Colocation and VLANs

Discussion in 'Cisco' started by Rick Kunkel, Jul 7, 2003.

  1. Rick Kunkel

    Rick Kunkel Guest

    Hello all,

    We're trying to come up with a basic setup for hooking up colocation
    customers at our NOC. Normally, we would just plug them into our
    switch, but recently we ran into a DHCP server flake-out when a
    customer hooked up a Windows 2000 server with Active Directory. and
    the DHCP server decided to see it as "the boss". Anyhow, in short, we
    need to do this differently.

    I figured VLAN's were the way to do things, but I'm having some
    trouble with our 3550 (compare to our older 2950). The customer in
    question just needs one port, so I'd like to give him one port on our
    switch, and have it in it's own little VLAN. However, I obviously
    need to have him talking to the router that sits on port 1 as well.
    Previously, I had done this using 'switchport access multi' on the
    2950, but there seems to be no equivalent command on the 3550. As far
    as I can tell, I will use trunking instead, but I'm pretty fuzzy on
    what that entails on the router attached to port 1. It sounds like
    (on the switch) I need to configure port 1 to be a trunk port that
    will carry VLANs 1 and 2, and that doesn't sound too tricky. But how
    do I tell the router's ethernet port that it will be hearing traffic
    with VLAN stuff in it? Or does it just automatically know how to
    handle that stuff?

    Here's a simple diagram of the above situation...
    (hopefully you folks are running fixed-width)

    3550
    Switch
    | | |
    | | \----Customer
    | | Computer
    | \
    | \---DHCP
    | Server
    7206
    Router

    Thanks,

    Rick Kunkel
     
    Rick Kunkel, Jul 7, 2003
    #1
    1. Advertisements

  2. M.C. van den Bovenkamp, Jul 7, 2003
    #2
    1. Advertisements

  3. ....

    It can still do 'switchport access multi', but that mode is pretty
    much an either-or with trunking mode.. (although I still want a
    specific trunk/multi setup to be allowed, but I can live without it).

    Once you configure your uplink to be trunked, you need to configure
    your router to handle the VLAN trunking. Since you say its a 3550, it
    must only do dot1q trunking. Inside the router, on the gig or faste
    interface, normal practice is that you'd setup subinterfaces with the
    VLAN trunk encapsulation commands (ie.

    int gig 0/0/0
    no ip addr
    int gig 0/0/0.1
    ip addr 10.20.31.254 255.255.255.0
    encapsulation dot1q 1
    int gig 0/0/0.2
    ip addr 10.20.32.254 255.255.255.0
    encapsulation dot1q 2
    int gig 0/0/0.3
    ip addr 10.20.33.254 255.255.255.0
    encapsulation dot1q 3

    etc. etc. with anything else you have going on. VLAN 1 is normally
    your native VLAN on the switch too. Depending on IOS version, you
    might need to move your native VLAN to the main interface instead of
    the 1st subinterface.
     
    Doug McIntyre, Jul 7, 2003
    #3
  4. Hello, Rick!
    You wrote on Mon, 07 Jul 2003 10:12:43 -0700:

    RK> We're trying to come up with a basic setup for hooking up colocation
    RK> customers at our NOC. Normally, we would just plug them into our
    RK> switch, but recently we ran into a DHCP server flake-out when a customer
    RK> hooked up a Windows 2000 server with Active Directory. and the DHCP
    RK> server decided to see it as "the boss". Anyhow, in short, we need to do
    RK> this differently.

    I believe PVLAN is the answer you are looking for. Here is the link -

    http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_gui
    de_chapter09186a00800c6f41.html#xtocid6

    Keep in mind that 3550 doesn't support full-blown Private VLAN though. So no
    Community VLAN yet.

    With best regards,
    Andrey.
     
    Andrey Tarasov, Jul 8, 2003
    #4
  5. Rick Kunkel

    Rick Kunkel Guest

    Thanks. I was having a heck of time finging the router end of the
    info on Cisco's site.

    Rick
     
    Rick Kunkel, Jul 8, 2003
    #5
  6. Rick Kunkel

    Rick Kunkel Guest

    Mainly, I'm interested in keeping broadcasts from creeping from one
    VLAN into another, since the weirdness I'm dealing with is caused by
    DHCP broadcasts to 255.255.255.255. Normal VLANs should do this,
    shouldn't they? What are PVLANs?

