12-13-2007 08:22 AM - edited 03-05-2019 07:59 PM
Hello,
I have attached a diagram for you to look at and I want to know, with what I have done, if it is the best way to do it. (I would love the opinion of the Netpros!!)
Site A 6500
HSRP Priority 110 for
Vlans 2,3,4,5,6,7,8,9,10,11,12,251
HSRP default priority for
Vlans 13,14,15,16,17,18,19,20
Site B 6500
HSRP Priority 110 for
Vlans 13,14,15,16,17,18,19,20
HSRP default priority for
Vlans 2,3,4,5,6,7,8,9,10,11,12,251
Dist-SW-1-SiteA
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary
spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT secondary
Dist-SW-2-SiteA
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary
spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT secondary
Dist-SW-1-SiteB
spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT primary
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT secondary
Dist-SW-2-SiteB
spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT primary
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT secondary
Three questions as well...
Should I put the spanning-tree commands for the devices at the Core as well or just the access layer?
What about the switches that are connected to the access layer? Should they also have a spanning-tree config?
Should I set the ROOT bridge command on the two 6500's?
As always thanks in advance for your insight. :)
12-13-2007 08:52 AM
HSRP Config:
Are you planning to run MHSRP per your posting?
In other words, you are running group 1 for Vlans 2-12 and group 2 for Vlans 13-20. How about Vlan 1 ?
Overall, it's a good design.
STP Config:
You are only allow to have one ROOT primary per switch. While the command will work once it's implemented (it's a macro so it does a calculation when applied). Once switch will contain the ROOT on SiteA and the other will be secondary.
Ideally, flip the Vlans around
Dist-SW-1-SiteA
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary
spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT secondary
Dist-SW-2-SiteA
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT secondary
spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT primary
___________
Your questions:
1) Just enter those commands at the core. Access switches will learn the best Layer2 path via STP.
2) No need to.
3) See above recommendation.
12-13-2007 09:13 AM
Hello Edison,
Thanks for your reply...
Here is part of the config from each 6500 seeing as they are all done the same way... I think I have done it properly... but please suggest modifications if you see any that apply. :)
Site A 6500
interface Vlan2
ip address 10.12.0.2 255.255.0.0
no ip redirects
standby 2 ip 10.12.0.1
standby 2 priority 110
standby 2 preempt
interface Vlan13
ip address 192.168.10.2 255.255.255.0
no ip redirects
standby 13 ip 192.168.10.1
Site B 6500
interface Vlan2
ip address 10.12.0.3 255.255.0.0
no ip redirects
standby 2 ip 10.12.0.1
interface Vlan13
ip address 192.168.10.3 255.255.255.0
no ip redirects
standby 13 ip 192.168.10.1
standby 13 priority 110
standby 13 preempt
We are using VTP as well so I thought I would mention that...
When you say flip them I'm not sure what you mean? I think I had it that way didn't I?
Thanks again :)
12-13-2007 09:27 AM
I'm trying to understand your network so forgive me for asking this type of questions.
When you mentioned SiteA and SiteB, are you referring to physical sites ? If so, are you extending your Vlans over the WAN ?
Is the intended HSRP VIP going to be shared among 4 switches ?
________________________________
VTP is just for Vlan Management. Ideally, VTP server at the core and VTP clients at the access-layer. Again, all these recommendations are depending upon your environment and requirements.
____________________
I said flip because you have DISTSW1 and DISTSW2 with the exact same commands for SiteA. If SiteA is a physical site, I recommend sharing the traffic between DISTSW1 and DISTSW2 on SiteA.
12-13-2007 09:42 AM
Hello Edison,
Thanks for your reply...
Here are the answers to your questions.
SiteA and SiteB are physically across the street from each other and are connected via private dark fiber. We have only the sup 720-3b's on each 6500 to terminate the fiber, which is why it is connected the way it is. We are extending the vlans onto both sides of the street but we used to route between the two sites so the new setup won't currently have any active connections where a vlan from SiteA is connected at siteB, That will now be a future option to us though as you see...
The two 6500's are the only places where the vlan interfaces exist. The idea was to not have traffic that should just go from a "local" distribution switch, to it's local 6500, cross to the other site. Which is the reason for the priority 110 command on the vlans that are meant to be primarily local to that 6500.
I hope I am describing that properly...
Did I do the HSRP config properly the way it is in my previous post?
I really have two VTP servers seeing as the config for VTP is typed into both 6500's and I know that changes or additions to any vlan info needs to be done on both as a result. It is too bad that VTP doesn't have some kind of redudnacy setup for servers...
