Need Help with IP Addressing

Discussion in 'Cisco' started by Bob Simon, Sep 8, 2006.

  1. Bob Simon

    Bob Simon Guest

    I'm working on a flat network covering 3 floors with a stack of four
    3550 switches per floor and one 4507 at the logical center. The gig
    ports of each stack are daisy-chained with the top and bottom switches
    linked back to the 4507. Each switch has a /24 private IP address
    applied to VLAN 1.

    I want to segment the network into three class c type subnets, one per
    floor, and have the 4507 route between them. I configured the IP
    addresses of the 3550s with the third octet designating the floor
    number. Then I configured the 4507 interfaces as no switchport and
    applied IP addresses.

    My logic is obviously wrong because the addresses of the top and
    bottom 3550s in each stack overlap each other and the new 4507 port
    address overlap with the VLAN. Could someone please explain how to
    design a valid addressing scheme?

    If we want to use Windows Server 2000 DHCP to assign all the client
    addresses, how can it determine which subnet the client should be part
    of?
    Bob Simon, Sep 8, 2006
    #1
    1. Advertising

  2. Bob Simon

    BernieM Guest

    "Bob Simon" <> wrote in message
    news:...
    > I'm working on a flat network covering 3 floors with a stack of four
    > 3550 switches per floor and one 4507 at the logical center. The gig
    > ports of each stack are daisy-chained with the top and bottom switches
    > linked back to the 4507. Each switch has a /24 private IP address
    > applied to VLAN 1.
    >
    > I want to segment the network into three class c type subnets, one per
    > floor, and have the 4507 route between them. I configured the IP
    > addresses of the 3550s with the third octet designating the floor
    > number. Then I configured the 4507 interfaces as no switchport and
    > applied IP addresses.
    >
    > My logic is obviously wrong because the addresses of the top and
    > bottom 3550s in each stack overlap each other and the new 4507 port
    > address overlap with the VLAN. Could someone please explain how to
    > design a valid addressing scheme?
    >
    > If we want to use Windows Server 2000 DHCP to assign all the client
    > addresses, how can it determine which subnet the client should be part
    > of?


    This is how I'd do it. We'll use "172.22.0.0/24" as the addressing scheme.

    How many hosts per floor? 4 x 48 port switch = 192 worst case so "/24" is
    fine.

    Define a VLAN and address block per floor, a vlan for switch management and
    a vlan for the native vlan of trunk ports:

    vlan101 name Floor-1 172.22.1.0 / 24
    vlan102 name Floor-2 172.22.2.0 / 24
    vlan103 name Floor-3 172.22.3.0 / 24
    vlan2 name Switch-Management 172.22.2.0 / 24
    vlan 999 name Native na

    Add the appropriate floor vlan to each switch stack ie. add vlan 101 to
    switches on floor 1, vlan 102 to switches on floor 2 and vlan 103 to
    switches on floor 3. vlan 2 and vlan 999 to all switches.

    Create vlan 2 interfaces to manage the switches and assign a
    default-gateway.

    ip default-gateway 172.22.2.254
    int vlan 2
    ip address 172.22.2.250 255.255.255.0

    If the switches on each floor are set up as a logical stack then only 1 ip
    address is needed per stack ...

    ip address 172.22.2.249 255.255.255.0
    ip address 172.22.2.248 255.255.255.0


    Create all these vlans on the 4507 and vlan interfaces to provide lan
    gateways:

    int vlan 101
    ip address 172.22.101.254 255.255.255.0

    int vlan 102
    ip address 172.22.102.254 255.255.255.0

    int vlan 103
    ip address 172.22.103.254 255.255.255.0

    int vlan 2
    ip address 172.22.2.254 255.255.255.0


    Creat a management vlan interface

    int vlan 2
    ip address 172.22.2.254 255.255.255.0


    The links to the switches should be trunks and trunk only the floors vlan
    and the switch management vlan:

