RE: MPLS VLANs... [7:72376]
I'm sorry, but I don't have experience on that particular platform with EoMPLS. My network is almost completely GSRs and 7500s. All our PEs are 7500s. We aren't letting customers use these circuits yet but every indication is that the processor impact won't be much worse than a normal IP customer. The greatest memory impact is just running MPLS. Again though, I can't speak for the 6500. By the way, Sam Halabi has a new book coming out in September (I think) that talks about EoMPLS theory pretty well called "Metro Internet." It looks like it will be pretty good. As far as I know it's the first Cisco Press book to talk about Martini L2 stuff. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: RE: MPLS VLANs... [7:72376] Hi Mike, We are going to implement EoMPLS over two 6509 connected through 155 Mbps PoS link. Do you have experience concerning CPU/memory utilization? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72422&t=72376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS VLANs... [7:72376]
Hi Mike, We are going to implement EoMPLS over two 6509 connected through 155 Mbps PoS link. Do you have experience concerning CPU/memory utilization? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72404&t=72376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS VLANs... [7:72376]
Karen, We are currently working on rolling out Martini L2 Ethernets over MPLS. There are two Cisco ways to do Ethernet over MPLS. The first and most commonly used method uses VC 0x0004 as defined in draft-martini-l2circuit-trans-mpls. It is used to transport individual .1q vlans, which if I read your message correctly is what you want to do. It's configured like this: PE router Int gig 1/1.100 Encap dot1Q vlan-id Mpls l2transport dest-ip vc-id The second and newer EoMPLS technique is support of VC 0x0005. It has just recently been introduced in (the quite buggy on 7500s) release of 12.0.24S. This technique supports port to port Ethernet trunking allowing many vlans to flow over the same physical port and letting you trunk Ethernet switches through the network. It sounds like what you want is the first technique. One word of caution though. Every Ethernet device the communicates with the PE router will be in said routers ARP table. Be careful. That being said this is some awesome technology. I'm definitely a big fan. Good Luck and let me know how your MPLS implementation goes. Mike Mike Bernico Sr. Network Engineer Illinois Century Network [EMAIL PROTECTED] -Original Message- From: Karen E Young [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 2:14 AM To: [EMAIL PROTECTED] Subject: MPLS VLANs... [7:72376] Does anyone know if there's a way out there to implement Layer 2 VPNs on a per-VLAN basis rather than a physical port assignment? A-La draft-kawakami-mpls-lsp-vlan-00.txt. Ideas welcome, Karen Y A rose by any other name is Cisco specific terminology... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72393&t=72376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS VLANs... [7:72376]
Hi Karen, Would EoMPLS meet your requirement? Best Regards, Alaerte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72384&t=72376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS VLANs... [7:72376]
Does anyone know if there's a way out there to implement Layer 2 VPNs on a per-VLAN basis rather than a physical port assignment? A-La draft-kawakami-mpls-lsp-vlan-00.txt. Ideas welcome, Karen Y A rose by any other name is Cisco specific terminology... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72376&t=72376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Transporting Multiple Vlans over point-to-poin [7:71074]
Thanks to the reply Tom, That idea was great. I am afraid I would have a problem because the number of servers. Bridging on ppp seems to have a problem: just one Vlan (bridge-group) per interface. Two links on Cisco explains EoMPLS. It seems to solve the problem but I can not find an example with PoS interface. I am not sure if it is supported. The links is: http://www.cisco.com/warp/public/cc/pd/rt/7600osr/prodlit/emp76_tc.htm http://www.cisco.com/en/US/products/sw/iosswrel/ps5013/products_feature_guide09186a0080088187.html#1045718 And it states: "The Ethernet over MPLS feature is supported on the following router at the edge: Cisco 7600 Series Internet Router with 4-port Gigabit Ethernet WAN modules" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71360&t=71074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RES: Transporting Multiple Vlans over point-to-point [7:71074]
Maybe L2TP v3 ? > _ > Henrique Issamu Terada, CCIE # 7460 > IT Support - Open Network > CPM S.A. - Tecnologia criando valor > Tel.: 55 11 4196-0710 > Fax: 55 11 4196-0900 > [EMAIL PROTECTED] > www.cpm.com.br > -- > --- > Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se > vocj nco for o destinatario ou a pessoa autorizada a receber esta > mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas > ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta > mensagem por engano, por favor avise imediatamente o remetente, > respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > > -Mensagem original- > De: alaerte Vidali [SMTP:[EMAIL PROTECTED] > Enviada em: segunda-feira, 23 de junho de 2003 13:15 > Para: [EMAIL PROTECTED] > Assunto: RE: Transporting Multiple Vlans over point-to-point > [7:71074] > > Any experience with EoMPLS? > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71193&t=71074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Transporting Multiple Vlans over point-to-point [7:71074]
Or we sell an LSS, LAN Switching Service, service in which you can build a trunk across the bridged ATM network. Dave Tom Martin wrote: > Alaerte, > > I can think of a couple ways to doing this. Be forewarned. Both are ugly. > > Method #1: Relocate the servers /30 subnet > -- > > We'll say the server's IP address is 192.3.3.254/24. Create a secondary > IP address on R2 for 192.3.3.252/30. R2's secondary address becomes > 192.3.3.253/30, the server can stay 192.3.3.254/24. Make sure that R3 > knows how to reach the 192.3.3.252/30 subnet (either static route or a > classless routing protocol). > > How it works: > > Proxy ARP. Stations on VLAN 300 attempting to connect to the server will > ARP for 192.3.3.254, for which R3 has a "better route", and will respond > to the ARP with its own MAC. Traffic to 192.3.3.254 will be routed to > R2. The reverse will happen when 192.3.3.254 attempts to respond to the > client, it ARPs, R2 knows of a route and responds with its MAC, the > packet is routed back. > > Other info: > > - I've assumed that the server address was 192.3.3.254, it could have > been anything. The /30 subnet would change accordingly. > - I've assumed that .252 and .253 were not already in use. If they were, > connectivity to these stations would be broken. You can get around this > problem by configuring (and redistributing) static routes for > 192.3.3.252/32 and 192.3.3.253/32 pointed back towards Vlan 300 on R3. > - L2 Broadcasts will not be available to/from the new server > > > Method #2: Virtual router > - > > This method has the unique property of being both cleaner (from a caveat > perspective) and uglier at the same time. Imagine walking into this at a > customer site -- how long would it take you to figure out what was going > on? :) > > Once again we'll say the server's IP address is 192.3.3.254/24. > Configure a static route on R3 as follows: > > ip route 192.168.3.254 255.255.255.255 (ip_of_R2) > > On R2, determine an IP address that isn't used for use as a virtual > router. We'll say 192.168.2.254/24 isn't used. Create a static route on > R2 to the server through the virtual router: > > ip route 192.168.3.254 255.255.255.255 192.168.2.254 > > The virtual gateway doesn't exist so pings to it will fail. Don't worry > about that yet. Move the server to VLAN 200 without changing its IP > address or mask. Determine the MAC address of the server. We'll say > 0001.0002.0003. On R2, configure the MAC for the virtual router to be > the server's IP: > > arp 192.168.2.254 0001.0002.0003 arpa > > You must perform similar steps on the server. We'll assume that its > default gateway has not changed. We'll also assume that its default > gateway was 192.3.3.1. Configure a static ARP entry for the default > gateway that reflects R2's Ethernet MAC (0102.0304.0506): > > arp -s 172.30.16.254 01:02:03:04:05:06 > > Make sure that R3 knows how to reach the 192.3.3.254/32 subnet (either > add a static route or redistribute on R2). > > How it works: > > Vlan 300 stations broadcast ARP, and R3 responds with its MAC (Proxy > ARP). R3 forwards the packets to R2. R2 forwards the packets directly to > the server (although it believes it is forwarding to another gateway). > The server receives the packet because the MAC was correct, notices that > it is the end station, and processes the packet. Traffic from the server > to VLAN 300 is possible using Proxy ARP as describe in Method 1. Traffic > to/from other VLANs (VLAN 100) will also work fine since the server > forwards all of its "default gateway" traffic to the correct default > gateway, R2. > > Other info: > > - I've assumed that the server address was 192.3.3.254, it could have > been anything. > - The only 192.3.3.0/24 address used on VLAN 200 (other than the servers > IP) is the Ethernet IP address of R3. > - L2 Broadcasts will not be available to/from the new server > - Pings to the virtual router will fail (it /is/ virtual after all), > even though the server will have full network connectivity. > > > If you get around to actually doing either of these in the lab and run > into trouble, let me know (the above was written from memory, and I may > have missed a step or two). I originally came across these ideas after > reading Doyle and configured them in the lab just to see if I could pull > it off. Yep. :) > > You would be surprised with some of the crazy labs you can make for > yourself whe
Re: Transporting Multiple Vlans over point-to-point [7:71074]
Alaerte, I can think of a couple ways to doing this. Be forewarned. Both are ugly. Method #1: Relocate the servers /30 subnet -- We'll say the server's IP address is 192.3.3.254/24. Create a secondary IP address on R2 for 192.3.3.252/30. R2's secondary address becomes 192.3.3.253/30, the server can stay 192.3.3.254/24. Make sure that R3 knows how to reach the 192.3.3.252/30 subnet (either static route or a classless routing protocol). How it works: Proxy ARP. Stations on VLAN 300 attempting to connect to the server will ARP for 192.3.3.254, for which R3 has a "better route", and will respond to the ARP with its own MAC. Traffic to 192.3.3.254 will be routed to R2. The reverse will happen when 192.3.3.254 attempts to respond to the client, it ARPs, R2 knows of a route and responds with its MAC, the packet is routed back. Other info: - I've assumed that the server address was 192.3.3.254, it could have been anything. The /30 subnet would change accordingly. - I've assumed that .252 and .253 were not already in use. If they were, connectivity to these stations would be broken. You can get around this problem by configuring (and redistributing) static routes for 192.3.3.252/32 and 192.3.3.253/32 pointed back towards Vlan 300 on R3. - L2 Broadcasts will not be available to/from the new server Method #2: Virtual router - This method has the unique property of being both cleaner (from a caveat perspective) and uglier at the same time. Imagine walking into this at a customer site -- how long would it take you to figure out what was going on? :) Once again we'll say the server's IP address is 192.3.3.254/24. Configure a static route on R3 as follows: ip route 192.168.3.254 255.255.255.255 (ip_of_R2) On R2, determine an IP address that isn't used for use as a virtual router. We'll say 192.168.2.254/24 isn't used. Create a static route on R2 to the server through the virtual router: ip route 192.168.3.254 255.255.255.255 192.168.2.254 The virtual gateway doesn't exist so pings to it will fail. Don't worry about that yet. Move the server to VLAN 200 without changing its IP address or mask. Determine the MAC address of the server. We'll say 0001.0002.0003. On R2, configure the MAC for the virtual router to be the server's IP: arp 192.168.2.254 0001.0002.0003 arpa You must perform similar steps on the server. We'll assume that its default gateway has not changed. We'll also assume that its default gateway was 192.3.3.1. Configure a static ARP entry for the default gateway that reflects R2's Ethernet MAC (0102.0304.0506): arp -s 172.30.16.254 01:02:03:04:05:06 Make sure that R3 knows how to reach the 192.3.3.254/32 subnet (either add a static route or redistribute on R2). How it works: Vlan 300 stations broadcast ARP, and R3 responds with its MAC (Proxy ARP). R3 forwards the packets to R2. R2 forwards the packets directly to the server (although it believes it is forwarding to another gateway). The server receives the packet because the MAC was correct, notices that it is the end station, and processes the packet. Traffic from the server to VLAN 300 is possible using Proxy ARP as describe in Method 1. Traffic to/from other VLANs (VLAN 100) will also work fine since the server forwards all of its "default gateway" traffic to the correct default gateway, R2. Other info: - I've assumed that the server address was 192.3.3.254, it could have been anything. - The only 192.3.3.0/24 address used on VLAN 200 (other than the servers IP) is the Ethernet IP address of R3. - L2 Broadcasts will not be available to/from the new server - Pings to the virtual router will fail (it /is/ virtual after all), even though the server will have full network connectivity. If you get around to actually doing either of these in the lab and run into trouble, let me know (the above was written from memory, and I may have missed a step or two). I originally came across these ideas after reading Doyle and configured them in the lab just to see if I could pull it off. Yep. :) You would be surprised with some of the crazy labs you can make for yourself when IP addresses don't need to be contiguous or need to match the local router! - Tom alaerte Vidali wrote: > Need to transport multiple Vlans over PoS. > > Any Thoughts? > > It is a short term need. It is necessary to move a server without changing > its IP address from Vlan 300 to Vlan 200 and a server from Vlan 100 to Vlan > 200. > > > Vlan 100 (192.1.1.0) R1 --- R2 (192.2.2.0) Vlan 200 >| | >| | > Vlan 300 (192.3.3.0) R3--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&
RE: Transporting Multiple Vlans over point-to-point [7:71074]
Any experience with EoMPLS? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71145&t=71074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Transporting Multiple Vlans over point-to-point [7:71074]
Need to transport multiple Vlans over PoS. Any Thoughts? It is a short term need. It is necessary to move a server without changing its IP address from Vlan 300 to Vlan 200 and a server from Vlan 100 to Vlan 200. Vlan 100 (192.1.1.0) R1 --- R2 (192.2.2.0) Vlan 200 | | | | Vlan 300 (192.3.3.0) R3--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71074&t=71074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple VLANs in a single switch port [7:69991]
Multiple-VLANs per port can be configured on certain models, but if you do multiple VLANs then you can't do dot1q or ISL trunks anywhere on the box. one or the other... thats the limitation. I wonder why cisco doesn't do protocol-based VLANs, etc like some other vendors. It's a sweet feature that rocks. --- Michael Montiverdi wrote: > Hi, > I believe it depends on the switch, like Marco said. > I have a Catalyst > 3548XL and I can setup multiple vlans on one port. > > Thanks, > Michael Montiverdi > > > > > -Original Message- > From: M.C. van den Bovenkamp > [mailto:[EMAIL PROTECTED] > Sent: Monday, June 02, 2003 9:15 AM > To: [EMAIL PROTECTED] > Subject: Re: Multiple VLANs in a single switch port > [7:69991] > > koh jef wrote: > > > is there any way/s to configure mulitple VLANs in > a single switch > port? > > Aside from ISL or 802.1Q trunking? The answer is 'it > depends'. Mostly on > > what switch you're using. > > Most switches can't do it, but some can; Cisco's > 2900 series can, for > instance. > > Regards, > > Marco. [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70042&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple VLANs in a single switch port [7:69991]
thanks guys, wat abt 4xxx, 5xxx, 6xxx series? well i m not talking abt trunking though... regards, jef Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70032&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple VLANs in a single switch port [7:69991]
Ofcourse you can only use the mswitchport mode multi if you dont have a trunk already... if you do you get the error Command rejected: One or more ports is already configured as a trunk port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70006&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple VLANs in a single switch port [7:69991]
Hi, I believe it depends on the switch, like Marco said. I have a Catalyst 3548XL and I can setup multiple vlans on one port. Thanks, Michael Montiverdi -Original Message- From: M.C. van den Bovenkamp [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 9:15 AM To: [EMAIL PROTECTED] Subject: Re: Multiple VLANs in a single switch port [7:69991] koh jef wrote: > is there any way/s to configure mulitple VLANs in a single switch port? Aside from ISL or 802.1Q trunking? The answer is 'it depends'. Mostly on what switch you're using. Most switches can't do it, but some can; Cisco's 2900 series can, for instance. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70002&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple VLANs in a single switch port [7:69991]
You don't say what type of switch so I'll assume a 2900/3500 switchport mode multi Dave koh jef wrote: > hi ppl, > > is there any way/s to configure mulitple VLANs in a single switch port? > > thanks!! > > regards, > > jef -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "Government can do something for the people only in proportion as it can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70003&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple VLANs in a single switch port [7:69991]
Sure there are! One is Multi Port and second, trunks. Search on CCO for details. Vikram -Original Message- From: koh jef [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 5:43 PM To: [EMAIL PROTECTED] Subject: Re: Multiple VLANs in a single switch port [7:69991] hi ppl, is there any way/s to configure mulitple VLANs in a single switch port? thanks!! regards, jef Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69998&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple VLANs in a single switch port [7:69991]
Put the port in trunk mode then multiple vlans can go in and out of the port. -Original Message- From: koh jef [mailto:[EMAIL PROTECTED] Sent: 02 June 2003 02:13 PM To: [EMAIL PROTECTED] Subject: Re: Multiple VLANs in a single switch port [7:69991] hi ppl, is there any way/s to configure mulitple VLANs in a single switch port? thanks!! regards, jef NOTICE - This message contains privileged and confidential information intended only for the use of the addressee named above. Any review, retransmission, dissemination, copying, disclosure or other use of, or taking of any action in reliance upon, this information by person or entities other than the intended recipient is prohibited. If you have received this message in error, please notify the sender by return email and delete this message. This message should not be copied or used for any purpose other than intended, nor should it be disclosed to any other person. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of Investec Group, its subsidiaries or associates. The Investec Group is not liable for the security of information sent by e-mail at your request, nor for the proper and complete transmission of the information contained in the communication nor for any delay in its receipt. Please note that the recipient must scan this e-mail and any attached files for viruses and the like. The Investec Group accepts no liability of whatever nature for any loss, liability, damage or expense resulting directly or indirectly from the access of any files which are attached to this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple VLANs in a single switch port [7:69991]
koh jef wrote: > is there any way/s to configure mulitple VLANs in a single switch port? Aside from ISL or 802.1Q trunking? The answer is 'it depends'. Mostly on what switch you're using. Most switches can't do it, but some can; Cisco's 2900 series can, for instance. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69997&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple VLANs in a single switch port [7:69991]
hi ppl, is there any way/s to configure mulitple VLANs in a single switch port? thanks!! regards, jef Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69991&t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [CISCO] RE: VLANs & AD [7:69873]
URT is supposed to allow mapping of vlan's to a swithcport based on user (I've never used though). http://www.cisco.com/en/US/products/sw/secursw/ps2136/index.html At a recent cisco event one of the cisco se's mentioned that Cisco may be URT with 802.1x once all the kinks are worked out so I wouldn't be surprised if URT goes EOS soon. On Mon, Jun 02, 2003 at 01:15:14AM +, - jvd wrote: > Joseph, > > I may be wrong, but I think dynamic VLANS can only by assigned according to > the MAC address (I can't believe Cisco doesn't make dynamic VLAN assignment > also based on the IP, port, etc. !!??) In any case the feature you need to > use is VMPS (VLAN membership policy server). > http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html#12998 > > Please post again if you find contrary information, because I would like to > learn more on this... > > Regards, -- Patrick Aland [EMAIL PROTECTED] Network Administrator Voice: 386.822.7217 Stetson University Fax: 386.822.7367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69989&t=69873 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLANs & AD [7:69873]
Joseph, I may be wrong, but I think dynamic VLANS can only by assigned according to the MAC address (I can't believe Cisco doesn't make dynamic VLAN assignment also based on the IP, port, etc. !!??) In any case the feature you need to use is VMPS (VLAN membership policy server). http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html#12998 Please post again if you find contrary information, because I would like to learn more on this... Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69968&t=69873 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLANs & AD [7:69873]
Pardon if this has been asked before ... Is there a way to assign ports in a dynamic vlan based on a directory service ... in particular AD? TIA> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69873&t=69873 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem with 350 Bridges and VLANS [7:66587]
