cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1933
Views
64
Helpful
38
Replies

Need Advice for redundancy between two Nos of 4510R-E

Dipesh Patel
Level 2
Level 2

Dear All,

Pls suggest me the configuration for two Nos of 4510R-E chassis with 2 nos of SUP V plus 2 10GE.

On both switches config must be same.

Config will include 1 backbone vlan and some static routes.

I want to implement redundancy of Backbone for distribution using HSRP and also SUP redundancy.

Also want to know the config for using 3 nos of link between two 4510R-E .

Pls give me the sample config....

Regards,

Dipesh P.

2 Accepted Solutions

Accepted Solutions

Hello Dipesh,

yes in the new config template root bridge is enforced for all Vlans with explicit command.

this is good.

About STP loop guard probably that is a possible explanation of why it is recommended to configure it on both ends of a link.

as explained in the documents in previous post you can use the command

spanning-tree loop guard default

However, I think it makes sense to use it only on inter-switches links not on access ports

So I would enabled it on a per port basis to have more control.

To be honest we cannot say that all these STP events will disappear.

Hope to help

Giuseppe

View solution in original post

Hello Dipesh,

it is nice to see this long thread has not been lost in the forum upgrade!

I answer to your questions:

1)  Many of the Vlans Roots are selected randomly except Vlan 2 Backbone. Hence I need to tune STP so that for all Vlan Root will be the 3560 SW only for the perticular SWitch block except the backbone vlan.

•     STP convergence time is more than expected.

yes for both the solution is to configure C3560 distribution nodes as the root bridge for all client vlans of the switch block

2)  have seen Spaaningtree sumurry and it shows no of STP instances are around 300.

to limit number of running STP instances use switchport trun allowed vlan VTP pruning is NOT effective in this contrary to popular belief.

VTP pruning helps in limiting unnecessary traffic to be sent on L2 trunk ports. for a switch it is enough  to have a vlan permitted on a single trunk to run an STP instance.

each C3560 distribution should run N+1 vlans if N are the client vlans.

Currently there is a risk that vlans extend in all campus. This has to be avoided

3) using a common native vlan on all trunks without IP services over it is recommended also for security reasons. I would do it

All these will provide improvements over current scenario. As I noted in previous posts if after all these changes you still see STP events it may be wise to open a service request

Hope to help

Giuseppe

View solution in original post

38 Replies 38

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Dipesh,

if I've understood correctly your post you have two 4510 chassis each with two supervisors.

>>I want to implement redundancy of Backbone for distribution using HSRP and also SUP redundancy.

These are two distinct aspects in this class of devices: that is both in RPR or in SSO redundancy modes only one supervisor can talk with external world.

Redundancy requires few commands if your IOS version is recent you should go for SSO

example for SSO

redundancy

keepalive-enable

mode sso

main-cpu

auto-sync running-config

about HSRP on backbone vlan, I would prefer a dynamic routing protocol

towards core/distribution

vtp mode server

vtp domain whatyouneed

! create L2 vlan

vlan 100

name backbone

! create L3 SVI

int vlan 100

ip address 10.100.100.2 255.255.255.0

standby 100 ip 10.100.100.1

standby priority 105

standby preempt

standby 100 authentication password100

on second chassis:

int vlan 100

ip address 10.100.100.3 255.255.255.0

standby 100 ip 10.100.100.1

standby priority 100

standby preempt

standby 100 authentication password100

core facing devices should use the VIP HSRP address as their IP next-hop in reaching all client vlans behind the two C4510 boxes.

the two boxes need to use also the VIP offered by the other two devices as next-hop for a default route or a set of routes.

ip route 0.0.0.0 0.0.0.0 10.100.100.4

let's suppose the VIP offered is 10.100.100.4

I would still prefer a routing protocol in backbone vlan

example

router eigrp 100

network 10.0.0.0

passive-interface default

no passive-interface vlan 100

this applied to both chassis is a dynamic solution to be preferred if all devices are under the same administration.

HSRP should be deployed in all client vlans.

I recommend using authentication with different passwords.

The reason is that for scalability you may need to reuse HSRP group numbers.

in some cases of faults having two HSRP groups speaking between them may cause additional troubles.

Hope to help

Giuseppe

DEar Giuseppe,

Thanks for ur reply...

I m yet confused,

here I mattachoing the existing config for Backbone, Dist and Access.

There is no redundant Backbone riight now but want to add.

And also pls suggest how to improve on this.

Current Topology is BACKBONE to DIST. to Access.

Inter vlan Routing is from Dist and for each Vlan segment separet Access switch is there.

Pls suggest.