On your last point I notice after I clicked "post" about the difference with the STP configs... Sorry for the confusion :)
12-13-2007 09:51 AM
Are you planning to implement HSRP on the 4 switches ? I only saw the configuration from 2 6500s.
12-13-2007 09:55 AM
No. The 4948's will just have trunked links to the two 6500's and the vlans will be hosted on the 6500's only. VTP will allow for any of the ports on the 4948's to be part of any Vlan
12-13-2007 11:04 AM
Hello Edison,
Are you still there?
12-13-2007 11:59 AM
William,
Your HSRP config looks correct.
Where you said "I really have two VTP servers seeing as the config for VTP is typed into both 6500's and I know that changes or additions to any vlan info needs to be done on both as a result. It is too bad that VTP doesn't have some kind of redudnacy setup for servers... "
Let me clarify; both 6500s will be VTP servers so they will have the same vtp domain name. If you configure your VLANs on either one of them, provided you allow VLAN1 (or whatever management VLAN you have created) to traverse that trunk, then the VTP configuration will be updated. By putting your access layer in the same VTP domain as clients (provided you allow your management VLAN on the trunk), then they to will get the updates from the VTP server.
Here's a good link to help explain:
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml
HTH
Steve
12-13-2007 12:04 PM
Your HSRP configuration looks fine then.
12-13-2007 12:53 PM
Hello,
I have one last question. Why do I need to flip the spanning-tree configs on the distribution switches?
My goal is to use the access layer to plug in other switches and some servers and unfortunately none will be dual homed between the two distribution switches. What is the thought behind flipping the spanning-tree configs on the distribution switches?
Sorry for not knowing already :)
12-13-2007 01:07 PM
As I stated before, you had DISTSW1 and DISTSW2 from SiteA as ROOT Primary for the same Vlans.
One physical switch can only be the primary of a vlan. While the command will work once entered on both switches, only one switch will truly be the primary ROOT for the specified vlans.
ROOT Primary is a macro that checks for the existing primary root and applies a lower priority to the switch in question in order to become the root for such vlan.
The order of precedence does count when executing the command. For instance, if you apply:
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary
to DISTSW1, then
spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary
to DISTSW2
DISTSW2 will become the root for Vlans 2-12 since you applied the command last.
Hope this makes sense.
12-14-2007 10:42 AM
Hello,
Perhaps I should ask then if this way is the best to way to setup spanning-tree on all six devices?
My goal is to have interfaces off of both of the two 4948's at SiteA being part of SiteA's vlans (2,3,4,5,6,7,8,9,10,11,12) and interfaces off of both of the two 4948's at SiteB being part of SiteB's vlans (13,14,15,16,17,18,19,20)...
This is what I have... (Please pick it apart!!)
6500 SiteA:
spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT primary
spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT secondary
SiteA-4948SW1:
spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT primary
spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT secondary
SiteA-4948SW2:
spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT secondary
spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT primary
SiteB 6500:
spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT primary
spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT secondary
SiteB-4948SW1:
spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT primary
spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT secondary
SiteB-4948SW2:
spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT secondary
spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT primary
Points to consider while you pick this apart...
1) SiteA and SiteB are layer 2 trunked using dark fiber.
2) We want to ensure that we use the ether-channels when traffic is going from a 4948 to its "same site" 6500...
Example:
SiteB-4948SW2
int gi1/6
switchport access vlan 17
We would want this traffic to go across the ether-channel to the SiteB 6500 and not go across the fiber to the SiteA 6500 unless the SiteB 6500 was down.
Another Example:
SiteA-4948SW1
int gi1/6
switchport access vlan 11
We would want this traffic to go across the ether-channel to the SiteA 6500 and not go across the fiber to the SiteB 6500 unless the SiteA 6500 was down.
Does that make sense?
3) We will have servers and riser closet switches plugged into the access layer
4) We may have a couple of servers pluued directly into the Core
5) We will have users plugged into the riser closet switches
6) Eventually we will extend VTP beyond the access layer to the riser closet switches, but since they are not all Cisco's (some are Nortel 450's), we won't have VTP everywhere.
7) We want to maximze the use of the ether-channeled ports so we have sufficient bandwidth if needed...
Your comments, as always, are appreciated. :)
12-14-2007 11:36 AM
STP entries should only be made in the 6500s from SiteA and SiteB.
The 4948s will dynamically learn the best Layer2 path from those values.
The values you've displayed are correct, just eliminate the STP configuration on the 4948s, not needed.
12-14-2007 11:38 AM
As always Edison...
Very much appreciated :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: