SlideShare una empresa de Scribd logo

Cisco Switch Layer2 Layer3 Design and Configuration

Harris Andrea
Harris Andrea

Learn how to configure a network that uses a core Layer3 switch with several Layer2 access switches in a star topology. This network scenario is very popular in SMB companies with 3-4 building floors and different departments.

Tecnología
1 de 11
Descargar para leer sin conexión
Cisco Switch Layer2 Layer3 Design and Configuration Layer2 and Layer3 switches are the foundation of any network. After all, any network devices (routers, firewalls, computers, servers etc) have to be connected to a switch. Sooner or later, as a network engineer you will be faced with the task of deploying a switch network for a customer or for your own company. Therefore, learning about some basic switch design and configuration principles will prove beneficial for your professional career. One simple and popular switch design scenario will be shown in the following tutorial. This scenario will fit most SMB networks (or even bigger ones) that have a few layer 2 VLANs and consequently a few layer3 network subnets. It is a good design principle to separate network hosts by department or by similar group of users. Network Scenario In our network scenario below we have segmented the network into 7 Layer2 VLANs (and hence 7 Layer3 subnets), as listed below:  VLAN10: Network devices management VLAN (10.10.10.0/24)  VLAN20: Callcenter Department (10.10.20.0/24)  VLAN30: Sales Department (10.10.30.0/24)  VLAN40: Accounting & Financial Department (10.10.40.0/24)  VLAN50: Support Department (10.10.50.0/24)  VLAN60: Company Servers (10.10.60.0/24)  VLAN100: Company Managers (10.10.100.0/24) As far as the design goes I will try to use Cisco’s hierarchical internetworking model (Distribution, Aggregation and Access Layers) with some modifications. For the proposed scenario the distribution and aggregation layer will be combined on the same layer 3 switch to keep the design simple and for better understanding.
Network Diagram The diagram above shows one Layer 3 switch used for Aggregation, three Layer 2 switches used for access purposes and one router for Internet connectivity. Company X has several departments grouped on several levels in a building. The departments are Callenter, Sales, Accounting, Support and Management. The only department allowed access to the internet is the Management department. Each of the departments has been allocated a Layer2 VLAN and an IPv4 Class C private address range. All the switches are connected over port-channel links for higher bandwidth and better redundancy.
Configuration Configuration of Layer3 Aggregation Switch Switch model used: Cisco ME-C3750-24TE (IOS image c3750me-i5k91-mz.122-55.SE6.bin) Step1: Access, management and logging configuration username admin privilege 15 secret Strongpasshere <—– creates user admin with highest privilege 15 logging buffered 1024000 debugging <—– enables logging using the local storage. The log file will be max 1024000 bits and will record debugging logs service password-encryption <—— Make all passwords secure enable secret Strongpasshere <—— create the enable password line vty 0 4 <—— enables remote network login transport input telnet ssh <—— enables telnet & ssh on the switch login local <——- uses local database credentials for login line console 0 password Strongpasshere login Step2: Layer2 VLAN Configuration vlan 10 name Device_Management ! vlan 20 name Callcenter ! vlan 30 name Sales ! vlan 40 name Accounting&Finance ! vlan 50 name Support ! vlan 60 name Servers ! vlan 100 name Company_Management
Step3: Layer 3 VLAN Configuration ip routing ! interface Vlan10 description Device_Management ip address 10.10.10.1 255.255.255.0 ! interface Vlan20 description Callcenter ip address 10.10.20.1 255.255.255.0 ! interface Vlan30 description Sales ip address 10.10.30.1 255.255.255.0 ! interface Vlan40 description Accounting&Finance ip address 10.10.40.1 255.255.255.0 ! interface Vlan50 description Support ip address 10.10.50.1 255.255.255.0 ! interface Vlan60 description Servers ip address 10.10.60.1 255.255.255.0 ! interface Vlan100 description Company_Management ip address 10.10.100.1 255.255.255.0 Step4: Port-Channel configuration interface GigabitEthernet1/1/1 description downlink Link 1 to Switch Management&suport&servers switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,50,60,100 switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/1/2 description downlink Link 2 to Switch Management&suport&servers switchport switchport trunk encapsulation dot1q
switchport trunk allowed vlan add 10,50,60,100 switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/1/3 description downlinkLink 1 to Switch Accounting&Finance switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 2 mode on interface GigabitEthernet1/1/4 description downlink Link 2 to Switch Accounting&Finance switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 2 mode on interface GigabitEthernet1/1/5 description downlink Link 1 to Switch Callcenter&Sales switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30 switchport mode trunk channel-group 3 mode on interface GigabitEthernet1/1/6 description downlink Link 2 to Switch Callcenter&Sales switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30 switchport mode trunk channel-group 3 mode on
