Help for design network diagram

Answered Question
Sep 1st, 2009

Dear All,

Please find attached my current office network layout.

1. Only one core switch 4507

2. Only one fiber uplink to each floor from the core switch.rest are switches are being interconnected using cross cables.

3. For 5th and 9th floor uplink redundancy we have fiber link between 5th & 9th floor switch.

Now we are planning to implement IP phones in the network. so management has decided to add one more core switch and fiber uplink to all the switches. so in this senario what would be the best redundant design setup we can have in our network.

Kindly help me to finish the design diagram with all mentioned devices.

Thanks

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 3 months ago

Hello Shibu,

no problems

1) I would connect the two core switches with two fiber pairs and I would configure a L2 trunk etherchannel.

If you have only one port free a single L2 trunk can be enough.

2) yes it is the right decision it allows you to have a hierarchical network with a core layer and an access layer: no access layer device relies on another access layer device to reach the core and this is good.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Wed, 09/02/2009 - 05:03

Hello Shibu,

nice to know that management has realised that a second core switch is needed.

>> nd fiber uplink to all the switches.

If possible you should have two fiber uplinks for each access layer switch:

one fiber link connected to core1

one fiber link connected to core2

so looking at your picture you should have other 10-3 = 7 fiber pairs deployed in the building.

core1 and core2 have to be the primary root bridge and secondary root bridge for all vlans as proposed in previous thread.

notice that each access layer for a given vlan will use only one uplink: STP protocol blocks one link.

To have both uplinks used in some way you should load share the root bridge role between core1 and core2 on a per vlan basis.

Cisco PVST+ allows this running one STP instance for each defined vlan.

If you cannot connect all switches to both core switches have at least two interswitch links between the switches in daisy chain but this is not recommended.

Note:

sorry for not having followed up previous thread but I was going in a vacation period.

Hope to help

Giuseppe

Shibu1978 Sun, 09/06/2009 - 01:00

Dear Giuseppe,

Thanks for your concern . i am Sorry for the late written reply. i was on leave for last 3 days.

I am hereby attaching a new proposed diagram keeping your advice.

1. Which is the best way to interconnect the Core switches? i put a fiber connection between those two.is it a right decision?

2.i have removed all cross connection between switches and put all fiber connection. is it right ?

Waiting for your valuable comments on this.

Thanks

Shibu1978 Sun, 09/06/2009 - 01:08

Thanks for your concern . i am Sorry for the late written reply. i was on leave for last 3 days.

I am hereby attaching a new proposed diagram keeping your advice.

1. Which is the best way to interconnect the Core switches? i put a fiber connection between those two.is it a right decision?

2.i have removed all cross connection between switches and put all fiber connection. is it right ?

Waiting for your valuable comments on this.

Thanks

Correct Answer
Giuseppe Larosa Sun, 09/06/2009 - 04:08

Hello Shibu,

no problems

1) I would connect the two core switches with two fiber pairs and I would configure a L2 trunk etherchannel.

If you have only one port free a single L2 trunk can be enough.

2) yes it is the right decision it allows you to have a hierarchical network with a core layer and an access layer: no access layer device relies on another access layer device to reach the core and this is good.

Hope to help

Giuseppe

Shibu1978 Sun, 09/06/2009 - 05:40

Dear Giuseppe,

Thanks a lot for the suggestion and guidance.

1. Can i have some (running)configuration samples for this type senario. Ex. HSRP or VRRP configs between Core switches,Spanning-tree RSTP,etherchannel,voice vlan

2. Read that RSTP would be the ideal choice for this type setup..is it right?

Thanks a lot for your valuable reply

Thanks

Shibu

Shibu1978 Sun, 09/06/2009 - 06:38

Dear Giuseppe,

Thanks a lot for the suggestion and guidance.

1. Can i have some (running)configuration samples for this type senario. Ex. HSRP or VRRP configs between Core switches,Spanning-tree RSTP,etherchannel,voice vlan

2. Read that RSTP would be the ideal choice for this type setup..is it right?

Thanks a lot for your valuable reply

Thanks

Shibu

Shibu1978 Mon, 09/07/2009 - 22:28

Dear Giuseppe,

If you have any working configuration regarding this please send to me.

Thanks

Shibu

Giuseppe Larosa Tue, 09/08/2009 - 05:11

Hello Shibu,

thanks for your kind remarks

Let's see together a configuration example

a)

spanning-tree

core1

spanning-tree mode rapid-pvst

spanning-tree vlan 1-3,5-6,8,11,13-14,20-21,200,612,614-615 priority 0

spanning-tree vlan 4,7,9-10,15-16,22-23,100,225,619 priority 1

! these commands say to use Rapid PVST

! core1 is the root bridge for vlans

! where priority is set to 0

! core2 is the root bridge for the other

! vlans where core1 has priority 1

core2 config:

spanning-tree mode rapid-pvst

spanning-tree vlan 1-3,5-6,8,11,13-14,20-21,200,612,614-615 priority 1

spanning-tree vlan 4,7,9-10,15-16,22-23,100,225,619 priority 0

! as you see the priority values are

! exchanged

spanning-tree mode rapid has to be given in all switches

b)

HSRP

good rules says core1 has to be the HSRP active router for the client vlans for which it is the STP root bridge

for example let's consider vlan200

core1:

int vlan200

ip address 10.113.200.2 255.255.255.0

standby 200 ip 10.113.200.1

standby 200 priority 105

standby 200 preempt

standby 200 authentication idsvq

on core2 SVI vlan200 will be configured as:

int vlan200

ip address 10.113.200.3 255.255.255.0

standby 200 ip 10.113.200.1

standby 200 priority 100

standby 200 preempt

standby 200 authentication idsvq

for vlan4 where core2 is root bridge the opposite is needed

int vlan4

ip address 10.113.4.2 255.255.255.0

standby 4 ip 10.113.4.1

standby 200 priority 100

standby 200 preempt

standby 200 authentication segr4

on core2

int vlan4

ip address 10.113.4.3 255.255.255.0

standby 4 ip 10.113.4.1

standby 200 priority 105

standby 200 preempt

standby 200 authentication segr4

note1:

it is good to use a different authentication key for different groups.

note2:

on multilayer devices other then C6500 you can and you need to reuse HSRP group numbers on different vlans to achieve scalability.

note3:

tracking of interface to internet router can be used (if an internet facing router is present)

Hope to help

Giuseppe

Shibu1978 Tue, 09/08/2009 - 22:32

Dear Giuseppe,

Thanks a lot..!!! highly appreciated.

Thanks

Shibu

Actions

This Discussion