We have this:
Firewall/Router --> L3 Switch (new) --> Client PC's
172.18.73.1-------172.18.73.2---------GW: 172.18.73.1
------------------GW: 172.18.73.1

When configuring a L3 switch that will provide routing between multiple subnets, is it customary to set the switch's IP to the IP of the firewall/router and change the LAN IP of the firewall to something else?

Firewall/Router --> L3 Switch (new) --> Client PC's
172.18.73.2---------172.18.73.1------GW: 172.18.73.1
------------------GW: 172.18.73.2

That way I don't have to reconfigure all of the PC's default gateway.

Or is it best to leave the firewall/router at .1, set the switch to .2 or .254 and change the gateway IP's on all of the client PC's?

Firewall/Router --> L3 Switch (new) --> Client PC's
172.18.73.1---------172.18.73.2-----GW: 172.18.73.2
------------------GW: 172.18.73.1

TIA!

[Edited on March 14, 2011 at 12:29 PM. Reason : ascii art fixes]

3/14/2011 12:27:31 PM

I don't know what's customary, but in our office we started out with only one subnet and expanded later like you are describing. Our IT chose option one. It doesn't cause any problems, but most of the subnets are used for separating lab space only.

3/14/2011 1:56:19 PM

Quote :

"When configuring a L3 switch that will provide routing between multiple subnets, is it customary to set the switch's IP to the IP of the firewall/router and change the LAN IP of the firewall to something else?"

That depends on whether you want the L3 switch or the firewall/router to route for the 172.18.73.x network (or both, if you want to run a routing protocol).

3/14/2011 2:52:17 PM

So you're saying by enabling RIP, the client PC's don't have to look to the switch as their gateway?

3/14/2011 4:54:51 PM

no, i'm not saying that at all. Let's take a step back.

What do you want to accomplish?

3/14/2011 5:10:30 PM

well, we were having voip echo issues and vendors suspected the L2 smartswitch could be causing probems, so we replaced it with an HP Procurve 3500yl.

Setup 2 vlans to separate broadcast domains between voip and data, but have not changed the gateway's of the pc's to look to the new switch. I would expect this would be best, to eliminate any hops to/from the firewall for the (minor) traffic that spans vlan/subnets, but I just wasn't sure how it's "supposed" to be done.

I know there's no "rule" of ip addressing, but is there a common convention?

3/14/2011 6:35:51 PM

Interesting. For an echo issue, an L2 switch would be the _last_ thing I would suspect unless there was clear evidence that it was a bottleneck (a 10/100 switch in between gig devices, for example).

But getting back to your original question, I would simply move the gateway IP of the clients to the L3 switch, and change the IP address of the router/firewall. If the idea is to separate the data traffic from the voice traffic, let the L3 switch do the grunt work (routing), and let the firewall/router handle moving or blocking traffic in/out of the WAN.

Now going back to the echo problem. Is there a pattern to the echo? Does the echo happen for ALL calls, or are they specific to calls between PSTN and IP phones, or from IP phones to IP phones? What kind of Voip setup do you have?

3/15/2011 2:17:29 PM

Cool, thats what I'll do.

The echo issue is NOT consistent. seemingly some "days" are better than others. It can also come and go in a conversation.

Qwest T1 (from bandwidth.com) --> adtran 904 --> PRI Handoff to Avaya IP Office 500 --> HP Switch --> 5610 IP handsets --> PC's connected through handsets.

We started out trying to dynamically share the T1 bandwidth between voice & internet, but the Adtran apparently wasn't up to the task. Voice quality would frequently suffer. We removed all data traffic from T1 and it's now just used for the PRI voice lines. (data is now loadbalanced between a cable modem and dsl) Things have improved by removing data from the T1, but there are still bad days. Static sometimes, sometimes people leave a message and chunks of audio will be cut out (bad for leaving a phone number!).

Anyway, Bandwidth.com looks at the adtran and swears up and down that 95%+ of calls have an excellent MOS score and 99% have a Good score and that the problem must be on "our side".

The IP Office vendor said "oh, it's that newfangled VOIP stuff ... if you get just a plain 'ol PRI in there, I guarantee your problems will go away" ... we're in a 3-year contract with bandwidth.com and they're not amenable to letting us out, so that's not an option.

I doubted the L2 switch too, but the IPO installer was all like "oh, a NETGEAR switch, we only use extreme networks brand, so that could be the problem"

I read the cisco whitepaper on VOIP echo and it was pretty clear that echo occurs at the OPPOSITE end of the echo location.

Our issues can happen on either inbound or outbound calls, and ONLY at the store location; customers/callers NEVER hear the echo, only employees.

I've disabled AGC on the handsets, too, which didn't help.

I think it's probably at a "tolerable" level now, meaning, I don't hear about it weekly like I used to, but occasionally I'll get some bitching.

The frustrating part is that none of this was cheap ... $20k phone system, $700/mo+ for T1/Trunks, $3500 switch ... and I see Avaya 5610 phones everywhere ... Home Depot even uses them and I've seen them on news clips on the desks of government employees. I somehow doubt THOSE phones have echo and static problems.

Anyway, if you have any other ideas for me, I'm all ears!

Thanks!

3/17/2011 8:36:58 PM