Interface to Router interface GigabitEthernet1/1/7 description To Router switchport switchport access vlan 10 switchport mode access Default route to the router ip route 0.0.0.0 0.0.0.0 10.10.10.5 Configuration of Layer2 Access Switches Switch models used: Cisco WS-C2960G-48TC-L (IOS Image: c2960-lanbase-mz.122- 35.SE5.bin) 1) Switch Management&suport&servers configuration NOTE: Configuration for device management and logging remain the same as Layer3 switch above. Step1: Layer2 VLAN Configuration We only add the vlans needed on this switch. vlan 10 name Device_Management ! vlan 50 name Support ! vlan 60 name Servers ! vlan 100 name Company_Management Step2: Port-Channel Configuration interface GigabitEthernet1/1 description uplink Link 1 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,50,60,100
switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/2 description uplink Link 2 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,50,60,100 switchport mode trunk channel-group 1 mode on Step3: Management interface interface Vlan10 description Device_Management ip address 10.10.10.2 255.255.255.0 Step4: Configure Access interfaces to users Only one interface per vlan is shown for brevity interface GigabitEthernet0/3 description Server switchport access vlan 60 switchport mode access spanning-tree portfast <—— allows immediate transition of the port into forwarding state spanning-tree bpduguard enable <——- if a BPDU is received on the port it transitions to errdisable interface GigabitEthernet0/4 description Management switchport access vlan 100 switchport mode access spanning-tree portfast spanning-tree bpduguard enable interface GigabitEthernet0/5 description Support switchport access vlan 50 switchport mode access spanning-tree portfast spanning-tree bpduguard enable
2) Switch Accounting&Finance configuration NOTE: Configuration for device management and logging remain the same as Layer3 switch above. Step1: Layer2 VLAN Configuration We only add the vlans needed on this switch. vlan 10 name Device_Management ! vlan 40 name Accounting&Finance Step2: Port-Channel Configuration interface GigabitEthernet1/1 description uplink Link 1 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/2 description uplink Link 2 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 1 mode on ! Step3: Management interface interface Vlan10 description Device_Management ip address 10.10.10.3 255.255.255.0
Step4: Configure Access interfaces to users Only one interface per vlan is shown for brevity interface GigabitEthernet0/3 description Accounting switchport access vlan 40 switchport mode access spanning-tree portfast spanning-tree bpduguard enable 3) Switch Callcenter&Sales configuration NOTE: Configuration for device management and logging remain the same as Layer3 switch above. Step1: Layer2 VLAN Configuration We only add the vlans needed on this switch. vlan 10 name Device_Management ! vlan 20 name Callcenter ! vlan 30 name Sales Step2: Port-Channel Configuration interface GigabitEthernet1/1 description Link 1 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30 switchport mode trunk channel-group 1 mode on ! interface GigabitEthernet1/2 description Link 2 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30
switchport mode trunk channel-group 1 mode on Step3: Management interface interface Vlan10 description Device_Management ip address 10.10.10.4 255.255.255.0 Step4: Configure Access interfaces to users Only one interface per vlan is shown for brevity interface GigabitEthernet0/3 description Callcenter switchport access vlan 20 switchport mode access spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/4 description Sales switchport access vlan 30 switchport mode access spanning-tree portfast spanning-tree bpduguard enable Configuration of Router for Internet Access Router model used: Cisco 867VAE-K9 (IOS Image: c860vae-advsecurityk9-mz.152-4.M3.bin) Only relevant configuration is shown Step1: Internal Vlan Configuration connected to Layer3 Switch vlan 10 name Device_Management ! interface FastEthernet0 switchport mode access switchport access vlan 10 Step2: Layer3 Interfaces Configuration interface GigabitEthernet1 description WAN ip address 1.1.1.10 255.255.255.0
no ip proxy-arp ip nat outside ! interface Vlan10 description Management ip address 10.10.10.5 255.255.255.0 ip nat inside Step3: Configure NAT for providing access only to Management Users !NAT ACL is matching only the company management subnet ! ip access-list extended NAT permit ip 10.10.100.0 0.0.0.255 any ! ip nat inside source list NAT interface GigabitEthernet1 overload ! Step4: Other config !A default route to the internet is needed ip route 0.0.0.0 0.0.0.0 1.1.1.1 !A static route to the management subnet is needed ip route 10.10.100.0 255.255.255.0 10.10.10.1 At this point only the Company Management has access to the internet and nobody else. About the Author Harris Andrea is a Cisco Certified Professional with more than 18 years of experience working with Cisco network technologies. He is the author of two Cisco Books (“Cisco ASA Firewall Fundamentals” and “Cisco VPN Configuration Guide”) which have been embraced by thousands of Cisco professionals all over the world. You can find more Cisco configuration guides and tutorials on his blog here http://www.networkstraining.com

