Mixing
Cisco Catalyst 3850 router VLAN bridge no routing
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
New to Cisco stuff so bear with me (only a little L2 Procurve experience). I have a development network connected to an Aruba/HPE managed switch feeding a trunk with tagged VLAN's to an internal network Cisco C2960. I am not in charge of the C2960, but it looks like the VLAN's appear to be sending and receiving correctly, based on some testing from a hypervisor server hanging off the C2960. Now, this C2960 has an trunk uplink to a C3850 router which should have the necessary VLAN's configured. From the C3850 is another trunk to yet another C2960, with the correct trunk settings for the VLAN's I want to haul from the development network to the second switch.
I can't do basic pings on the dev VLAN's from the second switch. Some people involved with setting up the C3850 said I would have to add an IP in the subnet of the VLAN at the Cisco router to make it bridge the VLAN's from the first to the second switch, but I don't want routing and setting a next hop seems bizarre. Ideally, I want to do no routing (more like a managed switch transparently forwarding VLAN's). Since the Cisco router is currently a core router, I can't ask to make the whole thing behave like a dumb switch.
Is there a proper way to transparently bridge the VLAN's between ports on the router without routing or needing an IP at the router, while preserving existing routing, so I can send traffic from the second C2960 to the Aruba switch?
cisco vlan bridge cisco-3850
asked 7 hours ago
Asteroza
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
favorite
New to Cisco stuff so bear with me (only a little L2 Procurve experience). I have a development network connected to an Aruba/HPE managed switch feeding a trunk with tagged VLAN's to an internal network Cisco C2960. I am not in charge of the C2960, but it looks like the VLAN's appear to be sending and receiving correctly, based on some testing from a hypervisor server hanging off the C2960. Now, this C2960 has an trunk uplink to a C3850 router which should have the necessary VLAN's configured. From the C3850 is another trunk to yet another C2960, with the correct trunk settings for the VLAN's I want to haul from the development network to the second switch.
I can't do basic pings on the dev VLAN's from the second switch. Some people involved with setting up the C3850 said I would have to add an IP in the subnet of the VLAN at the Cisco router to make it bridge the VLAN's from the first to the second switch, but I don't want routing and setting a next hop seems bizarre. Ideally, I want to do no routing (more like a managed switch transparently forwarding VLAN's). Since the Cisco router is currently a core router, I can't ask to make the whole thing behave like a dumb switch.
Is there a proper way to transparently bridge the VLAN's between ports on the router without routing or needing an IP at the router, while preserving existing routing, so I can send traffic from the second C2960 to the Aruba switch?
cisco vlan bridge cisco-3850
asked 7 hours ago
Asteroza
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
New to Cisco stuff so bear with me (only a little L2 Procurve experience). I have a development network connected to an Aruba/HPE managed switch feeding a trunk with tagged VLAN's to an internal network Cisco C2960. I am not in charge of the C2960, but it looks like the VLAN's appear to be sending and receiving correctly, based on some testing from a hypervisor server hanging off the C2960. Now, this C2960 has an trunk uplink to a C3850 router which should have the necessary VLAN's configured. From the C3850 is another trunk to yet another C2960, with the correct trunk settings for the VLAN's I want to haul from the development network to the second switch.
I can't do basic pings on the dev VLAN's from the second switch. Some people involved with setting up the C3850 said I would have to add an IP in the subnet of the VLAN at the Cisco router to make it bridge the VLAN's from the first to the second switch, but I don't want routing and setting a next hop seems bizarre. Ideally, I want to do no routing (more like a managed switch transparently forwarding VLAN's). Since the Cisco router is currently a core router, I can't ask to make the whole thing behave like a dumb switch.
Is there a proper way to transparently bridge the VLAN's between ports on the router without routing or needing an IP at the router, while preserving existing routing, so I can send traffic from the second C2960 to the Aruba switch?
cisco vlan bridge cisco-3850
asked 7 hours ago
Asteroza
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New to Cisco stuff so bear with me (only a little L2 Procurve experience). I have a development network connected to an Aruba/HPE managed switch feeding a trunk with tagged VLAN's to an internal network Cisco C2960. I am not in charge of the C2960, but it looks like the VLAN's appear to be sending and receiving correctly, based on some testing from a hypervisor server hanging off the C2960. Now, this C2960 has an trunk uplink to a C3850 router which should have the necessary VLAN's configured. From the C3850 is another trunk to yet another C2960, with the correct trunk settings for the VLAN's I want to haul from the development network to the second switch.
