1-11
Catalyst 3750 MetroSwitch Software Configuration Guide
78-15870-01
Chapter 1 Overview
Network Configuration Examples
Network Configuration Examples
This section provides network configuration concepts and includes examples of using the switch to
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connections.
• “Multidwelling or Ethernet-to-the Subscriber Network” section on page 1-11
• “Ethernet Broadband Aggregation Network” section on page 1-13
• “Layer 2 VPN Application” section on page 1-14
• “Layer 3 VPN Application” section on page 1-15
Multidwelling or Ethernet-to-the Subscriber Network
Figure 1-1 shows a Gigabit Ethernet ring for a residential location serving multitenant units using
Catalyst 3750 Metro switches connected through 1000BASE-X SFP module ports. Catalyst 3750 Metro
switches used as residential switches provide customers with high-speed connections to the service
provider point-of presence (POP). Catalyst 2950 Long-Reach Ethernet (LRE) switches also can be used
as residential switches for customers requiring connectivity through existing phone lines. The
Catalyst 2950 LRE switches can then connect to another residential switch, such as a
Catalyst 3750 Metro switch. For more information about the Catalyst LRE switches and LRE
information, refer to the Catalyst 2950 LRE documentation set.
All ports on the residential switches (and Catalyst 2950 LRE switches if they are included) are
configured as 802.1Q trunks with Private VLAN Edge (protected port) and STP root guard features
enabled. The protected-port feature provides security and isolation between ports on the switch, ensuring
that subscribers cannot view packets destined for other subscribers. STP root guard prevents
unauthorized devices from becoming the STP root switch. All ports have IGMP snooping or CGMP
enabled for multicast traffic management. ACLs on the uplink ports to the aggregating switches provide
security and bandwidth management.
The aggregating switches and routers have HSRP enabled for load balancing and redundant connectivity
to guarantee mission-critical traffic. This ensures connectivity to the Internet, WAN, and mission-critical
network resources in case one of the routers or switches fails.
When an end station in one VLAN needs to communicate with an end station in another VLAN, a router
or switch routes the traffic to the appropriate destination VLAN, providing inter-VLAN routing. VLAN
access control lists (VLAN maps) provide intra-VLAN security and prevent unauthorized users from
accessing critical pieces of the network.
In addition to inter-VLAN routing, the switch QoS mechanisms such as DSCP prioritize the different
types of network traffic to deliver high-priority traffic in a predictable manner. If congestion occurs, QoS
drops low-priority traffic to allow delivery of high-priority traffic.
The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP
(VoIP) gateway services, and WAN and Internet access.
To Next Page
Loading...
