Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Following Is Illustration of Using Layer

    Hochgeladen von

    Gachanja Njoroge
    15 Ansichten21 Seiten
    Following is illustration of using Layer-3 switch to do inter-VLAN routing where the LAN 1 is user network, LAN 2 is server network, and LAN 3 is guest network.

    Originalbeschreibung:

    Originaltitel

    Following is Illustration of Using Layer

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Following is illustration of using Layer-3 switch to do inter-VLAN routing where the LAN 1 is user network, LAN 2 is server network, and LAN 3 is guest network.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    15 Ansichten21 Seiten

    Following Is Illustration of Using Layer

    Hochgeladen von

    Gachanja Njoroge
    Following is illustration of using Layer-3 switch to do inter-VLAN routing where the LAN 1 is user network, LAN 2 is server network, and LAN 3 is guest network.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 21

    Following is illustration of using Layer-3 switch to do inter-VLAN routing where the LAN 1 is user network, LAN 2 is server network,

    and LAN 3 is guest network.


    Internet | Router | | 10.0.0.0/24 | Layer-3 Switch | | | | LAN 2 | | 10.0.2.0/24 | | | LAN 1 LAN 3 10.0.1.0/24 10.0.3.0/24

    Sample Configuration of Layer-3 Switch design implementation Router: interface FastEthernet0/0 description Internet ip address dhcp ip nat outside ! interface FastEthernet0/1 description To Layer-3 Switch ip address 10.0.0.1 255.255.255.252 ip nat inside ! ip route 10.0.0.0 255.0.0.0 10.0.0.2 ! ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 permit 10.0.0.0 0.255.255.255 ! Switch vlan 1,11-13 ! ip routing ! interface FastEthernet0/1 description LAN 1 switchport access vlan 11

    switchport mode access ! interface FastEthernet0/2 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/3 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/5 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/6 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/7 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/8 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/9 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/12 description To Router no switchport ip address 10.0.0.2 255.255.255.252

    ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan11 description LAN 1 - Users ip address 10.0.1.1 255.255.255.0 ! interface Vlan12 description LAN 2 - Servers ip address 10.0.2.1 255.255.255.0 ! interface Vlan13 description LAN 3 - Guests ip address 10.0.3.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.0.0.1 ! Keep in mind that Layer-3 switches' prices in general are not cheap from SOHO users or small businesses' perspective since Layer-3 switches are designed for organizations that need physical hardware separation between router and switch when routing is in need. Therefore should there be cheap Layer-3 switches available, SOHO users or small businesses are more than welcome to use them. When small businesses need to do inter-VLAN routing (i.e. data interchange between multiple departments) or internal routing between LAN subnets (multiple broadcast domains), there are some "cheap" and might still be reliable solutions beside using layer-3 switches. One solution is to use a "Router On A Stick" design. Such design consists of a router and a layer2 switch that are capable of doing trunking. Following is illustration.
    Internet | Router with Trunking Capability * * Trunk between router and switch * Switch with Trunking Capability | | | | | | | | | | | LAN 2 | LAN 4 | | 10.0.2.0/24 | 10.0.4.0/24 | | | | LAN 1 LAN 3 LAN 5 10.0.1.0/24 10.0.3.0/24 10.0.5.0/24

    Sample Configuration of "Router On A Stick" design implementation Router: interface FastEthernet0/0 description Internet ip address dhcp ip nat outside ! interface FastEthernet0/1 description Trunk to Switch no ip address ! interface FastEthernet0/1.2 description Native VLAN ip address 10.0.0.1 255.255.255.252 encapsulation dot1q 2 native ip nat inside ! interface FastEthernet0/1.11 description LAN 1 ip address 10.0.1.1 255.255.255.0 encapsulation dot1q 11 ip nat inside ! interface FastEthernet0/1.12 description LAN 2 ip address 10.0.2.1 255.255.255.0 encapsulation dot1q 12 ip nat inside ! interface FastEthernet0/1.13 description LAN 3 ip address 10.0.1.1 255.255.255.0 encapsulation dot1q 13 ip nat inside ! ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 permit 10.0.0.0 0.255.255.255 ! Switch vlan 1-2,11-13

    ! interface FastEthernet0/1 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/2 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/3 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/12 description Trunk to Router switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-2,11-13 switchport mode trunk ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan2 description Native VLAN ip address 10.0.0.2 255.255.255.252 ! Another solution that is probably cheaper is to setup multiple unmanaged (dumb) switches with also multiple routers. While "Router On A Stick" design means single router terminates multiple LAN subnets, this second solution means each router terminates its own LAN subnet. Following is illustration.
    Internet | Internet Router | | 10.0.0.0/24 | Unmanaged Switch | | | | Router 2 | | | | | LAN 2 | | 10.0.2.0/24 | | |

