1. Home
  2. Cisco Systems
  3. connecting two 3550 switches with VLAN IP routing

connecting two 3550 switches with VLAN IP routing

Hi, our subcontractors have finished the switch install, consisting of two Catalyst 3550 switches connected to each other via a trunk on port

47, with clients and other switches tagged off these switches.

Im having a little trouble understanding the configuration, why has the client switch got an ip address of 192.168.2.10? From my understanding it shouldnt need an address as any packets arriving on its interface will be routed across trunk between the client and core switch, where the core switch will handle the routing?? Or am i totally offtrack? When i remove VLAN3 ip address from the client switch the entire lot goes down, it is obviously needed but i dont understand why.

CORE CONFIG

version 12.2 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption service sequence-numbers ! hostname core ! no aaa new-model ip subnet-zero ip routing ! no file verify auto ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree vlan 1-3 priority 0 ! vlan internal allocation policy ascending ! interface GigabitEthernet0/1-20 spanning-tree portfast ! interface GigabitEthernet0/21-35 spanning-tree portfast switchport access vlan 2 switchport mode access ! interface GigabitEthernet0/36-46 spanning-tree portfast switchport access vlan 3 switchport mode access ! interface GigabitEthernet0/47 description connected to client as a trunk to port 47 switchport access vlan 3 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/50 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/51 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/52 switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 ip address 192.168.0.2 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28 ! interface Vlan2 ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28 ! interface Vlan3 ip address 192.168.2.1 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip http server ! end

CLIENT CONFIG

version 12.2 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption service sequence-numbers ! hostname client ! no aaa new-model vtp domain cisco vtp mode transparent ip subnet-zero ip routing ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 3 name UsersAccess ! interface GigabitEthernet0/1-46 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/47 description connected to Core Switch As a trunk port switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 ip address 192.168.0.5 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28 ! interface Vlan3 ip address 192.168.2.10 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28 ! ip classless ip http server ! end

Many thanks in advance,

Chris

Reply to
g18c
Loading thread data ...

If you want the core switch to handle the routing, then you need remove the IP addresses on VLAN 2 and VLAN 3 (on both machines), and you need to create a trunk across to the core router, with VLAN 2 and VLAN 3 created hooked in as sub-interfaces on that link so that they will get trunked across. You'll probably also need to add VLAN 3 as a subinterface on GE0/47 so that it will get trunked across the link to the client switch too, and on the client switch, make the mirror arrangements to get the VLANs trunked across to the master switch.

VLANs only go across a trunk if the trunk has been configured to carry those particular VLANs. Which your switches have not been configured to do, so the reason your network works now is that each switch is doing local routing. Doing routing locally is usually noticably more efficient; the disadvantage of it is that it requires that you propagate all the routing knowledge to each switch (sometimes trivial to maintain), and that it prevents you from applying filters or access controls between the networks unless you put the same controls in at each place (which usually starts to become a mess to maintain.)

Reply to
Walter Roberson

Thanks for the reply, but i am still confused. If the switch trunk has been configured to carry VLAN3 traffic only, how can clients on the client switch get their packets routed for the other VLANS. I can ping any machine and go out onto the internet from any machibe on the client switch by using default gateway 192.168.2.1.

Thanks,

Chris

Reply to
g18c

Your client configuration has

ip routing

interface Vlan1 ip address 192.168.0.5 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28 ! interface Vlan3 ip address 192.168.2.10 255.255.255.0 ip helper-address 192.168.0.31 ip helper-address 192.168.0.28

This creates a *local* virtual interface for VLAN1 and another for VLAN3 and routing will take place *locally* between them.

If you don't want VLAN 1 to route locally with VLAN 3, then turn off ip routing or get rid of the IP address on the VLAN interface (and probably get rid of the ip helper-address too.)

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.