    4507 ports for the top switches of each stack

    int gi1/1
    description primary link to Floor-1
    switchport
    switchport trunk encapulation dot1q
    switchport mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 2,101
    switchport trunk native vlan 999
    no spanning-tree portfast
    spanning-tree bpduguard disable
    no speed
    no duplex

    int gi1/2
    description primary link to Floor-2
    switchport
    switchport trunk encapulation dot1q
    switchport mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 2,101
    switchport trunk native vlan 999
    no spanning-tree portfast
    spanning-tree bpduguard disable
    no speed
    no duplex

    int gi1/3
    description primary link to Floor-3
    switchport
    switchport trunk encapulation dot1q
    switchport mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 2,101
    switchport trunk native vlan 999
    no spanning-tree portfast
    spanning-tree bpduguard disable
    no speed
    no duplex

    4507 ports for the bottom switches of each stack

    int gi1/4
    description secondary link to Floor-1
    switchport
    switchport trunk encapulation dot1q
    switchport mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 2,101
    switchport trunk native vlan 999
    no spanning-tree portfast
    spanning-tree bpduguard disable
    no speed
    no duplex

    int gi1/5
    description secondary link to Floor-2
    switchport
    switchport trunk encapulation dot1q
    switchport mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 2,101
    switchport trunk native vlan 999
    no spanning-tree portfast
    spanning-tree bpduguard disable
    no speed
    no duplex

    int gi1/6
    description secondary link to Floor-3
    switchport
    switchport trunk encapulation dot1q
    switchport mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 2,101
    switchport trunk native vlan 999
    no spanning-tree portfast
    spanning-tree bpduguard disable
    no speed
    no duplex



    How about you handle the configs for the trunks on the floor switches.

    Here's a config for their access ports.

    switchport
    switchport mode access
    switchport access vlan <vlan id>
    spanning-tree portfast
    spanning-tree bpduguard enable
    no speed
    no duplex

    BernieM
    BernieM, Sep 8, 2006
    #2
    1. Advertising

  3. Bob Simon

    BernieM Guest

    "Bob Simon" <> wrote in message
    news:...
    > I'm working on a flat network covering 3 floors with a stack of four
    > 3550 switches per floor and one 4507 at the logical center. The gig
    > ports of each stack are daisy-chained with the top and bottom switches
    > linked back to the 4507. Each switch has a /24 private IP address
    > applied to VLAN 1.
    >
    > I want to segment the network into three class c type subnets, one per
    > floor, and have the 4507 route between them. I configured the IP
    > addresses of the 3550s with the third octet designating the floor
    > number. Then I configured the 4507 interfaces as no switchport and
    > applied IP addresses.
    >
    > My logic is obviously wrong because the addresses of the top and
    > bottom 3550s in each stack overlap each other and the new 4507 port
    > address overlap with the VLAN. Could someone please explain how to
    > design a valid addressing scheme?
    >
    > If we want to use Windows Server 2000 DHCP to assign all the client
    > addresses, how can it determine which subnet the client should be part
    > of?


    Typo in my last post. IP addressing should have been ..

    vlan101 name Floor-1 172.22.101.0 / 24
    vlan102 name Floor-2 172.22.102.0 / 24
    vlan103 name Floor-3 172.22.103.0 / 24
    BernieM, Sep 8, 2006
    #3
  4. Bob Simon

    Bob Simon Guest

    Bernie,
    Thank you very much. I appreciate the time you spent on your reply.
    It's a lot more than I expected. I have one question right now (but
    will probably have more when I actually try to implement this).

    What is the purpose of the "vlan for the native vlan of trunk ports"?
    vlan 999 name Native no ip addr
    Bob


    On Fri, 08 Sep 2006 10:10:27 GMT, "BernieM" <> wrote:

    >
    >"Bob Simon" <> wrote in message
    >news:...
    >> I'm working on a flat network covering 3 floors with a stack of four
    >> 3550 switches per floor and one 4507 at the logical center. The gig
    >> ports of each stack are daisy-chained with the top and bottom switches
    >> linked back to the 4507. Each switch has a /24 private IP address
    >> applied to VLAN 1.
    >>
    >> I want to segment the network into three class c type subnets, one per
    >> floor, and have the 4507 route between them. I configured the IP
    >> addresses of the 3550s with the third octet designating the floor
    >> number. Then I configured the 4507 interfaces as no switchport and
    >> applied IP addresses.
    >>
    >> My logic is obviously wrong because the addresses of the top and
    >> bottom 3550s in each stack overlap each other and the new 4507 port
    >> address overlap with the VLAN. Could someone please explain how to
    >> design a valid addressing scheme?
    >>
    >> If we want to use Windows Server 2000 DHCP to assign all the client
    >> addresses, how can it determine which subnet the client should be part
    >> of?

