VLAN IP and DHCP
in [Cisco]
|
From: Stephen on 16 Jun 2010 18:24 On Wed, 16 Jun 2010 07:27:34 -0700 (PDT), "bobneworleans(a)yahoo.com" <bobneworleans(a)yahoo.com> wrote: >> I think you need to give us a more complete explanation >> of your requirements. >> >> You won't be able to use the same address on three >> seperate switches. Give them different addresses. >> Chose one switch to do dhcp. Or of course two >> with non-overlapping ranges - then you might have >> additional resilience but some more management >> complexity. >> >> You need an IP address on a VLAN for two seperate >> purposes. You can do one of these, both of these or >> none of these depending on your requirements. >> >> 1. >> To do IP routing. >> >> If you are not doing IP routing then you don't *need* an >> address at all since the switches will forward the traffic >> at Layer 2. >> >> 2. >> To permit remote switch management. >> >> Please clarify what you need to do. >> >> I have never fancied clustering much. Stacking of course >> is a different matter due to the high speed bus. > >Hello Bod43, >Your explanation helped me a lot. Thanks! > >Here are some parameters of the installation: >600 clients >4507 in MDF >20 3550 switches on 4 floors IDFs >wireless network > >Here's what I plan to do. Does anything here go against standard >practices? > >1. Set up a VLAN for each floor plus wireless plus management. >2. All routing between VLANs will be done by the 4507. ok - so for the "user" vlans, only the 4507 needs an IP address within the VLAN, and that will be the default gateway. >3, Set up every switch with the management VLAN plus floor vlan (or >wireless vlan). each 3550 needs its management IP address in the management vlan (the default vlan is 1. since the 3550 is operating as layer 2 they do not need IP addrsses in other VLANs. if you use that for management please be aware that any switch where the config is not applied will have the users "dropped" into vlan 1. it is years since i worked on 3550s, and i cannot remember if you have to put management in vlan 1 or if you can move it. either way some of the cisco overhead protocols use vlan 1. cisco is really good for docs (although they keep reorganising the web site, so finding them can be a problem) there are some cisco best practice designs around that may help. note cisco always show 3 layers of switches and dual units for resilience. you only need 2 layers. duplicates are about increasing up time. there is no reason you cannot plug your servers direct into the core switch if the central port count is sufficient. http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap5.html http://www.cisco.com/en/US/docs/solutions/Enterprise/Education/SchoolsSRA_DG/SchoolsSRA_chap3.html 1 thing to watch is high port count GigE cards for the 4507 may be contended depending on the cards and supervisor. If you contend here you are saving a bit of money in the centre, but cutting heavily into the overall capacity of the system.... and 1 design guide for high availability campus (main difference is duplicated central switches) http://www.cisco.com/application/pdf/en/us/guest/netsol/ns431/c649/ccmigration_09186a008093b876.pdf >4. Set up unique virtual addresses for each virtual interface on their >own subnet. you only need a virtual address if you want to use HSRP and dual core switches - but it doesnt do any harm to do it, and it lets you add a 2nd core for resilience without changing address plans later. >5. The 4507 will have a virtual interface for each floor VLAN >addressed as 10.1.<vlan>.1. All DHCP default routes will point to >virtual interfaces on the 4507. >6. Assign each port (access) to the appropriate vlan. >7. Trunks will include all necessary VLANs and exclude the rest. > >I have some more questions: >The servers need to be reachable by clients on all floors. Should >they be on their own separate VLAN? depends, but generally yes, in case you want to tinker with the core of the design later, or put the servers on separate switches. >How will DHCP know which scope to use when assigning IP addresses to >clients from every floor? the DHCP "helper" fills in source subnets as it forwards the address to the DHCP server. >Do I need a helper address configured on the VLAN virtual interface >for each floor switch so client traffic will reach the DHCP server? Yes >Is it acceptable to use vlan 1 for management? yes - read the best practice stuff. >Is a native vlan needed? might depend on IOS version? >If so, what traffic (other than management >traffic) will it carry? ideally keep everything else off there (although the performance issues that triggered that recommendation have mainly gone away as processors got better). isolating management makes filtering out access to it easier. good luck -- Regards stephen_hope(a)xyzworld.com - replace xyz with ntl
From: Andy Davidson on 17 Jun 2010 04:59 "bobneworleans(a)yahoo.com" <bobneworleans(a)yahoo.com> wrote: > I want to configure VLAN 101 on three 3550 switches. Can the virtual > interface for VLAN 1 have the same IP address on all three switches? > (10.1.101.1) If so, why isn't there an IP address conflict? Not with ipv4. If you are building three subnets, you should address each differently, the switch would take an address on all three if it was providing a gateway, and the gateway address would be in the same subnet as the end hosts. (I am assuming here that the three VLANs are not in different VRFs, if so all bets are off, but you would have mentioned VRFs if you were using them, right?) > If each switch needs it's own unique IP address for VLAN 101, how can > all the clients get the correct default gateway from DHCP? The dhcp server would have three pools, one for each subnet, normally listen ln all three VLANs, and serve up a different gateway address to hosts in each subnet. Andy
First
|
Prev
|
Pages: 1 2 Prev: access list for vpn traffic? Next: $50,000 for KILLING FBI, CIA, NSA and NIS DIRECTORS |