    Router 1 | LAN 1 10.0.1.0/24

    Router 3 | LAN 3 10.0.3.0/24

    Sample Configuration of multiple router design implementation 1. Static Routing When there are only few LAN (broadcast domain), then static routing network design should be sufficient. Internet Router: interface FastEthernet0/0 description Internet ip address dhcp ip nat outside ! interface FastEthernet0/1 description Unmanaged Switch (LAN) ip address 10.0.0.254 255.255.255.0 ip nat inside ! ip route 10.0.1.0 255.255.255.0 10.0.0.1 ip route 10.0.2.0 255.255.255.0 10.0.0.2 ip route 10.0.3.0 255.255.255.0 10.0.0.3 ! ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 permit 10.0.0.0 0.255.255.255 ! Router 1 interface FastEthernet0/0 description Unmanaged Switch ip address 10.0.0.1 255.255.255.0 ! interface FastEthernet0/1 description LAN 1 ip address 10.0.1.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.0.0.254 ip route 10.0.2.0 255.255.255.0 10.0.0.2 ip route 10.0.3.0 255.255.255.0 10.0.0.3 !

    Router 2 interface FastEthernet0/0 description Unmanaged Switch ip address 10.0.0.2 255.255.255.0 ! interface FastEthernet0/1 description LAN 2 ip address 10.0.2.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.0.0.254 ip route 10.0.1.0 255.255.255.0 10.0.0.1 ip route 10.0.3.0 255.255.255.0 10.0.0.3 ! Router 3 interface FastEthernet0/0 description Unmanaged Switch ip address 10.0.0.3 255.255.255.0 ! interface FastEthernet0/1 description LAN 3 ip address 10.0.3.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.0.0.254 ip route 10.0.1.0 255.255.255.0 10.0.0.1 ip route 10.0.2.0 255.255.255.0 10.0.0.2 ! When there are more LAN (broadcast domain) in place or when there are multiple connections to reach the same destination (such as having multiple ISP to connect to the Internet), then network design based on dynamic routing might be more scalable than static route approach. Following is illustration.
    ISP 1 ISP 2 | | Router 1 Router 2 | | | 10.1.0.0/24 | 10.2.0.0/24 | 10.0.0.0/30 | Layer-3 Switch 1 ----------------------- Layer-3 Switch 2 | | | .1 .2 | | | | LAN 2 | | LAN 2 | | 10.1.2.0/24 | | 10.2.2.0/24 | | | | | LAN 1 LAN 3 LAN 1 LAN 3 10.1.1.0/24 10.1.3.0/24 10.2.1.0/24 10.2.3.0/24

    Building #1

    Building #2

    Sample Configuration of multiple router and Layer-3 switch design implementation 2. Dynamic Routing In this sample configuration, RIP as dynamic routing protocol is used to provide dynamic interconnectivity between two buildings. You may notice that RIP as the dynamic routing protocol in place decides that machines within Building #1 use ISP 1 to go out to the Internet as default, and will only use ISP #2 through point-to-point link between the two switches when ISP #1 becomes unavailable. Similarly, machines within Building #2 use ISP 2 to go out to the Internet as default, and will only use ISP #1 when ISP #2 becomes unavailable. Router 1: interface FastEthernet0/0 description ISP 1 ip address dhcp ip nat outside ! interface FastEthernet0/1 description Layer-3 Switch 1 ip address 10.1.0.254 255.255.255.0 ip nat inside ! router rip version 2 redistribute static route-map STATIC-to-RIP network 10.0.0.0 no auto-summary ! ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 remark Permitted Subnet to access Internet access-list 1 permit 10.0.0.0 0.3.255.255 access-list 10 remark Permitted Routes to Redistribute access-list 10 permit 0.0.0.0 ! route-map STATIC-to-RIP permit 10 match ip address 10 set metric 1 ! Switch 1 vlan 1-2,11-13