    >
    >This is how I'd do it. We'll use "172.22.0.0/24" as the addressing scheme.
    >
    >How many hosts per floor? 4 x 48 port switch = 192 worst case so "/24" is
    >fine.
    >
    >Define a VLAN and address block per floor, a vlan for switch management and
    >a vlan for the native vlan of trunk ports:
    >
    >vlan101 name Floor-1 172.22.1.0 / 24
    >vlan102 name Floor-2 172.22.2.0 / 24
    >vlan103 name Floor-3 172.22.3.0 / 24
    >vlan2 name Switch-Management 172.22.2.0 / 24
    >vlan 999 name Native na
    >
    >Add the appropriate floor vlan to each switch stack ie. add vlan 101 to
    >switches on floor 1, vlan 102 to switches on floor 2 and vlan 103 to
    >switches on floor 3. vlan 2 and vlan 999 to all switches.
    >
    >Create vlan 2 interfaces to manage the switches and assign a
    >default-gateway.
    >
    >ip default-gateway 172.22.2.254
    >int vlan 2
    > ip address 172.22.2.250 255.255.255.0
    >
    >If the switches on each floor are set up as a logical stack then only 1 ip
    >address is needed per stack ...
    >
    > ip address 172.22.2.249 255.255.255.0
    > ip address 172.22.2.248 255.255.255.0
    >
    >
    >Create all these vlans on the 4507 and vlan interfaces to provide lan
    >gateways:
    >
    >int vlan 101
    > ip address 172.22.101.254 255.255.255.0
    >
    >int vlan 102
    > ip address 172.22.102.254 255.255.255.0
    >
    >int vlan 103
    > ip address 172.22.103.254 255.255.255.0
    >
    >int vlan 2
    > ip address 172.22.2.254 255.255.255.0
    >
    >
    >Creat a management vlan interface
    >
    >int vlan 2
    > ip address 172.22.2.254 255.255.255.0
    >
    >
    >The links to the switches should be trunks and trunk only the floors vlan
    >and the switch management vlan:
    >
    >4507 ports for the top switches of each stack
    >
    >int gi1/1
    >description primary link to Floor-1
    >switchport
    >switchport trunk encapulation dot1q
    >switchport mode trunk
    >switchport nonegotiate
    >switchport trunk allowed vlan 2,101
    >switchport trunk native vlan 999
    >no spanning-tree portfast
    >spanning-tree bpduguard disable
    >no speed
    >no duplex
    >
    >int gi1/2
    >description primary link to Floor-2
    >switchport
    >switchport trunk encapulation dot1q
    >switchport mode trunk
    >switchport nonegotiate
    >switchport trunk allowed vlan 2,101
    >switchport trunk native vlan 999
    >no spanning-tree portfast
    >spanning-tree bpduguard disable
    >no speed
    >no duplex
    >
    >int gi1/3
    >description primary link to Floor-3
    >switchport
    >switchport trunk encapulation dot1q
    >switchport mode trunk
    >switchport nonegotiate
    >switchport trunk allowed vlan 2,101
    >switchport trunk native vlan 999
    >no spanning-tree portfast
    >spanning-tree bpduguard disable
    >no speed
    >no duplex
    >
    >4507 ports for the bottom switches of each stack
    >
    >int gi1/4
    >description secondary link to Floor-1
    >switchport
    >switchport trunk encapulation dot1q
    >switchport mode trunk
    >switchport nonegotiate
    >switchport trunk allowed vlan 2,101
    >switchport trunk native vlan 999
    >no spanning-tree portfast
    >spanning-tree bpduguard disable
    >no speed
    >no duplex
    >
    >int gi1/5
    >description secondary link to Floor-2
    >switchport
    >switchport trunk encapulation dot1q
    >switchport mode trunk
    >switchport nonegotiate
    >switchport trunk allowed vlan 2,101
    >switchport trunk native vlan 999
    >no spanning-tree portfast
    >spanning-tree bpduguard disable
    >no speed
    >no duplex
    >
    >int gi1/6
    >description secondary link to Floor-3
    >switchport
    >switchport trunk encapulation dot1q
    >switchport mode trunk
    >switchport nonegotiate
    >switchport trunk allowed vlan 2,101
    >switchport trunk native vlan 999
    >no spanning-tree portfast
    >spanning-tree bpduguard disable
    >no speed
    >no duplex
    >
    >
    >
    >How about you handle the configs for the trunks on the floor switches.
    >
    >Here's a config for their access ports.
    >
    >switchport
    >switchport mode access
    >switchport access vlan <vlan id>
    >spanning-tree portfast
    >spanning-tree bpduguard enable
    >no speed
    >no duplex
    >
    >BernieM
    >
    Bob Simon, Sep 8, 2006
    #4
  5. In article <>,
    Bob Simon <> wrote:

