very much. I appreciate the time you spent on your reply. It's a lot more than I expected. I have one question right now (but will probably have more when I actually try to implement this).
What is the purpose of the "vlan for the native vlan of trunk ports"? vlan 999 name Native no ip addr Bob
Backwards compatability. Any packets in the "native" VLAN will be sent across the trunk with no 802.1Q tags, so they will look exactly like packets that are not in VLANs at all. A useful property if you are trying to incrementally convert infrastructure into VLAN format.
No worries Bob. I see Walter answered the native vlan Q so i'll take this opportunity to correct a few typo's.
My intended addressing scheme: vlan101 name Floor-1 172.22.101.0 / 24 vlan102 name Floor-2 172.22.102.0 / 24 vlan103 name Floor-3 172.22.103.0 / 24
and then just trunk the appropriate vlan (+ management) to each floor: Floor 1 switchport trunk allowed vlan 2,101 Floor 2 switchport trunk allowed vlan 2,102 Floor 3 switchport trunk allowed vlan 2,103
same again for the backup links.
You intended having the link from the top swich of each stack be the primary. To force this spanning-tree design you can configure on the secondary trunks at the 4507 end:
You have to watch out for packets originated by the devices themselves. Also I seem to recall reading something along the lines of CDP always using VLAN 1, but I'm not at all certain of that. Perhaps it was some of the other management packets.
We don't even trunk vlan 1 where we don't have to so can guarantee CDP, VTP, and BPDU's don't use it. As soon as we replace the remaining 3500XL's vlan
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.