    ! ip routing ! interface FastEthernet0/1 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/2 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/3 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/5 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/6 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/7 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/8 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/9 description LAN 3 switchport access vlan 13

    switchport mode access ! interface FastEthernet0/11 description Layer-3 Switch 2 (Building #2) no switchport ip address 10.0.0.1 255.255.255.252 ip summary-address rip 10.1.0.0 255.255.0.0 ! interface FastEthernet0/12 description Router 1 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan2 description Management VLAN ip address 10.1.0.2 255.255.255.0 ! interface Vlan11 description LAN 1 ip address 10.1.1.1 255.255.255.0 ! interface Vlan12 description LAN 2 ip address 10.1.2.1 255.255.255.0 ! interface Vlan13 description LAN 3 ip address 10.1.3.1 255.255.255.0 ! router rip version 2 passive-interface Vlan11 passive-interface Vlan12 passive-interface Vlan13 network 10.0.0.0 no auto-summary ! Router 2: interface FastEthernet0/0 description ISP 2

    ip address dhcp ip nat outside ! interface FastEthernet0/1 description Layer-3 Switch 1 ip address 10.2.0.254 255.255.255.0 ip nat inside ! router rip version 2 redistribute static route-map STATIC-to-RIP network 10.0.0.0 no auto-summary ! ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 remark Permitted Subnet to access Internet access-list 1 permit 10.0.0.0 0.3.255.255 access-list 10 remark Permitted Routes to Redistribute access-list 10 permit 0.0.0.0 ! route-map STATIC-to-RIP permit 10 match ip address 10 set metric 1 ! Switch 2 vlan 1-2, 11-13 ! ip routing ! interface FastEthernet0/1 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/2 description LAN 1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/3 description LAN 1 switchport access vlan 11 switchport mode access

    ! interface FastEthernet0/4 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/5 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/6 description LAN 2 switchport access vlan 12 switchport mode access ! interface FastEthernet0/7 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/8 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/9 description LAN 3 switchport access vlan 13 switchport mode access ! interface FastEthernet0/11 description Layer-3 Switch 1 (Building #1) no switchport ip address 10.0.0.2 255.255.255.252 ip summary-address rip 10.2.0.0 255.255.0.0 ! interface FastEthernet0/12 description Router 2 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only shutdown !

    interface Vlan2 description Management VLAN ip address 10.2.0.2 255.255.255.0 ! interface Vlan11 description LAN 1 ip address 10.2.1.1 255.255.255.0 ! interface Vlan12 description LAN 2 ip address 10.2.2.1 255.255.255.0 ! interface Vlan13 description LAN 3 ip address 10.2.3.1 255.255.255.0 ! router rip version 2 passive-interface Vlan11 passive-interface Vlan12 passive-interface Vlan13 network 10.0.0.0 no auto-summary ! Whichever solution to choose, you should always use managed switch instead of unmanaged switch since in general, managed switch is more reliable and has more functionality to tune. Connectivity to Business Partner's Network Now let's review the following network topology which is typical datacenter layout or Ethernetbased network topology.
    Switch A1 ----- Switch A2 \ / \ / Switch A3 External network (business partner) ======================== Switch B3 Your network / \ / \ Switch B1 ----- Switch B2

    You have a network consisting of three switches (B1, B2, B3) and there is a business partner's network consisting of also three switches (A1, A2, A3). Each network may or may not run Spanning Tree to avoid Layer-2 network loop. The objective is to interconnect your network and the business partner's network somehow with less equipment in place, less complicated, reliable, and most importantly you still maintain your network control and administration.

    One may suggest that you simply run cables between switches A3 and B3 running layer-2 connectivity. By having Layer-2 connectivity, there is a danger of Layer-2 network loop which can bring down network immediately. From different perspective, you may have to surrender your Layer-2 network control over to your business partner since Layer-2 connectivity requires full control by single network administration and more likely, your business partner is the single network administration rather than yourself. When you have internal Layer-2 network within switches B1, B2, or B3; then you lose control of those internal network administrations as well which is typically unwanted. In other words, permitting your business partner to be the single network administration requires such switches B1, B2, and B3 to be dedicated switches for external connectivity to business partner and no internal Layer-2 network is allowed. Should there be a need to maintain internal Layer-2 network within switches B1, B2, and B3 while having external connection to your business network, Layer-3 connectivity should be your best bet. Even though there is a thing called Layer-3 network loop, such loop does not bring down network severely as Layer-2 network loop. Further, you still maintain your network integrity while having external connection to your business network with Layer-3 connectivity between your network and business partner's. At this point, let's consider Layer-3 connectivity between your network and business partner's. For the sake of illustration, assume the following Your network: 10.10.10.0/24 Your business partner's network: 100.32.10.0/24 Point-to-point WAN between your network and business partner's: 1.1.1.0/30 The internal IP subnet you use within your network is 10.10.10.0/24. For this connectivity, your business network uses 100.32.10.0/24 for your network to reach. Since there will be Layer-3 connectivity, there must be a device within your network that is able to do routing. One solution is to put a router between Switch A3 and Switch B3 like following
    Switch A1 ----- Switch A2 \ / \ / Switch A3 | Router | Switch B3 / \ / \ Switch B1 ----- Switch B2

    Note that the router is on your network edge since the router terminates your Layer-2 network to connect to your business partner's network.