Regards,

Dipesh P.

hi,

Pls find the Rough Topology.

Hello Dipesh,

I see the C4510 is your core device so it needs only one HSRP group in the backbone vlan and static routes for the IP subnets that are routed on the C3560.

I strongly recommend to use a dynamic routing protocol between core devices and distribution nodes.

I would leave HSRP ( or GLBP) only on the client Vlans to provide a VIP for user workstations.

Hope to help

Giuseppe

Dear Giuseppe ,

Deatails are as follows.

L2 Redundancy:

• Between two Backbone switch there are 3 nos of Links: One is Wireless Link using Canopy and Two 10 Gig are Fiber link which is maintained by STP. ( Primary Link will be 10Gig port because of low cost : 2 than Gig port cost : 4 )

• Between Backbone and Distribution Switch one link will be active and other link will be blocked by STP according to the path cost.

• Primary Root will be ESH (AS ESH side Backbone VLAN STP Priority : 16384 and at Prabhat side Backbone Vlan STP Priority will be 28672 )

L3 Redundancy:

• On both the Backbone Switch HSRP will be used on Backbone Vlan. (ESH side HSRP Priority will be 120 and at Prabhat side HSRP Priority will be 110.)

• Redundancy between TWO SUP on one chassis will be handled by SSO and Config-sync feature with SRM. (Only one SUP will be active at a time.)

I want to use two Ten Gidg Port using Fiber and one Gig port using Canopy Wireless between tweo CORE switches.

Can you pls send me the configuration is possible?

Regards,

Dipesh P.

Dear Giuseppe ,

Pls suggest the configuration.

On Distribution there will not be HSRP . It is ok or not ?

Pls Reply ....

Pls Give the configuration or shuod I add in the config I have attached.

Regards,

Dipesh P.

Hello Dipesh,

>> On Distribution there will not be HSRP . It is ok or not ?

How many distribution switches are present?

I supposed they were two, but you probably have only one C3560.

in this case HSRP is not needed ( even if deploying it makes it possible to insert a second distribution node later without changing IP address of default gateway for users; to be considered)

I still think the configuration made with static routes is not a good thing.

Does this come from a specific requirement or from a possible lack of confidence in dynamic routing protocols?

(without offense, but using for example EIGRP could make life easier when the network has a fault)

Understand the side effects of static routes in a LAN switched environment: unless you have a dedicated LAN for the L3 link, when the link between distrib1 and core1 fails the static routes using next-hop 10.0.10.109 (distrib1's ip address in vlan2) are not removed from routing table until an ARP entry for 10.0.10.109 exists = up to 4 hours.

But after 300 seconds the MAC address of distrib1 would be removed from CAM tables of all devices.

All this is not good at all.

So or you use a dedicated link, with its own subnet for distrib to core connectivity or you introduce dynamic routing protocol.

For example EIGRP can detect neighbor failure in 15 seconds in a LAN environment the time of missing 3 EIGRP hellos.

If you are going to have three links between the two core switches and these links are L3 put them all in the backbone vlan.

I also suggest to bundle the two 10GE in an etherchannel.

int te6/1

switchport

switchport mode trunk

switchport trunk allowed vlan 2

channel-group 1 mode active

int te6/2

switchport

switchport mode trunk

switchport trunk allowed vlan 2

channel-group 1 mode active

STP should be able to use this as the primary link.

the GE port towards wireless can be configured as:

int gix/y

switchport

switchport mode trunk

switchport trunk allowed vlan 2

spanning-tree cost 5000

to be sure it is used only when needed

about distribution switch:

if possible it should have one link towards core1 and one towards core2 in Vlan2.

You currently have only one GE link.

if you cannot deploy a second uplink towards second core node core2 (for lacking of fiber cables between the two sides), you should at least deploy a second uplink with the same core node core1.

Hope to help

Giuseppe

Thanks a lot....Dear Giuseppe,

Actually I m new at site. And a task is given to me to implement Redundancy with minimum Downtime.

There are 14 no of Dist SW (3560s) with diff Vlan segment in each. But Vlan ID is same in all e.e in one Dist sw Vlan 1,2,3,4,5 are there with diff IP segment and in another Dist also the vlan 1,2,3,4,5 are there but different IP segment. Only vlan 2 is common in all SWs ( that is made on Backbone Sw and work as backbone vlan.) So can't make redundancy for them.

So my 1st aim is to implement Redundancy for backbone. If one Backbone may down than NW should get other backbone.

Yes, Each dist SW has one link from one core and one link from other core.