S! ALL! Anyone have any experience passing 802.1q tagged packets over 350 bridges? Here is my sad sad story... glossary: trunk = "switchport mode trunk" with ALL VLANS allowed. 802.1q encapsulation. I run a single DS1 into an office park. There I have a 2620 terminating the DS1 and using FE subinterfaces trunked to a 2950. This 2950 then has a trunk to the root 350 Bridge. Then from there we link to other Bridges (currently 6 others in hub-spoke) in other buildings. Each building has a 350 bridge trunked to a 2950. Clients then have Cat5 run to thier office CPE, usually a firewall. Each client has thier own unique VLAN. There may be more than 1 client per building (in fact, the most populous building currently has 4 clients, and there are over 15 in all). Like so: DS1---2620--[trunk]--2950--[trunk]--ROOT 350Br350Br--[trunk]--2950---CPE So this is a hub and spoke with one "ring" around the hub. As long as we stay at this one "ring" level things are just fine. BUT if I do this: DS1---2620---2950---ROOT 350Br---350Br---350Br---2950---CPE A client signed on with us last summer in a building that had no line of sight to the root bridge's omidirectional antennae. So we tried to link them to the root by passing them through an existing bridge, thus creating a second "ring" tier. We tried it both using an existing bridge (that serviced a building through a 2950 etc) and a dedicated bridge we mounted just for this purpose. The result? SEGV whenever anything was plugged into the switch at "ring" level 2 (far end away from the root site). As soon as the interface in the client VLAN came up...POW...SEGV. The router would crash with a SEGV error. It would reboot and immediately crash again...and again...ad infinitum The output was run through Cisco's output interpreter...sent to TAC along with all configs...nada. Note that "VLAN1" was able to traverse the network just fine. I could console (or plug into a port not assigned to any VLAN, ergo, in VLAN 1 and use telnet) into the switch at ring-level 2 and go (telnet) to any other switch in the office park. Once anything went across in an 802.1q tagged frame though, indeed as soon as an interface in the far switch NOT in VLAN1 came up, the router crashed. Notes of interest: 2620 was using 12.2.5d originally. I could get it to NOT crash if I went to 12.1.17 BUT no traffic would cross to the far switch AND the router and its local switch would not talk on VLAN 1. Unacceptable. All switches were VTP clients except the root, which is in server mode. All VLANS showed up on all switches including the far switch. I set the MTU to a low value, to no effect, thinking maybe the 802.1q tags (4 extra bytes) could be an issue. Nada. No VLAN capability was configured on the 350 bridges. The far 350 cannot communicate with the root 350 so it is not looping anything. Spanning-tree was turned off on ALL switches in the park to no effect. All associations seemed proper, i.e. far-to-middle, middle-to-root. All "parent" listings seemed proper. Bridge "IOS" was everything from 11.23 up (we tried em all in matched sets, i.e. all 11.23 or all 12.0 etc). The only interfaces assigned to the VLAN in question were the FE subinterface on the 2620 and a single port on the far switch. No other switches had any ports in this VLAN (trunk ports excepted, of course). All radio links are at 60% level or greater and are supporting a full 11Mbps. A port on the "middle" switch was configured to be in the same VLAN as the client and it could NOT talk to the client. The middle bridge has an omnidirectional antennae, so the "one at a time" rule does not apply...or does it? Still, we did use a separate dedicated bridge as the middle of the chain to no avail. TAC swears that this should work because the 350 bridge is functionally a hub. GIGO rules apply. It is unaware, nor does it care about the VLAN tagging or anything else. It should just relay anything and everything. Anyone got any suggestions? I'm open :) Oh yeah...I "fixed" it by placing the far 350 at the other end of the building where it could get LOS to the root...once the leaves fell off the trees on the intervening ridge. Spring is coming though and with it, certain loss of signal. Short of a "chainsaw-in-the-night" approach, it seems a DS1 to the client is my only answer. S! (Salute!) Brian Carroll CCNP, CCSE, MCSE, CCA Director of Professional Services Air Net Link LLC. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.408 / Virus Database: 233 - Release Date: 11/8/02 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66587&t=66587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Large number of VLANS [7:65815]
You should use the port protected feature on the switches instead of separate vlans. This let's you use a single vlan or whatever needed, but does not allow a port within a vlan to talk to another port in the vlan. You can also implement this for meeting rooms on the cisco wireless products but it is not in the menu system, if you are doing this I can send you the "top secret" commands. With this enabled wireless clients cannot see or share files with other wireless clients, works well for public wireless areas. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 3:46 AM To: [EMAIL PROTECTED] Subject: Large number of VLANS [7:65815] Hi One question If I have the need to use many VLANS, let4s say around 400, can could I use a 3550 switch that supports 1005 vlans as the core, and then 2950 switches in the wiring closets, but they dont support more than 250 vlans, i.e. can I use the 3550 with all the vlans, and the just trunk for example vlans 100-50 to switch 1, 151-200 to switch 2, and so one, and would be possible to implement that with VTP ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65968&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Large number of VLANS [7:65815]
Have you tried BBSM, it much easier than that to use and it's compatible with all popular billing systems. I did many installs of it as a Cisco SE -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 4:21 PM To: [EMAIL PROTECTED] Subject: Re: Large number of VLANS [7:65815] I have goten it to work in a lab enviroment, i.e. with out using VTP, just using VTP transperant mode and manualy configuring the vlans on all the switchs. Even though I use the "switchport trunk allowed vlan" command to limmit vlans on the trunk links, VTP still send the whole list through, and the 2950 switch goes to transparent mode as soon as the vlans go over the 254 it can handle. I am going to be using this at a Hotel, that is using a system called the Universal subscriber gateway from a company called Nomadix, it4s similar to cisco4s BBSM In this case we are using VLAN per room, to make the billing easyer, for example. if you are using VLAN 202 you are in room 202, so the billing system can send the bill to the correct room, for internet usage. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65889&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Large number of VLANS [7:65815]
I have goten it to work in a lab enviroment, i.e. with out using VTP, just using VTP transperant mode and manualy configuring the vlans on all the switchs. Even though I use the "switchport trunk allowed vlan" command to limmit vlans on the trunk links, VTP still send the whole list through, and the 2950 switch goes to transparent mode as soon as the vlans go over the 254 it can handle. I am going to be using this at a Hotel, that is using a system called the Universal subscriber gateway from a company called Nomadix, it´s similar to cisco´s BBSM In this case we are using VLAN per room, to make the billing easyer, for example. if you are using VLAN 202 you are in room 202, so the billing system can send the bill to the correct room, for internet usage. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65879&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Large number of VLANS [7:65815]
""Skarphedinsson Arni V."" wrote in message news:[EMAIL PROTECTED] > I was testing this in my lab, and could not get VTP to work with this setup, > as soon as I went over 254 vlans the Cat2950 gave me this message > > 00:17:11: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from > CLIENT to TRANSPARENT. > 00:17:11: VTP LOG RUNTIME: VTP mode changed to Transparent > > so it looks like I cant use VTP with this one, but I gues it will work if I > dont use VTP and just configure the vlans myself on the switches. You could if you planned it well. Just limit which VLANs are allowed over your trunks. May I ask? Why do you need so many VLANs? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65848&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Large number of VLANS [7:65815]
""Skarphedinsson Arni V."" wrote in message news:[EMAIL PROTECTED] > Hi > > One question > > If I have the need to use many VLANS, let4s say around 400, can could I use > a 3550 switch that supports 1005 vlans as the core, and then 2950 switches > in the wiring closets, but they dont support more than 250 vlans, i.e. can I > use the 3550 with all the vlans, and the just trunk for example vlans 100-50 > to switch 1, 151-200 to switch 2, and so one, and would be possible to > implement that with VTP ? With careful planning, why not? OTOH, with such a large number of vlans required, can you justify at least 3550's everywhere? Good, cheap, fast - you can only have 2. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65841&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Large number of VLANS [7:65815]
I was testing this in my lab, and could not get VTP to work with this setup, as soon as I went over 254 vlans the Cat2950 gave me this message 00:17:11: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from CLIENT to TRANSPARENT. 00:17:11: VTP LOG RUNTIME: VTP mode changed to Transparent so it looks like I cant use VTP with this one, but I gues it will work if I dont use VTP and just configure the vlans myself on the switches. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65833&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Large number of VLANS [7:65815]
Uau, good question. I can´t reproduce that in a lab. What will happen when the 3550 advertises 251 Vlans. Maybe the 2950 will implement just the first 250 Vlans. Hope somebody helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65827&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Large number of VLANS [7:65815]
Hi One question If I have the need to use many VLANS, let´s say around 400, can could I use a 3550 switch that supports 1005 vlans as the core, and then 2950 switches in the wiring closets, but they dont support more than 250 vlans, i.e. can I use the 3550 with all the vlans, and the just trunk for example vlans 100-50 to switch 1, 151-200 to switch 2, and so one, and would be possible to implement that with VTP ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65815&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: "Extra" IP addresses for VLANs? [7:64570]
""Troy Leliard"" wrote in message news:[EMAIL PROTECTED] > Could be that you have directed broadcast enabled. I checked after I got your post: No, directed broadcast is disabled. Thanks, Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64805&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "Extra" IP addresses for VLANs? [7:64570]
Tried sending this through the news server, but it didn't like it... trying again... > this might seem like a dumb question, but are there vlans or even hosts with > the paticular address? If you mean, "Do the VLANs actually have those addresses assigned to them?" and/or "Are there any other hosts on the network that have those addresses?", then the answer is "definitely not". > in a subnet with a prefix shorter than /24, the 0 or the 255 might be a > legitimate host address. The subnets in question have 24 bit masks, so that's out as well. If there is any other specific info I can give, let me know, but so far it seems to be a bug and I'm thinking I may have to open a TAC case on Monday. Thank you very much! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64797&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "Extra" IP addresses for VLANs? [7:64570]
Could be that you have directed broadcast enabled. The Long and Winding Road wrote: > > ""Mossburg, Geoff (MAN-Corporate)"" > wrote in > message news:[EMAIL PROTECTED] > > I'm full of questions tonight... > > My company's Catalyst 6509's MSFC has VLANs configured with > IP addresses > in > > the x.x.x.1 format, but I've noticed that I can telnet to the > MSFC by > > substituting x.x.x.0 or x.x.x.255 for any of the VLAN > addresses. Is this > > normal??? It seems to me like it may be a security risk, but > I really > don't > > know enough about VLANs to be sure. Any ideas? > > > this might seem like a dumb question, but are there vlans or > even hosts with > the paticular address? > > in a subnet with a prefix shorter than /24, the 0 or the 255 > might be a > legitimate host address. > > could be a bug too, but I'd want to know the prefix length and > more detail. > > > > > Geoff Mossburg > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64616&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "Extra" IP addresses for VLANs? [7:64570]
>I'm full of questions tonight... >My company's Catalyst 6509's MSFC has VLANs configured with IP addresses in >the x.x.x.1 format, but I've noticed that I can telnet to the MSFC by >substituting x.x.x.0 or x.x.x.255 for any of the VLAN addresses. Is this >normal??? It seems to me like it may be a security risk, but I really don't >know enough about VLANs to be sure. Any ideas? >Geoff Mossburg That's very bizarre behavior! I just tried it on our 6513 with SUP2/MSFC2 running 12.1(11b)E3 and I couldn't recreate what you're seeing. If you continue to see this behavior and you don't determine the cause I'd open a case with Cisco. I'd think that would be a bug they'd want to fix. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64669&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Many Vlans [7:64569]
Just a side note . .you can't use pvlans on vlan 1 (management vlan). I have gone to a number of customer sites, where often they have just used vlan 1 to put some of their servers on, and thus run into these sort of comlications later! Ken Diliberto wrote: > > This sounds like a job for private VLANs. According to the > documentation, private VLANs can restrict traffic between > machines on > the same VLAN, as long as they are in different ports. > > Ken > > > > DISCLAIMER: Book knowledge only. Still preparing to try it in > the > real world. > > > >>> "Ron" 03/05/03 08:25PM >>> > I have need to put public access machines on the same pipe as my > private > network. I also have need for each of the public machines not > to talk > to > each other. Is there a way to keep all ports connected to > public > machines > from talking to each other except for one port connected to a > printer > and > one port connected to a router going to the Internet? Maybe all > separate > Vlans? All of my private machines can talk to each other, but > not the > public machines, and will be going over the same Internet > pipe. I > will > probably be using Cisco 3550-48-EMI switches. Can anyone get > me an > easy way > to do this one? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64623&t=64569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Many Vlans [7:64569]
This sounds like a job for private VLANs. According to the documentation, private VLANs can restrict traffic between machines on the same VLAN, as long as they are in different ports. Ken DISCLAIMER: Book knowledge only. Still preparing to try it in the real world. >>> "Ron" 03/05/03 08:25PM >>> I have need to put public access machines on the same pipe as my private network. I also have need for each of the public machines not to talk to each other. Is there a way to keep all ports connected to public machines from talking to each other except for one port connected to a printer and one port connected to a router going to the Internet? Maybe all separate Vlans? All of my private machines can talk to each other, but not the public machines, and will be going over the same Internet pipe. I will probably be using Cisco 3550-48-EMI switches. Can anyone get me an easy way to do this one? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64621&t=64569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Many Vlans [7:64569]
""Ron"" wrote in message news:[EMAIL PROTECTED] > I have need to put public access machines on the same pipe as my private > network. I also have need for each of the public machines not to talk to > each other. Is there a way to keep all ports connected to public machines > from talking to each other except for one port connected to a printer and > one port connected to a router going to the Internet? Maybe all separate > Vlans? All of my private machines can talk to each other, but not the > public machines, and will be going over the same Internet pipe. I will > probably be using Cisco 3550-48-EMI switches. Can anyone get me an easy way > to do this one? I knew I recalled reading something like this the other day. Check out the "protected ports" feature and see if this is what you are looking for: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/s wtrafc.htm#xtocid6 watch the wrap Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64614&t=64569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "Extra" IP addresses for VLANs? [7:64570]
""Mossburg, Geoff (MAN-Corporate)"" wrote in message news:[EMAIL PROTECTED] > I'm full of questions tonight... > My company's Catalyst 6509's MSFC has VLANs configured with IP addresses in > the x.x.x.1 format, but I've noticed that I can telnet to the MSFC by > substituting x.x.x.0 or x.x.x.255 for any of the VLAN addresses. Is this > normal??? It seems to me like it may be a security risk, but I really don't > know enough about VLANs to be sure. Any ideas? this might seem like a dumb question, but are there vlans or even hosts with the paticular address? in a subnet with a prefix shorter than /24, the 0 or the 255 might be a legitimate host address. could be a bug too, but I'd want to know the prefix length and more detail. > Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64612&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Many Vlans [7:64569]
Look into using Private VLANs. Here is a page about it (watch for wrap): http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_18a/config/pvlans.htm Here is a Private VLAN compatibility matrix: http://www.cisco.com/warp/public/473/63.html HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64606&t=64569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Many Vlans [7:64569]
I have need to put public access machines on the same pipe as my private network. I also have need for each of the public machines not to talk to each other. Is there a way to keep all ports connected to public machines from talking to each other except for one port connected to a printer and one port connected to a router going to the Internet? Maybe all separate Vlans? All of my private machines can talk to each other, but not the public machines, and will be going over the same Internet pipe. I will probably be using Cisco 3550-48-EMI switches. Can anyone get me an easy way to do this one? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64569&t=64569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
"Extra" IP addresses for VLANs? [7:64570]
I'm full of questions tonight... My company's Catalyst 6509's MSFC has VLANs configured with IP addresses in the x.x.x.1 format, but I've noticed that I can telnet to the MSFC by substituting x.x.x.0 or x.x.x.255 for any of the VLAN addresses. Is this normal??? It seems to me like it may be a security risk, but I really don't know enough about VLANs to be sure. Any ideas? Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64570&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
J. Johnson wrote: > > Grr. My previous email was cut off. The upshot is that the > switch does not > have a default route (it's a switch, after all, not a router) > so it cannot > respond to the icmp request. Is it possible to set a default > router for > the interface (in this case, vlan 7) that has the IP address > assigned to > it? You can give most switches a default gateway (router) and also do static routing. I think the command is "set ip route" on a set-based switch. I'm not sure if that would fix your problem, but it might. Also check the 2900 documentation here: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/index.htm Also feel free to repost questions in a new thread. For folks that do this over the Web, they aren't likely to click through to a thread this old. Of course, telling the whole story might be difficult again, so you might want to ask very specific questions. But then again, people assume you're a newbie sometimes if you do that, so be careful with the wording. Well, I'll keep clicking through anyway. I really want you to solve the problem! It's an interesting one! Priscilla > > > J. Johnson wrote: > > > Priscilla Oppenheimer wrote: > > > >> > >> You gotta get it to stop doing that! ;-) Seriously, why > doesn't the Linux > >> router-on-a-stick know that the destination is local, on > VLAN 7? > >> Shouldn't it know not to send this packet to another router? > It should > >> just ARP for the destination and send the packet, perhaps > tagged for VLAN > >> 7. > > > > I've tried it both ways, with the address in the linux > router's table, and > > with it redirecting to the 3600. I'll put 10.0.0.6 back in > the linux > > router's table and sniff ... Yep, it behaves similarly (but > with the extra > > routing hop to the 3600 removed.) Now, the icmp request goes > from the box > > on oreilly.net up vlan5 through the 2950 switch to the linux > router, back > > out vlan7 to the switch, and the switch does an arp request > out vlan 7 for > > the originating box. Vlan 7 doesn't include oreilly.net, so > the arp > > request goes unanswered. > > > > > > > >> VLAN 7! ;-) Of course, it is in fact seeing that IP address > coming in on > >> VLAN 7, so maybe it assumes that's where the address is > really located > >> and ARPs to there. The source IP address has been remaining > the same > >> throughout all this, though the MAC addresses have been > changing. It sees > >> the source IP address for oreilly come in on VLAN 7. Could > that be > >> confusing it? I don't think it should, but it might. > > > > Thank you - of course the switch is > > confused. Think of how ping usually works: > > > > BOX A --- ROUTER B --- ... --- ROUTER Y --- BOX Z > > > > A pings Z, but since it doesn't know Z's MAC address it sends > the request > > to > > a router, which is B. A knows how to do this because it has > a routing > > table, or it knows a default router. B and all intervening > routers do the > > same until the packet gets to Y. Now Y has to do the same to > get the > > response back to A. ---> However, if Z doesn't know where A > is, it also > > has to send the response to a router. > > > > James > > Nondisclosure violations to [EMAIL PROTECTED] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64373&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
