Inter-VLAN Routing Cisco 3550 SMI

Discussion in 'Cisco' started by SmilerNet, Sep 26, 2004.

  1. SmilerNet

    SmilerNet Guest


    We are considering using the above for our shared services backbone switch
    within the building approx. 100 low key users (not all the same compnay

    The proposed config will be:

    VLAN1 - Shared central server running Microsoft Small Business Server for
    file store & email & other servers

    VLAN2 - Telephone voicemail system & PABX logging

    VLAN3 - Building managment system

    VLAN4 onwards - each company within building will have their own VLAN.

    There will be a default gateway setup for shared internet access.

    Bearing the proposed config will the 3550 suffice doing the routing between
    VLANs with sufficient bandwidth?

    There will be various tennants within the building all will be sharing the
    server & internet facilities, basically the VLAN's are there to seperate
    everyone obviously for secruity reasons.

    Any other suggestions or things I should be aware of??


    SmilerNet, Sep 26, 2004
    1. Advertisements

  2. 3550 will route wire-speed, but with SMI image, You'll have only static and
    RIP dynamic routing. It should suffice, as all logical interfaces (VLANs)
    will be added to route table when You define them ("connected" in Cisco
    terminology), and You'll need only to add a static default route.
    Establish good security policy, add ACLs filtering all typical trash
    at the borders of the VLANs, maybe rate-limit ICMP (possibly UDP also)
    to some real numbers (1/2/3Mbit/s should sound sane for typical
    Internet access).
    =?ISO-8859-2?Q?=A3ukasz_Bromirski?=, Sep 26, 2004
    1. Advertisements

  3. SmilerNet

    Sam Wilson Guest

    A 3550 is quirky for ACLs - the hardware fitering space (in TCAM) is
    limited, individual access terms use unpredictable amounts of space and
    when the TCAM overflows it happens asynchonously - you apply an ACL and
    then you have to wait a few and look in the log to see if it
    overflowed. I've only used the EMI version so I don't know if there
    are other issues with the SMI in this area.

    Sam Wilson, Sep 29, 2004
  4. Yes, as always, to be fully prepared, You have to read and understand:
    Apart from 3550-12G/3550-12T, all other models can run both SMI and EMI,
    and they share the same hardware. EMI just adds some features, but doesn't
    remove any hardware limitations.
    =?ISO-8859-2?Q?=A3ukasz_Bromirski?=, Sep 29, 2004
  5. SmilerNet

    Jo Knight Guest

    I've only used the EMI version so I don't know if there are other

    I also think that the SMI software doesnt have access to the
    'access-group' command, so you cannot apply the access-list to an

    I had to get round it by using vlan-maps to control access between
    VLANs on the 3550.
    Jo Knight, Sep 30, 2004
  6. SmilerNet

    Sam Wilson Guest

    That document will tell you in principle why your ACL isn't compiling
    but doesn't give very much advice except "make your ACL smaller". At
    one point colleagues here using the pre-12.1(9)EA1 merge algorithm
    (sorry folks, if you don't understand you'll have to read the document)
    had a one-line ACL that overflowed the TCAM. It seems to be almost
    impossible to give any useful advice to avoid that kind of thing

    Sam Wilson, Sep 30, 2004
  7. SmilerNet

    brambi Guest

    I never managed to get ACL's working correctly on a 3550. YMMV.

    brambi, Sep 30, 2004
  8. SmilerNet

    Sam Wilson Guest

    Another datapoint - one of our Schools uses a 3550-12something as their
    central routing hub and firewall. They needed the performance and the
    ACL support is, um, sufficient. It can be done.

    Sam Wilson, Oct 1, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.