What are the steps to turn a L2 Cisco 3560 into a L3?
I also want to add a Vlan10 (w/ just one port) to the switch, as well.
I also have an external DHCP server configured for Vlan1 (which is currently working) & Vlan10 (wasn't working before I reset switch), and I want it setup to function for devices on Vlan10, as well.
These are the commands that I tried using:
[Enable IP Routing]
ip routing
[Setting up Vlan10]
interface vlan10
ip address [Network ID] [Subnet Mask]
[Port on Vlan10]
switchport access vlan10
switchport mode access
[Point Vlan10 to DHCP Server]
interface vlan10
ip helper-address [DHCP Server Network ID]
(Is this correct because last time I tried doing this devices on Vlan10 still wouldn't receive any DHCP addresses even though I also setup the DHCP Server for the .10 subnet)
This is pretty much as far as I was able to get before I had to reset my switch due to jacking up DHCP on Vlan1.
Am I missing any commands? Any suggestions?
- Follow via:
- RSS
- Email Alert
Question
0
Votes
What steps are involved in making a L2 3560 a L3?
22nd Feb 2008
Answers (3)
0
Votes
I'm stumped, but here's what Cisco says about it:
Catalyst switch models 3560, 3750, Catalyst 4500/4000 Series with Sup II+ or later, or Catalyst 6500/6000 Series that run Cisco IOS system software support basic InterVLAN routing features in all their supported software versions.
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml
22nd Feb 2008
Replies
It's funny how not many people really know the 100% way/method towards doing this....
For example: "Do this, do this, then do this..."
I mean, you buy L3 switches to essentially replace an external Router, or to lessen traffic leaving the switch, right?
Ok so I need to create an SVI. That I Do know.
For example: "Do this, do this, then do this..."
I mean, you buy L3 switches to essentially replace an external Router, or to lessen traffic leaving the switch, right?
Ok so I need to create an SVI. That I Do know.
devdevil85@...
22nd Feb 2008
0
Votes
Can you..
..tell us what it is you are trying to accomplish without telling us what you did so far? I am a little foggy on the details
TCB
TCB
22nd Feb 2008
Replies
As just a test (only to see if I can master adding a Vlan to our 3560-only), I want to add a Vlan (Vlan10) to our Cisco 3560 that will help separate our Service Dept. from our Sales Dept.
I have an external MS DHCP Server which we have configured for the .10 Subnet for Vlan10.
I am just wanting to add this Vlan (as a test) and basically give any devices on it the same abilities as devices on Vlan1. I am doing this because I don't want devices on Vlan1 to see devices on Vlan10.
If I can get this to work. I am going to then try another scenario where I add an Adtran Layer 2 Switch to the mix and basically make the 3560 Vlan1-only and make the Adtran Vlan10-only. If accomplished we will have any devices connected to the 3560 be Sales Dept.-only and devices on the Adtran Service Dept.-only.
We do have a L3 Kentrox Router/Firewall that we have connected to the 3560, but we are trying to keep all traffic (that we can) internal to the 3560 (for now) & then to both it and the Adtran.
I hope this makes sense.
I have an external MS DHCP Server which we have configured for the .10 Subnet for Vlan10.
I am just wanting to add this Vlan (as a test) and basically give any devices on it the same abilities as devices on Vlan1. I am doing this because I don't want devices on Vlan1 to see devices on Vlan10.
If I can get this to work. I am going to then try another scenario where I add an Adtran Layer 2 Switch to the mix and basically make the 3560 Vlan1-only and make the Adtran Vlan10-only. If accomplished we will have any devices connected to the 3560 be Sales Dept.-only and devices on the Adtran Service Dept.-only.
We do have a L3 Kentrox Router/Firewall that we have connected to the 3560, but we are trying to keep all traffic (that we can) internal to the 3560 (for now) & then to both it and the Adtran.
I hope this makes sense.
devdevil85@...
22nd Feb 2008
helped?
CG IT
22nd Feb 2008
but I don't know what is actually correct. I just want someone to tell me (based on their experience) what the steps/process would be for me to accomplish what I am trying to setup.
Like first, I know that I need to use:
ip routing (enabled L3 Routing on the 3560)
I need to create Vlan10 and assign an IP address to it
I need to create an SVI (whether I did that in the creation of Vlan10, Idk)
ip helper-address (I need to configure Vlan10 w/ this cmd to point it the DHCP Server and have the switch unicast packets to it)
I can either enable RIP on all devices, and/or I need to create a default, static route to the Kentrox for any unknown, outside traffic.
The gateway for Vlan10 devices are Vlan10's Network ID.
The gateway for Vlan1 devices need to be changed to (?)
