cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
756
Views
0
Helpful
10
Replies

VLAN on backup Switches

Bab L
Level 1
Level 1

Hi.

At work we setup a redundant envirronemnt with two Layer 3 switches connected to two ASA's. The switches have 4 VLAN's each. If SWitch02 is not setup with the VLAN's as interfaces and an IP address, then if Switch01 fails then the servers on the VLAN's will not go out in the IPMAN. When I setup the VLAN's on Switch02 with the same VLAN ip addresses as Switch01 then the servers can get out but obviosuly I get the message of Duplicate VLANs. I have tried seting up Server Client and vtp but that does not work. What is the correct way of dealing with something like this?

Thank you

10 Replies 10

naveen_b81
Level 1
Level 1

You can use a redundancy protocols like HSRP, VRRP or GLBP which are built for such scenarios.

IF it is a cisco better to use HSRP, since you have two ASA (which i think are running in Active standby)

HSRP configuration -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_8_ea1/configuration/guide/Swhsrp.html

Hi and thanks for the reply.

We did test with HSRP but we still get the duplicate error. Also, it's not worth seting up HSRP in our case because one of the switches will be totally wasted. The only thing that I though is "that's just the way it is" and there's nothing you can do about the duplcate errors. I mean it's not causing any failures as such.

Reegards,

Harry

When using HSRP, if you get the duplicate IP detected error, then you will need to check your spanning tree topology, as there might be a temporary loop which might be causing this issue.

You can make use of mHSRP to do loadbalancing so that one switch will not get wasted completely.If you have multiple VLAN's then u can setup HSRP being active in one switch for one VLAN and other switch for other VLAN. Although if you are using ASA as active failover, it wont help much as the traffic still flows to active ASA through one of the switch.

Hi.

Thank you for the reply.

Do you think that a duplicate error messages can cause any "real" problems? If there's a temporary loop how can that be fixed?

Thank you

Harry

Not sure i understand about a switch being wasted. What you do with HSRP is -

subnet = 192.168.5.0/24

Assuming this is vlan and you have created the vlan at Layer 2 ie. a "sh vlan" show vlan 10

Also assuming your 2 switches are connected via a L2 trunk

switch 1

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 priority 100

standby 10 auth

switch 2

int vlan 10

ip address 192.168.5.3 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 priority 110

standby 10 auth

If you use the above config as a template you should not get duplicate IP address errors.

Jon

Hi.

Thank you for the reply.

Ok, I'll give you a picture of what we've done.

We have two ASA's. We use failover.

We have two Layer 3 switches with ip routing enabled connected to the ASA's. Switch01 connected to ASA01 and Switch02 connected to ASA02.

Connected to Switch 01 are Switch03 and Switch04. Also connected to Switch02 are Switch03 and Switch04. There's also an etherchannel between Switch01 and Switch02.

On Switch01 and Swith02 there are 3 VLANs with the configuration “int vlan 10, ip add xx.xxx.xxx etc”. Now this configuration must be the same on Switch02 because if it's not then when Switch01 goes down then there are no VLANs interfaces and the servers will not be able to go out. On Switch03 and Switch04 the VLANs are configured on specific ports .e.g. “switchport access vlan 10”.

When we did setup HSRP the duplicate problem was still there. We would like to avoid the HSRP setup though.

So, is there a way -except HSRP- to avoid those errors? So far the errors are not causing any "real" issues. How redundancy is setup up with VLAN's? I mean, I really don't see another way except the way we have set it up already. If the VLAN interface are not configured on Switch02 then redundancy is gone. It's a funny one.

Thanks for the replies.

Harry

Harry

Have a look at my previous post. Notice that

switch 1 vlan 10 interface has an IP address of 192.168.5.2

switch 2 vlan 10 interface has an IP address of 192.168.5.3

Notice also that the same VIP (Virtual IP address) is configured on both switches ie. 192.168.5.1

So you set the default-gateway on the servers to be 192.168.5.1

One of the switches will be responsible for any traffic sent to 192.168.5.1. If that switch fails then the other switch will be responsible for 192.168.5.1. So it works as you want.

So the configuration is not exactly the same between the 2 switches. The VIP is the same but the physical addresses are different but you only tell the servers about the VIP.

It might be a good idea if you had a read of the HSRP link posted earlier.

Jon

Hi.

This will not work becasue even if you setup the default gateway to be the HSRP address, the server that belong to a VLAn they will look for the int vlan ip address first. I have done a traceroute and realised that it does not matter what default gateway you give the servers, if they belong to a VLAN they will use that as a first hop. And it does not work if you give two different VLAN ips' on Switch01 and Switch02, becuase the servers will always look for the VLAN on Switch01. So, e.g. if you log int to Server01 and do a traceroute to the internet it awill first use that VLAN int on Switch01. If Switch01 goes down, even if Switch02 has a VLAn interface configured, the server does not go through. That's why both switches are configured the same. Hope that makes sense. Maybe I'm doing soemthing wrong. Another thing, is that if you configure different ip address for vlans for every switch, what happens when you keep on adding switches when you gorw? There's going to be far too many addresses wasted just for VLANs.

Thank you

Harry

The etherchannel between the 2 switches - is it a layer 2 trunk.

If it is then HSRP will work. Trust me, i have setup HSRP on switches more times than i can count. If you are finding that switch1 goes down and then the servers cannot get out then either

1) you have configured HSRP incorrectly

OR

2) your servers are only connected to switch1. Obviously with HSRP and redundnacy you need your servers to be connected to both switches.

Perhaps you could draw out a network diagram so we can understand your layout more accurately.

Jon

Hi Jon,

I don't think you can setup HSRP incorrectly. It's far too simple to get it wrong. Anyway, our servers are connected to both switches. There's a full redundancy. the Virtual Servers will be connected to Switch01 and Switch02 (double NIC) and the rest to Switch03 and Switch04 (double NIC).

Please see attachemnt for netwrok Diagram.

Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: