| | 1 | = sw-top = |
| | 2 | This is the root switch to the Orbit network.That also includes firewall and Internal switch ports. |
| | 3 | |
| | 4 | == Legacy switch layout == |
| | 5 | |
| | 6 | VLAN 50 is the publicly exposed VLAN - 4 ports (DMZ, 2 planet lab, firewall out) |
| | 7 | VLAN 1001-1005 - Cisco associated (ignore) |
| | 8 | 9,10- not used |
| | 9 | |
| | 10 | ports can be divided up into 3 groups |
| | 11 | |
| | 12 | 1. Infrastructure - Not really visible to user - Aruba, Internal, Instrumental ect - VLANs 1-6 |
| | 13 | 2. Experimental - Pertains to Grid, outdoor, Sandboxes - VLANs 7,8,11-38 |
| | 14 | 3. Public - Visible from outside - VLAN 50 |
| | 15 | |
| | 16 | == IP8800 sw-top layout == |
| | 17 | |
| | 18 | We want to combine the internal, firewall feed, and top switch port configs onto one NEC IP8800. The ports that comprise this setup are: |
| | 19 | |
| | 20 | 1. 4 VLAN 50 ports (ports 1-4) |
| | 21 | 1. 4 firewall ports (only 3 actually needed to go into ASA) |
| | 22 | 1. 10 Internal (VLAN 2) Ports |
| | 23 | 1. 16 Top switch ports (Assorted, originally 20 including 4 VLAN 50 ports) |
| | 24 | |
| | 25 | |
| | 26 | references (these are in Japanese): |
| | 27 | |
| | 28 | * port config parameter specs: http://www.nec.co.jp/ip88n/s36_sw/html/cfref/cfref-chap1-4.html |
| | 29 | * interface vlan context specs: http://www.nec.co.jp/ip88n/s36_sw/html/cfref/cfref-chap11-03.html |
| | 30 | * vlan context specs: http://www.nec.co.jp/ip88n/s36_sw/html/cfref/cfref-chap11-22.html |
| | 31 | |
| | 32 | === Creating VLANs === |
| | 33 | |
| | 34 | < A table of the vlans coming up soon. > |
| | 35 | |
| | 36 | === Associating VLANs with ports === |
| | 37 | |
| | 38 | Now that you have properly named VLANs, you can associate them with ports. |
| | 39 | |
| | 40 | <<here will be the diagram of the switchports layout of the configs.>> |
| | 41 | |
| | 42 | first, the 4 publically visible VLAN 50 ports: |
| | 43 | {{{ |
| | 44 | (config)# int range gi 0/1-4 |
| | 45 | (config-if-range)# switchport access vlan 50 |
| | 46 | }}} |
| | 47 | |
| | 48 | Then, the firewall ports feeding the VLANs into the ASA; These are specialized trunk ports: |
| | 49 | |
| | 50 | * geth0/7 - VLAN 50 |
| | 51 | * geth0/8 - VLANs 1-6 |
| | 52 | * geth0/9 - VLANs 7,8 |
| | 53 | * geth0/10 - VLANs 11-38 |
| | 54 | |
| | 55 | The commands to make this happen are the following. First make four ports into trunk ports using the 'interface range' context: |
| | 56 | {{{ |
| | 57 | (config)# int ran gi 0/7-10 |
| | 58 | (config-if-range)# sw mo tru |
| | 59 | !(config-if-range)# |
| | 60 | }}} |
| | 61 | |
| | 62 | Then, specify allowed VLANs for each port. This is according to the list above. |
| | 63 | {{{ |
| | 64 | !(config-if-range)# ##geth0/7 - VLAN 50## |
| | 65 | !(config-if-range)# interface gigabitethernet 0/7 |
| | 66 | !(config-if)# swi trunk allowed vlan 50 |
| | 67 | !(config-if)# ##geth0/8 - VLANs 1-6## |