    >What is the purpose of the "vlan for the native vlan of trunk ports"?
    >vlan 999 name Native no ip addr


    Backwards compatability. Any packets in the "native" VLAN will be
    sent across the trunk with no 802.1Q tags, so they will look exactly
    like packets that are not in VLANs at all. A useful property if you
    are trying to incrementally convert infrastructure into VLAN format.
    Walter Roberson, Sep 8, 2006
    #5
  6. Bob Simon

    BernieM Guest

    No worries Bob. I see Walter answered the native vlan Q so i'll take this
    opportunity to correct a few typo's.

    My intended addressing scheme:
    vlan101 name Floor-1 172.22.101.0 / 24
    vlan102 name Floor-2 172.22.102.0 / 24
    vlan103 name Floor-3 172.22.103.0 / 24

    and then just trunk the appropriate vlan (+ management) to each floor:
    Floor 1 switchport trunk allowed vlan 2,101
    Floor 2 switchport trunk allowed vlan 2,102
    Floor 3 switchport trunk allowed vlan 2,103

    same again for the backup links.

    You intended having the link from the top swich of each stack be the
    primary. To force this spanning-tree design you can configure on the
    secondary trunks at the 4507 end:

    spanning-tree vlan <floor vlan id> cost 32000

    Good luck,

    BernieM




    "Bob Simon" <> wrote in message
    news:...
    > Bernie,
    > Thank you very much. I appreciate the time you spent on your reply.
    > It's a lot more than I expected. I have one question right now (but
    > will probably have more when I actually try to implement this).
    >
    > What is the purpose of the "vlan for the native vlan of trunk ports"?
    > vlan 999 name Native no ip addr
    > Bob
    >
    >
    > On Fri, 08 Sep 2006 10:10:27 GMT, "BernieM" <> wrote:
    >
    >>
    >>"Bob Simon" <> wrote in message
    >>news:...
    >>> I'm working on a flat network covering 3 floors with a stack of four
    >>> 3550 switches per floor and one 4507 at the logical center. The gig
    >>> ports of each stack are daisy-chained with the top and bottom switches
    >>> linked back to the 4507. Each switch has a /24 private IP address
    >>> applied to VLAN 1.
    >>>
    >>> I want to segment the network into three class c type subnets, one per
    >>> floor, and have the 4507 route between them. I configured the IP
    >>> addresses of the 3550s with the third octet designating the floor
    >>> number. Then I configured the 4507 interfaces as no switchport and
    >>> applied IP addresses.
    >>>
    >>> My logic is obviously wrong because the addresses of the top and
    >>> bottom 3550s in each stack overlap each other and the new 4507 port
    >>> address overlap with the VLAN. Could someone please explain how to
    >>> design a valid addressing scheme?
    >>>
    >>> If we want to use Windows Server 2000 DHCP to assign all the client
    >>> addresses, how can it determine which subnet the client should be part
    >>> of?

