11 Replies Latest reply: Jul 14, 2019 3:24 AM by Deepak Kumar RSS

    Distribution Switch Configuration

    Wesley Kirby

      All,

       

      I am working on a network which utilizes a 3750G as a core switch with 3560 access switches.  All switches have multiple vlans configured for data, voice and video and although all are layer 3 devices, only the 3750G is used for routing.  There is also no requirement for the devices on the access switch to communicate directly with each other as they must connect to centrally located management systems via the 3750G core switch.  That being said, I am curious about the opinion of the professional community here about configuration of the 3560 access switches.  Since they do need to route layer 3, I typically configure the 3560 access switches with an IP Default Gateway.  However, I have been told that I should configure them with a static route to the core switch but I see no benefit of a static route configuration.  Can anyone provide rational for either or both?

       

      Thanks in advance,

       

      Wes

        • 1. Re: Distribution Switch Configuration
          Conwyn

          Hi Wesley

           

          You could avoid spanning tree. You might want two 3750. I do not think it matters in that environment. I think this was a plan by marketing to push L3 switches into the access layer. We always use 3750 with stack cable at the access level.

           

          Regards Conwyn

          • 2. Re: Distribution Switch Configuration
            Wesley Kirby

            Conwyn,

             

            Thanks and understand.  Even though you have an L3 access switch, is there an advantage of assigning a static route over just a default gateway?  My thinking is if the L3 switch isn't going to be doing any routing, then a default gateway is sufficient.

             

            Rgards Wesley

            • 3. Re: Distribution Switch Configuration
              LeeBrownUSA

              Hi Wesley,

                             I wanted to ask where the default-gateway for the data, voice and video vlans lives?  Is it on the access 3560 switches or at the core 3750 switch?

                             The reason I asked is if the default-gateway for the data, voice and video vlans live on the 3750 switch you could have an 'event' that could swamp the 3750 switch CPU and/or other resources which would affect every other switch (therefore the users).   Example is a user hooks up an inexpensive gigabit mini-switch in their cubicle, then proceeds to loop the cable on the mini-switch.  That simple loop can send enough traffic to swamp a typical core switch CPU.

                             Just curious and I'll say this outloud to the community,  "With the all the vlan default-gateways on the core then I suggest a single point of failure has been built".

                             Ok, I'll wait to hear back from you on where your vlan default-gateways are (and from everyone else that may want to pummel me for saying the 'single point of failure' statement'...;-)

                             -Lee

              • 4. Re: Distribution Switch Configuration
                Wesley Kirby

                Lee,

                 

                I doubt pummeling is required here.

                 

                As for the default-gateway, the 3750 core switch is set up to route the devices on the various vlans to the applicable servers, whether that be a data server, VoIP CM, or whatever.

                 

                Does that clarify for you?


                Wesley

                • 5. Re: Distribution Switch Configuration
                  LeeBrownUSA

                  Nope, I'm a bit cloudy.  How about this question,  Are the data, voice and video vlan interface's (SVI) on the 3750 or pushed out to the 3560's?

                  • 6. Re: Distribution Switch Configuration
                    Wesley Kirby

                    The actual device interfaces are on the 3560s.  The 3750 is setup as a VTP server with the 3560s as VTP clients.

                    • 7. Re: Distribution Switch Configuration
                      LeeBrownUSA

                      My apologies for repeated questions as the failure in communication is most likely on my end.

                       

                      For example, you create a 'vlan 10' (Data) at layer 2, then you create the SVI or Vlan interface with "interface vlan 10" and then you use "ip address 10.10.10.1 255.255.255.0" for the interface vlan 10.

                      Where does the L3 or IP addressed "interface vlan 10" live?  On the 3750 or the 3560's?

                      • 8. Re: Distribution Switch Configuration
                        Wesley Kirby

                        3750

                        • 9. Re: Distribution Switch Configuration
                          LeeBrownUSA

                          Thanks Wesley,  Now my early morning (I'm on west coast) brain understands..:-)   I would just humbly suggest that on the 3560 (Access) that you use (if not on by default, then enable) some of the built in features to prevent a network event in one 3560 from sending so much traffic up to the 3750 as to swamp the CPU.  The users I have keep finding ways to be creative in this aspect.  We've see both 3750's, 4500 (SupV's) and a VSS pair get very busy with some traffic from some user created activity.  Mini-switches, even those that have STP/RSTP, have been an issue for my network at various time.

                           

                          Thanks for being patient with all my questions!

                           

                          -Lee

                          • 10. Re: Distribution Switch Configuration
                            STEVEN

                            If I understood, you need a default route or static route from 3750 Core Switch pointing out (ISP), and the trunk link between 3750

                            and 3560.

                             

                            3560 Switch being access only, you just need Management vlan and default gateway.

                             

                            for instance

                            3570

                            int vlan 10 data

                            192.168.10.1 255.255.255.0

                            int vlan 20 voice

                            192.168.20.1 255.255.255.0

                            int vlan 30 video

                            192.168.30.1 255.255.255.0

                            int vlan 50 Management

                            192.168.50.1 255.255.255.0

                             

                            ip route 0.0.0.0 0.0.0.0 (next hop)(ISP)

                             

                            Trunk

                            switchport trunk encapsulation dot1q

                            switchport mode trunk

                             

                            3560(access layer)

                            vlan 10

                            vlan 20

                            vlan 30

                            vlan 50 Management

                            int vlan 50

                            192.168.50.85 255.255.255.0

                            ip default-gateway 192.168.50.1

                             

                            Hope that will help.

                             

                            Steven.

                            • 11. Re: Distribution Switch Configuration
                              Deepak Kumar

                              Hi,

                              I hope you will understand the difference between Default route and Static route. There is no need to configure Default route on the Access switches (if no routing) but Some times we required. Why? I am setting in a VLAN 10 and wants to access the switch then What I will do? Switch will not respond and I have to move in the same switch management VLAN or VLAN which is having IP address on the switch or assign multiple static route on the switch. This is totally time consume process for me.

                               

                              What if you want to upgrade your switch using the TFTP server or wants logs on the another server which is not in the same management VLAN?

                               

                              We have consider all points.

                               

                              Regards,

                              Deepak Kumar