| | 68 | !(config-if)# interface gi 0/8 |
| | 69 | !(config-if)# swi trunk allow vlan 1-6 |
| | 70 | !(config-if)# ##geth0/9 - VLANs 7,8## |
| | 71 | !(config-if)# interface gi 0/9 |
| | 72 | !(config-if)# swi tru all vl 7,8 |
| | 73 | !(config-if)# ##geth0/10 - VLANs 11-37## |
| | 74 | !(config-if)# interface gi 0/10 |
| | 75 | !(config-if)# swi tru all vl 11-38 |
| | 76 | !(config-if)# save |
| | 77 | (config-if)# exit |
| | 78 | }}} |
| | 79 | |
| | 80 | the configuration results: |
| | 81 | {{{ |
| | 82 | (config)# int ran gi 0/7-10 |
| | 83 | (config-if-range)# sh |
| | 84 | interface gigabitethernet 0/7 |
| | 85 | switchport mode trunk |
| | 86 | switchport trunk allowed vlan 50 |
| | 87 | ! |
| | 88 | interface gigabitethernet 0/8 |
| | 89 | switchport mode trunk |
| | 90 | switchport trunk allowed vlan 1-6 |
| | 91 | ! |
| | 92 | interface gigabitethernet 0/9 |
| | 93 | switchport mode trunk |
| | 94 | switchport trunk allowed vlan 7-8 |
| | 95 | ! |
| | 96 | interface gigabitethernet 0/10 |
| | 97 | switchport mode trunk |
| | 98 | switchport trunk allowed vlan 11-38 |
| | 99 | ! |
| | 100 | }}} |
| | 101 | |
| | 102 | Next, the 10 Internal ports; These are regular switchports all associated to VLAN 2. |
| | 103 | {{{ |
| | 104 | (config)# int ran gi 0/13-22 |
| | 105 | (config-if-range)# sw mo dot1q-tunnel |
| | 106 | !(config-if-range)# sw acc vlan 2 |
| | 107 | }}} |
| | 108 | |
| | 109 | Finally, the sw_top configurations; This is perhaps the most complicated part. the ports will be configured from 0/48 to leave ample space between the Internal ports and these ports, which are all specialized trunk ports (we won't want people to accidentally be able to plug into them!). |
| | 110 | |
| | 111 | |
| | 112 | organizing them: |
| | 113 | |
| | 114 | Infrastructure VLANs |
| | 115 | ||port ||VLANs ||Description || |
| | 116 | ||0/29 ||1,2 ||Internal (1) || |
| | 117 | ||0/30 ||1,2 ||Internal (2) || |
| | 118 | ||0/31 ||1,3 ||CM || |
| | 119 | ||0/32 ||1,4,5 ||Aruba, Instrumental || |
| | 120 | ||0/33 ||1,6 ||DMZ || |
| | 121 | ||0/34 ||1-6 ||Main Subnets || |
| | 122 | |
| | 123 | Testbed VLANs |
| | 124 | ||0/37 ||1,3,29,30 ||CM, Outdoor Data and Ctrl || |
| | 125 | ||0/38 ||1,7,31:2:37 ||Grid and VGrid Ctrl || |
| | 126 | ||0/39 ||1,8 ||Grid Data || |
| | 127 | ||0/40 ||7,8 ||Grid Data and Ctrl || |
| | 128 | ||0/41 ||1,6-8 ||DMZ, Grid Data and Ctrl || |
| | 129 | ||0/42 ||11-48 ||?? || |
| | 130 | ||0/43 ||1,11-38 ||Testbed Data and Ctrl || |
| | 131 | ||0/44 ||1,3,11-38 ||CM, Testbed Data and Ctrl || |
| | 132 | |
| | 133 | Master Trunk |
| | 134 | ||0/47 ||1 ||Access Net || |
| | 135 | ||0/48 ||1-38 ||Master Trunk || |
| | 136 | |
| | 137 | === killing Spanning Tree === |
| | 138 | Spanning Tree Protocol should be disabled. Both PVST and PVST+ count as spanning tree. |
| | 139 | |
| | 140 | {{{ |
| | 141 | !(config)# no spanning-tree vlan 3,7,8,11-38 |
| | 142 | !(config)# save |
| | 143 | }}} |
| | 144 | |