    >>
    >>This is how I'd do it. We'll use "172.22.0.0/24" as the addressing
    >>scheme.
    >>
    >>How many hosts per floor? 4 x 48 port switch = 192 worst case so "/24" is
    >>fine.
    >>
    >>Define a VLAN and address block per floor, a vlan for switch management
    >>and
    >>a vlan for the native vlan of trunk ports:
    >>
    >>vlan101 name Floor-1 172.22.1.0 / 24
    >>vlan102 name Floor-2 172.22.2.0 / 24
    >>vlan103 name Floor-3 172.22.3.0 / 24
    >>vlan2 name Switch-Management 172.22.2.0 / 24
    >>vlan 999 name Native na
    >>
    >>Add the appropriate floor vlan to each switch stack ie. add vlan 101 to
    >>switches on floor 1, vlan 102 to switches on floor 2 and vlan 103 to
    >>switches on floor 3. vlan 2 and vlan 999 to all switches.
    >>
    >>Create vlan 2 interfaces to manage the switches and assign a
    >>default-gateway.
    >>
    >>ip default-gateway 172.22.2.254
    >>int vlan 2
    >> ip address 172.22.2.250 255.255.255.0
    >>
    >>If the switches on each floor are set up as a logical stack then only 1 ip
    >>address is needed per stack ...
    >>
    >> ip address 172.22.2.249 255.255.255.0
    >> ip address 172.22.2.248 255.255.255.0
    >>
    >>
    >>Create all these vlans on the 4507 and vlan interfaces to provide lan
    >>gateways:
    >>
    >>int vlan 101
    >> ip address 172.22.101.254 255.255.255.0
    >>
    >>int vlan 102
    >> ip address 172.22.102.254 255.255.255.0
    >>
    >>int vlan 103
    >> ip address 172.22.103.254 255.255.255.0
    >>
    >>int vlan 2
    >> ip address 172.22.2.254 255.255.255.0
    >>
    >>
    >>Creat a management vlan interface
    >>
    >>int vlan 2
    >> ip address 172.22.2.254 255.255.255.0
    >>
    >>
    >>The links to the switches should be trunks and trunk only the floors vlan
    >>and the switch management vlan:
    >>
    >>4507 ports for the top switches of each stack
    >>
    >>int gi1/1
    >>description primary link to Floor-1
    >>switchport
    >>switchport trunk encapulation dot1q
    >>switchport mode trunk
    >>switchport nonegotiate
    >>switchport trunk allowed vlan 2,101
    >>switchport trunk native vlan 999
    >>no spanning-tree portfast
    >>spanning-tree bpduguard disable
    >>no speed
    >>no duplex
    >>
    >>int gi1/2
    >>description primary link to Floor-2
    >>switchport
    >>switchport trunk encapulation dot1q
    >>switchport mode trunk
    >>switchport nonegotiate
    >>switchport trunk allowed vlan 2,101
    >>switchport trunk native vlan 999
    >>no spanning-tree portfast
    >>spanning-tree bpduguard disable
    >>no speed
    >>no duplex
    >>
    >>int gi1/3
    >>description primary link to Floor-3
    >>switchport
    >>switchport trunk encapulation dot1q
    >>switchport mode trunk
    >>switchport nonegotiate
    >>switchport trunk allowed vlan 2,101
    >>switchport trunk native vlan 999
    >>no spanning-tree portfast
    >>spanning-tree bpduguard disable
    >>no speed
    >>no duplex
    >>
    >>4507 ports for the bottom switches of each stack
    >>
    >>int gi1/4
    >>description secondary link to Floor-1
    >>switchport
    >>switchport trunk encapulation dot1q
    >>switchport mode trunk
    >>switchport nonegotiate
    >>switchport trunk allowed vlan 2,101
    >>switchport trunk native vlan 999
    >>no spanning-tree portfast
    >>spanning-tree bpduguard disable
    >>no speed
    >>no duplex
    >>
    >>int gi1/5
    >>description secondary link to Floor-2
    >>switchport
    >>switchport trunk encapulation dot1q
    >>switchport mode trunk
    >>switchport nonegotiate
    >>switchport trunk allowed vlan 2,101
    >>switchport trunk native vlan 999
    >>no spanning-tree portfast
    >>spanning-tree bpduguard disable
    >>no speed
    >>no duplex
    >>
    >>int gi1/6
    >>description secondary link to Floor-3
    >>switchport
    >>switchport trunk encapulation dot1q
    >>switchport mode trunk
    >>switchport nonegotiate
    >>switchport trunk allowed vlan 2,101
    >>switchport trunk native vlan 999
    >>no spanning-tree portfast
    >>spanning-tree bpduguard disable
    >>no speed
    >>no duplex
    >>
    >>
    >>
    >>How about you handle the configs for the trunks on the floor switches.
    >>
    >>Here's a config for their access ports.
    >>
    >>switchport
    >>switchport mode access
    >>switchport access vlan <vlan id>
    >>spanning-tree portfast
    >>spanning-tree bpduguard enable
    >>no speed
    >>no duplex
    >>
    >>BernieM
    >>