I can't do basic pings on the dev VLAN's from the second switch. Some people involved with setting up the C3850 said I would have to add an IP in the subnet of the VLAN at the Cisco router to make it bridge the VLAN's from the first to the second switch, but I don't want routing and setting a next hop seems bizarre. Ideally, I want to do no routing (more like a managed switch transparently forwarding VLAN's). Since the Cisco router is currently a core router, I can't ask to make the whole thing behave like a dumb switch.
Is there a proper way to transparently bridge the VLAN's between ports on the router without routing or needing an IP at the router, while preserving existing routing, so I can send traffic from the second C2960 to the Aruba switch?
cisco vlan bridge cisco-3850
cisco vlan bridge cisco-3850
asked 7 hours ago
Asteroza
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
Asteroza
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
Asteroza
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
Asteroza
111
asked 7 hours ago
Asteroza
111
111
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Asteroza is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
That should be possible - provided that...
- the same set (or at least a common subset) of VLAN IDs is used across the chain of switches
- this same (sub)set of VLANs is configured/added on all the switches along the path
- this same (sub)set of VLANs is "allowed" and "tagged" on all segments (the inter-switch links) along the path.
- some very diligent attention is directed towards spanning tree interoperability between HP/Aruba and Cisco (the latter by default run Cisco's own PVST or RPVST, the former usually use the IEEE variants STP, RSTP or MST).
- the admins of the said Cat2960s and Cat3850 are willing to add "your" set of VLANs to their device (which they might deny, because they might want to run their Cat3850 as a L3 device only)
The Cat3850 and the Cat2960s are definitely capable of what you intend to do, which is what VLANs, trunking and switching are all about. There is no technical reason why the Cat3850 should get any (additional) IP address(es) to bridge these VLANs. But - there may be operational guidelines preventing it.
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
add a comment |Â
up vote
1
down vote
To get traffic from one network (VLAN) to another requires a router. Even if you bridge the VLANs at layer-2, the devices on the different networks will be unable to communicate. A host will look at the destination address, and it can tell that it is on a different network. If it is, then it will send the frame to its configured gateway (router). A router is a host on the LAN that knows how to forward packets to a different network.
The purpose of VLANs is to break up the network into separate layer-2 domains, and it requires a router (at layer-3) to forward packets between the separate networks.
answered 7 hours ago
Ron Maupin♦
58.7k1057105
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
That should be possible - provided that...
- the same set (or at least a common subset) of VLAN IDs is used across the chain of switches
- this same (sub)set of VLANs is configured/added on all the switches along the path
- this same (sub)set of VLANs is "allowed" and "tagged" on all segments (the inter-switch links) along the path.
- some very diligent attention is directed towards spanning tree interoperability between HP/Aruba and Cisco (the latter by default run Cisco's own PVST or RPVST, the former usually use the IEEE variants STP, RSTP or MST).
- the admins of the said Cat2960s and Cat3850 are willing to add "your" set of VLANs to their device (which they might deny, because they might want to run their Cat3850 as a L3 device only)
The Cat3850 and the Cat2960s are definitely capable of what you intend to do, which is what VLANs, trunking and switching are all about. There is no technical reason why the Cat3850 should get any (additional) IP address(es) to bridge these VLANs. But - there may be operational guidelines preventing it.
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
add a comment |Â
up vote
2
down vote
That should be possible - provided that...
- the same set (or at least a common subset) of VLAN IDs is used across the chain of switches
- this same (sub)set of VLANs is configured/added on all the switches along the path
- this same (sub)set of VLANs is "allowed" and "tagged" on all segments (the inter-switch links) along the path.
- some very diligent attention is directed towards spanning tree interoperability between HP/Aruba and Cisco (the latter by default run Cisco's own PVST or RPVST, the former usually use the IEEE variants STP, RSTP or MST).
- the admins of the said Cat2960s and Cat3850 are willing to add "your" set of VLANs to their device (which they might deny, because they might want to run their Cat3850 as a L3 device only)
The Cat3850 and the Cat2960s are definitely capable of what you intend to do, which is what VLANs, trunking and switching are all about. There is no technical reason why the Cat3850 should get any (additional) IP address(es) to bridge these VLANs. But - there may be operational guidelines preventing it.
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
add a comment |Â
up vote
2
down vote
up vote
2
down vote
That should be possible - provided that...
- the same set (or at least a common subset) of VLAN IDs is used across the chain of switches
- this same (sub)set of VLANs is configured/added on all the switches along the path
- this same (sub)set of VLANs is "allowed" and "tagged" on all segments (the inter-switch links) along the path.