    (The link you gave me came up as 404 not found)

    Thanks,

    Rick Kunkel
     
    Rick Kunkel, Jul 8, 2003
    #6
  7. Rick Kunkel

    Rick Kunkel Guest

    At the bottom of your message, you mention the "native" VLAN. I've
    seen a lot of talk and config things pertaining to the "native" VLAN,
    but I'm a little mystified as to what the significance is. Also, it
    seems that the native VLAN is not tagged.

    Here are a few questions that I can't seem to find answers to on
    Cisco's web site. (They're very good at configuration help, but they
    seem to assume that you know WHY you'd use certain technologies or
    configuration styles, and very often that's the bit I can't find on
    their site, or elsewhere.)

    What is the purpose of the native VLAN?

    Is VLAN 1 normally the default native VLAN?

    (Somewhat related) I've seen a few suggestions to avoid using VLAN 1.
    They suggest that VLAN 1 is used internally by the system, despite
    whether you useit for traffic or not, and that it's best to let VLAN 1
    be and start your VLANs with another number. Sounds reasonable?

    How is a native VLAN related to the above concept above, if at all?

    Thanks much,

    Rick Kunkel
     
    Rick Kunkel, Jul 8, 2003
    #7
  8. Hello, Rick!
    You wrote on Tue, 08 Jul 2003 08:42:38 -0700:

    RK> Mainly, I'm interested in keeping broadcasts from creeping from one
    RK> VLAN into another, since the weirdness I'm dealing with is caused by
    RK> DHCP broadcasts to 255.255.255.255. Normal VLANs should do this,
    RK> shouldn't they? What are PVLANs?

    Yes, normal VLAN do this just fine. The problem with normal VLAN in colo
    environment is that you will end up splitting your IP range in many many small
    sub-nets, wasting IP addresses and making complex configuration.

    Let say you have 100 customers, you will need 100 sub-nets, 100 sub-interfaces
    on your router, 298 IP addresses will be wasted for brodcast, network and
    gateway IP's.

    RK> (The link you gave me came up as 404 not found)

    I just checked it again - it's working. Make sure that you copied it correctly.
    You can also search cisco.com with the following keywords - 3550 private vlan -
    click on first link "Cisco Catalyst 6000 Series Switches - Private VLAN Catalyst
    Switch Support Matrix", scroll down to the table and in Catalyst platform column
    click on "Catalist 3550" - that will give you the same document.

    Regards,
    Andrey.


    RK>>> We're trying to come up with a basic setup for hooking up colocation
    RK>>> customers at our NOC. Normally, we would just plug them into our
    RK>>> switch, but recently we ran into a DHCP server flake-out when a
    RK>>> customer hooked up a Windows 2000 server with Active Directory. and
    RK>>> the DHCP server decided to see it as "the boss". Anyhow, in short, we
    RK>>> need to do this differently.

    With best regards,
     
    Andrey Tarasov, Jul 8, 2003
    #8
  9. Rick Kunkel

    Hansang Bae Guest

    That is true about Cisco's website. They do have explanations, but you
    have to ferret them out!

    For switches, VLAN 1 is the default native VLAN. Native VLAN comes into
    play when you trunk a port. If that trunk should fail, the only VLAN
    that can use the link is the native vlan. So whatever VLAN was assigned
    to the port when you created the trunk...becomes the native VLAN.
    Normally, VLAN 1 is the default hence it becomes a native VLAN. BUt you
    can certainly assign something else to the port before you make it a
    trunked port.

    Also, Cisco chose not to tag the native VLAN. This can come into play
    at different times. But newer CatOS/IOS code has the option of tagging
    the native vlan as well.
    It's generally recommended by Cisco to avoid putting user traffic on
    VLAN 1.

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Jul 8, 2003
    #9
  10. hi

    a switched environment is imho not really a good solution for colocation. -
    think of arp-poisoning or problems you had (dhcp)
    so a layer3-based separation is the way to go

    one solution is (as others here supposed to do) to have a trunk (dot1q)
    between the router and the switch.

    another one would be, using the 3550 (if it's running an emi-software) as
    the layer3-device

    ....or another solution: get a used 2948G-L3 on ebay ;-)
    (or two of them - running hsrp and giving the customers the option having
    redundant connection)

    regards, curtis
     
    Curtis M. West, Jul 8, 2003
    #10
  11. Rick Kunkel

    Sam Wilson Guest

    We have 3Com switches where the management entity is in a default VLAN
    and the default VLAN has to be VLAN 1. We therefore run it untagged on
    the trunk links to our Ciscos and make the Cisco untagged VLAN the VLAN
    we want to manage the 3Com on. All other VLANs are tagged - works a
    treat and keeps the management traffic off the real VLAN 1.

    Sam
     
    Sam Wilson, Jul 10, 2003
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.