Grr. My previous email was cut off. The upshot is that the switch does not have a default route (it's a switch, after all, not a router) so it cannot respond to the icmp request. Is it possible to set a default router for the interface (in this case, vlan 7) that has the IP address assigned to it? J. Johnson wrote: > Priscilla Oppenheimer wrote: > >> >> You gotta get it to stop doing that! ;-) Seriously, why doesn't the Linux >> router-on-a-stick know that the destination is local, on VLAN 7? >> Shouldn't it know not to send this packet to another router? It should >> just ARP for the destination and send the packet, perhaps tagged for VLAN >> 7. > > I've tried it both ways, with the address in the linux router's table, and > with it redirecting to the 3600. I'll put 10.0.0.6 back in the linux > router's table and sniff ... Yep, it behaves similarly (but with the extra > routing hop to the 3600 removed.) Now, the icmp request goes from the box > on oreilly.net up vlan5 through the 2950 switch to the linux router, back > out vlan7 to the switch, and the switch does an arp request out vlan 7 for > the originating box. Vlan 7 doesn't include oreilly.net, so the arp > request goes unanswered. > > > >> VLAN 7! ;-) Of course, it is in fact seeing that IP address coming in on >> VLAN 7, so maybe it assumes that's where the address is really located >> and ARPs to there. The source IP address has been remaining the same >> throughout all this, though the MAC addresses have been changing. It sees >> the source IP address for oreilly come in on VLAN 7. Could that be >> confusing it? I don't think it should, but it might. > > Thank you - of course the switch is > confused. Think of how ping usually works: > > BOX A --- ROUTER B --- ... --- ROUTER Y --- BOX Z > > A pings Z, but since it doesn't know Z's MAC address it sends the request > to > a router, which is B. A knows how to do this because it has a routing > table, or it knows a default router. B and all intervening routers do the > same until the packet gets to Y. Now Y has to do the same to get the > response back to A. ---> However, if Z doesn't know where A is, it also > has to send the response to a router. > > James > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64282&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
Priscilla Oppenheimer wrote: > > You gotta get it to stop doing that! ;-) Seriously, why doesn't the Linux > router-on-a-stick know that the destination is local, on VLAN 7? Shouldn't > it know not to send this packet to another router? It should just ARP for > the destination and send the packet, perhaps tagged for VLAN 7. I've tried it both ways, with the address in the linux router's table, and with it redirecting to the 3600. I'll put 10.0.0.6 back in the linux router's table and sniff ... Yep, it behaves similarly (but with the extra routing hop to the 3600 removed.) Now, the icmp request goes from the box on oreilly.net up vlan5 through the 2950 switch to the linux router, back out vlan7 to the switch, and the switch does an arp request out vlan 7 for the originating box. Vlan 7 doesn't include oreilly.net, so the arp request goes unanswered. > VLAN 7! ;-) Of course, it is in fact seeing that IP address coming in on > VLAN 7, so maybe it assumes that's where the address is really located and > ARPs to there. The source IP address has been remaining the same > throughout all this, though the MAC addresses have been changing. It sees > the source IP address for oreilly come in on VLAN 7. Could that be > confusing it? I don't think it should, but it might. Thank you - of course the switch is confused. Think of how ping usually works: BOX A --- ROUTER B --- ... --- ROUTER Y --- BOX Z A pings Z, but since it doesn't know Z's MAC address it sends the request to a router, which is B. A knows how to do this because it has a routing table, or it knows a default router. B and all intervening routers do the same until the packet gets to Y. Now Y has to do the same to get the response back to A. ---> However, if Z doesn't know where A is, it also has to send the response to a router. James Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64265&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
J. Johnson wrote: > > J. Johnson wrote: > > > > It looks like the switch is not forwarding the > > packets to the router for some reason, even though it does > forward packets > > for other 10.0.0.X addresses. > > > What I wrote above is not correct. (I was sniffing an unused > port on the > switch which I thought was properly set up to mirror the other > ports. > Somehow it was set up incorrectly. Apologies for the error.) > The icmp > echo request packets get to the linux router on the trunk via > vlan 5, and > back out to the switch on the trunk on vlan 7. They then go > from the > switch to the 3600 router, and back out to the switch. > > All this is as it should be - packets go from oreilly.net to > the default > router, the linux router, which then forwards them to its > default router, > the 3600, which routes them according to its table. You gotta get it to stop doing that! ;-) Seriously, why doesn't the Linux router-on-a-stick know that the destination is local, on VLAN 7? Shouldn't it know not to send this packet to another router? It should just ARP for the destination and send the packet, perhaps tagged for VLAN 7. > The 3600's > table says > that 10.0.0.6 is directly connected to the same port that the > packet > arrived on, so it returns the packet to the switch. > > Now the packet stalls. My guess is that this packet didn't stall. The ping (echo request) made it to its destination, the switch. > The switch sends out an arp request I bet that's so it can send the ping reply. > onto vlan 7 for VLAN 7! ;-) Of course, it is in fact seeing that IP address coming in on VLAN 7, so maybe it assumes that's where the address is really located and ARPs to there. The source IP address has been remaining the same throughout all this, though the MAC addresses have been changing. It sees the source IP address for oreilly come in on VLAN 7. Could that be confusing it? I don't think it should, but it might. > the MAC of the box on oreilly.net that originally sent out the > packet. Of > course, there is no reply, since oreilly.net is on vlan 5. > > The only way I see to fix this is to enable proxy arp (is that > the cisco > terminology too?) on one of the routers. Cisco has proxy ARP, but it's on by default. You should see if "no ip proxy-arp" is in the config of the 3600. I'm having a hard time seeing how Proxy ARP would help anyway. It would get even more convoluted then! :-) But perhaps you have this figured out. > Is there a better way > to handle > this? Redesign? Seriously, couldn't your inter-VLAN router be the 3600 instead of the Linux box? That might not fix the problem though. I guess we haven't yet asked you the obvious question. Can you send us the config for your 2950? Can't guarantee anyone will have time to look at it though. But I have a nagging suspicion at this point that it's the culprit. Sorry I don't have a better answer! Priscilla > > James > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64038&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
J. Johnson wrote: > It looks like the switch is not forwarding the > packets to the router for some reason, even though it does forward packets > for other 10.0.0.X addresses. What I wrote above is not correct. (I was sniffing an unused port on the switch which I thought was properly set up to mirror the other ports. Somehow it was set up incorrectly. Apologies for the error.) The icmp echo request packets get to the linux router on the trunk via vlan 5, and back out to the switch on the trunk on vlan 7. They then go from the switch to the 3600 router, and back out to the switch. All this is as it should be - packets go from oreilly.net to the default router, the linux router, which then forwards them to its default router, the 3600, which routes them according to its table. The 3600's table says that 10.0.0.6 is directly connected to the same port that the packet arrived on, so it returns the packet to the switch. Now the packet stalls. The switch sends out an arp request onto vlan 7 for the MAC of the box on oreilly.net that originally sent out the packet. Of course, there is no reply, since oreilly.net is on vlan 5. The only way I see to fix this is to enable proxy arp (is that the cisco terminology too?) on one of the routers. Is there a better way to handle this? James Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64021&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
Priscilla Oppenheimer wrote: > The picture got a bit munged. I think I understand it, though. The > router-on-a stick is the Linux box and it's supposed to be on the right > side of the drawing? What do you mean by ix86? It's not a 486 machine is > it? Ugh. > :-) Sorry for the wraparound problem - yes, you understand the configuration correctly. The router-on-a-stick is an Intel 686 running Linux. The four local networks are oreilly, colophon, zoo, and safari. safari is connected into a 3600 with a loopback address of 10.0.0.5, which in turn goes out to the rest of the network. The 3600's interface has an address on safari.net. The rest of your questions are answered below, inline. I don't think it's the fault of the linux box, though. Note that pings make it to the wire between oreilly.net and the switch, but not onto the trunk wire. That was a good suggestion to recheck the MAC address of the ping packets. The MAC destination addresses on the oreilly.net packets are the MAC of the linux router, as expected. It looks like the switch is not forwarding the packets to the router for some reason, even though it does forward packets for other 10.0.0.X addresses. Something I don't understand in IOS is the role of secondary IP addresses on a switch. In looking into this problem, I've set several, but they don't appear to have any effect, and I can't even do a "show ip interface secondary" kind of command to find out what the secondary addresses are now. I wouldn't think that a secondary IP address should have an effect on whether the switch forwards packets to the router, though. > >> >> |--| |--| >> | oreilly.net |--|vlan5 | >> |--| | | >> | | >> |--| | | >> | colophon.net |--|vlan6s| >> |--| | 2 w| 802.1Q| one >> interface >> | 9 i|| >> "router-on-a-stick" >> |--| | 5 t| vlan5-8 | ix86 >> running linux >> | zoo.net |--|vlan8 0 c| >> |--| | h| >> | | >> |--| | | >> | safari.net |--|vlan7 | >> |--| |--| >>| >> - >> 3600 router >> loopback address >>10.0.0.5 >> - >> | | | >> big >> network >> cloud >> > > What is the MAC destination address in these pings from the oreilly.net > box? The sniffer on the vlan 5 wire shows the destination MAC is the MAC of the linux router interface, as it should be. > What is the box on oreilly.net using for its default gateway? It > sounds like it should be using the Linux router-on-a-stick. Maybe it's > not? Yes, it is properly set up. The default gateway for the oreilly.net box is the linux router. The default gateway for the linux router is the safari.net interface address of the 3600. Other packets route properly. > I hate to say it, but to debug the problem we would have to see the config > of the Linus router-on-a-stick too. You say it's doing 802.1Q? I didn't > know it could do that. :-) Recent kernels have 802.1Q built in. As noted below, ethernet drivers may need to be patched to handle large packets. > Are you sure it's a stable and standard > implementation? The kernel proper is probably pretty solid. The ethernet card driver had to be patched, though, so that it could handle large vlan packets. The unpatched driver would drop packets larger than the MTU size, before the kernel's 802.1Q code could strip off the vlan tag. With the patch, the router appears to be handling trunked packets properly. > Does it have subinterfaces like a "real" router would have > and an address on all the subnets? Yes. Each subinterface is designated eth0.N where N is the vlan number. Each eth0.N has a unique address in the local network address space of the vlan'd local network. If you speak Linux (or for you lurkers who do) note that eth0.N is not the same as the notation for an aliased network, which would be eth0:N. > Is the Linux box running a firewall that could be blocking traffic? No. Neither iptables nor ipchains is running on this box. > Does the Linux box have some troubleshooting tools you could use to see > what traffic it's handling?? The sniffer tcpdump is all I'm using. Are there other tools besides a sniffer that would be good to have? >> but another sniffer sees nothing on the >> 802.1Q trunk >> wire and, of course, the ping is not successful. On the other >> hand, when a >> box on oreilly.net pings 10.0.0.5, it does so successfully. >> Wierd. > > Is that its own subnet, though? That you might expect to work. 10.0.0.0/24 is unique in this network to the routers and switches, and is used for administration. The local networks don't know about 10
RE: 2950 telnet access is lost after vlans [7:63789]
J. Johnson wrote: > > Ugh. I was hoping there would be something obvious. I already > have what > you suggest - a "router on a stick" configuration with the > vlans combined > in an 802.1Q trunk to the router. Here's a picture: The picture got a bit munged. I think I understand it, though. The router-on-a stick is the Linux box and it's supposed to be on the right side of the drawing? What do you mean by ix86? It's not a 486 machine is it? Ugh. :-) > > |--| |--| > | oreilly.net |--|vlan5 | > |--| | | > | | > |--| | | > | colophon.net |--|vlan6s| > |--| | 2 w| 802.1Q| one > interface > | 9 i|| > "router-on-a-stick" > |--| | 5 t| vlan5-8 | ix86 > running linux > | zoo.net |--|vlan8 0 c| > |--| | h| > | | > |--| | | > | safari.net |--|vlan7 | > |--| |--| >| > - > 3600 router > loopback address >10.0.0.5 > - > | | | > big > network > cloud > > I would like to be able to telnet from any of the networks to > maintain the > switch, but can't. 10.0.0.6 is the address of the switch, and > it is > currently assigned to vlan 7. The 3600 router has 10.0.0.6 in > its routing > table as a directly connected address. The linux router has > the four local > networks in its routing table, with the 3600 router as the > default router. > The linux "router-on-a-stick" can ping 10.0.0.6, presumably > because it > sends the packet to its default router, the 3600, which then > routes the > packet back to the switch. The 3600 can also ping 10.0.0.6, as > expected. > However, when a box on oreilly.net pings 10.0.0.6, a sniffer > sees the ping > on the vlan5 line, What is the MAC destination address in these pings from the oreilly.net box? What is the box on oreilly.net using for its default gateway? It sounds like it should be using the Linux router-on-a-stick. Maybe it's not? I hate to say it, but to debug the problem we would have to see the config of the Linus router-on-a-stick too. You say it's doing 802.1Q? I didn't know it could do that. :-) Are you sure it's a stable and standard implementation? Does it have subinterfaces like a "real" router would have and an address on all the subnets? Is the Linux box running a firewall that could be blocking traffic? Does the Linux box have some troubleshooting tools you could use to see what traffic it's handling?? > but another sniffer sees nothing on the > 802.1Q trunk > wire and, of course, the ping is not successful. On the other > hand, when a > box on oreilly.net pings 10.0.0.5, it does so successfully. > Wierd. Is that its own subnet, though? That you might expect to work. Well, good luck with the puzzle. Let us know what else you find out. Thanks. Priscilla > > I've also tried putting 10.0.0.6 in the linux router's table, > with no > apparent change in behavior. Presumably, the linux router > sends packets > directly to the switch instead of making one hop through the > 3600, but > pings still don't get from oreilly.net to the switch. > > Anyone know why the switch isn't forwarding 10.0.0.6 packets to > the linux > router? > > DeVoe, Charles (PKI wrote: > > > You will need routing between the VLANs. If this is done via > the uplink > > you > > will also need to do some trunking. Hope this helps. > > > > -Original Message- > > From: J. Johnson [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 25, 2003 5:06 PM > > To: [EMAIL PROTECTED] > > Subject: 2950 telnet access is lost after vlans [7:63789] > > > > > > I've lost some telnet access to my 2950 after implementing > vlans. > > > > Before - Address 10.0.0.6 was available on vlan 1, which was > the default > > vlan for all ports. telnet was possible into the switch from > machines > > connected to any port. > > > > After - Created several vlans (5, 6, 7, and 8) and split the > ports among > > them. Now when I do: > >switch(config)#interface vlan 5 > >switch(config-if)#ip address 10.0.0.6 255.255.255.0 > >switch(config-if)#no shutdown > > the vlan interface that was previously up shuts down and only > boxes > > connected to
RE: 2950 telnet access is lost after vlans [7:63789]
Ugh. I was hoping there would be something obvious. I already have what you suggest - a "router on a stick" configuration with the vlans combined in an 802.1Q trunk to the router. Here's a picture: |--| |--| | oreilly.net |--|vlan5 | |--| | | | | |--| | | | colophon.net |--|vlan6s| |--| | 2 w| 802.1Q| one interface | 9 i|| "router-on-a-stick" |--| | 5 t| vlan5-8 | ix86 running linux | zoo.net |--|vlan8 0 c| |--| | h| | | |--| | | | safari.net |--|vlan7 | |--| |--| | - 3600 router loopback address 10.0.0.5 - | | | big network cloud I would like to be able to telnet from any of the networks to maintain the switch, but can't. 10.0.0.6 is the address of the switch, and it is currently assigned to vlan 7. The 3600 router has 10.0.0.6 in its routing table as a directly connected address. The linux router has the four local networks in its routing table, with the 3600 router as the default router. The linux "router-on-a-stick" can ping 10.0.0.6, presumably because it sends the packet to its default router, the 3600, which then routes the packet back to the switch. The 3600 can also ping 10.0.0.6, as expected. However, when a box on oreilly.net pings 10.0.0.6, a sniffer sees the ping on the vlan5 line, but another sniffer sees nothing on the 802.1Q trunk wire and, of course, the ping is not successful. On the other hand, when a box on oreilly.net pings 10.0.0.5, it does so successfully. Wierd. I've also tried putting 10.0.0.6 in the linux router's table, with no apparent change in behavior. Presumably, the linux router sends packets directly to the switch instead of making one hop through the 3600, but pings still don't get from oreilly.net to the switch. Anyone know why the switch isn't forwarding 10.0.0.6 packets to the linux router? DeVoe, Charles (PKI wrote: > You will need routing between the VLANs. If this is done via the uplink > you > will also need to do some trunking. Hope this helps. > > -Original Message- > From: J. Johnson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 25, 2003 5:06 PM > To: [EMAIL PROTECTED] > Subject: 2950 telnet access is lost after vlans [7:63789] > > > I've lost some telnet access to my 2950 after implementing vlans. > > Before - Address 10.0.0.6 was available on vlan 1, which was the default > vlan for all ports. telnet was possible into the switch from machines > connected to any port. > > After - Created several vlans (5, 6, 7, and 8) and split the ports among > them. Now when I do: >switch(config)#interface vlan 5 >switch(config-if)#ip address 10.0.0.6 255.255.255.0 >switch(config-if)#no shutdown > the vlan interface that was previously up shuts down and only boxes > connected to the ports in vlan 5 are able to telnet into the switch. > > Is there a way to allow boxes on ports assigned to other vlans to telnet > into the switch at 10.0.0.6? > > James > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63894&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
You will need routing between the VLANs. If this is done via the uplink you will also need to do some trunking. Hope this helps. -Original Message- From: J. Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: 2950 telnet access is lost after vlans [7:63789] I've lost some telnet access to my 2950 after implementing vlans. Before - Address 10.0.0.6 was available on vlan 1, which was the default vlan for all ports. telnet was possible into the switch from machines connected to any port. After - Created several vlans (5, 6, 7, and 8) and split the ports among them. Now when I do: switch(config)#interface vlan 5 switch(config-if)#ip address 10.0.0.6 255.255.255.0 switch(config-if)#no shutdown the vlan interface that was previously up shuts down and only boxes connected to the ports in vlan 5 are able to telnet into the switch. Is there a way to allow boxes on ports assigned to other vlans to telnet into the switch at 10.0.0.6? James Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63858&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2950 telnet access is lost after vlans [7:63789]
James, On a switch, the VLAN that the IP address is assigned to defines the management interface. The switch can only have one management interface and thus, only one IP address. When the IP address was assigned to VLAN 1 (the default) then devices that connect directly to ports attached to VLAN 1 could access it. If you are connected to a port that ISN'T assigned to the VLAN that the IP address is attached to, then you need to use a router to connect to it. Just as you would for any other IP address in another subnet. Remember, a VLAN is just a way to disperse a subnet over multiple locations. Hope this helps, Karen *** REPLY SEPARATOR *** On 2/25/2003 at 10:05 PM J. Johnson wrote: >I've lost some telnet access to my 2950 after implementing vlans. > >Before - Address 10.0.0.6 was available on vlan 1, which was the default >vlan for all ports. telnet was possible into the switch from machines >connected to any port. > >After - Created several vlans (5, 6, 7, and 8) and split the ports among >them. Now when I do: > switch(config)#interface vlan 5 > switch(config-if)#ip address 10.0.0.6 255.255.255.0 > switch(config-if)#no shutdown >the vlan interface that was previously up shuts down and only boxes >connected to the ports in vlan 5 are able to telnet into the switch. > >Is there a way to allow boxes on ports assigned to other vlans to telnet >into the switch at 10.0.0.6? > >James Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63813&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2950 telnet access is lost after vlans [7:63789]
