wiki:Internal/OpenFlow/OrbitSwitches/sw-top

Version 1 (modified by akoshibe, 14 years ago) ( diff )

sw-top

This is the root switch to the Orbit network.That also includes firewall and Internal switch ports.

Legacy switch layout

VLAN 50 is the publicly exposed VLAN - 4 ports (DMZ, 2 planet lab, firewall out) VLAN 1001-1005 - Cisco associated (ignore) 9,10- not used

ports can be divided up into 3 groups

  1. Infrastructure - Not really visible to user - Aruba, Internal, Instrumental ect - VLANs 1-6
  2. Experimental - Pertains to Grid, outdoor, Sandboxes - VLANs 7,8,11-38
  3. Public - Visible from outside - VLAN 50

IP8800 sw-top layout

We want to combine the internal, firewall feed, and top switch port configs onto one NEC IP8800. The ports that comprise this setup are:

  1. 4 VLAN 50 ports (ports 1-4)
  2. 4 firewall ports (only 3 actually needed to go into ASA)
  3. 10 Internal (VLAN 2) Ports
  4. 16 Top switch ports (Assorted, originally 20 including 4 VLAN 50 ports)

references (these are in Japanese):

Creating VLANs

< A table of the vlans coming up soon. >

Associating VLANs with ports

Now that you have properly named VLANs, you can associate them with ports.

<<here will be the diagram of the switchports layout of the configs.>>

first, the 4 publically visible VLAN 50 ports: 

(config)# int range gi 0/1-4
(config-if-range)# switchport access vlan 50

Then, the firewall ports feeding the VLANs into the ASA; These are specialized trunk ports:

  • geth0/7 - VLAN 50
  • geth0/8 - VLANs 1-6
  • geth0/9 - VLANs 7,8
  • geth0/10 - VLANs 11-38

The commands to make this happen are the following. First make four ports into trunk ports using the 'interface range' context: 

(config)# int ran gi 0/7-10
(config-if-range)# sw mo tru
!(config-if-range)#

Then, specify allowed VLANs for each port. This is according to the list above. 

!(config-if-range)# ##geth0/7 - VLAN 50##
!(config-if-range)# interface gigabitethernet 0/7
!(config-if)# swi trunk allowed vlan 50 
!(config-if)# ##geth0/8 - VLANs 1-6##
!(config-if)# interface gi 0/8
!(config-if)# swi trunk allow vlan 1-6
!(config-if)# ##geth0/9 - VLANs 7,8##
!(config-if)# interface gi 0/9
!(config-if)# swi tru all vl 7,8
!(config-if)# ##geth0/10 - VLANs 11-37##
!(config-if)# interface gi 0/10
!(config-if)# swi tru all vl 11-38
!(config-if)# save
(config-if)# exit

the configuration results: 

(config)# int ran gi 0/7-10
(config-if-range)# sh
interface gigabitethernet 0/7
  switchport mode trunk
  switchport trunk allowed vlan 50
!
interface gigabitethernet 0/8
  switchport mode trunk
  switchport trunk allowed vlan 1-6
!
interface gigabitethernet 0/9
  switchport mode trunk
  switchport trunk allowed vlan 7-8
!
interface gigabitethernet 0/10
  switchport mode trunk
  switchport trunk allowed vlan 11-38
!

Next, the 10 Internal ports; These are regular switchports all associated to VLAN 2. 

(config)# int ran gi 0/13-22
(config-if-range)# sw mo dot1q-tunnel 
!(config-if-range)# sw acc vlan 2

Finally, the sw_top configurations; This is perhaps the most complicated part. the ports will be configured from 0/48 to leave ample space between the Internal ports and these ports, which are all specialized trunk ports (we won't want people to accidentally be able to plug into them!).

organizing them:

Infrastructure VLANs

port VLANs Description
0/29 1,2 Internal (1)
0/30 1,2 Internal (2)
0/31 1,3 CM
0/32 1,4,5 Aruba, Instrumental
0/33 1,6 DMZ
0/34 1-6 Main Subnets

Testbed VLANs

0/37 1,3,29,30 CM, Outdoor Data and Ctrl
0/38 1,7,31:2:37 Grid and VGrid Ctrl
0/39 1,8 Grid Data
0/40 7,8 Grid Data and Ctrl
0/41 1,6-8 DMZ, Grid Data and Ctrl
0/42 11-48 ??
0/43 1,11-38 Testbed Data and Ctrl
0/44 1,3,11-38 CM, Testbed Data and Ctrl

Master Trunk

0/47 1 Access Net
0/48 1-38 Master Trunk

killing Spanning Tree

Spanning Tree Protocol should be disabled. Both PVST and PVST+ count as spanning tree. 

!(config)# no spanning-tree vlan 3,7,8,11-38
!(config)# save
Note: See TracWiki for help on using the wiki.