Colocation and VLANs

Discussion in 'Cisco' started by Rick Kunkel, Jul 7, 2003.

  1. Rick Kunkel

    Rick Kunkel Guest

    Hello all,

    We're trying to come up with a basic setup for hooking up colocation
    customers at our NOC. Normally, we would just plug them into our
    switch, but recently we ran into a DHCP server flake-out when a
    customer hooked up a Windows 2000 server with Active Directory. and
    the DHCP server decided to see it as "the boss". Anyhow, in short, we
    need to do this differently.

    I figured VLAN's were the way to do things, but I'm having some
    trouble with our 3550 (compare to our older 2950). The customer in
    question just needs one port, so I'd like to give him one port on our
    switch, and have it in it's own little VLAN. However, I obviously
    need to have him talking to the router that sits on port 1 as well.
    Previously, I had done this using 'switchport access multi' on the
    2950, but there seems to be no equivalent command on the 3550. As far
    as I can tell, I will use trunking instead, but I'm pretty fuzzy on
    what that entails on the router attached to port 1. It sounds like
    (on the switch) I need to configure port 1 to be a trunk port that
    will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
    do I tell the router's ethernet port that it will be hearing traffic
    with VLAN stuff in it? Or does it just automatically know how to
    handle that stuff?

    Here's a simple diagram of the above situation...
    (hopefully you folks are running fixed-width)

    3550
    Switch
    | | |
    | | \----Customer
    | | Computer
    | \
    | \---DHCP
    | Server
    7206
    Router

    Thanks,

    Rick Kunkel
     
    Rick Kunkel, Jul 7, 2003
    #1
    1. Advertising

  2. M.C. van den Bovenkamp, Jul 7, 2003
    #2
    1. Advertising

  3. Rick Kunkel <kunkel(nospam)@w-link.net> writes:
    ....
    >Previously, I had done this using 'switchport access multi' on the
    >2950, but there seems to be no equivalent command on the 3550. As far
    >as I can tell, I will use trunking instead, but I'm pretty fuzzy on
    >what that entails on the router attached to port 1. It sounds like
    >(on the switch) I need to configure port 1 to be a trunk port that
    >will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
    >do I tell the router's ethernet port that it will be hearing traffic
    >with VLAN stuff in it? Or does it just automatically know how to
    >handle that stuff?

    ....

    It can still do 'switchport access multi', but that mode is pretty
    much an either-or with trunking mode.. (although I still want a
    specific trunk/multi setup to be allowed, but I can live without it).

    Once you configure your uplink to be trunked, you need to configure
    your router to handle the VLAN trunking. Since you say its a 3550, it
    must only do dot1q trunking. Inside the router, on the gig or faste
    interface, normal practice is that you'd setup subinterfaces with the
    VLAN trunk encapsulation commands (ie.

    int gig 0/0/0
    no ip addr
    int gig 0/0/0.1
    ip addr 10.20.31.254 255.255.255.0
    encapsulation dot1q 1
    int gig 0/0/0.2
    ip addr 10.20.32.254 255.255.255.0
    encapsulation dot1q 2
    int gig 0/0/0.3
    ip addr 10.20.33.254 255.255.255.0
    encapsulation dot1q 3

    etc. etc. with anything else you have going on. VLAN 1 is normally
    your native VLAN on the switch too. Depending on IOS version, you
    might need to move your native VLAN to the main interface instead of
    the 1st subinterface.

    --
    Doug McIntyre
    Network Engineer/Jack of All Trades
    Vector Internet Services, Inc.
     
    Doug McIntyre, Jul 7, 2003
    #3
  4. Hello, Rick!
    You wrote on Mon, 07 Jul 2003 10:12:43 -0700:

    RK> We're trying to come up with a basic setup for hooking up colocation
    RK> customers at our NOC. Normally, we would just plug them into our
    RK> switch, but recently we ran into a DHCP server flake-out when a customer
    RK> hooked up a Windows 2000 server with Active Directory. and the DHCP
    RK> server decided to see it as "the boss". Anyhow, in short, we need to do
    RK> this differently.

    I believe PVLAN is the answer you are looking for. Here is the link -

    http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_gui
    de_chapter09186a00800c6f41.html#xtocid6

    Keep in mind that 3550 doesn't support full-blown Private VLAN though. So no
    Community VLAN yet.

    With best regards,
    Andrey.
     
    Andrey Tarasov, Jul 8, 2003
    #4
  5. Rick Kunkel

    Rick Kunkel Guest

    Thanks. I was having a heck of time finging the router end of the
    info on Cisco's site.