    >
    BernieM, Sep 8, 2006
    #6
  7. Bob Simon

    Bob Simon Guest

    On Fri, 08 Sep 2006 15:51:01 GMT, (Walter
    Roberson) wrote:

    >In article <>,
    >Bob Simon <> wrote:
    >
    >>What is the purpose of the "vlan for the native vlan of trunk ports"?
    >>vlan 999 name Native no ip addr

    >
    >Backwards compatability. Any packets in the "native" VLAN will be
    >sent across the trunk with no 802.1Q tags, so they will look exactly
    >like packets that are not in VLANs at all. A useful property if you
    >are trying to incrementally convert infrastructure into VLAN format.


    After I implement VLANs, I don't expect any native packets. Where
    would they come from? If there are any, can they be trapped and
    logged.
    Bob Simon, Sep 10, 2006
    #7
  8. In article <>,
    Bob Simon <> wrote:

    >After I implement VLANs, I don't expect any native packets. Where
    >would they come from?


    You have to watch out for packets originated by the devices themselves.
    Also I seem to recall reading something along the lines of CDP always
    using VLAN 1, but I'm not at all certain of that. Perhaps it was
    some of the other management packets.

    > If there are any, can they be trapped and
    >logged.


    Possibly with some policy based routing?
    Walter Roberson, Sep 10, 2006
    #8
  9. Bob Simon

    BernieM Guest

    "Walter Roberson" <> wrote in message
    news:0TMMg.538925$IK3.180876@pd7tw1no...
    > In article <>,
    > Bob Simon <> wrote:
    >
    >>After I implement VLANs, I don't expect any native packets. Where
    >>would they come from?

    >
    > You have to watch out for packets originated by the devices themselves.
    > Also I seem to recall reading something along the lines of CDP always
    > using VLAN 1, but I'm not at all certain of that. Perhaps it was
    > some of the other management packets.
    >


    We don't even trunk vlan 1 where we don't have to so can guarantee CDP, VTP,
    and BPDU's don't use it. As soon as we replace the remaining 3500XL's vlan
    1 trunking will not be anywhere.
    BernieM, Sep 10, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ken
    Replies:
    0
    Views:
    402
  2. totojepast

    Addressing the recent Cisco IOS bug

    totojepast, Jul 22, 2003, in forum: Cisco
    Replies:
    10
    Views:
    1,061
    totojepast
    Jul 25, 2003
  3. Bill F

    call manager re-addressing

    Bill F, May 17, 2004, in forum: Cisco
    Replies:
    1
    Views:
    455
    Rik Bain
    May 17, 2004
  4. =?Utf-8?B?QW5kcmUgU3QtQXViaW4=?=

    70-216 need some help understanding IP addressing.

    =?Utf-8?B?QW5kcmUgU3QtQXViaW4=?=, Aug 11, 2004, in forum: MCSE
    Replies:
    10
    Views:
    771
    TechGeekPro
    Aug 11, 2004
  5. gtmartin_mcp

    291 IP Addressing Help

    gtmartin_mcp, Jun 12, 2007, in forum: MCSA
    Replies:
    6
    Views:
    295
    Red Swingline Stapler
    Jun 27, 2007
Loading...

Share This Page