    The configurations are the following Switch B1 vlan 1-2 ! interface FastEthernet0/1 description User 1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 description User 2 switchport access vlan 2 switchport mode access ! interface FastEthernet0/3 description User 3 switchport access vlan 2 switchport mode access ! interface FastEthernet0/11 description Switch B2 switchport access vlan 2 switchport mode access ! interface FastEthernet0/12 description Switch B3 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan2 description User VLAN ip address 10.10.10.1 255.255.255.0 ! Switch B2 vlan 1-2 ! interface FastEthernet0/1 description User 4

    switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 description User 5 switchport access vlan 2 switchport mode access ! interface FastEthernet0/3 description User 6 switchport access vlan 2 switchport mode access ! interface FastEthernet0/11 description Switch B1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/12 description Switch B3 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan2 description User VLAN ip address 10.10.10.2 255.255.255.0 ! Switch B3 vlan 1-2 ! interface FastEthernet0/1 description User 7 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 description User 8 switchport access vlan 2 switchport mode access !

    interface FastEthernet0/3 description User 9 switchport access vlan 2 switchport mode access ! interface FastEthernet0/10 description Router switchport access vlan 2 switchport mode access ! interface FastEthernet0/11 description Switch B1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/12 description Switch B2 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan2 description User VLAN ip address 10.10.10.3 255.255.255.0 ! Router interface FastEthernet0/0 description Business Partner's Switch A3 ip address 1.1.1.2 255.255.255.252 ! interface FastEthernet0/1 description Switch B3 ip address 10.10.10.254 255.255.255.0 ! ip route 100.32.10.0 255.255.255.0 1.1.1.1 ! When your Switch B3 is a Layer-2/3 switch, then you don't need to put a router between your network and your business partner's since you can utilize the Switch B3 routing functionality to reach the business partner's 100.32.10.0/24 network. The network topology and configuration are as follow

    Switch A1 ----- Switch A2 \ / \ / Switch A3 | | routing is in place | Switch B3 (Layer-2/3 switch) / \ / \ Switch B1 ----- Switch B2

    Switch B1 vlan 1-2 ! interface FastEthernet0/1 description User 1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 description User 2 switchport access vlan 2 switchport mode access ! interface FastEthernet0/3 description User 3 switchport access vlan 2 switchport mode access ! interface FastEthernet0/11 description Switch B2 switchport access vlan 2 switchport mode access ! interface FastEthernet0/12 description Switch B3 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only

    shutdown ! interface Vlan2 description User VLAN ip address 10.10.10.1 255.255.255.0 ! Switch B2 vlan 1-2 ! interface FastEthernet0/1 description User 4 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 description User 5 switchport access vlan 2 switchport mode access ! interface FastEthernet0/3 description User 6 switchport access vlan 2 switchport mode access ! interface FastEthernet0/11 description Switch B1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/12 description Switch B3 switchport access vlan 2 switchport mode access ! interface Vlan1 description VLAN database management only shutdown !

    interface Vlan2 description User VLAN ip address 10.10.10.2 255.255.255.0 ! Switch B3 vlan 1-2 ! ip routing ! interface FastEthernet0/1 description User 7 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 description User 8 switchport access vlan 2 switchport mode access ! interface FastEthernet0/3 description User 9 switchport access vlan 2 switchport mode access ! interface FastEthernet0/10 description Switch B1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/11 description Switch B2 switchport access vlan 2 switchport mode access ! interface FastEthernet0/12 description Business Partner's Switch A3 no switchport ip address 1.1.1.2 255.255.255.252

    ! interface Vlan1 description VLAN database management only shutdown ! interface Vlan2 description User VLAN ip address 10.10.10.3 255.255.255.0 ! ip route 100.32.10.0 255.255.255.0 1.1.1.1 ! Note that when the Switch B3 is a Layer-2/3 switch, there is no need to have a router in place which means less equipment to deal with.

    Das könnte Ihnen auch gefallen