    Rick


    On Mon, 07 Jul 2003 19:22:43 +0200, "M.C. van den Bovenkamp"
    <> wrote:

    >Rick Kunkel wrote:
    >
    >> will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
    >> do I tell the router's ethernet port that it will be hearing traffic
    >> with VLAN stuff in it? Or does it just automatically know how to
    >> handle that stuff?

    >
    >Think subinterfaces and 'encapsulation dot1q <vlan no.>':
    >http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt6/xcfvl80q.htm
    >
    > Regards,
    >
    > Marco.
     
    Rick Kunkel, Jul 8, 2003
    #5
  6. Rick Kunkel

    Rick Kunkel Guest

    Mainly, I'm interested in keeping broadcasts from creeping from one
    VLAN into another, since the weirdness I'm dealing with is caused by
    DHCP broadcasts to 255.255.255.255. Normal VLANs should do this,
    shouldn't they? What are PVLANs?

    (The link you gave me came up as 404 not found)

    Thanks,

    Rick Kunkel


    On Mon, 7 Jul 2003 17:58:08 -0700, "Andrey Tarasov" <>
    wrote:

    >Hello, Rick!
    >You wrote on Mon, 07 Jul 2003 10:12:43 -0700:
    >
    > RK> We're trying to come up with a basic setup for hooking up colocation
    > RK> customers at our NOC. Normally, we would just plug them into our
    > RK> switch, but recently we ran into a DHCP server flake-out when a customer
    > RK> hooked up a Windows 2000 server with Active Directory. and the DHCP
    > RK> server decided to see it as "the boss". Anyhow, in short, we need to do
    > RK> this differently.
    >
    >I believe PVLAN is the answer you are looking for. Here is the link -
    >
    >http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_gui
    >de_chapter09186a00800c6f41.html#xtocid6
    >
    >Keep in mind that 3550 doesn't support full-blown Private VLAN though. So no
    >Community VLAN yet.
    >
    >With best regards,
    >Andrey.
     
    Rick Kunkel, Jul 8, 2003
    #6
  7. Rick Kunkel

    Rick Kunkel Guest

    Native VLAN (WAS: Colocation and VLANs)

    At the bottom of your message, you mention the "native" VLAN. I've
    seen a lot of talk and config things pertaining to the "native" VLAN,
    but I'm a little mystified as to what the significance is. Also, it
    seems that the native VLAN is not tagged.

    Here are a few questions that I can't seem to find answers to on
    Cisco's web site. (They're very good at configuration help, but they
    seem to assume that you know WHY you'd use certain technologies or
    configuration styles, and very often that's the bit I can't find on
    their site, or elsewhere.)

    What is the purpose of the native VLAN?

    Is VLAN 1 normally the default native VLAN?

    (Somewhat related) I've seen a few suggestions to avoid using VLAN 1.
    They suggest that VLAN 1 is used internally by the system, despite
    whether you useit for traffic or not, and that it's best to let VLAN 1
    be and start your VLANs with another number. Sounds reasonable?

    How is a native VLAN related to the above concept above, if at all?

    Thanks much,

    Rick Kunkel




    On 07 Jul 2003 17:32:01 GMT, Doug McIntyre <> wrote:

    >Rick Kunkel <kunkel(nospam)@w-link.net> writes:
    >...
    >>Previously, I had done this using 'switchport access multi' on the
    >>2950, but there seems to be no equivalent command on the 3550. As far
    >>as I can tell, I will use trunking instead, but I'm pretty fuzzy on
    >>what that entails on the router attached to port 1. It sounds like
    >>(on the switch) I need to configure port 1 to be a trunk port that
    >>will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
    >>do I tell the router's ethernet port that it will be hearing traffic
    >>with VLAN stuff in it? Or does it just automatically know how to
    >>handle that stuff?