I've lost some telnet access to my 2950 after implementing vlans. Before - Address 10.0.0.6 was available on vlan 1, which was the default vlan for all ports. telnet was possible into the switch from machines connected to any port. After - Created several vlans (5, 6, 7, and 8) and split the ports among them. Now when I do: switch(config)#interface vlan 5 switch(config-if)#ip address 10.0.0.6 255.255.255.0 switch(config-if)#no shutdown the vlan interface that was previously up shuts down and only boxes connected to the ports in vlan 5 are able to telnet into the switch. Is there a way to allow boxes on ports assigned to other vlans to telnet into the switch at 10.0.0.6? James Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63789&t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
hi, comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Wednesday, February 19, 2003 2:17 PM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] At 6:51 PM + 2/19/03, Vicky Rode wrote: >comments in-line: > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Howard C. Berkowitz >Sent: Tuesday, February 18, 2003 6:42 AM >To: [EMAIL PROTECTED] >Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > >At 5:30 AM + 2/18/03, Ken Diliberto wrote: >>The nit I'm picking is inline... (I'm feeling like chipping in tonight) >> >>>>> "The Long and Winding Road" >>02/17/03 06:13PM >>> >> >>[snip] >> >>if I have a 75xx router with 300 ethernet ports, and I bridge all >>those >>ports, do I have an L3 switch, or a router? >> >>[KD] >>You have a router performing L2 operations (forwarding, switching, >>bridging -- whatever). Would a cheap Linksys switch be faster? >> >>What makes a L3 switch in my mind is where the forwarding happens. If >>the L3 CPU (new way to look at it?) has to handle every packet, that's a >>router. If the first L3 packet is handled by the CPU which then >>programs ASICs to handle the rest of the flow without bothering the CPU, >>that's an L3 switch. Is there a difference from a packet/network >>perspective? No. The L2 headers and L3 headers are all properly >>updated in both cases (at least we *hope* they are) and traffic is >>delivered most of the time. (If it was delivered all the time, networks >>wouldn't need us to fix them) :-) > >Does that make a 7500 with VIPs a L3 switch? A 12000 with >distributed forwarding processors? >-- >it dependscall it (d)cef switching router if you want but i have to >kinda agree with ken's comments. in my opinion the major difference between >a tradition router and a l3 switch is the way packet switching takes place. >in a tradition router the packet switching are done in software >(microprocessor based), Big difference if the microprocessors (note plural) aren't doing anything except forwarding, and run a real time OS. The key thing is that you don't want forwarding going through the processor that runs routing protocols, system management, etc. -vicky> true enough. but in my opinion it depends on what hw you have in play and for what purpose. whether it is going to be classic line cards, switch fabric cards or distributed forwarding cards and whether the packet switching is going to be flow based or cef based. i guess one should have a good understanding for what their network traffic looks like and a good baseline before retrofitting to high powered hw which can be a big waste of money and resources. A real challenge is where to implement QoS, because it tends to get beyond the complexity of a true ASIC and really has to be done in a microcode-loaded processor. --vicky> for me polling and gathering different qos snmp data variables has been a challenge rather than hw issue, so i can't really comment on that. >whereas in l3 switch it is done by asic in hw and >mls is used to increase routing performance by doing packet switching and >rewrites in hw (asics). There's a bit of Cisco marketing-speak here, which was actually a reaction to competitors who brought up the concept "switch if you can, route when you must." Hardware and software technology have moved on since then, and the line is much more blurred between the two. It's more important to think of separating the forwarding, control, and upper layer services path (and being sure there's no mutual interference) than it is to consider the actual hardware processing elements (ASICs, microcoded or RISC processors, etc.) ---vicky> in my opinion, what's important and necessary is control/forward plane inter-relation. that's all. regards, /vicky This emphasis on ASICs also ignores a couple of common bottlenecks: memory and fabric. To some extent, you can get around memory limitations by having distributed memories for distributed processors. For the fabric, you can move from shared bus, to shared memory, and eventually to crossbar (ignoring optical trends). As I mentioned in a previous post that's partially below, you don't necessarily need ASICs if you have enough distributed processors, using the term "processor" to include microcode sequencers, FPGAs and EA-FPGAs, etc. In research prototypes, I've been involved in routers that had true processors, ru
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
At 6:51 PM + 2/19/03, Vicky Rode wrote: >comments in-line: > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Howard C. Berkowitz >Sent: Tuesday, February 18, 2003 6:42 AM >To: [EMAIL PROTECTED] >Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > >At 5:30 AM + 2/18/03, Ken Diliberto wrote: >>The nit I'm picking is inline... (I'm feeling like chipping in tonight) >> >>>>> "The Long and Winding Road" >>02/17/03 06:13PM >>> >> >>[snip] >> >>if I have a 75xx router with 300 ethernet ports, and I bridge all >>those >>ports, do I have an L3 switch, or a router? >> >>[KD] >>You have a router performing L2 operations (forwarding, switching, >>bridging -- whatever). Would a cheap Linksys switch be faster? >> >>What makes a L3 switch in my mind is where the forwarding happens. If >>the L3 CPU (new way to look at it?) has to handle every packet, that's a >>router. If the first L3 packet is handled by the CPU which then >>programs ASICs to handle the rest of the flow without bothering the CPU, >>that's an L3 switch. Is there a difference from a packet/network >>perspective? No. The L2 headers and L3 headers are all properly >>updated in both cases (at least we *hope* they are) and traffic is >>delivered most of the time. (If it was delivered all the time, networks >>wouldn't need us to fix them) :-) > >Does that make a 7500 with VIPs a L3 switch? A 12000 with >distributed forwarding processors? >-- >it dependscall it (d)cef switching router if you want but i have to >kinda agree with ken's comments. in my opinion the major difference between >a tradition router and a l3 switch is the way packet switching takes place. >in a tradition router the packet switching are done in software >(microprocessor based), Big difference if the microprocessors (note plural) aren't doing anything except forwarding, and run a real time OS. The key thing is that you don't want forwarding going through the processor that runs routing protocols, system management, etc. A real challenge is where to implement QoS, because it tends to get beyond the complexity of a true ASIC and really has to be done in a microcode-loaded processor. >whereas in l3 switch it is done by asic in hw and >mls is used to increase routing performance by doing packet switching and >rewrites in hw (asics). There's a bit of Cisco marketing-speak here, which was actually a reaction to competitors who brought up the concept "switch if you can, route when you must." Hardware and software technology have moved on since then, and the line is much more blurred between the two. It's more important to think of separating the forwarding, control, and upper layer services path (and being sure there's no mutual interference) than it is to consider the actual hardware processing elements (ASICs, microcoded or RISC processors, etc.) This emphasis on ASICs also ignores a couple of common bottlenecks: memory and fabric. To some extent, you can get around memory limitations by having distributed memories for distributed processors. For the fabric, you can move from shared bus, to shared memory, and eventually to crossbar (ignoring optical trends). As I mentioned in a previous post that's partially below, you don't necessarily need ASICs if you have enough distributed processors, using the term "processor" to include microcode sequencers, FPGAs and EA-FPGAs, etc. In research prototypes, I've been involved in routers that had true processors, running on the forwarding boards, that ran a real-time OS. These processors did have certain functions custom-built in hardware. Also, the processors can have coprocessors -- the Nortel Shasta products, for example, have an encryption chip more or less next to general board-level processors, with a high-speed path between them. Even with ASICs, the L2 and L3 decisions, rewrite, etc. often are in separate chips. Remember a processor can be implemented as bit slices operating in a set of ICs. > > > >Substituting router for L3 switch is a good idea, but go farther than >that. You can think of a high-performance router as a small hidden >network, containing one or more (think high availability) path >determination "routing" processors/hosts that download FIB >information to multiple forwarding processors/hosts. One public and >vendor-independent discussion of this architecture continues in the >IETF FORCES Working Group (go to www.ietf.org and navigate to Working >Groups). > >> >>What does this mean to us? Not
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
At 6:19 PM + 2/19/03, Vicky Rode wrote: >comments in-line: > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Kelly Cobean >Sent: Tuesday, February 18, 2003 7:54 PM >To: [EMAIL PROTECTED] >Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > >Priscilla, > Ok, you caught me not telling the whole truth. There is a second VLAN >on the switch, but my point was that the MLS cache is full of entries for >one host talking to another host off of the same VLAN interface but on a >secondary subnet, indicating that L3 switching (routing) took place for that >data-flow...So now I guess there are two hands clapping ;-) You sure do >keep us all on our toes!!! Thanks! >- >that's because packet switching between subnets using secondaries are >process-switched. On general IOS -- can't speak to the switch implementations -- you can code ip route-cache same-interface ipx route-cache same-interface and get fast switching for secondaries. Don't know if there is a way for CEF to figure this out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63385&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Tuesday, February 18, 2003 6:42 AM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] At 5:30 AM + 2/18/03, Ken Diliberto wrote: >The nit I'm picking is inline... (I'm feeling like chipping in tonight) > >>>> "The Long and Winding Road" >02/17/03 06:13PM >>> > >[snip] > >if I have a 75xx router with 300 ethernet ports, and I bridge all >those >ports, do I have an L3 switch, or a router? > >[KD] >You have a router performing L2 operations (forwarding, switching, >bridging -- whatever). Would a cheap Linksys switch be faster? > >What makes a L3 switch in my mind is where the forwarding happens. If >the L3 CPU (new way to look at it?) has to handle every packet, that's a >router. If the first L3 packet is handled by the CPU which then >programs ASICs to handle the rest of the flow without bothering the CPU, >that's an L3 switch. Is there a difference from a packet/network >perspective? No. The L2 headers and L3 headers are all properly >updated in both cases (at least we *hope* they are) and traffic is >delivered most of the time. (If it was delivered all the time, networks >wouldn't need us to fix them) :-) Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? -- it dependscall it (d)cef switching router if you want but i have to kinda agree with ken's comments. in my opinion the major difference between a tradition router and a l3 switch is the way packet switching takes place. in a tradition router the packet switching are done in software (microprocessor based), whereas in l3 switch it is done by asic in hw and mls is used to increase routing performance by doing packet switching and rewrites in hw (asics). that's all. regards, /vicky Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination "routing" processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). > >What does this mean to us? Not much other than for capacity planning. >IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed processor, but it definitely was software loadable and ran a real time OS. ASIC gets blurry anyway, when you start getting into the pure hard-etched IC, field-programmable gate arrays, electrically alterable field-programmable gate arrays, microcode sequencers, etc. > >When I design networks, I don't think L3 switch. I think about routers >interconnecting L2 segments. I even draw them that way most of the >time. :-) > >My advice to those having problems with this subject: Replace every >occurrence of "layer 3 switch" with "router". > [/KD] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63372&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Tuesday, February 18, 2003 7:54 PM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] Priscilla, Ok, you caught me not telling the whole truth. There is a second VLAN on the switch, but my point was that the MLS cache is full of entries for one host talking to another host off of the same VLAN interface but on a secondary subnet, indicating that L3 switching (routing) took place for that data-flow...So now I guess there are two hands clapping ;-) You sure do keep us all on our toes!!! Thanks! - that's because packet switching between subnets using secondaries are process-switched. regards, /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] I'm loath to continue this discussion, but I do have a question for Kelly. Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of like one hand clapping? Seriously, what role is it playing in your network? Of course you don't have to have VLANs to do routing/L3 switching, as you probabaly know. But maybe there's some weird configuration gotcha, specific to the 6509? Just curious. Thanks. Larry said the majority of the Cisco campus is networked with L3 switches and not using vlans. That says a lot right there! Priscilla Kelly Cobean wrote: > > All, >I'd like to add to this something that I haven't seen in > other posts yet, > and that is a quick look at layer2 function. I have a Catalyst > 6509 with an > MSFC on it. There is only *ONE* VLAN configured on the MSFC, > however, that > VLAN has several secondary addresses assigned to it (I know, > not a great > solution, but let's not go there). If I do a "show mls entry" > on my switch, > it is full of entries for hosts talking to hosts on the same > VLAN. My > point? When a host wants to talk to a host on another subnet > (VLAN or not), > it ANDs the address with it's own mask, determines that the > host is in fact > on a different subnet, then arps (if necessary) for it's > default gateway > (the MSFC) and sends the packet on it's way. The 6509/MSFC > receive the > packet and begin the MLS cache setup process (candidate packet, > timeout, > etc). All this is still done inspite of the fact that the MSFC > only has a > single VLAN. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Stephen Hoover > Sent: Monday, February 17, 2003 8:33 PM > To: [EMAIL PROTECTED] > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > [7:63147] > > > > > - > > > actually it is by doing secondaries, but i would highly > recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > one may also configure the physical interfaces as L3 > interfaces - just as > > one might do on a router with several ethernet ports. > > > Oo ok, now THAT statement leads me to believe the L3 > switching IS > possible without VLANs. > > > -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63371&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Howard, It would be so much fun to not understand some of this up close. :-) >>> "Howard C. Berkowitz" 02/18/03 06:42AM >>> [snip] Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination "routing" processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). > >What does this mean to us? Not much other than for capacity planning. >IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed processor, but it definitely was software loadable and ran a real time OS. ASIC gets blurry anyway, when you start getting into the pure hard-etched IC, field-programmable gate arrays, electrically alterable field-programmable gate arrays, microcode sequencers, etc. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63323&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Priscilla, Ok, you caught me not telling the whole truth. There is a second VLAN on the switch, but my point was that the MLS cache is full of entries for one host talking to another host off of the same VLAN interface but on a secondary subnet, indicating that L3 switching (routing) took place for that data-flow...So now I guess there are two hands clapping ;-) You sure do keep us all on our toes!!! Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] I'm loath to continue this discussion, but I do have a question for Kelly. Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of like one hand clapping? Seriously, what role is it playing in your network? Of course you don't have to have VLANs to do routing/L3 switching, as you probabaly know. But maybe there's some weird configuration gotcha, specific to the 6509? Just curious. Thanks. Larry said the majority of the Cisco campus is networked with L3 switches and not using vlans. That says a lot right there! Priscilla Kelly Cobean wrote: > > All, >I'd like to add to this something that I haven't seen in > other posts yet, > and that is a quick look at layer2 function. I have a Catalyst > 6509 with an > MSFC on it. There is only *ONE* VLAN configured on the MSFC, > however, that > VLAN has several secondary addresses assigned to it (I know, > not a great > solution, but let's not go there). If I do a "show mls entry" > on my switch, > it is full of entries for hosts talking to hosts on the same > VLAN. My > point? When a host wants to talk to a host on another subnet > (VLAN or not), > it ANDs the address with it's own mask, determines that the > host is in fact > on a different subnet, then arps (if necessary) for it's > default gateway > (the MSFC) and sends the packet on it's way. The 6509/MSFC > receive the > packet and begin the MLS cache setup process (candidate packet, > timeout, > etc). All this is still done inspite of the fact that the MSFC > only has a > single VLAN. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Stephen Hoover > Sent: Monday, February 17, 2003 8:33 PM > To: [EMAIL PROTECTED] > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > [7:63147] > > > > > - > > > actually it is by doing secondaries, but i would highly > recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > one may also configure the physical interfaces as L3 > interfaces - just as > > one might do on a router with several ethernet ports. > > > Oo ok, now THAT statement leads me to believe the L3 > switching IS > possible without VLANs. > > > -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63316&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
""Ken Diliberto"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Priscilla, > > All I want is credit. :-) if it makes you feel better, Ken, I always credit you with at least two cents worth I'm going to be visiting some of your compadres int the next couple of weeks. Dare I drop your name? ;-> > > "Some guy on one of the many mailling lists I frequent put it this > way:" (maybe not) > > Ken > > >>> "Priscilla Oppenheimer" 02/18/03 12:06PM > >>> > [snip] > > I think Ken's example is one of the cleanest I've seen. I may have to > borrow it for my classes. > > [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63305&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Priscilla, All I want is credit. :-) "Some guy on one of the many mailling lists I frequent put it this way:" (maybe not) Ken >>> "Priscilla Oppenheimer" 02/18/03 12:06PM >>> [snip] I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63303&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Stephen Hoover wrote: > > Ken, > > Thanks for the input on this discussion. I follow and > understand your > example without any problems. > > Now if taking it back to the original original question - > Does L3 > switching require VLANs - produces this question for your > example: > > You state 1 fiber feed for both Science and Engineering in > the Labs > building. I am then assuming that they are all connected to the > same set of > switches (Layer 2) in that building. > Could you have not just simply assigned the hosts for > Science to 1 IP > network and the hosts for Engineering to another IP network - > then created > respective gateway interfaces for each network back on the > common Layer 3 > switch and accomplished the same thing?? It depends on the meaning of "thing" in your "accomplish the same thing" comment. :-) I think you already figured out your confusion and maybe this message is old, but I'll reply just in case. With your design you would accomplish connectivity. However, you would not accomplish separation of broadcast traffic for the two user communities. VLANs in the L2-switched part of the network give you that. VLANs have lots of features, but that's one of their primary ones. I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. Thanks for a good discussion, Stephen. THE END (hopefully! :-) Priscilla > > If the answer is yes, I will followup with another > question. If the > answer is no, then please explain. > > Thanks!! > > Stephen > - Original Message - > From: "Ken Diliberto" > To: > Sent: Tuesday, February 18, 2003 12:24 AM > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > [7:63147] > > > > Stephen, > > > > You're getting there. Let me give an example of how VLANs > are used > > (I'd draw a picture, but it probably wouldn't look good). > > > > For this example, let's use two of the colleges on my > university > > network: Science and Engineering. > > > > Each has their own block of IP addresses and want their > traffic > > separate from the other. They also want flat addressing (no > > subnetting). > > > > We have three buildings: Science, Engineering and Labs. > Science and > > Engineering both have computer labs in the Labs building. > Each want > > their labs on their respective IP address blocks. > > > > If money were no object, this would be fairly easy with > vanilla > > switches and a router with two ethernet interfaces. Multiple > fiber > > feeds and two sets of switches would be everywhere. > > > > With budget limitations (for this example), we only have a > single fiber > > feed to each location. That means each fiber feed needs to > carry > > traffic for both networks. To keep the traffic separate, we > partition > > the switch ports into two LANs: LAN 10 and LAN 20. These two > LANs in > > one switch are treated as unique. To do this, the switch > creates > > Virtual LANs or VLANs. The fiber feeds are now trunks > because a header > > is added to each frame to identify the VLAN it belongs to. > > > > So far so good? > > > > Why would we need a router? To talk between VLANs. > > > > Do routers understand trunks? Yes. > > > > This brings up one more concept: the Router on a Stick. > > > > A router on a stick is a router with a single network > connection. This > > single connection is configured as a trunk so the router can > see all the > > different VLANs. If the router finds a packet on VLAN 10 > with a > > destination on VLAN 20, it rewrites the headers for the > destination and > > puts it back on the same trunk with VLAN 20 headers. > > > > Remember: replace "layer 3 switch" with "router" every time > you see > > it. That might make more sense. > > > > Hope this helps. > > > > Ken > > > > >>> "Stephen Hoover" 02/17/03 > 06:55PM >>> > > I appreciate everyone's input on this subject to help me > understand > > this > > concept. > > > > As far as the newbies comment goes - I most definitely am. > I'm about > > as > > green as they come. I have both my CCNA and my CCDA, but my > only real > > experience is installing 2 T1s (at different locations) and > configuring > > NAT > > for them. I have large amount of knowledge, just no > experience. It has > > been > > my go