- some very diligent attention is directed towards spanning tree interoperability between HP/Aruba and Cisco (the latter by default run Cisco's own PVST or RPVST, the former usually use the IEEE variants STP, RSTP or MST).
- the admins of the said Cat2960s and Cat3850 are willing to add "your" set of VLANs to their device (which they might deny, because they might want to run their Cat3850 as a L3 device only)
The Cat3850 and the Cat2960s are definitely capable of what you intend to do, which is what VLANs, trunking and switching are all about. There is no technical reason why the Cat3850 should get any (additional) IP address(es) to bridge these VLANs. But - there may be operational guidelines preventing it.
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
That should be possible - provided that...
- the same set (or at least a common subset) of VLAN IDs is used across the chain of switches
- this same (sub)set of VLANs is configured/added on all the switches along the path
- this same (sub)set of VLANs is "allowed" and "tagged" on all segments (the inter-switch links) along the path.
- some very diligent attention is directed towards spanning tree interoperability between HP/Aruba and Cisco (the latter by default run Cisco's own PVST or RPVST, the former usually use the IEEE variants STP, RSTP or MST).
- the admins of the said Cat2960s and Cat3850 are willing to add "your" set of VLANs to their device (which they might deny, because they might want to run their Cat3850 as a L3 device only)
The Cat3850 and the Cat2960s are definitely capable of what you intend to do, which is what VLANs, trunking and switching are all about. There is no technical reason why the Cat3850 should get any (additional) IP address(es) to bridge these VLANs. But - there may be operational guidelines preventing it.
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
answered 5 hours ago
Marc 'netztier' Luethi
2,404317
2,404317
add a comment |Â
add a comment |Â
up vote
1
down vote
To get traffic from one network (VLAN) to another requires a router. Even if you bridge the VLANs at layer-2, the devices on the different networks will be unable to communicate. A host will look at the destination address, and it can tell that it is on a different network. If it is, then it will send the frame to its configured gateway (router). A router is a host on the LAN that knows how to forward packets to a different network.
The purpose of VLANs is to break up the network into separate layer-2 domains, and it requires a router (at layer-3) to forward packets between the separate networks.
answered 7 hours ago
Ron Maupin♦
58.7k1057105
add a comment |Â
up vote
1
down vote
To get traffic from one network (VLAN) to another requires a router. Even if you bridge the VLANs at layer-2, the devices on the different networks will be unable to communicate. A host will look at the destination address, and it can tell that it is on a different network. If it is, then it will send the frame to its configured gateway (router). A router is a host on the LAN that knows how to forward packets to a different network.
The purpose of VLANs is to break up the network into separate layer-2 domains, and it requires a router (at layer-3) to forward packets between the separate networks.
answered 7 hours ago
Ron Maupin♦
58.7k1057105
add a comment |Â
up vote
1
down vote
up vote
1
down vote
To get traffic from one network (VLAN) to another requires a router. Even if you bridge the VLANs at layer-2, the devices on the different networks will be unable to communicate. A host will look at the destination address, and it can tell that it is on a different network. If it is, then it will send the frame to its configured gateway (router). A router is a host on the LAN that knows how to forward packets to a different network.
The purpose of VLANs is to break up the network into separate layer-2 domains, and it requires a router (at layer-3) to forward packets between the separate networks.
answered 7 hours ago
Ron Maupin♦
58.7k1057105
To get traffic from one network (VLAN) to another requires a router. Even if you bridge the VLANs at layer-2, the devices on the different networks will be unable to communicate. A host will look at the destination address, and it can tell that it is on a different network. If it is, then it will send the frame to its configured gateway (router). A router is a host on the LAN that knows how to forward packets to a different network.
The purpose of VLANs is to break up the network into separate layer-2 domains, and it requires a router (at layer-3) to forward packets between the separate networks.
answered 7 hours ago
Ron Maupin♦
58.7k1057105
answered 7 hours ago
Ron Maupin♦
58.7k1057105
answered 7 hours ago
Ron Maupin♦
58.7k1057105
answered 7 hours ago
Ron Maupin♦
58.7k1057105
58.7k1057105
add a comment |Â
add a comment |Â
Asteroza is a new contributor. Be nice, and check out our Code of Conduct.
Asteroza is a new contributor. Be nice, and check out our Code of Conduct.
Asteroza is a new contributor. Be nice, and check out our Code of Conduct.
Asteroza is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54313%2fcisco-catalyst-3850-router-vlan-bridge-no-routing%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
