2611 + 2950 + .1q = VLAN separation?

[randal]

Hey everyone, I have a projec that I've been assigned to handle and I thought I'd run my plan by y'all. We're wiring up a hotel's 17 conference rooms and putting in a T1. Each conference room needs 1 port. Additionally, every conference room has to *not* send packets to any other conference room unless explicitly directed there. The plan is as follows:

Get 10, 8 port switches to expand each conference room as necessary
Get a Cisco 2950, attach every walljack to this directly
Get a Cisco 2611 router w/ a t1+dsu/csu on it

I think the hardware level is pretty self explanatory. Where it gets tricky is separating everything. The plan is to make 17 separate vlans to keep the traffic separate, and then, using dot1q, create an etherchannel between the switch and the router, consisting of 17 port-channels -- 17 virtual ones on the routers fe0, and then matching them up one-to-one for each port on the switch, and then assigning the appropriate IP addresses across this schema (probably an internal class C per port). This should make it so that every switch port has to go through the router to talk to any other switch port (which is a-okay), and that every port has it's own default path on how to get to the internet (via the IP settings assigned to the vlans).

I got this information from a plethora of resources, the first being a cisco rep who said "use dot1q", this cisco article and some chatting with a network guy from the local Ford administration buildng.

Thanks!
randal

 

[DarkSanta]

Seems pretty straightforward; your solution should work fine.

As a point of clarification, the router will use 802.1q encapsulation to create a trunk to the switch. It is NOT creating an etherchannel, as etherchanneling takes multiple physical connections and creates a single virtual connection by using PAgP (for Cisco).

Another alternative to your setup is to use a 16-port EtherSwitch Network Module (NM) in your 2611 router. You'd have an all-in-one solution which has its pros & cons. I don't know the cost trade off and I don't know the exact performance numbers. I expect the NM to be cheaper with faster inter-VLAN routing than using a separate switch with a 100MB trunk. I cannot confirm this to be true at this point however.

 

[spidey07]

2611 will not support .1q trunking. You may want to doulbe check but I specifically remember only the 2620 and above (ones with a FE port) support trunking.

Otherwise you're all set.

 

[DarkSanta]

Good point on the .1q interface. The 2611 will be able to form a .1q trunk on its built in 10MB Ethernet interface, but not on any type of FE module. click HERE for details.

That means that you would only have a 10MB trunk, which would be fine if all your sharing is a T1 and doing minimal inter-conference room routing. Otherwise, you could use the 16-port EtherSwitch NM, or buy a 262x instead to have the built in 10/100MB .1q trunk.

 

[spidey07]

Great catch!!!!

From technote...

This technology, once limited to Fast Ethernet connections, is now supported on the built-in 10BaseT interfaces of the Cisco 2610, 2611 and 2612

Seems like they have expanded support to 10 Base-T interfaces. I'd still suggest a FE port because of duplex/speed.

 

[randal]

Okay, in reviewing my notes, Dark Santa is correct -- we will *not* be using EtherChannel, but we will be defining multiple VLANs across the trunk. (everything would be port-channel 1.xx on the router, and vlan xx on the switch)

Dark Santa, thanks for the link. I was not aware that the add-on 100mbps FE interfaces will not support .1q. That doesn't change much, besides us not buying that particular card ... I agree with Spidey, though, that 100/Full is the way to go, although pricing is, as always, a big deal. My very first inclination was a 2621 w/ a 16 port nm, but alas we need at least 17, with room for a few more just in case. Hence why we're doing the router-on-a-stick approach with the 2611 & 2950.

Thank you very much for you input, guys!
randal



Edit: just realized that I could EtherChannel the 2, 10mbps ports to the switch! More complex than it needs to be, but hey

 

[alrox]

Etherchannel is for fast ethernet or gigabit interfaces only, not regular 10mbit ethernet. If I were you I'd get the 24 port 2950 and a 3620 with a 2FE2W + t1 wic.

 

[randal]

Originally posted by: alrox
Etherchannel is for fast ethernet or gigabit interfaces only, not regular 10mbit ethernet. If I were you I'd get the 24 port 2950 and a 3620 with a 2FE2W + t1 wic.

We very much wanted to get a 3620, but unfortunately, it's out of the range we had available to us for the project -- especially once we tack on the SmartNet contract, design and installation costs. Besides, a 3620 for a single T1? Way overkill. We know that generally, there will be no inter-room traffic; if is planned to have that traffic, we just change the vlans to encompass the correct rooms.

Yes, I know that this is small potatoes, but for a local ISP, that's what we get to deal with: no multi-million dollar/yr budgets to plan on -- only shoe strings to try and make networks out of. Besides, I'm only 20 and this sort of experience is the best thing I can do for myself; it's either start out as a small-project leader at a small business, or as a junior network cable crimper at some huge company.

Thanks for all the input!
Randal

 

[me19562]

Remember the access between vlans is going to be at only 10mbps

 

[randal]

Yep -- as mentioned, all inter-vlan traffic will have to go through the 10mbps port. (hence the urging to go to a 2620+ w/ fastethernet) -- if we need heavyduty inter-vlan traffic, we'll change the vlan layout to make the appropriate rooms be on the same lan. Not the greatest solution, but definitely servicable.

thanks again to everyone,
randal

 

[SR]

What version of ios will allow dot1q trunks on a 10 meg interface? I just loaded 12.2.13T (ip only) which doesn't allow dot1q trunks on e0/0.1 subinterface.

 

[alrox]

I think you need enterprise(maybe ip plus, not sure) to do trunks.

 

[randal]

I know that one of our existing routers, a 2610 has it with 12.1(2) with the plus pack (c2600-is-m). Looked at it, all the dot1q commands are in there.

Edit: We don't have any newer-IOS routers that aren't running ip plus, so I am still unsure if it's only in the ip plus version or built in to the normal IP versions. I'm sure one of the veterans here will know

randal