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Stephen Hoover wrote: > > Ken, > > Thanks for the input on this discussion. I follow and > understand your > example without any problems. > > Now if taking it back to the original original question - > Does L3 > switching require VLANs - produces this question for your > example: > > You state 1 fiber feed for both Science and Engineering in > the Labs > building. I am then assuming that they are all connected to the > same set of > switches (Layer 2) in that building. > Could you have not just simply assigned the hosts for > Science to 1 IP > network and the hosts for Engineering to another IP network - > then created > respective gateway interfaces for each network back on the > common Layer 3 > switch and accomplished the same thing?? It depends on the meaning of "thing" in your "accomplish the same thing" comment. :-) I think you already figured out your confusion and maybe this message is old, but I'll reply just in case. With your design you would accomplish connectivity. However, you would not accomplish separation of broadcast traffic for the two user communities. VLANs in the L2-switched part of the network give you that. VLANs have lots of features, but that's one of their primary ones. I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. Thanks for a good discussion, Stephen. THE END (hopefully! :-) Priscilla > > If the answer is yes, I will followup with another > question. If the > answer is no, then please explain. > > Thanks!! > > Stephen > - Original Message - > From: "Ken Diliberto" > To: > Sent: Tuesday, February 18, 2003 12:24 AM > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > [7:63147] > > > > Stephen, > > > > You're getting there. Let me give an example of how VLANs > are used > > (I'd draw a picture, but it probably wouldn't look good). > > > > For this example, let's use two of the colleges on my > university > > network: Science and Engineering. > > > > Each has their own block of IP addresses and want their > traffic > > separate from the other. They also want flat addressing (no > > subnetting). > > > > We have three buildings: Science, Engineering and Labs. > Science and > > Engineering both have computer labs in the Labs building. > Each want > > their labs on their respective IP address blocks. > > > > If money were no object, this would be fairly easy with > vanilla > > switches and a router with two ethernet interfaces. Multiple > fiber > > feeds and two sets of switches would be everywhere. > > > > With budget limitations (for this example), we only have a > single fiber > > feed to each location. That means each fiber feed needs to > carry > > traffic for both networks. To keep the traffic separate, we > partition > > the switch ports into two LANs: LAN 10 and LAN 20. These two > LANs in > > one switch are treated as unique. To do this, the switch > creates > > Virtual LANs or VLANs. The fiber feeds are now trunks > because a header > > is added to each frame to identify the VLAN it belongs to. > > > > So far so good? > > > > Why would we need a router? To talk between VLANs. > > > > Do routers understand trunks? Yes. > > > > This brings up one more concept: the Router on a Stick. > > > > A router on a stick is a router with a single network > connection. This > > single connection is configured as a trunk so the router can > see all the > > different VLANs. If the router finds a packet on VLAN 10 > with a > > destination on VLAN 20, it rewrites the headers for the > destination and > > puts it back on the same trunk with VLAN 20 headers. > > > > Remember: replace "layer 3 switch" with "router" every time > you see > > it. That might make more sense. > > > > Hope this helps. > > > > Ken > > > > >>> "Stephen Hoover" 02/17/03 > 06:55PM >>> > > I appreciate everyone's input on this subject to help me > understand > > this > > concept. > > > > As far as the newbies comment goes - I most definitely am. > I'm about > > as > > green as they come. I have both my CCNA and my CCDA, but my > only real > > experience is installing 2 T1s (at different locations) and > configuring > > NAT > > for them. I have large amount of knowledge, just no > experience. It has > > been > > my go
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
At 5:30 AM + 2/18/03, Ken Diliberto wrote: >The nit I'm picking is inline... (I'm feeling like chipping in tonight) > "The Long and Winding Road" >02/17/03 06:13PM >>> > >[snip] > >if I have a 75xx router with 300 ethernet ports, and I bridge all >those >ports, do I have an L3 switch, or a router? > >[KD] >You have a router performing L2 operations (forwarding, switching, >bridging -- whatever). Would a cheap Linksys switch be faster? > >What makes a L3 switch in my mind is where the forwarding happens. If >the L3 CPU (new way to look at it?) has to handle every packet, that's a >router. If the first L3 packet is handled by the CPU which then >programs ASICs to handle the rest of the flow without bothering the CPU, >that's an L3 switch. Is there a difference from a packet/network >perspective? No. The L2 headers and L3 headers are all properly >updated in both cases (at least we *hope* they are) and traffic is >delivered most of the time. (If it was delivered all the time, networks >wouldn't need us to fix them) :-) Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination "routing" processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). > >What does this mean to us? Not much other than for capacity planning. >IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed processor, but it definitely was software loadable and ran a real time OS. ASIC gets blurry anyway, when you start getting into the pure hard-etched IC, field-programmable gate arrays, electrically alterable field-programmable gate arrays, microcode sequencers, etc. > >When I design networks, I don't think L3 switch. I think about routers >interconnecting L2 segments. I even draw them that way most of the >time. :-) > >My advice to those having problems with this subject: Replace every >occurrence of "layer 3 switch" with "router". > [/KD] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63260&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
>"Vicky Rode" shaped photons and electrons to say: > > >see comments in-line: > > >-Original Message- >From: Stephen Hoover [mailto:[EMAIL PROTECTED]] >Sent: Monday, February 17, 2003 11:20 AM >To: Vicky Rode >Cc: [EMAIL PROTECTED] >Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > >> > Say for instance I have 2 hosts on the same layer 3 switch, but the > >two >> hosts are on 2 different IP subnets (No VLANs are defined). >> >> That's not possible! if you are talking about 2 IP subnet, than: >> ----- >> actually it is by doing secondaries, but i would highly recommend doing >> vlans if possible. keep it clean and simple. >> > > >Vicki, > > You mention the use of secondary IP's. On a L3 switch (a switch with the >router engine in it) is it not possible to define Ethernet sub interfaces >instead of using secondary IPs - without VLANs defined? Yes and no. Secondaries and VLANs serve different purposes. Basic IP assumption:1 physical medium[1] = 1 subnet Secondary assumption: 1 physical medium[2] = multiple subnets Basic VLAN assumption: multiple phyical media [3] = 1 subnet VLAN with secondaries: multiple physical media = multiple subnets on all Notes - [1] Based on the "local versus remote" IP assumption: if a host is on your subnet, you have layer 2 connectivity to it. if a host is on a different subnet, you need to reach it through a router. This works nicely for broadcast and point-to-point media. NBMA and demand circuits break the local-vs-remote assumption. If you do assume a broadcast* medium, then the physical medium = 1 broadcast domain = 1 subnet (* broadcast is used loosely -- multicast is often closer. Some stupid NICs don't recognize multicasts and treat all multicasts as a broadcast. Broadcasts, indeed, are special cases of multicasts.) [2] The medium simultaneously must support a broadcast domain for each subnet, unless it is a non-broadcast medium. [3] The media in different locations are assumed to be linked by L2** trunking, typically IEEE 802.1q. While the trunks do contain traffic from multiple subnets, they are effectively tunneled. The only multicasts on the trunk medium are for layer management functions, such as 802.1d, 802.1q, VTP, etc. (** there are exotic variants where you could carry trunking over a conventionally routed tunnel, but let's not go there.) >---- >yes you can but when you create sub-interfaces it ask for encapsulation type >and this is where vlans come into play. Encapsulation type is one reason to use VLANs, because it does create different broadcast domains for each encapsulation. This is preferred, but Cisco certainly has supported secondaries for different encapsulations -- more an IPX than an IP support technique. >whereas with secondaries it will >route between the subnets. > > > > I'm sorry to be so thick, I'm just not getting it. If a L3 switch (with >a routing module/engine in it) is essentially a wire speed router, then the >VLAN just seems like an additional identifier on top of the L3 address - and >doesn't really serve any purpose. Not exactly. It lets you have the _same_ broadcast domain in several L2 switches. That's what gives you the portability of hosts from VLAN (same subnet) to same VLAN in different buildings. There need be only one router on the subnet, but there can be multiple VLAN segments connected by trunking. >In my previous example, 2 hosts on the >same L3 switch, but on 2 different IP subnets - wouldn't a defined Ethernet >subinterface be each clients respective gateway, and thus normal L3 routing >would occur, just at switch speeds >- >well let me you ask this, why not just supernet and put all stations on >the same subnet (don't do this i'm being facetious). > >that's because you do not want to create this huge broadcast domain. that's >the whole purpose of having vlans. > >if this still doesn't make sense, feel free to ask...would love to help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63259&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 switching and VLANs - an epiphany [7:63240]
your still a little off target... Layer 2 interfaces can be access ports or trunks for vlans Layer 2 or Layer 3 switch interfaces dont need to be sub-interfaces.. Layer 3 vlan interfaces(svi) require layer 2 trunk interfaces to interconnect vlans in other switches Layer 3 interfaces only require an ip address and routing support to make them function Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Stephen Hoover" To: > Layer 3 switching does not require VLANs, but what is DOES require is a > physical port connection on the common L3 switch for every IP network that > is connected to the L2 switches. (Hosts on the same L2 switch that are > configured to be in 2 different IP networks.) This is not always possible > nor administratively friendly. > > With VLANs, you can create the equivalent of sub interfaces on a single port > on the L3 switch - hence trunking. You cannot trunk multiple IP networks > (without VLANs) on a single port connection the L3 switch, because you > cannot create Ethernet sub-interfaces... > > That's where I was missing it. > > I think it both Vicki and Jens mentioned something about this. > > Of course if I am off-kilter here, someone please slap me about :) Otherwise > I am confident this is where my misunderstanding really occurred. > > Thanks to EVERYONE who responded - you are all a great group of people to > stick it out until this was beat into my thick skull!!! > > Stephen Hoover > Dallas, Texas [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63243&t=63240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
I have a data center on the cisco campus that has well over 80 subnets in it, using L3 routing and no vlans on the 6509 gateways(routers).. We also have a production data center that uses 6509's with vlans that span different areas in the data center...due to the application structure of the servers and the fact that a lot of the servers have a need for redundant nics ... It works both ways folks...depends on what the need is Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Priscilla Oppenheimer" To: Sent: Monday, February 17, 2003 10:07 PM Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] > I'm loath to continue this discussion, but I do have a question for Kelly. > Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of > like one hand clapping? Seriously, what role is it playing in your network? > > Of course you don't have to have VLANs to do routing/L3 switching, as you > probabaly know. But maybe there's some weird configuration gotcha, specific > to the 6509? Just curious. Thanks. > > Larry said the majority of the Cisco campus is networked with L3 switches > and not using vlans. That says a lot right there! > > Priscilla > > Kelly Cobean wrote: > > > > All, > >I'd like to add to this something that I haven't seen in > > other posts yet, > > and that is a quick look at layer2 function. I have a Catalyst > > 6509 with an > > MSFC on it. There is only *ONE* VLAN configured on the MSFC, > > however, that > > VLAN has several secondary addresses assigned to it (I know, > > not a great > > solution, but let's not go there). If I do a "show mls entry" > > on my switch, > > it is full of entries for hosts talking to hosts on the same > > VLAN. My > > point? When a host wants to talk to a host on another subnet > > (VLAN or not), > > it ANDs the address with it's own mask, determines that the > > host is in fact > > on a different subnet, then arps (if necessary) for it's > > default gateway > > (the MSFC) and sends the packet on it's way. The 6509/MSFC > > receive the > > packet and begin the MLS cache setup process (candidate packet, > > timeout, > > etc). All this is still done inspite of the fact that the MSFC > > only has a > > single VLAN. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of > > Stephen Hoover > > Sent: Monday, February 17, 2003 8:33 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > > [7:63147] > > > > > > > > - > > > > actually it is by doing secondaries, but i would highly > > recommend doing > > > > vlans if possible. keep it clean and simple. > > > > > > > > > one may also configure the physical interfaces as L3 > > interfaces - just as > > > one might do on a router with several ethernet ports. > > > > > > Oo ok, now THAT statement leads me to believe the L3 > > switching IS > > possible without VLANs. > > > > > > -Stephen [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63241&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Layer 3 switching and VLANs - an epiphany [7:63240]
Ok, its 1:29AM CST - and I am setting here chewing on this switching study guide information about VLANs. I think I see where my confusion has come from and what the answer is now. Layer 3 switching does not require VLANs, but what is DOES require is a physical port connection on the common L3 switch for every IP network that is connected to the L2 switches. (Hosts on the same L2 switch that are configured to be in 2 different IP networks.) This is not always possible nor administratively friendly. With VLANs, you can create the equivalent of sub interfaces on a single port on the L3 switch - hence trunking. You cannot trunk multiple IP networks (without VLANs) on a single port connection the L3 switch, because you cannot create Ethernet sub-interfaces... That's where I was missing it. I think it both Vicki and Jens mentioned something about this. Of course if I am off-kilter here, someone please slap me about :) Otherwise I am confident this is where my misunderstanding really occurred. Thanks to EVERYONE who responded - you are all a great group of people to stick it out until this was beat into my thick skull!!! Stephen Hoover Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63240&t=63240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Ken, Thanks for the input on this discussion. I follow and understand your example without any problems. Now if taking it back to the original original question - Does L3 switching require VLANs - produces this question for your example: You state 1 fiber feed for both Science and Engineering in the Labs building. I am then assuming that they are all connected to the same set of switches (Layer 2) in that building. Could you have not just simply assigned the hosts for Science to 1 IP network and the hosts for Engineering to another IP network - then created respective gateway interfaces for each network back on the common Layer 3 switch and accomplished the same thing?? If the answer is yes, I will followup with another question. If the answer is no, then please explain. Thanks!! Stephen - Original Message - From: "Ken Diliberto" To: Sent: Tuesday, February 18, 2003 12:24 AM Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > Stephen, > > You're getting there. Let me give an example of how VLANs are used > (I'd draw a picture, but it probably wouldn't look good). > > For this example, let's use two of the colleges on my university > network: Science and Engineering. > > Each has their own block of IP addresses and want their traffic > separate from the other. They also want flat addressing (no > subnetting). > > We have three buildings: Science, Engineering and Labs. Science and > Engineering both have computer labs in the Labs building. Each want > their labs on their respective IP address blocks. > > If money were no object, this would be fairly easy with vanilla > switches and a router with two ethernet interfaces. Multiple fiber > feeds and two sets of switches would be everywhere. > > With budget limitations (for this example), we only have a single fiber > feed to each location. That means each fiber feed needs to carry > traffic for both networks. To keep the traffic separate, we partition > the switch ports into two LANs: LAN 10 and LAN 20. These two LANs in > one switch are treated as unique. To do this, the switch creates > Virtual LANs or VLANs. The fiber feeds are now trunks because a header > is added to each frame to identify the VLAN it belongs to. > > So far so good? > > Why would we need a router? To talk between VLANs. > > Do routers understand trunks? Yes. > > This brings up one more concept: the Router on a Stick. > > A router on a stick is a router with a single network connection. This > single connection is configured as a trunk so the router can see all the > different VLANs. If the router finds a packet on VLAN 10 with a > destination on VLAN 20, it rewrites the headers for the destination and > puts it back on the same trunk with VLAN 20 headers. > > Remember: replace "layer 3 switch" with "router" every time you see > it. That might make more sense. > > Hope this helps. > > Ken > > >>> "Stephen Hoover" 02/17/03 06:55PM >>> > I appreciate everyone's input on this subject to help me understand > this > concept. > > As far as the newbies comment goes - I most definitely am. I'm about > as > green as they come. I have both my CCNA and my CCDA, but my only real > experience is installing 2 T1s (at different locations) and configuring > NAT > for them. I have large amount of knowledge, just no experience. It has > been > my goal and my dream to become a serious network engineer for the last > 6 > years, but I just cannot seem to get a job that offers any experience. > Everytime I get a "network" position, I just seemed to end up doing > desktop > support. > > When I first heard the term Layer 3 switching (some 4 years ago now) > the > first thing that popped into my mind was a switch that can route. I > never > even heard of a VLAN until a couple of years ago. > > The Cisco Study guide starts off talking about VLANs, and moves right > into > Inter-VLAN routing without ever really discussing Layer 3 switching as > a > seperate process. This is really where my confusion started. The book > makes > it sound like L3 switching is directly dependent on VLANs, and I just > didn't > see it - it wasn't something I was just willing to accept. > > Further more, the book states that VLANs allow for physical location > independence, but is also says that VLANs should not cross the core - > those > 2 statements seem partly contradictory to me. > > Here is a summary of how I see VLANs now. > > Layer 3 switching is possible without VLANs (however the opposite is > not > true. Well at least not without some form of Layer 3 intervention.) >
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm loath to continue this discussion, but I do have a question for Kelly. > Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of > like one hand clapping? Seriously, what role is it playing in your network? said half seriously, isn't a network with NO vlans no different than a network with ONE vlan? ;-> > > Of course you don't have to have VLANs to do routing/L3 switching, as you > probabaly know. But maybe there's some weird configuration gotcha, specific > to the 6509? Just curious. Thanks. > > Larry said the majority of the Cisco campus is networked with L3 switches > and not using vlans. That says a lot right there! > > Priscilla > > Kelly Cobean wrote: > > > > All, > >I'd like to add to this something that I haven't seen in > > other posts yet, > > and that is a quick look at layer2 function. I have a Catalyst > > 6509 with an > > MSFC on it. There is only *ONE* VLAN configured on the MSFC, > > however, that > > VLAN has several secondary addresses assigned to it (I know, > > not a great > > solution, but let's not go there). If I do a "show mls entry" > > on my switch, > > it is full of entries for hosts talking to hosts on the same > > VLAN. My > > point? When a host wants to talk to a host on another subnet > > (VLAN or not), > > it ANDs the address with it's own mask, determines that the > > host is in fact > > on a different subnet, then arps (if necessary) for it's > > default gateway > > (the MSFC) and sends the packet on it's way. The 6509/MSFC > > receive the > > packet and begin the MLS cache setup process (candidate packet, > > timeout, > > etc). All this is still done inspite of the fact that the MSFC > > only has a > > single VLAN. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of > > Stephen Hoover > > Sent: Monday, February 17, 2003 8:33 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > > [7:63147] > > > > > > > > - > > > > actually it is by doing secondaries, but i would highly > > recommend doing > > > > vlans if possible. keep it clean and simple. > > > > > > > > > one may also configure the physical interfaces as L3 > > interfaces - just as > > > one might do on a router with several ethernet ports. > > > > > > Oo ok, now THAT statement leads me to believe the L3 > > switching IS > > possible without VLANs. > > > > > > -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63235&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