    >...
    >
    >It can still do 'switchport access multi', but that mode is pretty
    >much an either-or with trunking mode.. (although I still want a
    >specific trunk/multi setup to be allowed, but I can live without it).
    >
    >Once you configure your uplink to be trunked, you need to configure
    >your router to handle the VLAN trunking. Since you say its a 3550, it
    >must only do dot1q trunking. Inside the router, on the gig or faste
    >interface, normal practice is that you'd setup subinterfaces with the
    >VLAN trunk encapsulation commands (ie.
    >
    >int gig 0/0/0
    > no ip addr
    >int gig 0/0/0.1
    > ip addr 10.20.31.254 255.255.255.0
    > encapsulation dot1q 1
    >int gig 0/0/0.2
    > ip addr 10.20.32.254 255.255.255.0
    > encapsulation dot1q 2
    >int gig 0/0/0.3
    > ip addr 10.20.33.254 255.255.255.0
    > encapsulation dot1q 3
    >
    >etc. etc. with anything else you have going on. VLAN 1 is normally
    >your native VLAN on the switch too. Depending on IOS version, you
    >might need to move your native VLAN to the main interface instead of
    >the 1st subinterface.
     
    Rick Kunkel, Jul 8, 2003
    #7
  8. Hello, Rick!
    You wrote on Tue, 08 Jul 2003 08:42:38 -0700:

    RK> Mainly, I'm interested in keeping broadcasts from creeping from one
    RK> VLAN into another, since the weirdness I'm dealing with is caused by
    RK> DHCP broadcasts to 255.255.255.255. Normal VLANs should do this,
    RK> shouldn't they? What are PVLANs?

    Yes, normal VLAN do this just fine. The problem with normal VLAN in colo
    environment is that you will end up splitting your IP range in many many small
    sub-nets, wasting IP addresses and making complex configuration.

    Let say you have 100 customers, you will need 100 sub-nets, 100 sub-interfaces
    on your router, 298 IP addresses will be wasted for brodcast, network and
    gateway IP's.

    RK> (The link you gave me came up as 404 not found)

    I just checked it again - it's working. Make sure that you copied it correctly.
    You can also search cisco.com with the following keywords - 3550 private vlan -
    click on first link "Cisco Catalyst 6000 Series Switches - Private VLAN Catalyst
    Switch Support Matrix", scroll down to the table and in Catalyst platform column
    click on "Catalist 3550" - that will give you the same document.

    Regards,
    Andrey.

    RK> On Mon, 7 Jul 2003 17:58:08 -0700, "Andrey Tarasov" <>
    RK> wrote:

    >> Hello, Rick!
    >> You wrote on Mon, 07 Jul 2003 10:12:43 -0700:


    RK>>> We're trying to come up with a basic setup for hooking up colocation
    RK>>> customers at our NOC. Normally, we would just plug them into our
    RK>>> switch, but recently we ran into a DHCP server flake-out when a
    RK>>> customer hooked up a Windows 2000 server with Active Directory. and
    RK>>> the DHCP server decided to see it as "the boss". Anyhow, in short, we
    RK>>> need to do this differently.

    >> I believe PVLAN is the answer you are looking for. Here is the link -


    >> http://www.cisco.com/en/US/products/hw/switches/ps646/products_
    >> configuration_gui de_chapter09186a00800c6f41.html#xtocid6


    >> Keep in mind that 3550 doesn't support full-blown Private VLAN though. So
    >> no
    >> Community VLAN yet.


    >> With best regards,
    >> Andrey.


    With best regards,
     
    Andrey Tarasov, Jul 8, 2003
    #8
  9. Rick Kunkel

    Hansang Bae Guest

    Re: Native VLAN (WAS: Colocation and VLANs)

    In article <>, NOSPAM-
    says...
    > At the bottom of your message, you mention the "native" VLAN. I've
    > seen a lot of talk and config things pertaining to the "native" VLAN,
    > but I'm a little mystified as to what the significance is. Also, it
    > seems that the native VLAN is not tagged.
    >
    > Here are a few questions that I can't seem to find answers to on
    > Cisco's web site. (They're very good at configuration help, but they
    > seem to assume that you know WHY you'd use certain technologies or
    > configuration styles, and very often that's the bit I can't find on
    > their site, or elsewhere.)


    That is true about Cisco's website. They do have explanations, but you
    have to ferret them out!


    > What is the purpose of the native VLAN?
    > Is VLAN 1 normally the default native VLAN?


    For switches, VLAN 1 is the default native VLAN. Native VLAN comes into
    play when you trunk a port. If that trunk should fail, the only VLAN
    that can use the link is the native vlan. So whatever VLAN was assigned
    to the port when you created the trunk...becomes the native VLAN.
    Normally, VLAN 1 is the default hence it becomes a native VLAN. BUt you
    can certainly assign something else to the port before you make it a
    trunked port.

    Also, Cisco chose not to tag the native VLAN. This can come into play
    at different times. But newer CatOS/IOS code has the option of tagging
    the native vlan as well.