Honestly, from here I don't know what else I need to do or where to go or what to setup. If this is all I need to do, then great!, but I tried this last time and didn't have much luck.
Like I said in previous posts, I had to change the gateway of devices on Vlan1 to the 3560 and not the Kentrox in order for them to ping the laptop connected to port 22 on Vlan10. This is something that nobody said I needed to do. It's things like this that I am trying to get clear before I take a go at this.
Like first, I know that I need to use:
ip routing (enabled L3 Routing on the 3560)
I need to create Vlan10 and assign an IP address to it
I need to create an SVI (whether I did that in the creation of Vlan10, Idk)
ip helper-address (I need to configure Vlan10 w/ this cmd to point it the DHCP Server and have the switch unicast packets to it)
I can either enable RIP on all devices, and/or I need to create a default, static route to the Kentrox for any unknown, outside traffic.
The gateway for Vlan10 devices are Vlan10's Network ID.
The gateway for Vlan1 devices need to be changed to (?)
Honestly, from here I don't know what else I need to do or where to go or what to setup. If this is all I need to do, then great!, but I tried this last time and didn't have much luck.
Like I said in previous posts, I had to change the gateway of devices on Vlan1 to the 3560 and not the Kentrox in order for them to ping the laptop connected to port 22 on Vlan10. This is something that nobody said I needed to do. It's things like this that I am trying to get clear before I take a go at this.
devdevil85@...
22nd Feb 2008
0
Votes
IP Services license
If you have the IP services license, the 3560 can be a full blown layer 3 device with support for OSPF/BGP/IGRP/EIGRP/RIP routing protocols. It would be configured according to your requirements.
22nd Feb 2008
Replies
I mean, with a router I have to create sub-interfaces and associate them w/ specific Vlan id's to get inter-vlan routing for multiple Vlan's to function over one trunk link.
Now that I'm trying to integrate the router functions into the switch itself (thus eliminating the sub-interfaced trunk link from the external router example), I am guessing I don't need to create these sub-interfaces on/within the switch. I would think that since the Vlans are internal to the switch, the switch can handle (in my situation) the 2 Vlans once I enable L3 Routing (via the ip routing command), right?
The statement you said in your post above is the exact reason why I am trying to use the L3 Switch as if there were a switch AND a router all in box, so that I can get Vlan 1 & Vlan 10 to talk back and forth, to get Vlan10 to the internet and to also get Vlan 10 to receive DHCP information for connected devices.
Now that I'm trying to integrate the router functions into the switch itself (thus eliminating the sub-interfaced trunk link from the external router example), I am guessing I don't need to create these sub-interfaces on/within the switch. I would think that since the Vlans are internal to the switch, the switch can handle (in my situation) the 2 Vlans once I enable L3 Routing (via the ip routing command), right?
The statement you said in your post above is the exact reason why I am trying to use the L3 Switch as if there were a switch AND a router all in box, so that I can get Vlan 1 & Vlan 10 to talk back and forth, to get Vlan10 to the internet and to also get Vlan 10 to receive DHCP information for connected devices.
devdevil85@...
22nd Feb 2008
it would do you well to read it, print it and have it as a reference.
http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/hybrid/routing.html
This gives you the basics of inter-vlan routing which even today, is done by the "router on a stick" premise. Layer 3 switches can act like routers which precludes having to use a routing device [cuts down on the amount of devices in a rack] but the concepts are the same.
After your read that, then read this article
http://www.cisco.com/warp/public/473/189.pdf
which specifically deals with configuring your 3560 for inter-vlan routing . It's PDF so also print it and add to your reference files.
note: ? Catalyst 3550−48 that runs Cisco IOS? Software Release 12.1(12c)EA1 EMI AND
Any Catalyst 3750/3560/3550 switch that runs EMI software or standard multilayer image (SMI)
Cisco IOS Software Release 12.1(11)EA1 and later
http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/hybrid/routing.html
This gives you the basics of inter-vlan routing which even today, is done by the "router on a stick" premise. Layer 3 switches can act like routers which precludes having to use a routing device [cuts down on the amount of devices in a rack] but the concepts are the same.
After your read that, then read this article
http://www.cisco.com/warp/public/473/189.pdf
which specifically deals with configuring your 3560 for inter-vlan routing . It's PDF so also print it and add to your reference files.
note: ? Catalyst 3550−48 that runs Cisco IOS? Software Release 12.1(12c)EA1 EMI AND
Any Catalyst 3750/3560/3550 switch that runs EMI software or standard multilayer image (SMI)
Cisco IOS Software Release 12.1(11)EA1 and later
CG IT
22nd Feb 2008
Thanks for the links. I'll refer to them if I run into any issues.
devdevil85@...
22nd Feb 2008