I'm loath to continue this discussion, but I do have a question for Kelly. Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of like one hand clapping? Seriously, what role is it playing in your network? Of course you don't have to have VLANs to do routing/L3 switching, as you probabaly know. But maybe there's some weird configuration gotcha, specific to the 6509? Just curious. Thanks. Larry said the majority of the Cisco campus is networked with L3 switches and not using vlans. That says a lot right there! Priscilla Kelly Cobean wrote: > > All, >I'd like to add to this something that I haven't seen in > other posts yet, > and that is a quick look at layer2 function. I have a Catalyst > 6509 with an > MSFC on it. There is only *ONE* VLAN configured on the MSFC, > however, that > VLAN has several secondary addresses assigned to it (I know, > not a great > solution, but let's not go there). If I do a "show mls entry" > on my switch, > it is full of entries for hosts talking to hosts on the same > VLAN. My > point? When a host wants to talk to a host on another subnet > (VLAN or not), > it ANDs the address with it's own mask, determines that the > host is in fact > on a different subnet, then arps (if necessary) for it's > default gateway > (the MSFC) and sends the packet on it's way. The 6509/MSFC > receive the > packet and begin the MLS cache setup process (candidate packet, > timeout, > etc). All this is still done inspite of the fact that the MSFC > only has a > single VLAN. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Stephen Hoover > Sent: Monday, February 17, 2003 8:33 PM > To: [EMAIL PROTECTED] > Subject: Re: Does MLS (Layer 3 switching) require VLANs? > [7:63147] > > > > > - > > > actually it is by doing secondaries, but i would highly > recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > one may also configure the physical interfaces as L3 > interfaces - just as > > one might do on a router with several ethernet ports. > > > Oo ok, now THAT statement leads me to believe the L3 > switching IS > possible without VLANs. > > > -Stephen > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63233&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
The nit I'm picking is inline... (I'm feeling like chipping in tonight) >>> "The Long and Winding Road" 02/17/03 06:13PM >>> [snip] if I have a 75xx router with 300 ethernet ports, and I bridge all those ports, do I have an L3 switch, or a router? [KD] You have a router performing L2 operations (forwarding, switching, bridging -- whatever). Would a cheap Linksys switch be faster? What makes a L3 switch in my mind is where the forwarding happens. If the L3 CPU (new way to look at it?) has to handle every packet, that's a router. If the first L3 packet is handled by the CPU which then programs ASICs to handle the rest of the flow without bothering the CPU, that's an L3 switch. Is there a difference from a packet/network perspective? No. The L2 headers and L3 headers are all properly updated in both cases (at least we *hope* they are) and traffic is delivered most of the time. (If it was delivered all the time, networks wouldn't need us to fix them) :-) What does this mean to us? Not much other than for capacity planning. IMHO, an L3 switch has a longer life than a router. When I design networks, I don't think L3 switch. I think about routers interconnecting L2 segments. I even draw them that way most of the time. :-) My advice to those having problems with this subject: Replace every occurrence of "layer 3 switch" with "router". [/KD] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63230&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
> > > - >> > actually it is by doing secondaries, but i would highly recommend doing >> > vlans if possible. keep it clean and simple. >> >> >> one may also configure the physical interfaces as L3 interfaces - just as >> one might do on a router with several ethernet ports. > > >Oo ok, now THAT statement leads me to believe the L3 switching IS >possible without VLANs. > Ouch. L3 switching is routing. Routing interconnects subnets/IP prefixes. If a VLAN is a subnet, it can be routed. If a piece of wire is a subnet, it can be routed. Again: L3 switching is not a technology. It is salesbabble. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63229&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
hi stephen, see comments in-line: -Original Message- From: Stephen Hoover [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 11:20 AM To: Vicky Rode Cc: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > Say for instance I have 2 hosts on the same layer 3 switch, but the > two > hosts are on 2 different IP subnets (No VLANs are defined). > > That's not possible! if you are talking about 2 IP subnet, than: > - > actually it is by doing secondaries, but i would highly recommend doing > vlans if possible. keep it clean and simple. > Vicki, You mention the use of secondary IP's. On a L3 switch (a switch with the router engine in it) is it not possible to define Ethernet sub interfaces instead of using secondary IPs - without VLANs defined? yes you can but when you create sub-interfaces it ask for encapsulation type and this is where vlans come into play. whereas with secondaries it will route between the subnets. I'm sorry to be so thick, I'm just not getting it. If a L3 switch (with a routing module/engine in it) is essentially a wire speed router, then the VLAN just seems like an additional identifier on top of the L3 address - and doesn't really serve any purpose. In my previous example, 2 hosts on the same L3 switch, but on 2 different IP subnets - wouldn't a defined Ethernet subinterface be each clients respective gateway, and thus normal L3 routing would occur, just at switch speeds - well let me you ask this, why not just supernet and put all stations on the same subnet (don't do this i'm being facetious). that's because you do not want to create this huge broadcast domain. that's the whole purpose of having vlans. if this still doesn't make sense, feel free to ask...would love to help. regards, /vicky Thanks again! Stephen Hoover Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63228&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
All, I'd like to add to this something that I haven't seen in other posts yet, and that is a quick look at layer2 function. I have a Catalyst 6509 with an MSFC on it. There is only *ONE* VLAN configured on the MSFC, however, that VLAN has several secondary addresses assigned to it (I know, not a great solution, but let's not go there). If I do a "show mls entry" on my switch, it is full of entries for hosts talking to hosts on the same VLAN. My point? When a host wants to talk to a host on another subnet (VLAN or not), it ANDs the address with it's own mask, determines that the host is in fact on a different subnet, then arps (if necessary) for it's default gateway (the MSFC) and sends the packet on it's way. The 6509/MSFC receive the packet and begin the MLS cache setup process (candidate packet, timeout, etc). All this is still done inspite of the fact that the MSFC only has a single VLAN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Hoover Sent: Monday, February 17, 2003 8:33 PM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > - > > actually it is by doing secondaries, but i would highly recommend doing > > vlans if possible. keep it clean and simple. > > > one may also configure the physical interfaces as L3 interfaces - just as > one might do on a router with several ethernet ports. Oo ok, now THAT statement leads me to believe the L3 switching IS possible without VLANs. -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63221&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Understanding VLANs - how they remove the phys [7:63196]
I'm resisting the overwhelming urge to say something like "So there's not a problem?" but the two L3/L2/Router/switch discussion are just so darned informative! I think there's a bit of a hole of confusion that I fell into the first time I consoled onto a 2950 and had to configure it. Every interface said "no ip address" and vlans could be real interfaces with IP addresses. Its around that moment that you forget they *can* still be layer 2 devices :) -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 February 2003 11:53 AM To: [EMAIL PROTECTED] Subject: RE: Understanding VLANs - how they remove the phys [7:63196] Emilia Lambros wrote: > > Why can't the L3 switches be run as L2 switches (ignoring the > routing capabilities) in that situation? If those two switches > were connected in that case, then connected to the core, > wouldn't that solve the problem of a gateway being 3 or 4 L3 > switches away? Your default gateway can be any number of L2 switches away from you. It just has to be in your subnet, VLAN, broadcast domain. Priscilla > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 18 February 2003 9:15 AM > To: [EMAIL PROTECTED] > Subject: RE: Understanding VLANs - how they remove the physical > [7:63173] > > > Stephen Hoover wrote: > > > > back to switch A to get his routing to > > the servers? > > Why would you EVER want a network configured this way?? Or > even > > worse, what > > if your respective gateway was 3 or 4 L3 switches away? > > Your gateway can't be any L3 switches (routers) away. It has to > be on your > LAN. It has to be in your subnet. It has to be in your > broadcast domain. It > has to be in your VLAN. For one thing, a host ARPs for its > default gateway. > ARP uses broadcast. > > I just noticed your comment and wanted to add my comment. > Without being able > to decode your drawing, it's hard to tell exactly how to > answer, but I'm > just trying to get you to think about what really happens to > packets on a > campus network. The network design you're considering isn't just > impractical. It won't work, if I understand it correctly. > > Priscilla > > > > > That > > just doesn't > > seem practical to me. > > > > > > Thanks! > > Stephen Hoover > > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63222&t=63196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Understanding VLANs - how they remove the phys [7:63196]
> Emilia Lambros wrote: > > > > Why can't the L3 switches be run as L2 switches (ignoring the > > routing capabilities) in that situation? If those two switches > > were connected in that case, then connected to the core, > > wouldn't that solve the problem of a gateway being 3 or 4 L3 > > switches away? > > Your default gateway can be any number of L2 switches away from you. It just > has to be in your subnet, VLAN, broadcast domain. > > Priscilla > I caused the confusion in this situation - I asked what would happen if your gateway was 3 or 4 L3 switches away. What I should have asked was what would happen if your gateway was 3 or 4 distribution layer switches away. I was referring to the L3 switches as devices instead of function. In my example I was trying to illustrate how extending a VLAN across the core created a poor path for the client on the far side. When I said that the client on the far side is a L3 switch away from it's own gateway, what I meant was that the client's network path would have to cross the L3 switch (but at the L2 level) in building B to get to it's gateway on the L3 switch in building A. In other words the host is crossing the core through the L3 switch in building, but it is crossing that L2 level. Sorry for that. > > > > > > back to switch A to get his routing to > > > the servers? > > > Why would you EVER want a network configured this way?? Or > > even > > > worse, what > > > if your respective gateway was 3 or 4 L3 switches away? > > > > Your gateway can't be any L3 switches (routers) away. It has to > > be on your > > LAN. It has to be in your subnet. It has to be in your > > broadcast domain. It > > has to be in your VLAN. For one thing, a host ARPs for its > > default gateway. > > ARP uses broadcast. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63217&t=63196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
its entirely possible without vlans..majority of the cisco campus is networked with layer 3 switches and not using vlans Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Stephen Hoover" To: Sent: Monday, February 17, 2003 5:32 PM Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > > - > > > actually it is by doing secondaries, but i would highly recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > one may also configure the physical interfaces as L3 interfaces - just as > > one might do on a router with several ethernet ports. > > > Oo ok, now THAT statement leads me to believe the L3 switching IS > possible without VLANs. > > > -Stephen [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63216&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Understanding VLANs - how they remove the physical [7:63214]
Stephen, This is getting out of hand, so let me answer your original post based on what I can see from your drawing. First, if you have users in Bldg B that want to communicate with users in Bldg A on the SAME VLAN1, then your "core" L3 switches will see the VLAN ID and switch the packets from ingress to egress ports WITHOUT bothering its Routing table. What you keep referring to as "gateway" is at LAYER 3, i.e. it is only relevant when users in one VLAN needs to communicate OUTSIDE its broadcast domain (aka "subnet" in L3 lingo). And yes, the same VLAN1 traffic will cross your CORE links if that is the only physical link that exists, BUT the traffic gets SWITCHED (much faster) and not routed (much slower). Now, as far as the 3550 switch, all ports are Layer 2 UNTIL you configure "no switchport" which turns the port into a PHYSICAL ROUTED port. This is not the same as a Switched Virtual interface. Once the port is converted into a routed port, you can treat it just like a regular Router port, i.e. run OSPF, BGP, etc. I hope I've answered your original post. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Hoover Sent: Monday, February 17, 2003 7:56 PM To: [EMAIL PROTECTED] Subject: Re: Understanding VLANs - how they remove the physical [7:63194] Ok, let me see if I can simply this: A post that Jens Neelsen made says "a layer3 switch (e.g.3550-EMI) does not have layer3 interfaces. All interfaces (Fastethernet and GigabitEthernet) are layer2 interfaces. They can not have IP addresses." Further he adds "The VLANs are the (virtual) interfaces to the routing engine (=layer3 switch). Layer2 interfaces are grouped into different VLANs and the Layer3 switch (=Router) enables the communications between these VLANs. " Ok then the question is - if you have a LAN with ALL switches and NO routers - how do you define a gateway on the client? Example: 2 L2 switches. All hosts on switch 1 are in IP subnet 192.168.1.0/24 and all hosts on switch 2 are in IP subnet 192.168.2.0/24. Both L2 switches are connected to a single L3 switch with a router engine in it. Where do you define the gateways at? In order for hosts on L2 switch 1 to communicate with hosts L2 switch 2, the client has to have a gateway to forward to correct?? Stephen - Original Message - From: "Priscilla Oppenheimer" To: Sent: Monday, February 17, 2003 4:45 PM Subject: RE: Understanding VLANs - how they remove the physical [7:63173] > Stephen Hoover wrote: > > > > back to switch A to get his routing to > > the servers? > > Why would you EVER want a network configured this way?? Or even > > worse, what > > if your respective gateway was 3 or 4 L3 switches away? > > Your gateway can't be any L3 switches (routers) away. It has to be on your > LAN. It has to be in your subnet. It has to be in your broadcast domain. It > has to be in your VLAN. For one thing, a host ARPs for its default gateway. > ARP uses broadcast. > > I just noticed your comment and wanted to add my comment. Without being able > to decode your drawing, it's hard to tell exactly how to answer, but I'm > just trying to get you to think about what really happens to packets on a > campus network. The network design you're considering isn't just > impractical. It won't work, if I understand it correctly. > > Priscilla > > > > > That > > just doesn't > > seem practical to me. > > > > > > Thanks! > > Stephen Hoover > > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63214&t=63214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Understanding VLANs - how they remove the physical [7:63211]
Then explain to me what the ip address is doing that is assigned to my fast ethernet and gig interfaces on my 3550 and that also shows up in the routing table as a router interface. I have no vlans configured other than the default... Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Stephen Hoover" To: Sent: Monday, February 17, 2003 4:55 PM Subject: Re: Understanding VLANs - how they remove the physical [7:63194] > Ok, let me see if I can simply this: > > A post that Jens Neelsen made says "a layer3 switch (e.g.3550-EMI) does not > have layer3 interfaces. All interfaces (Fastethernet and GigabitEthernet) > are layer2 > interfaces. They can not have IP addresses." Further he adds "The VLANs are > the (virtual) interfaces to the routing engine (=layer3 switch). Layer2 > interfaces are grouped into different VLANs and the Layer3 switch (=Router) > enables the communications between these VLANs. " > > Ok then the question is - if you have a LAN with ALL switches and NO > routers - how do you define a gateway on the client? > > Example: > > 2 L2 switches. All hosts on switch 1 are in IP subnet 192.168.1.0/24 and all > hosts on switch 2 are in IP subnet 192.168.2.0/24. Both L2 switches are > connected to a single L3 switch with a router engine in it. > > Where do you define the gateways at? In order for hosts on L2 switch 1 to > communicate with hosts L2 switch 2, the client has to have a gateway to > forward to correct?? > > Stephen > > > > - Original Message - > From: "Priscilla Oppenheimer" > To: > Sent: Monday, February 17, 2003 4:45 PM > Subject: RE: Understanding VLANs - how they remove the physical [7:63173] > > > > Stephen Hoover wrote: > > > > > > back to switch A to get his routing to > > > the servers? > > > Why would you EVER want a network configured this way?? Or even > > > worse, what > > > if your respective gateway was 3 or 4 L3 switches away? > > > > Your gateway can't be any L3 switches (routers) away. It has to be on your > > LAN. It has to be in your subnet. It has to be in your broadcast domain. > It > > has to be in your VLAN. For one thing, a host ARPs for its default > gateway. > > ARP uses broadcast. > > > > I just noticed your comment and wanted to add my comment. Without being > able > > to decode your drawing, it's hard to tell exactly how to answer, but I'm > > just trying to get you to think about what really happens to packets on a > > campus network. The network design you're considering isn't just > > impractical. It won't work, if I understand it correctly. > > > > Priscilla > > > > > > > > > That > > > just doesn't > > > seem practical to me. > > > > > > > > > Thanks! > > > Stephen Hoover > > > Dallas, Texas [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63211&t=63211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
I appreciate everyone's input on this subject to help me understand this concept. As far as the newbies comment goes - I most definitely am. I'm about as green as they come. I have both my CCNA and my CCDA, but my only real experience is installing 2 T1s (at different locations) and configuring NAT for them. I have large amount of knowledge, just no experience. It has been my goal and my dream to become a serious network engineer for the last 6 years, but I just cannot seem to get a job that offers any experience. Everytime I get a "network" position, I just seemed to end up doing desktop support. When I first heard the term Layer 3 switching (some 4 years ago now) the first thing that popped into my mind was a switch that can route. I never even heard of a VLAN until a couple of years ago. The Cisco Study guide starts off talking about VLANs, and moves right into Inter-VLAN routing without ever really discussing Layer 3 switching as a seperate process. This is really where my confusion started. The book makes it sound like L3 switching is directly dependent on VLANs, and I just didn't see it - it wasn't something I was just willing to accept. Further more, the book states that VLANs allow for physical location independence, but is also says that VLANs should not cross the core - those 2 statements seem partly contradictory to me. Here is a summary of how I see VLANs now. Layer 3 switching is possible without VLANs (however the opposite is not true. Well at least not without some form of Layer 3 intervention.) VLANs simply the administration behind Layer 3 switching design. Physical location (port location) independence is ok in front of the layer 3 switch that is the the hosts gateway. Up to the hosts distribution switch. VLANs extending beyond the distribution layer switch across the core is generally not a good idea - possible, but not recommended. This is the "flat earth" design that Priscilla mentioned - VLANs that extend across the entire internetwork. Thanks! Stephen Hoover Dallas, Texas - Original Message - From: "Priscilla Oppenheimer" To: Sent: Monday, February 17, 2003 7:04 PM Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > This might help. What does the V stand for in VLAN? Virtual. VLANs are a > method for emulating Real LANs in a switched network. The original poster > seems disillusioned with VLANs. Well, I am too. :-) You can't do much with > them that you can't do with a bunch of Real LANs connected by routers. > > Better come up with a way to emulate LAN and IP subnet benefits on a > switched networks. OK, let's invent VLANs! > > But how do the VLANs talk to each other? Oh dear, we better go back to > routers. Nah, still too slow, though it will work in a pinch. I know! We > could speed them up and call them L3 switches. > > > One last rather serious comment. This is not a comment on the newbiness of > the original poster, but I must say that I think it is common for newbies to > get confused by VLANs. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63210&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
