Switch or Router for routing betwean VLANS with 500 computers

While it completely depends on traffic between vlans and/or across trunks from a pure utilization perspective, either switch will have enough routing capability to handle this. You are talking a half dozen routed interfaces at most, and 500 nodes, should be completely fine. We'll see what the others think, but I would not see any problem with this setup.

| On Apr 7, 12:23 pm, Morph wrote: | > Hi. | > We have a situation where we have around 500 computers and servers that | > will be separated in to several (5-6) VLANS (currently they are all in | > the same network. | > The servers will be in a separate VLAN and a lot of traffic will go | > there. There won't be much traffic betwean the other VLANs. | >

| > What would you sugest as a device that would route betwean the VLANS? | > The users are connected through Linksys Gigabit swithches, and I thought | > about using a Layer 3 switch to do the inter VLAN routing. | > In perticular I thought about using WS-C3750G-24TS-1U with an IP Base | > image (IP base supports static routes and RIP). | >

| > Will this be a good solution? Is a C3750 enough for this or do I need a | > C3750E? | | While it completely depends on traffic between vlans and/or across | trunks from a pure utilization perspective, either switch will have | enough routing capability to handle this. You are talking a half | dozen routed interfaces at most, and 500 nodes, should be completely | fine. We'll see what the others think, but I would not see any | problem with this setup.

Hi Trendkill. Thanx for your reply.

The nodes are connected to 7 - 48 port Linksys gigabit switches, and 4

24 port switches (for the moment) so there will be 11 or 12 routed interfaces on the C3750.

A 3750 has more than enough routing capability for this application. The only reason to go with the a 3750E is if you need 10GE ports. The one thing you need to watch out for is high CPU. The TCAM memory on the 3750 is partitioned for layer 2 switching and layer-3 routing and depending on the application, how much of TCAM is allocated to each may need to be tuned. The command is "sdm prefer", and the default is "desktop" which optimizes the TCAM for switching. You might have to change it to "sdm prefer routing". If you see high CPU on the 3750 and you are doing routing on it, it's almost always due to TCAM memory allocation.

With 500 users you may want to give consideration to having two layer

3 switches for redundancy.

The layer 2 access switches would be dual-homed to the layer 3 switches

| With 500 users you may want to give consideration to having two layer | 3 switches for redundancy. | | The layer 2 access switches would be dual-homed to the layer 3 | switches

Hi Merv. If I understood correct you are sugesting to have the Layer 2 switches connected through trunks to both of the Layer 3 (3750) switches. Is some aditional configuration needed other than setting up trunks and routing on the 3750s? Thank you.

Setup the vlans on both 3750s, with HSRP, and trunk all vlans between them. Then connect each of your access switches to the 3750s, using trunking if you need multiple vlans on an access switch. This will give you full layer 2 and layer 3 redundancy, at least on the lan. Of course you still may not have redundancy down the server/workstation port (this would require pairs of access switches), but its a step in the right direction.

Trendkill has spoken to your question.

You could also put your servers on access switches that are dual-homed to new layer 3 switches

| > | With 500 users you may want to give consideration to having two layer | > | 3 switches for redundancy. | > | | > | The layer 2 access switches would be dual-homed to the layer 3 | > | switches | >

| > Hi Merv. | > If I understood correct you are sugesting to have the Layer 2 switches | > connected through trunks to both of the Layer 3 (3750) switches. | > Is some aditional configuration needed other than setting up trunks and | > routing on the 3750s? | > Thank you. | | Setup the vlans on both 3750s, with HSRP, and trunk all vlans between | them. Then connect each of your access switches to the 3750s, using | trunking if you need multiple vlans on an access switch. This will | give you full layer 2 and layer 3 redundancy, at least on the lan. Of | course you still may not have redundancy down the server/workstation | port (this would require pairs of access switches), but its a step in | the right direction.

If buying two 3750s I would like to not only have one that is active, and one that is standing by, but to load balance traffic across the two switches using MHSRP. Hopefully this is possible with the IP base IOS. Software advisor mentions HSRP as a feature and doesn't mention MHSRP.

Another problem I'm gonna face is that the addresses will be handed out from one DHCP server for all the 500 machines. This should not be a problem when implementing HSRP, but for MHSRP half the nodes in every VLAN should receive different default gateways. Any idea how to overcome this? Thank you.

If you want to load share, I would just do hsrp and use the hsrp priorities to load balance odd vlans on one switch and the evens on the other. No reason to load balance within a vlan that I can see given the small nature of your network. Then you just have ip-helpers on both switches.

