[c-nsp] L2/L3 configuration question

Andrey A. Ryazanov sg at di-net.ru
Tue May 10 18:31:31 EDT 2005


> > Why bother with L3 at all.  I would just configure the two ports as L2
> > only and to the 6500's this pretty much looks like a direct IP link. 
> > Why have an inferior device [the 3508] make routing decisions [no
> > matter how basic ].
> 
> I ended up setting the GigE ports on the 6509/Sup720 as routed ports.  They
> connect into the 3508 into VLAN1 on the switch.  Everything seems to be
> working fine.

I guess VLAN1 is not the choice you want, especially on 3508. VLAN1 carries several types 
of control traffic (STP, VTP, CDP) and it's not recommended for user traffic and even for 
management. It's also certainly not good to maintain a single VLAN for user traffic and 
for management because a potential intruder may flood out your switch's control plane 
which will cause very bad things.

Try configuring 802.1q trunks between the switches, then create a management VLAN 
(VLAN1000 for example) and put all your switches' management interfaces into this VLAN.
Create another VLAN (e.g. VLAN100) for user traffic.

Andrey Ryazanov
Network Operations Center
Digital Network JSC
+7 095 723 8333



More information about the cisco-nsp mailing list