Recomendados

LTE = Femtocells Biggest Opportunity
LTE = Femtocells Biggest OpportunityLTE = Femtocells Biggest Opportunity
LTE = Femtocells Biggest OpportunityContinuous Computing
 
Isp scope of work
Isp scope of workIsp scope of work
Isp scope of workLors Les
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHarris Andrea
 
2011 cisco icons 6_8_11
2011 cisco icons 6_8_112011 cisco icons 6_8_11
2011 cisco icons 6_8_11Quoc Khanh Pham
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
Cisco Network Icon Library
Cisco Network Icon LibraryCisco Network Icon Library
Cisco Network Icon Librarymike_adolphs
 
Vlan
Vlan Vlan
Vlan sanss40
 

Recomendados

LTE = Femtocells Biggest Opportunity
LTE = Femtocells Biggest OpportunityLTE = Femtocells Biggest Opportunity
LTE = Femtocells Biggest OpportunityContinuous Computing
 
Isp scope of work
Isp scope of workIsp scope of work
Isp scope of workLors Les
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHarris Andrea
 
2011 cisco icons 6_8_11
2011 cisco icons 6_8_112011 cisco icons 6_8_11
2011 cisco icons 6_8_11Quoc Khanh Pham
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
Cisco Network Icon Library
Cisco Network Icon LibraryCisco Network Icon Library
Cisco Network Icon Librarymike_adolphs
 
Vlan
Vlan Vlan
Vlan sanss40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Más contenido relacionado

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Destacado

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Cisco Switch Layer2 Layer3 Design and Configuration