    > (Somewhat related) I've seen a few suggestions to avoid using VLAN 1.
    > They suggest that VLAN 1 is used internally by the system, despite
    > whether you useit for traffic or not, and that it's best to let VLAN 1
    > be and start your VLANs with another number. Sounds reasonable?


    It's generally recommended by Cisco to avoid putting user traffic on
    VLAN 1.

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Jul 8, 2003
    #9
  10. hi

    a switched environment is imho not really a good solution for colocation. -
    think of arp-poisoning or problems you had (dhcp)
    so a layer3-based separation is the way to go

    one solution is (as others here supposed to do) to have a trunk (dot1q)
    between the router and the switch.

    another one would be, using the 3550 (if it's running an emi-software) as
    the layer3-device

    ....or another solution: get a used 2948G-L3 on ebay ;-)
    (or two of them - running hsrp and giving the customers the option having
    redundant connection)

    regards, curtis


    "Rick Kunkel" <kunkel(nospam)@w-link.net> schrieb im Newsbeitrag
    news:...
    > Hello all,
    >
    > We're trying to come up with a basic setup for hooking up colocation
    > customers at our NOC. Normally, we would just plug them into our
    > switch, but recently we ran into a DHCP server flake-out when a
    > customer hooked up a Windows 2000 server with Active Directory. and
    > the DHCP server decided to see it as "the boss". Anyhow, in short, we
    > need to do this differently.
    >
    > I figured VLAN's were the way to do things, but I'm having some
    > trouble with our 3550 (compare to our older 2950). The customer in
    > question just needs one port, so I'd like to give him one port on our
    > switch, and have it in it's own little VLAN. However, I obviously
    > need to have him talking to the router that sits on port 1 as well.
    > Previously, I had done this using 'switchport access multi' on the
    > 2950, but there seems to be no equivalent command on the 3550. As far
    > as I can tell, I will use trunking instead, but I'm pretty fuzzy on
    > what that entails on the router attached to port 1. It sounds like
    > (on the switch) I need to configure port 1 to be a trunk port that
    > will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
    > do I tell the router's ethernet port that it will be hearing traffic
    > with VLAN stuff in it? Or does it just automatically know how to
    > handle that stuff?
    >
    > Here's a simple diagram of the above situation...
    > (hopefully you folks are running fixed-width)
    >
    > 3550
    > Switch
    > | | |
    > | | \----Customer
    > | | Computer
    > | \
    > | \---DHCP
    > | Server
    > 7206
    > Router
    >
    > Thanks,
    >
    > Rick Kunkel
    >
     
    Curtis M. West, Jul 8, 2003
    #10
  11. Rick Kunkel

    Sam Wilson Guest

    Re: Native VLAN (WAS: Colocation and VLANs)

    In article <uc_Oa.7480$>, shope
    <> wrote:

    > Native VLAN comes from the original 802.1Q standard - the idea is that if a
    > port recieves frames that are not tagged then they end up in the native
    > VLAN. and since you might want to reply then that VLAN sends out frames with
    > no 802.1Q wrapper.


    [snip]

    > It must be useful for something - it allows you to alter the VLAN number for
    > some traffic flowing through L2 - never needed it though.


    We have 3Com switches where the management entity is in a default VLAN
    and the default VLAN has to be VLAN 1. We therefore run it untagged on
    the trunk links to our Ciscos and make the Cisco untagged VLAN the VLAN
    we want to manage the 3Com on. All other VLANs are tagged - works a
    treat and keeps the management traffic off the real VLAN 1.

    Sam
     
    Sam Wilson, Jul 10, 2003
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Smith
    Replies:
    0
    Views:
    530
    John Smith
    Oct 17, 2003
  2. Gerald Krause

    Redundant Colocation Setup

    Gerald Krause, Aug 16, 2005, in forum: Cisco
    Replies:
    2
    Views:
    680
    Gerald Krause
    Aug 16, 2005
  3. punisher
    Replies:
    2
    Views:
    2,105
    Charles Deling
    Nov 17, 2005
  4. sireg

    Colocation: streaming and bandwidht requirements

    sireg, Mar 9, 2010, in forum: General Computer Support
    Replies:
    0
    Views:
    1,218
    sireg
    Mar 9, 2010
  5. Tony Mountifield

    Colocation at Magrathea Telecom

    Tony Mountifield, Nov 4, 2010, in forum: UK VOIP
    Replies:
    0
    Views:
    1,063
    Tony Mountifield
    Nov 4, 2010
Loading...

Share This Page