Questions on Setting up Layer 3 on Cisco 3560

[ttcsbarry]

I have a questions about setting up Layer 3 routing between (2) sites that are in different cities and will be connected via an Ethernet over SONET 150MB Fiber Optic Circuit. Will the following Config statements work from the standard default Layer 2 3560 setup?

Site A Config Statements:

hostname Site-A-Video-Switch

ip routing

interface vlan 1
ip address 192.168.1.1 255.255.255.240
ip default-gateway 192.168.3.1

interface GigabitEthernet 0/25
description EOS connection AT&T CKT # L1XX.123456
no switchport
ip address 192.168.3.1 255.255.255.252
no shutdown

ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/25


Site B Config Statements:

hostname Site-B-Video-Switch

ip routing

interface vlan 1
ip address 192.168.2.1 255.255.255.240
ip default-gateway 192.168.3.2

interface GigabitEthernet 0/25
description EOS connection AT&T CKT # L1XX.123456
no switchport
ip address 192.168.3.2 255.255.255.252
no shutdown

ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/25

Any comments would be appreciated. Customer does want both sites to be segmented and only traffic for the second site to route accross the SONET circuit.

 

[zinkann]

The config looks like it would work. Try connecting the two g0/25 to each other and test it out. If the customer only wants one site to route across the link, take out the ip route on the first site. But since they will be directly connected the interfaces will probably be able to talk to each other even without default routes.

CCNA, Network+

 

[ADB100]

The 'ip default-gateway' commads are not needed and the route statements are wrong - sort of. Do these sites link to anywhere else? i.e. do you have an Internet connection at one site as this will need to be factored in.

The route statements would be:

!site-A
ip route 192.168.2.0 255.255.255.240 192.168.3.2
!
!
!site-B
ip route 192.168.1.0 255.255.255.240 192.168.3.1
!

I presume one site (site-A?) has an internet connection and this is the default-gateway for PC's that are there - this will have to change. What I would do is make the PC's default gateway the Cat 3560 SVI and create another VLAN (or routed interface) for the Internet gateway. Then create static routes or run a routing protocol.

HTH

Andy

 

[ttcsbarry]

To answer your question about whether or not one of the sites has an internet connection, the answer is no. These 2 sites don't connect to anything else at this point. The 2 sites will be primarily processing Broadcast Video content to devices on their own subnets, with the occasion to pass that content to the second site.

Why wouldn't I need to use the ip default-gateway statement for the vlan?

Also, you're saying that instead of making a default route to the gigabit ethernet port, that I should instead make a static route at each site to pointing to the far end site, right?

One more question. All of the devices that connect to the 24 ethernet ports will have a static I/P address and a gateway address. Would the gateway address, then be the address of the switch (VLAN 1) since it has the route table?

 

[ADB100]

Yes. When the switch is a router the concept of a 'default-gateway' goes out of the window as the switch/router will use it's own routing table. You can have a gateway of last resort which is sort of the same thing but is configured differently - i.e. a static default route.

Personally I would not use VLAN 1 either, just make up another VLAN and make all access ports use this vlan:

vlan 10
 name Data-VLAN
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
!
interface range FastEthernet0/1 - 24
 switchport mode access
 switchport access vlan 10

HTH

Andy

 

[ttcsbarry]

Thanks ADB100.

Why would you make vlan 10 for ports 1-24 and keep vlan 1 with ip address ip address 192.168.1.1 255.255.255.240?

Is that to keep the management address of the switch separate from the ports? Wouldn't vlan 10 also need an ip address?

Or are you suggesting using vlan 10 so that it is different from the default setup? If you could explain that a little, i would appreciate it.

 

[ADB100]

Sorry, change the SVI to 10 as well

interface vlan 1
 no ip address
 shutdown
!
interface vlan 10
 ip address 192.168.1.1 255.255.255.240
!

This is just a recommendation though, you can use VLAN 1, however VLAN 1 is used for other stuff so as a rule you should not use it anywhere.

Andy

 

[ttcsbarry]

Thanks Andy. I'll give it a shot.

 

[burtsbees]

Good security practice is to change the management VLAN from VLAN1 (default) to something else.

Burt