  • 1. Cisco Switch Layer2 Layer3 Design and Configuration Layer2 and Layer3 switches are the foundation of any network. After all, any network devices (routers, firewalls, computers, servers etc) have to be connected to a switch. Sooner or later, as a network engineer you will be faced with the task of deploying a switch network for a customer or for your own company. Therefore, learning about some basic switch design and configuration principles will prove beneficial for your professional career. One simple and popular switch design scenario will be shown in the following tutorial. This scenario will fit most SMB networks (or even bigger ones) that have a few layer 2 VLANs and consequently a few layer3 network subnets. It is a good design principle to separate network hosts by department or by similar group of users. Network Scenario In our network scenario below we have segmented the network into 7 Layer2 VLANs (and hence 7 Layer3 subnets), as listed below:  VLAN10: Network devices management VLAN (10.10.10.0/24)  VLAN20: Callcenter Department (10.10.20.0/24)  VLAN30: Sales Department (10.10.30.0/24)  VLAN40: Accounting & Financial Department (10.10.40.0/24)  VLAN50: Support Department (10.10.50.0/24)  VLAN60: Company Servers (10.10.60.0/24)  VLAN100: Company Managers (10.10.100.0/24) As far as the design goes I will try to use Cisco’s hierarchical internetworking model (Distribution, Aggregation and Access Layers) with some modifications. For the proposed scenario the distribution and aggregation layer will be combined on the same layer 3 switch to keep the design simple and for better understanding.
  • 2. Network Diagram The diagram above shows one Layer 3 switch used for Aggregation, three Layer 2 switches used for access purposes and one router for Internet connectivity. Company X has several departments grouped on several levels in a building. The departments are Callenter, Sales, Accounting, Support and Management. The only department allowed access to the internet is the Management department. Each of the departments has been allocated a Layer2 VLAN and an IPv4 Class C private address range. All the switches are connected over port-channel links for higher bandwidth and better redundancy.
  • 3. Configuration Configuration of Layer3 Aggregation Switch Switch model used: Cisco ME-C3750-24TE (IOS image c3750me-i5k91-mz.122-55.SE6.bin) Step1: Access, management and logging configuration username admin privilege 15 secret Strongpasshere <—– creates user admin with highest privilege 15 logging buffered 1024000 debugging <—– enables logging using the local storage. The log file will be max 1024000 bits and will record debugging logs service password-encryption <—— Make all passwords secure enable secret Strongpasshere <—— create the enable password line vty 0 4 <—— enables remote network login transport input telnet ssh <—— enables telnet & ssh on the switch login local <——- uses local database credentials for login line console 0 password Strongpasshere login Step2: Layer2 VLAN Configuration vlan 10 name Device_Management ! vlan 20 name Callcenter ! vlan 30 name Sales ! vlan 40 name Accounting&Finance ! vlan 50 name Support ! vlan 60 name Servers ! vlan 100 name Company_Management
  • 4. Step3: Layer 3 VLAN Configuration ip routing ! interface Vlan10 description Device_Management ip address 10.10.10.1 255.255.255.0 ! interface Vlan20 description Callcenter ip address 10.10.20.1 255.255.255.0 ! interface Vlan30 description Sales ip address 10.10.30.1 255.255.255.0 ! interface Vlan40 description Accounting&Finance ip address 10.10.40.1 255.255.255.0 ! interface Vlan50 description Support ip address 10.10.50.1 255.255.255.0 ! interface Vlan60 description Servers ip address 10.10.60.1 255.255.255.0 ! interface Vlan100 description Company_Management ip address 10.10.100.1 255.255.255.0 Step4: Port-Channel configuration interface GigabitEthernet1/1/1 description downlink Link 1 to Switch Management&suport&servers switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,50,60,100 switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/1/2 description downlink Link 2 to Switch Management&suport&servers switchport switchport trunk encapsulation dot1q
  • 5. switchport trunk allowed vlan add 10,50,60,100 switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/1/3 description downlinkLink 1 to Switch Accounting&Finance switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 2 mode on interface GigabitEthernet1/1/4 description downlink Link 2 to Switch Accounting&Finance switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 2 mode on interface GigabitEthernet1/1/5 description downlink Link 1 to Switch Callcenter&Sales switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30 switchport mode trunk channel-group 3 mode on interface GigabitEthernet1/1/6 description downlink Link 2 to Switch Callcenter&Sales switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30 switchport mode trunk channel-group 3 mode on