HTH, Thank you for these comments - this clears up a lot of confusion for me. To sum, just to make sure I really have this: Layer 3 switching is possible without VLANs (however the opposite is not true. Well at least not without some form of Layer 3 intervention.) VLANs simply the administration behind Layer 3 switching design. Physical location (port location) independence is ok in front of the layer 3 switch that is the the hosts gateway. Up to the hosts distribution switch. VLANs extending beyond the distribution layer switch across the core is generally not a good idea - possible, but not recommended. This is the "flat earth" design that Priscilla mentioned - VLANs that extend across the entire internetwork. Thanks! Stephen Hoover Dallas, Texas - Original Message - From: "The Long and Winding Road" To: Sent: Monday, February 17, 2003 6:00 PM Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] > I've been following this thread, and have offered a comment or two along the > way. Perhaps I should offer some thoughts here at the source. > > note that I have not read any of the exam study materials in question, so I > don't know what is or is not being stated in the courseware. I can offer > that just because it says so in the study materials doesn't mean that's the > way it is. > > comments below > > > ""Stephen Hoover"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I am studying for the CCNP Switching exam and it covers VLANs and layer 3 > > switching moderately. It states that Cisco recommends a 1 to 1 mapping of > > VLANs to subnets. It also states that VLANs can be used to break up > > broadcast domains. > > this is a reasonable, simple approach, and thus one that appeals to my > reasonably simple mind. > > > > > > When you create different subnets, you are already breaking up broadcast > > domains, so does layer 3 switching require the use of VLANs to actually do > > the switching? > > > this is where the confusion, no doubt introduced by the marketing people, > set in. > > suppose you have a router with three ethernet interfaces, and each of these > interfaces is plugged into a different hub ( no switch ) > > hosts on each of these hubs are in the same broadcast domain ( same > collision domain too, but I digress ) hosts in each of these domains cannot > reach hosts ( or servers ) in other domians, on different hubs, without > routing. > > this would be true, even if you had all hosts on the same great big hub with > 500 ports. You could have hosts on the same hub, but having different L3 ( > IP ) addresses. communication between hosts on different subnets, even if > they are on the same hub, require the intrercession of a router. > > vlans, made possible by various 802.1 specifications, are really just a way > of expressing logical broadcast domains. > > layer 3 switching is really routing. an L3 switch has the routing function > built into it, rather than using a separate piece of equipment. > > > > > > Say for instance I have 2 hosts on the same layer 3 switch, but the two > > hosts are on 2 different IP subnets (No VLANs are defined). Host A wants > to > > talk to host B. Can the switch not look up the routing info and then know > to > > switch to that port? I am not seeing where the requirement for the VLAN > > comes into play. > > despite what others have said, you can do this. it is wasteful, in that a > host plugged into an L3 port would require 4 ip addresses because you have a > subnet with two hosts ( the PC and the port, and the net number and the > broadcast address ). whereas if you have a vlan, that vlan is a virutal port > that represents the physical ports as a single subnet to the L3 ( routing ) > function. > > > > > > If VLANs are required for layer 3 switching, is that pretty much standard > > across the industry, or that a Cisco only thing? > > > forget this L3 switch versus router distinction. it is confusing, and > misrepresentational. > > think instead in terms of how traffic moves through a network. > > think instead of a vlan as a virtual logical construct that represents one > or more ports as a single broadcast domain to a router. it doesn't matter > that the router is integrated into the switch hardware with an ASIC and > code, or is an external device. > > HTH > > > > > > Thanks! > > Stephen Hoover > > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63208&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
""Stephen Hoover"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > - > > > actually it is by doing secondaries, but i would highly recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > one may also configure the physical interfaces as L3 interfaces - just as > > one might do on a router with several ethernet ports. > > > Oo ok, now THAT statement leads me to believe the L3 switching IS > possible without VLANs. > forgive the rant. you are not to blame. all the marketing hype is to blame. forget OSI. For L-anything. for data ( packets, frames, whatever ) to get from here to there, somethng has to happen. if I have a 75xx router with 300 ethernet ports, and I bridge all those ports, do I have an L3 switch, or a router? for data to get from here to there, it must be forwarded. I know Howard is going to jump all over my fast and loose use of the term "forward" but that is what happens. If my PC wants to send data to your PC, that data is forwarded to your PC. If your PC and mine are on the same subnet / hub / switch / vlan, it is L2 forwarding ( switching ). If the devices are on different subnets / switches . vlans / hubs then the packets are L3 forwarded ( routed ) As Priscilla has been pointing out, the issue is one of how networks work, how packets are forwarded, how data gets from here to there. An L3 device is a router is able to forward packets based on an L3 address, whether that L3 address be appletalk, IPX, or IP. an L2 device is a switch is a bridge is able to forward packets based on L2 addreses i.e. MAC address. the fact that some equipment can function as both a switch and a router ( anyone remember "brouters"? ) is irrelevant. on a 3550, a physical port ( into which you plug the ethernet patch cable ) can be stand alone physical, can be part of a vlan, thus making it distinct from ports on the same box that are not in the same vlan, or can have an IP ( L3 ) address. an SVI ( switch virtual interface ), invoked by the command "interface vlan x", is a representation of a group of ports that have been placed into a single vlan. The SVI represents those ports to the routing funtion, and behaves no differently that a router's ethernet port plugged into a hub. I'm hoping this helps clarify the concept. I believe you have been confused by the study materials you are reading, and by the mis-information that has been presented here on the list. sorry to have not taken the time to be more thorough in earlier replies. you can never go wrong studying Priscilla's posts, either. hope this is starting to make sense to you . Chuck > > -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63206&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
hi, comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The Long and Winding Road Sent: Monday, February 17, 2003 3:41 PM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] ""Vicky Rode"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > comment in-line: > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 17, 2003 2:10 AM > To: [EMAIL PROTECTED] > Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > > DEar Stefen, > > you are doing a bit of confusion: > > > so does layer 3 switching require the use of VLANs to actually do > > the switching? > > It's true the contrary case: the Vlans requires L3 to be routed, or, in > other terms, to comunicate each others. The L3 switching has no sens without > VLAN > > > Say for instance I have 2 hosts on the same layer 3 switch, but the > two > hosts are on 2 different IP subnets (No VLANs are defined). > > That's not possible! if you are talking about 2 IP subnet, than: > - > actually it is by doing secondaries, but i would highly recommend doing > vlans if possible. keep it clean and simple. one may also configure the physical interfaces as L3 interfaces - just as one might do on a router with several ethernet ports. --- true enough.i would love to move to native ios provided it reaches complete feature parity w/ catos. that's all. regards, /vicky > > > > > /vicky > > > 1) you are talking about 2 subnet in 2 distinct sides of a router > 2) you are talking about 2 Vlans in one L3 switch > > > Host A wants to talk to host B. Can the switch not look up the > > routing info and then know to switch to that port? I am not seeing > where > the requirement for the VLAN comes into play. > > 1) host A and Host B are in two different VLAn: they need the L3 engine to > comunicate > 2) host A and host B are in the same Vlan but they have IP addresses (be > careful this anyway a mistake!) who belongs to different VLAN: A can't > comunicate with B because A doesn't know the MAC of B ... A can have > knoledge of the MAC's of > a) the hosts in the same subnet > b) the gateway of the A's subnet > and B's MAC doesn't match either of the a and b case. > > Hope this halp you > > Greetings > > Luca Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63205&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Understanding VLANs - how they remove the physical [7:63194]
Ok, let me see if I can simply this: A post that Jens Neelsen made says "a layer3 switch (e.g.3550-EMI) does not have layer3 interfaces. All interfaces (Fastethernet and GigabitEthernet) are layer2 interfaces. They can not have IP addresses." Further he adds "The VLANs are the (virtual) interfaces to the routing engine (=layer3 switch). Layer2 interfaces are grouped into different VLANs and the Layer3 switch (=Router) enables the communications between these VLANs. " Ok then the question is - if you have a LAN with ALL switches and NO routers - how do you define a gateway on the client? Example: 2 L2 switches. All hosts on switch 1 are in IP subnet 192.168.1.0/24 and all hosts on switch 2 are in IP subnet 192.168.2.0/24. Both L2 switches are connected to a single L3 switch with a router engine in it. Where do you define the gateways at? In order for hosts on L2 switch 1 to communicate with hosts L2 switch 2, the client has to have a gateway to forward to correct?? Stephen - Original Message - From: "Priscilla Oppenheimer" To: Sent: Monday, February 17, 2003 4:45 PM Subject: RE: Understanding VLANs - how they remove the physical [7:63173] > Stephen Hoover wrote: > > > > back to switch A to get his routing to > > the servers? > > Why would you EVER want a network configured this way?? Or even > > worse, what > > if your respective gateway was 3 or 4 L3 switches away? > > Your gateway can't be any L3 switches (routers) away. It has to be on your > LAN. It has to be in your subnet. It has to be in your broadcast domain. It > has to be in your VLAN. For one thing, a host ARPs for its default gateway. > ARP uses broadcast. > > I just noticed your comment and wanted to add my comment. Without being able > to decode your drawing, it's hard to tell exactly how to answer, but I'm > just trying to get you to think about what really happens to packets on a > campus network. The network design you're considering isn't just > impractical. It won't work, if I understand it correctly. > > Priscilla > > > > > That > > just doesn't > > seem practical to me. > > > > > > Thanks! > > Stephen Hoover > > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63194&t=63194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
> > - > > actually it is by doing secondaries, but i would highly recommend doing > > vlans if possible. keep it clean and simple. > > > one may also configure the physical interfaces as L3 interfaces - just as > one might do on a router with several ethernet ports. Oo ok, now THAT statement leads me to believe the L3 switching IS possible without VLANs. -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63204&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Understanding VLANs - how they remove the phys [7:63196]
Emilia Lambros wrote: > > Why can't the L3 switches be run as L2 switches (ignoring the > routing capabilities) in that situation? If those two switches > were connected in that case, then connected to the core, > wouldn't that solve the problem of a gateway being 3 or 4 L3 > switches away? Your default gateway can be any number of L2 switches away from you. It just has to be in your subnet, VLAN, broadcast domain. Priscilla > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 18 February 2003 9:15 AM > To: [EMAIL PROTECTED] > Subject: RE: Understanding VLANs - how they remove the physical > [7:63173] > > > Stephen Hoover wrote: > > > > back to switch A to get his routing to > > the servers? > > Why would you EVER want a network configured this way?? Or > even > > worse, what > > if your respective gateway was 3 or 4 L3 switches away? > > Your gateway can't be any L3 switches (routers) away. It has to > be on your > LAN. It has to be in your subnet. It has to be in your > broadcast domain. It > has to be in your VLAN. For one thing, a host ARPs for its > default gateway. > ARP uses broadcast. > > I just noticed your comment and wanted to add my comment. > Without being able > to decode your drawing, it's hard to tell exactly how to > answer, but I'm > just trying to get you to think about what really happens to > packets on a > campus network. The network design you're considering isn't just > impractical. It won't work, if I understand it correctly. > > Priscilla > > > > > That > > just doesn't > > seem practical to me. > > > > > > Thanks! > > Stephen Hoover > > Dallas, Texas > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63201&t=63196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Understanding VLANs - how they remove the phys [7:63194]
Stephen Hoover wrote: > > Ok, let me see if I can simply this: > > A post that Jens Neelsen made says "a layer3 switch > (e.g.3550-EMI) does not > have layer3 interfaces. All interfaces (Fastethernet and > GigabitEthernet) > are layer2 > interfaces. They can not have IP addresses." He was just trying to get you to see that a L3 switch can have many interfaces that are L2 interfaces. > Further he adds > "The VLANs are > the (virtual) interfaces to the routing engine (=layer3 > switch). Layer2 > interfaces are grouped into different VLANs and the Layer3 > switch (=Router) > enables the communications between these VLANs. " > > Ok then the question is - if you have a LAN with ALL switches > and NO > routers - how do you define a gateway on the client? You don't. Gateway just means router (L3 switch). There used to be lots of LANs with no routers in the old days. You think the terminology is confusing these days; it was worse years ago. People used the term gateway to mean router. The term "default gateway" comes from that. So your question doesn't make sense. You said if you have a LAN with all switches and no routers, how do you define the router? WHY would you want to? There is no router. > > Example: > > 2 L2 switches. All hosts on switch 1 are in IP subnet > 192.168.1.0/24 and all > hosts on switch 2 are in IP subnet 192.168.2.0/24. Both L2 > switches are > connected to a single L3 switch with a router engine in it. Oh, you DO have a router (L3 switch). I thought you said that there were no routers. > > Where do you define the gateways at? The router (L3 switch) is the gateway. It's not clear from your question if all hosts are connected to a single interface on the router or if you have more than one interface. But the default gateway (router/L3 switch) is the interface that they connect to. > In order for hosts on L2 > switch 1 to > communicate with hosts L2 switch 2, the client has to have a > gateway to > forward to correct?? > > Stephen > > > > - Original Message - > From: "Priscilla Oppenheimer" > To: > Sent: Monday, February 17, 2003 4:45 PM > Subject: RE: Understanding VLANs - how they remove the physical > [7:63173] > > > > Stephen Hoover wrote: > > > > > > back to switch A to get his routing to > > > the servers? > > > Why would you EVER want a network configured this way?? Or > even > > > worse, what > > > if your respective gateway was 3 or 4 L3 switches away? > > > > Your gateway can't be any L3 switches (routers) away. It has > to be on your > > LAN. It has to be in your subnet. It has to be in your > broadcast domain. > It > > has to be in your VLAN. For one thing, a host ARPs for its > default > gateway. > > ARP uses broadcast. > > > > I just noticed your comment and wanted to add my comment. > Without being > able > > to decode your drawing, it's hard to tell exactly how to > answer, but I'm > > just trying to get you to think about what really happens to > packets on a > > campus network. The network design you're considering isn't > just > > impractical. It won't work, if I understand it correctly. > > > > Priscilla > > > > > > > > > That > > > just doesn't > > > seem practical to me. > > > > > > > > > Thanks! > > > Stephen Hoover > > > Dallas, Texas > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63200&t=63194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
good for you, Cil. This discussion was ( and still is, to judge from my in-box ) filled with misdirection and poor information. Cisco and all the other vendors are absolutely to blame for this. a router is a function, not a device so is a switch. what does it matter where the function resides, or how it is accomplished? -- TANSTAAFL "there ain't no such thing as a free lunch" ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This might help. What does the V stand for in VLAN? Virtual. VLANs are a > method for emulating Real LANs in a switched network. The original poster > seems disillusioned with VLANs. Well, I am too. :-) You can't do much with > them that you can't do with a bunch of Real LANs connected by routers. > > First we had hubs and bridges and routers. Then switches came out. They were > cheaper and faster than routers, so everyone jumped on the bandwagon and > started designing huge flat networks with mostly switches and maybe one > router to get out to the rest of the world. > > Ah, but there was a problem! A L2 switch forwards broadcasts out all ports. > And this was in the mid-1990s when PC CPUs were slow as molasses and got > bogged down by broadcasts and multicasts. Dreadful protocols like SAP and > RTMP and NetBIOS were rampant! Something had to be done. > > So, hu, should we go back to designing our networks with routers, which > don't forward broadcasts? Nah, still too expensive. > > Better come up with a way to emulate LAN and IP subnet benefits on a > switched networks. OK, let's invent VLANs! > > But how do the VLANs talk to each other? Oh dear, we better go back to > routers. Nah, still too slow, though it will work in a pinch. I know! We > could speed them up and call them L3 switches. > > > One last rather serious comment. This is not a comment on the newbiness of > the original poster, but I must say that I think it is common for newbies to > get confused by VLANs. > > Cisco teaches VLANs without ever teaching basic networking 101. People can't > understand VLANs unless they first understand a lot more about protocol > behavior and traffic flow. VLANs are really an advanced topic and shouldn't > be covered so early on in the Cisco test progression. Either that or CCNA > should be beefed up to teach something useful, if you ask me, which they > didn't. > > Priscilla > > > The Long and Winding Road wrote: > > > > I've been following this thread, and have offered a comment or > > two along the > > way. Perhaps I should offer some thoughts here at the source. > > > > note that I have not read any of the exam study materials in > > question, so I > > don't know what is or is not being stated in the courseware. I > > can offer > > that just because it says so in the study materials doesn't > > mean that's the > > way it is. > > > > comments below > > > > > > ""Stephen Hoover"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I am studying for the CCNP Switching exam and it covers VLANs > > and layer 3 > > > switching moderately. It states that Cisco recommends a 1 to > > 1 mapping of > > > VLANs to subnets. It also states that VLANs can be used to > > break up > > > broadcast domains. > > > > this is a reasonable, simple approach, and thus one that > > appeals to my > > reasonably simple mind. > > > > > > > > > > When you create different subnets, you are already breaking > > up broadcast > > > domains, so does layer 3 switching require the use of VLANs > > to actually do > > > the switching? > > > > > > this is where the confusion, no doubt introduced by the > > marketing people, > > set in. > > > > suppose you have a router with three ethernet interfaces, and > > each of these > > interfaces is plugged into a different hub ( no switch ) > > > > hosts on each of these hubs are in the same broadcast domain ( > > same > > collision domain too, but I digress ) hosts in each of these > > domains cannot > > reach hosts ( or servers ) in other domians, on different hubs, > > without > > routing. > > > > this would be true, even if you had all hosts on the same great > > big hub with > > 500 ports. You could have hosts on the same hub, but having > > different L3 ( > > IP ) addresses. communication between hosts on different > > subnets, even if > > they are on the same hub, r
Re: Does MLS (Layer 3 switching) require VLANs? YES [7:63147]
