altu
join:2005-12-18
Beverly Hills, CA
| reply to altu
Re: [Config] Secondary VLAN issue
I apologize for the delay in getting back to you.
I do understand the importance of having a VTP domain and only one VTP server. I set this up when I needed to trunk both the 3560 and the 2950.
Now that the trunking is done, I can set them both to transparent. Will the trunk still work, passing all VLAN information ?
My original switch was the 2950 and all VLAN information was stored on it. The 3560 is a recent addition. I set it to be a client so that my 2950 server could propogate the VLAN information to it. Now that the switches are in sync, I could set both to transparent to configure the secondary vlan on the port in question. The port is on the 3560.
How do I go about configuring inter-vlan routing on the 3560?
I'll set up a VLAN 10 as suggested and move all users on it.
Why do you stress on subnet separation PIX vs. 3560 users? Security?
The 2950's default gateway is the application machine which is a UNIX variant. The 2950 has 5 clients that access the application machine. I cannot set anything on those clients (proprietary). The clients are fed IP Addresses of their subnet from this application machine, and they are also natted across to the other subnet for internet access.
Thanks for the heads up on the spanning-tree portfast.
I'll draw up the diagram and post it soon. |
aryoba
Premium,MVM
join:2002-08-22
edit:
December 20th, @06:05AM
| Q1:
"Now that the trunking is done, I can set them both to transparent. Will the trunk still work, passing all VLAN information ?"
A:
Trunk will still work. However it is not reliable when none of the switches in your VTP Domain work as VTP server. Set the 3560 as the server and 2950 as client, then the VLAN and trunk info will be more reliable. Check out the link I provided for more info.
Q2:
"Why do you stress on subnet separation PIX vs. 3560 users? Security?"
A:
I believe there should (or would) be a need from users behind the 3560 and behind the 2950 to go to the Internet through the PIX or go to the 2nd network through the application box. I also believe that there should (or would) be a need to go to each other between the two group of users.
In short, there are traffic to go from one network segment to another. This is called inter-VLAN routing. To make the inter-VLAN routing run well, you need to break up each network segment to their own subnet.
Q3:
"How do I go about configuring inter-vlan routing on the 3560?"
A:
As mentioned, there should a routing protocol to handle traffic between all subnets. However before going further, you need to answer the following questions.
QUESTIONS:
1) What are the things you can configure the application box as? Can you configure it for specific gateway, IP address, subnet, DNS server?
2) Which routing protocol this application machine is capable running of? Is it capable to run RIP, OSPF, or BGP?
3) Can you also post the application box box configuration? The info I would like to see are IP Address, subnet, gateway (both primary and secondary). |