  • 6. Interface to Router interface GigabitEthernet1/1/7 description To Router switchport switchport access vlan 10 switchport mode access Default route to the router ip route 0.0.0.0 0.0.0.0 10.10.10.5 Configuration of Layer2 Access Switches Switch models used: Cisco WS-C2960G-48TC-L (IOS Image: c2960-lanbase-mz.122- 35.SE5.bin) 1) Switch Management&suport&servers configuration NOTE: Configuration for device management and logging remain the same as Layer3 switch above. Step1: Layer2 VLAN Configuration We only add the vlans needed on this switch. vlan 10 name Device_Management ! vlan 50 name Support ! vlan 60 name Servers ! vlan 100 name Company_Management Step2: Port-Channel Configuration interface GigabitEthernet1/1 description uplink Link 1 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,50,60,100
  • 7. switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/2 description uplink Link 2 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,50,60,100 switchport mode trunk channel-group 1 mode on Step3: Management interface interface Vlan10 description Device_Management ip address 10.10.10.2 255.255.255.0 Step4: Configure Access interfaces to users Only one interface per vlan is shown for brevity interface GigabitEthernet0/3 description Server switchport access vlan 60 switchport mode access spanning-tree portfast <—— allows immediate transition of the port into forwarding state spanning-tree bpduguard enable <——- if a BPDU is received on the port it transitions to errdisable interface GigabitEthernet0/4 description Management switchport access vlan 100 switchport mode access spanning-tree portfast spanning-tree bpduguard enable interface GigabitEthernet0/5 description Support switchport access vlan 50 switchport mode access spanning-tree portfast spanning-tree bpduguard enable
  • 8. 2) Switch Accounting&Finance configuration NOTE: Configuration for device management and logging remain the same as Layer3 switch above. Step1: Layer2 VLAN Configuration We only add the vlans needed on this switch. vlan 10 name Device_Management ! vlan 40 name Accounting&Finance Step2: Port-Channel Configuration interface GigabitEthernet1/1 description uplink Link 1 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 1 mode on interface GigabitEthernet1/2 description uplink Link 2 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,40 switchport mode trunk channel-group 1 mode on ! Step3: Management interface interface Vlan10 description Device_Management ip address 10.10.10.3 255.255.255.0
  • 9. Step4: Configure Access interfaces to users Only one interface per vlan is shown for brevity interface GigabitEthernet0/3 description Accounting switchport access vlan 40 switchport mode access spanning-tree portfast spanning-tree bpduguard enable 3) Switch Callcenter&Sales configuration NOTE: Configuration for device management and logging remain the same as Layer3 switch above. Step1: Layer2 VLAN Configuration We only add the vlans needed on this switch. vlan 10 name Device_Management ! vlan 20 name Callcenter ! vlan 30 name Sales Step2: Port-Channel Configuration interface GigabitEthernet1/1 description Link 1 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30 switchport mode trunk channel-group 1 mode on ! interface GigabitEthernet1/2 description Link 2 to Switch AGGREGATION switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan add 10,20,30
  • 10. switchport mode trunk channel-group 1 mode on Step3: Management interface interface Vlan10 description Device_Management ip address 10.10.10.4 255.255.255.0 Step4: Configure Access interfaces to users Only one interface per vlan is shown for brevity interface GigabitEthernet0/3 description Callcenter switchport access vlan 20 switchport mode access spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/4 description Sales switchport access vlan 30 switchport mode access spanning-tree portfast spanning-tree bpduguard enable Configuration of Router for Internet Access Router model used: Cisco 867VAE-K9 (IOS Image: c860vae-advsecurityk9-mz.152-4.M3.bin) Only relevant configuration is shown Step1: Internal Vlan Configuration connected to Layer3 Switch vlan 10 name Device_Management ! interface FastEthernet0 switchport mode access switchport access vlan 10 Step2: Layer3 Interfaces Configuration interface GigabitEthernet1 description WAN ip address 1.1.1.10 255.255.255.0
  • 11. no ip proxy-arp ip nat outside ! interface Vlan10 description Management ip address 10.10.10.5 255.255.255.0 ip nat inside Step3: Configure NAT for providing access only to Management Users !NAT ACL is matching only the company management subnet ! ip access-list extended NAT permit ip 10.10.100.0 0.0.0.255 any ! ip nat inside source list NAT interface GigabitEthernet1 overload ! Step4: Other config !A default route to the internet is needed ip route 0.0.0.0 0.0.0.0 1.1.1.1 !A static route to the management subnet is needed ip route 10.10.100.0 255.255.255.0 10.10.10.1 At this point only the Company Management has access to the internet and nobody else. About the Author Harris Andrea is a Cisco Certified Professional with more than 18 years of experience working with Cisco network technologies. He is the author of two Cisco Books (“Cisco ASA Firewall Fundamentals” and “Cisco VPN Configuration Guide”) which have been embraced by thousands of Cisco professionals all over the world. You can find more Cisco configuration guides and tutorials on his blog here http://www.networkstraining.com