Second, even with different gateways, gateways have nothing to do with dhcp, so it shouldnt be a problem. The router will forward the bootp packets to the dhcp server based on the ip-helper, and then use a source of its own interface which tells the dhcp server where to reply and what network the dhcp request is coming from. I don't think this is an issue regardless of which direction you go, hsrp or mhsrp. I would go with the former though, no need to over-complicate things. Not to mention I suspect you dont have fully redundant/load balanced next hops, so the only thing you are distributing is lan traffic, which is still limited by your uplinks/trunk ports/server connections.

Before you do this figure out if the uplinks will be a bottleneck.

The extra complexity may not be worthwhile.

also if you have the budget you could replace your layer 2 access switches at the same time with layer 3 access switch then you would not have the headaches that STP can bring and you would not require HSRP ...

| Hi. | We have a situation where we have around 500 computers and servers that | will be separated in to several (5-6) VLANS (currently they are all in | the same network. | The servers will be in a separate VLAN and a lot of traffic will go | there. There won't be much traffic betwean the other VLANs. | | What would you sugest as a device that would route betwean the VLANS? | The users are connected through Linksys Gigabit swithches, and I thought | about using a Layer 3 switch to do the inter VLAN routing. | In perticular I thought about using WS-C3750G-24TS-1U with an IP Base | image (IP base supports static routes and RIP). | | Will this be a good solution? Is a C3750 enough for this or do I need a | C3750E?

Thanx Thrill5, Trendkill and Merv for taking the time to reply. Your help is greatly appritiated. Regards.

a design guide that may help you

you dont need the full 3 layer design for "only" 500 users.

what you are discussing follows the cisco guidelines but misses out either the core or distribution layer.

this comes from some cisco general design guides - index:

you

a good idea to know all of the design options aavailable nd then make a rationale decision based on business needs, budget, etc, etc

If you opt for two 3750's, stack them together and they look like one switch, without the need to configure HSRP (or MSHRP) and they will both share the load of routing traffic. Make a layer 2 connection from each of the 3750's to each of the access switches. If one switch fails, the other will detect this in about a half second. Also make sure the 3750 stack is the bridge root, and spanning-tree will failover very quickly as well. Logically this configuration is the same as using dual 6500's with VSS supervisors.

Well this seems like the best solution and at the same time the easyest to implement :) Thank you!

| > | > | With 500 users you may want to give consideration to having two | > layer | > | > | 3 switches for redundancy. | > | > | | > | > | The layer 2 access switches would be dual-homed to the layer 3 | > | > | switches | > | >

| > | > Hi Merv. | > | > If I understood correct you are sugesting to have the Layer 2 switches | > | > connected through trunks to both of the Layer 3 (3750) switches. | > | > Is some aditional configuration needed other than setting up trunks | > and | > | > routing on the 3750s? | > | > Thank you. | > | | > | Setup the vlans on both 3750s, with HSRP, and trunk all vlans between | > | them. Then connect each of your access switches to the 3750s, using | > | trunking if you need multiple vlans on an access switch. This will | > | give you full layer 2 and layer 3 redundancy, at least on the lan. Of | > | course you still may not have redundancy down the server/workstation | > | port (this would require pairs of access switches), but its a step in | > | the right direction. | >

| > If buying two 3750s I would like to not only have one that is active, | > and one that is standing by, but to load balance traffic across the two | > switches using MHSRP. Hopefully this is possible with the IP base IOS. | > Software advisor mentions HSRP as a feature and doesn't mention MHSRP. | >

| > Another problem I'm gonna face is that the addresses will be handed out | > from one DHCP server for all the 500 machines. This should not be a | > problem when implementing HSRP, but for MHSRP half the nodes in every | > VLAN should receive different default gateways. Any idea how to overcome | > this? | > Thank you. |

The idea behind redundant layer 3 switches is that one is totlally independent of the other.

What happens when you need to upgrade the IOS - you will want to do this one at at time - in case there are issue - so that you can easily roll back

Think very carefully about this - it is important.

I have about 10 or 15 stacks of layer 3 3750's and have never run into any issues with software updates or the like. If there is a problem with the image, the other switch won't load it anyway, and will come up normally. If you can afford to bring down both switches for about 3 minutes in order to reboot and load the new image this will work fine. In only two instances do we have dual 3750's that aren't stacked, and that is for our Internet connections that can have ZERO downtime. 3 minutes of downtime even at 3 o'clock in the morning is not acceptable for those connections.

one does not have to search very far thru this new sgroup to find folks that have had all sort of issues with stacks