Basic Configuration between switches

[waynewhittle]

Hi , I am very new to these switches (and Alcatel) and am trying to set up 3 switches all with the same VLANs, which I have managed successfully. These switches are connected via SPF links and are happily talking to each other but I just need confirmation that I have set things up correctly particularly regarding the VLANS and routing:

Switch 1, Switch 2 and Switch 3 are located on separate floors, have the following VLANs and are connected to each other via SPF
VLAN1 (default)
VLAN20 (internal)
VLAN30 (VOIP)
VLAN80 (External)

I have created ip interfaces for each of the VLANS on all switches. For example on Switch 1:
ip interface int-20 address 192.168.20.5 mask 255.255.255.0
ip interface voip-30 address 192.168.30.5 mask 255.255.255.0
ip interface voip-80 address 194.80.25.5 mask 255.255.255.0

Do I need to create ip interfaces for all all VLANs on all the switches ? I connect to the switches via the VLAN20 interface. Is this correct or are ip interfaces only used for management connections to the switch ?

I have configured 802.1q trunking on all the switches to enable VLANs to talk to each other as well as PoE settings etc..all fine there..

The second question I have is regarding Switch 3, which sits at the edge of our network. It has separate physical connections to our router/firewall various interfaces:

VLAN20 - a single cable from a port in this vlan is plugged into the internal interface of the router/firewall.
VLAN30 - a single cable from a port in this vlan is plugged into the VOIP interface of the router/firewall
VLAN80 - a single cable from a port in this vlan is plugged into the external interface of the router/firewall

I think this is referred to as a core switch but I'm not sure as its configuration is virtually the same as the other two switches. Should this switch be configured any differently from the others ? Do I need to set up a default gateway for any of the VLANs that require access to the internet or do I need to set up a static default route on each switch pointing to the router/firewall for those VLANs that require internet access ?

[ballooonnn]

Hi,

You only have to create ip interfaces where you need to route.

Note that ip interfaces have to be bound with a vlan with the commande :
ip interface int-20 address 192.168.20.5 mask 255.255.255.0 vlan 20

The error messages seems to be physical issues. Look at the fiber first, then sfp ... But the set up should be the same.

The defalt gateway is your IP address bounded to the vlan you set up before. It has to be set up in your vlan's client obviously...

On the switch where you route, you have to set up a default route to your internet gateway.

Hope it'll helps.
Br

[waynewhittle]

Hi,

Many thanks for your reply. Just to clarify your points.

1. If I have the same VLAN on two switches in order to route packets between these two switches on this VLAN I need to bind an IP interface on both
switches ? I thought the 802.1Q trunking took care of this by tagging the VLAN in question..

2. Switch 3 is connected to the router/firewall using all the VLAN interfaces, one of which is an external internet facing interface. I'm not sure how it routes out but it does somehow. The route table on this switch shows the gateways for each VLAN as the IP interfaces that I set up for each VLAN. The external VLAN is physically connected to the external port of the router. As I said it is working but I wasn't sure if this was the correct way to set it up.

Best regards,

Wayne.

[ballooonnn]

You have to make a difference between layer 2 and layer 3.

Layer 2 :

• MAC Address
• VLAN = broadcast domain, any client of a vlan can communicate with their MAC address
• Trunking = 802.1q = if you have more than 1 vlan on your switch, thanks to 802.1q you can connect your switch to another and transport your vlans through 1 link by tagging the vlans.

Layer 3 :

• IP address
• Routing

If you are between 2 switches, you are in a layer 2 domain. So no need to speak about IP address or IP route. In this case you don't route, you switch between the 2 switches. You just have to set up a trunk (802.1q) between the 2 switches.

You seem to be in a layer 2 domain with switches connected to each other and then, connected to a router. You just have to configure trunk imo. Dont need layer 3 which is managed by the router.

[waynewhittle]

That's great thanks for the confirmation! I already set up 802.1Q trunking on all the switches and tagged all the VLANs so it would appear that I don't need any IP interfaces setting up for these VLANs though I would need one for management in order to connect to each switch right ? Can I just configure one on our internal network data VLAN for each switch or is it best practice to associate it with another VLAN ? I've always wondered the best way to set up the management access of the switches..

Secondly what's the purpose of a core switch ? All our switches communicate with each other via 802.1Q trunking and into another switch (Switch 3), which interfaces to the gateway router ?

[cavagnaro]

Core switches are basically more powerful and can handle much more traffic than border ones

Enviado de meu E6633 usando Tapatalk

[ballooonnn]

best practices for the managment vlan is :
- use a specific vlan
- don't use the default/native vlan

[waynewhittle]

So would I use the VLAN that my PC belongs to (VLAN20) ? Also what is the native/default VLAN - is that VLAN1 ?

[ballooonnn]

You should choose a specific VLAN (new one) for your admin flow.

In factory set up, the default/native vlan is the vlan 1.

[waynewhittle]

Once I create the new VLAN - "Management" and assign new IP addresses to the VLANs interface on each switch (from a new subnet) how do I then connect to the switches in this subnet given that my machine or more specifically the port in which my machine resides is already assigned to the DATA vlan (VLAN20). I can bind a new IP in the same subnet on my PC but how can I connect to the switches if the port to VLAN assignment is 1:1. Can you assign two VLANs to one port ?