comments inline. --- Jens Neelsen wrote: > Hi, > > a layer3 switch (e.g.3550-EMI) does not have layer3 > interfaces. > All interfaces (Fastethernet and GigabitEthernet) > are layer2 > interfaces. They can not have IP addresses. On the 3550, you can have IP addresses on the actual interface if you do a 'no switchport' command thus making it not a switch port. > The VLANs are the (virtual) interfaces to the > routing engine (=layer3 switch). You can group ports together in the same VLAN by making them in the same access VLAN with the switchport command. Then you can optionally create a SVI for the VLANs you want to route on this switch. It's akin to a BVI on the routers. I don't know why they call it a SVI - just more acronyms. A switch is a multiport bridge. And same for "fallback-bridging" which is regular "bridge" commands that have been used on routers for a long time. > Layer2 interfaces are grouped into different VLANs > and the > Layer3 switch (=Router) enables the communications > between these VLANs. > > A Router has to have different IP subnets on each > interface. > Because the VLANs are the interfaces to the router, > you need > different subnets on each VLAN. See above. > With secondary IP adresses you can have more than > one IP subnet > on a VLAN. But as with router interfaces the subnets > of the > VLANs cannot overlap. > > A 5000 switch with RSM works in the same way. This > is covered in > the Cisco BCMSN training course. > > With kind regards > Jens Neelsen > > --- Stephen Hoover wrote: > > > > Say for instance I have 2 hosts on the same > layer 3 > > switch, but the > > > two > > > hosts are on 2 different IP subnets (No VLANs > are defined). > > > > > > That's not possible! if you are talking about 2 > IP subnet, > > than: > > > - > > > actually it is by doing secondaries, but i would > highly > > recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > > > > Vicki, > > > > You mention the use of secondary IP's. On a L3 > switch (a > > switch with the > > router engine in it) is it not possible to define > Ethernet sub > > interfaces > > instead of using secondary IPs - without VLANs > defined? > > > > > > I'm sorry to be so thick, I'm just not getting > it. If a L3 > > switch (with > > a routing module/engine in it) is essentially a > wire speed > > router, then the > > VLAN just seems like an additional identifier on > top of the L3 > > address - and > > doesn't really serve any purpose. In my previous > example, 2 > > hosts on the > > same L3 switch, but on 2 different IP subnets - > wouldn't a > > defined Ethernet > > subinterface be each clients respective gateway, > and thus > > normal L3 routing > > would occur, just at switch speeds > > > > > > Thanks again! > > > > Stephen Hoover > > Dallas, Texas > [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63197&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Understanding VLANs - how they remove the physical [7:63196]
Why can't the L3 switches be run as L2 switches (ignoring the routing capabilities) in that situation? If those two switches were connected in that case, then connected to the core, wouldn't that solve the problem of a gateway being 3 or 4 L3 switches away? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 February 2003 9:15 AM To: [EMAIL PROTECTED] Subject: RE: Understanding VLANs - how they remove the physical [7:63173] Stephen Hoover wrote: > > back to switch A to get his routing to > the servers? > Why would you EVER want a network configured this way?? Or even > worse, what > if your respective gateway was 3 or 4 L3 switches away? Your gateway can't be any L3 switches (routers) away. It has to be on your LAN. It has to be in your subnet. It has to be in your broadcast domain. It has to be in your VLAN. For one thing, a host ARPs for its default gateway. ARP uses broadcast. I just noticed your comment and wanted to add my comment. Without being able to decode your drawing, it's hard to tell exactly how to answer, but I'm just trying to get you to think about what really happens to packets on a campus network. The network design you're considering isn't just impractical. It won't work, if I understand it correctly. Priscilla > That > just doesn't > seem practical to me. > > > Thanks! > Stephen Hoover > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63196&t=63196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
This might help. What does the V stand for in VLAN? Virtual. VLANs are a method for emulating Real LANs in a switched network. The original poster seems disillusioned with VLANs. Well, I am too. :-) You can't do much with them that you can't do with a bunch of Real LANs connected by routers. First we had hubs and bridges and routers. Then switches came out. They were cheaper and faster than routers, so everyone jumped on the bandwagon and started designing huge flat networks with mostly switches and maybe one router to get out to the rest of the world. Ah, but there was a problem! A L2 switch forwards broadcasts out all ports. And this was in the mid-1990s when PC CPUs were slow as molasses and got bogged down by broadcasts and multicasts. Dreadful protocols like SAP and RTMP and NetBIOS were rampant! Something had to be done. So, hu, should we go back to designing our networks with routers, which don't forward broadcasts? Nah, still too expensive. Better come up with a way to emulate LAN and IP subnet benefits on a switched networks. OK, let's invent VLANs! But how do the VLANs talk to each other? Oh dear, we better go back to routers. Nah, still too slow, though it will work in a pinch. I know! We could speed them up and call them L3 switches. One last rather serious comment. This is not a comment on the newbiness of the original poster, but I must say that I think it is common for newbies to get confused by VLANs. Cisco teaches VLANs without ever teaching basic networking 101. People can't understand VLANs unless they first understand a lot more about protocol behavior and traffic flow. VLANs are really an advanced topic and shouldn't be covered so early on in the Cisco test progression. Either that or CCNA should be beefed up to teach something useful, if you ask me, which they didn't. Priscilla The Long and Winding Road wrote: > > I've been following this thread, and have offered a comment or > two along the > way. Perhaps I should offer some thoughts here at the source. > > note that I have not read any of the exam study materials in > question, so I > don't know what is or is not being stated in the courseware. I > can offer > that just because it says so in the study materials doesn't > mean that's the > way it is. > > comments below > > > ""Stephen Hoover"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I am studying for the CCNP Switching exam and it covers VLANs > and layer 3 > > switching moderately. It states that Cisco recommends a 1 to > 1 mapping of > > VLANs to subnets. It also states that VLANs can be used to > break up > > broadcast domains. > > this is a reasonable, simple approach, and thus one that > appeals to my > reasonably simple mind. > > > > > > When you create different subnets, you are already breaking > up broadcast > > domains, so does layer 3 switching require the use of VLANs > to actually do > > the switching? > > > this is where the confusion, no doubt introduced by the > marketing people, > set in. > > suppose you have a router with three ethernet interfaces, and > each of these > interfaces is plugged into a different hub ( no switch ) > > hosts on each of these hubs are in the same broadcast domain ( > same > collision domain too, but I digress ) hosts in each of these > domains cannot > reach hosts ( or servers ) in other domians, on different hubs, > without > routing. > > this would be true, even if you had all hosts on the same great > big hub with > 500 ports. You could have hosts on the same hub, but having > different L3 ( > IP ) addresses. communication between hosts on different > subnets, even if > they are on the same hub, require the intrercession of a router. > > vlans, made possible by various 802.1 specifications, are > really just a way > of expressing logical broadcast domains. > > layer 3 switching is really routing. an L3 switch has the > routing function > built into it, rather than using a separate piece of equipment. > > > > > > Say for instance I have 2 hosts on the same layer 3 switch, > but the two > > hosts are on 2 different IP subnets (No VLANs are defined). > Host A wants > to > > talk to host B. Can the switch not look up the routing info > and then know > to > > switch to that port? I am not seeing where the requirement > for the VLAN > > comes into play. > > despite what others have said, you can do this. it is wasteful, > in that a > host plugged into an L3 port would require 4 ip addresses > because you have a > subnet with two hosts ( the PC and the port, and the net number > and t
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
I've been following this thread, and have offered a comment or two along the way. Perhaps I should offer some thoughts here at the source. note that I have not read any of the exam study materials in question, so I don't know what is or is not being stated in the courseware. I can offer that just because it says so in the study materials doesn't mean that's the way it is. comments below ""Stephen Hoover"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am studying for the CCNP Switching exam and it covers VLANs and layer 3 > switching moderately. It states that Cisco recommends a 1 to 1 mapping of > VLANs to subnets. It also states that VLANs can be used to break up > broadcast domains. this is a reasonable, simple approach, and thus one that appeals to my reasonably simple mind. > > When you create different subnets, you are already breaking up broadcast > domains, so does layer 3 switching require the use of VLANs to actually do > the switching? this is where the confusion, no doubt introduced by the marketing people, set in. suppose you have a router with three ethernet interfaces, and each of these interfaces is plugged into a different hub ( no switch ) hosts on each of these hubs are in the same broadcast domain ( same collision domain too, but I digress ) hosts in each of these domains cannot reach hosts ( or servers ) in other domians, on different hubs, without routing. this would be true, even if you had all hosts on the same great big hub with 500 ports. You could have hosts on the same hub, but having different L3 ( IP ) addresses. communication between hosts on different subnets, even if they are on the same hub, require the intrercession of a router. vlans, made possible by various 802.1 specifications, are really just a way of expressing logical broadcast domains. layer 3 switching is really routing. an L3 switch has the routing function built into it, rather than using a separate piece of equipment. > > Say for instance I have 2 hosts on the same layer 3 switch, but the two > hosts are on 2 different IP subnets (No VLANs are defined). Host A wants to > talk to host B. Can the switch not look up the routing info and then know to > switch to that port? I am not seeing where the requirement for the VLAN > comes into play. despite what others have said, you can do this. it is wasteful, in that a host plugged into an L3 port would require 4 ip addresses because you have a subnet with two hosts ( the PC and the port, and the net number and the broadcast address ). whereas if you have a vlan, that vlan is a virutal port that represents the physical ports as a single subnet to the L3 ( routing ) function. > > If VLANs are required for layer 3 switching, is that pretty much standard > across the industry, or that a Cisco only thing? forget this L3 switch versus router distinction. it is confusing, and misrepresentational. think instead in terms of how traffic moves through a network. think instead of a vlan as a virtual logical construct that represents one or more ports as a single broadcast domain to a router. it doesn't matter that the router is integrated into the switch hardware with an ASIC and code, or is an external device. HTH > > Thanks! > Stephen Hoover > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63190&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? YES [7:63147]
Jens, MY 3550-EMI certainly can have layer 3 interfaces. All you need to do is to enter the command "no switchport" on the interface. Check out this link: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550cr/cl i2.htm#xtocid104 I quote: switchport Use the switchport interface configuration command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration. Use the no form of this command to put an interface in Layer 3 mode. switchport no switchport Use the no switchport command (without parameters) to set the interface to the routed-interface status and to erase all Layer 2 configurations. You must use this command before assigning an IP address to a routed port. -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: "Jens Neelsen" To: Sent: Monday, February 17, 2003 3:28 PM Subject: Re: Does MLS (Layer 3 switching) require VLANs? YES [7:63147] > Hi, > > a layer3 switch (e.g.3550-EMI) does not have layer3 interfaces. > All interfaces (Fastethernet and GigabitEthernet) are layer2 > interfaces. They can not have IP addresses. > > The VLANs are the (virtual) interfaces to the routing engine > (=layer3 switch). > > Layer2 interfaces are grouped into different VLANs and the > Layer3 switch (=Router) enables the communications between these > VLANs. > > A Router has to have different IP subnets on each interface. > Because the VLANs are the interfaces to the router, you need > different subnets on each VLAN. > > With secondary IP adresses you can have more than one IP subnet > on a VLAN. But as with router interfaces the subnets of the > VLANs cannot overlap. > > A 5000 switch with RSM works in the same way. This is covered in > the Cisco BCMSN training course. > > With kind regards > Jens Neelsen > > --- Stephen Hoover wrote: > > > > Say for instance I have 2 hosts on the same layer 3 > > switch, but the > > > two > > > hosts are on 2 different IP subnets (No VLANs are defined). > > > > > > That's not possible! if you are talking about 2 IP subnet, > > than: > > > - > > > actually it is by doing secondaries, but i would highly > > recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > > > > Vicki, > > > > You mention the use of secondary IP's. On a L3 switch (a > > switch with the > > router engine in it) is it not possible to define Ethernet sub > > interfaces > > instead of using secondary IPs - without VLANs defined? > > > > > > I'm sorry to be so thick, I'm just not getting it. If a L3 > > switch (with > > a routing module/engine in it) is essentially a wire speed > > router, then the > > VLAN just seems like an additional identifier on top of the L3 > > address - and > > doesn't really serve any purpose. In my previous example, 2 > > hosts on the > > same L3 switch, but on 2 different IP subnets - wouldn't a > > defined Ethernet > > subinterface be each clients respective gateway, and thus > > normal L3 routing > > would occur, just at switch speeds > > > > > > Thanks again! > > > > Stephen Hoover > > Dallas, Texas > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63189&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
""Vicky Rode"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > comment in-line: > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 17, 2003 2:10 AM > To: [EMAIL PROTECTED] > Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] > > > DEar Stefen, > > you are doing a bit of confusion: > > > so does layer 3 switching require the use of VLANs to actually do > > the switching? > > It's true the contrary case: the Vlans requires L3 to be routed, or, in > other terms, to comunicate each others. The L3 switching has no sens without > VLAN > > > Say for instance I have 2 hosts on the same layer 3 switch, but the > two > hosts are on 2 different IP subnets (No VLANs are defined). > > That's not possible! if you are talking about 2 IP subnet, than: > - > actually it is by doing secondaries, but i would highly recommend doing > vlans if possible. keep it clean and simple. one may also configure the physical interfaces as L3 interfaces - just as one might do on a router with several ethernet ports. > > > > > /vicky > > > 1) you are talking about 2 subnet in 2 distinct sides of a router > 2) you are talking about 2 Vlans in one L3 switch > > > Host A wants to talk to host B. Can the switch not look up the > > routing info and then know to switch to that port? I am not seeing > where > the requirement for the VLAN comes into play. > > 1) host A and Host B are in two different VLAn: they need the L3 engine to > comunicate > 2) host A and host B are in the same Vlan but they have IP addresses (be > careful this anyway a mistake!) who belongs to different VLAN: A can't > comunicate with B because A doesn't know the MAC of B ... A can have > knoledge of the MAC's of > a) the hosts in the same subnet > b) the gateway of the A's subnet > and B's MAC doesn't match either of the a and b case. > > Hope this halp you > > Greetings > > Luca Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63186&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? YES [7:63147]
""Jens Neelsen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > a layer3 switch (e.g.3550-EMI) does not have layer3 interfaces. > All interfaces (Fastethernet and GigabitEthernet) are layer2 > interfaces. They can not have IP addresses. gentle correction. by entering the "no switchport" command, one removes the particlar interface from the "L2" domain and into the L3 domain. At this point one can indeed enter IP address onto the physical inerfaces. I think you may be getting too carried away with L2 versus L3. A physical port exists in multiple layers of the OSI model, if you want to talk in terms of OSI. There is the physical port. There is whatever that physical port talks to and how. For example, an ethernet port has physical and mac layer characteristics. otherwise, how would it communicate with other devices on the wire? Add an IP address, and that port is now "L3" as well. A router with an ethernet interface plugged into a switch operates at all three "layers" of OSI. > > The VLANs are the (virtual) interfaces to the routing engine > (=layer3 switch). yes. good way of putting it. > > Layer2 interfaces are grouped into different VLANs and the > Layer3 switch (=Router) enables the communications between these > VLANs. one can also bridge between vlans, at least in the 3550 world. fallback bridging. > > A Router has to have different IP subnets on each interface. > Because the VLANs are the interfaces to the router, you need > different subnets on each VLAN. if you have subnet based vlans. remember that you can also have ip addressing on different ports, although, as you say, these all have to be on different subnets. unless you are etherchanneling, but that's a different story. but to get back to point here, what is the difference between a physical port configured with an IP address and a physical port assigned to a vlan, with the vlan having an ip address? > > With secondary IP adresses you can have more than one IP subnet > on a VLAN. But as with router interfaces the subnets of the > VLANs cannot overlap. > > A 5000 switch with RSM works in the same way. This is covered in > the Cisco BCMSN training course. > > With kind regards > Jens Neelsen > > --- Stephen Hoover wrote: > > > > Say for instance I have 2 hosts on the same layer 3 > > switch, but the > > > two > > > hosts are on 2 different IP subnets (No VLANs are defined). > > > > > > That's not possible! if you are talking about 2 IP subnet, > > than: > > > - > > > actually it is by doing secondaries, but i would highly > > recommend doing > > > vlans if possible. keep it clean and simple. > > > > > > > > > Vicki, > > > > You mention the use of secondary IP's. On a L3 switch (a > > switch with the > > router engine in it) is it not possible to define Ethernet sub > > interfaces > > instead of using secondary IPs - without VLANs defined? > > > > > > I'm sorry to be so thick, I'm just not getting it. If a L3 > > switch (with > > a routing module/engine in it) is essentially a wire speed > > router, then the > > VLAN just seems like an additional identifier on top of the L3 > > address - and > > doesn't really serve any purpose. In my previous example, 2 > > hosts on the > > same L3 switch, but on 2 different IP subnets - wouldn't a > > defined Ethernet > > subinterface be each clients respective gateway, and thus > > normal L3 routing > > would occur, just at switch speeds > > > > > > Thanks again! > > > > Stephen Hoover > > Dallas, Texas > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63185&t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Understanding VLANs - how they remove the physical [7:63173]
Stephen Hoover wrote: > > back to switch A to get his routing to > the servers? > Why would you EVER want a network configured this way?? Or even > worse, what > if your respective gateway was 3 or 4 L3 switches away? Your gateway can't be any L3 switches (routers) away. It has to be on your LAN. It has to be in your subnet. It has to be in your broadcast domain. It has to be in your VLAN. For one thing, a host ARPs for its default gateway. ARP uses broadcast. I just noticed your comment and wanted to add my comment. Without being able to decode your drawing, it's hard to tell exactly how to answer, but I'm just trying to get you to think about what really happens to packets on a campus network. The network design you're considering isn't just impractical. It won't work, if I understand it correctly. Priscilla > That > just doesn't > seem practical to me. > > > Thanks! > Stephen Hoover > Dallas, Texas > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63181&t=63173 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Understanding VLANs - how they remove the physical [7:63173]
Your ASCII art didn't work, at least for those of us who read this on the Web. The posting software replaces multiple spaces with one space. Argh. But, I think I understand your confusion and my advice is to leave L3 switches (i.e. routers) out of the scenario to understand the basic features of VLANs. A VLAN is a broadcast domain. If you really want VLAN 1 to be defined in both Building A and Building B, then you have to be using L2 switches. The switches have to forward broadcasts. The host in the VLAN have to be able to broadcast to each other. L3 switches (routers) don't forward broadcasts. Throw L3 switches (routers) into the mix and you break the simple design. When a host in Building A VLAN1 ARPs to find a host in Building B VLAN1, it won't work. ARP uses broadcasts. (Well, proxy ARP would make it work, but that's beside the point.) You could probably get your example to work with some bizarre configuration on the router, maybe? But it would be missing the point. Are you reading Cisco LAN Switching by Clark and Hamilton? That's the book to read. It has a lot of advice on network design. It also has a lot of bad things to say about the "flat earth" design where VLANs spread out over the internetwork. Priscilla Stephen Hoover wrote: > > Ok, I am really struggling to understand the usefulness of > VLANs here. In > the Switching exam book, it states that VLANs remove the > physical boundaries > of the network and a user anywhere on the network can be a > member of any > VLAN (IP subnet). Now I do understand this concept, but > consider the > following scenario.. > > > Building A > Building B > > > VLAN1-Switch1 Switch 1 > VLAN3 > > || > VLAN2Switch 2 Switch 2 > VLAN 1 > > || > > || > L3 switch A--COREL3 switch B > (has router engine) (has router > engine) > > \ / > > \ / > > \ / > > \ / > > \ / > > \/ > Servers > VLAN 4 > > > Now lets say that VLAN1 is defined in building A, but some > people in > building B need to be part of VLAN1. Doesn't that make L3 > Switch A the > default gateway for the VLAN1 user in building B? In which case > that user > has to cross the core back to switch A to get his routing to > the servers? > Why would you EVER want a network configured this way?? Or even > worse, what > if your respective gateway was 3 or 4 L3 switches away? That > just doesn't > seem practical to me. > > > Thanks! > Stephen Hoover > Dallas, Texas > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63179&t=63173 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