Scenario :

CORE ( Backbone) :

interface Vlan2

description *** Backbone ***

ip address 10.0.10.100 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip policy route-map nat.traffic.out-hazira

no ip mroute-cache

spanning-tree port-priority 0

In Dist.

interface Vlan2

description Backbone VLAN

ip address 10.0.10.109 255.255.255.0

ip access-group 112 out

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

nterface Vlan4

ip address 10.0.138.2 255.255.255.0

ip access-group 112 out

ip helper-address 10.0.10.29

ip helper-address 10.0.10.220

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

So both Dist and Back bone will talk with each other.

In Dist :

ip route 0.0.0.0 0.0.0.0 10.0.10.100 -route to backbone

So we can take 10.0.10.100 IP as HSRP IP (GW) between both core. and in any case this IP remain unchanged.

Is it ok or not?

In Access :

If the Access switch is for 10.0.138.0 segment - Vlan 4 than :

vlan 4 ( Vlan 4 created as no VTP concept is here )

than All port of access SW are in Vlan 4 member SW.

Default Route is

Ip default Gateway 10.0.138.2 255.255.255.0 ( Vlan ADD of Dist SW)

Like wise for all segment one seperate SW is there.

Now I think u understand the current topology.

Will it be create the ARP problem u mentioned in previous Post.

Pls reply

Dipesh P.

Dear Giuseppe,

For Static Routing,

I have suggested to my Manger but.

As per him there are around 20 branch sites are there and all are working using static routes ..... and all devices are not CISCOs

at access layer ZTE swtiches are ther.

At Dist. layer Nortel SWs also there.

At some location at COre layer also NORTEL SW is there.

So What Can I do?

Dipesh P.

Hello Dipesh,

thanks for your kind remarks.

The ARP problem is still there in the direction core to distribution.

The drawbacks of static routing in a LAN environment can be reduced using Reliable Static Routing.

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

However, you should track the 13 next-hops of the distibution devices and you will find out that configuration is more complex then using a dynamic routing protocol.

Other point of attention:

please put

ip route-cache cef

on SVI interfaces of distribution devices, it can be important at the performance level.

About dynamic routing:

you can use a standard based routing protocol like OSPF.

this is supported on nortel devices and other vendors so it can be the better choice in your multi-vendor environment.

In other words all devices currently using static routes to talk with core should be able to speak OSPF if they have moderate routing capabilities.

You are new at the job, and so you cannot expect to have great influence on decisions.

However, I would suggest you to investigate on an OSPF based solution for dynamic routing.

You need to look at Nortel documentation to see if OSPF is supported and how it can be configured and enabled.

In any case this site based on Cisco technology can be easily converted to OSPF and can act as a pilot.

Even if some remote sites could be not able to run OSPF, you can have benefits by running it where it is supported increasing network capacity to react to faults.

OSPF uses areas, in a single or multi-area design.

I would suggest one area per site

0 backbone area

101 this site made of Cisco devices

other sites will have their own area-id

distrib config (the same for all distrib in this site)

router ospf 10

network 0.0.0.0 255.255.255.255 area 101

core config

router ospf 10

network 10.0.100.0 0.0.0.255 area 101

network x.x.x.x 0.0.y.y area 0

where x.x.x.x represents links to other sites.

see ospf design guide

http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml

Hope to help

Giuseppe

Thanks Giuseppe,

I have one more Confusion about STP config on Dist.

Can I put it in default PVST mode?

Weather Dist SW it self Block one Link from one CORe sw and make Actvie other Link from other CORE SW ?

Pls reply.

After Preparing config, I will send you the config for verification.

I have other confusion also related to this scenarion but will ask u one by one.

Hope u will help for the same.

Regards,

Dipesh P.

hello Dipesh,

>>I have one more Confusion about STP config on Dist.

>>Can I put it in default PVST mode?

Weather Dist SW it self Block one Link from one CORe sw and make Actvie other Link from other CORE SW ?

yes using PVST+ will manage L2 redundancy between distrib and the two core switches.

Hope to help

Giuseppe

Thanks a lot Giuseppe,

Now I have problem of Static Routes only.

I have one more idea:

- If I will create all the Vlans ( total nos of Vlans are 60 to 70 ) on both CORE.

- Intervlan Routing is also using CORE

- HSRP is active on all vlan int.

- One CORE is Active for Odd nos of Vlan Ids and One CORE is actvie for EVEN Nos of Vlans.

- Same for ROOT. For ODD nos of Vlan Primary ROOT is One CORe and for even Vlans Primary ROOT is other CORE.

- Like wise we can Load sharing.

- Is it ok? Is it better Idea than this?

- Any Drawback of it?

I think the static route for all vlans ( CORE to Dist ) is removed in this scenario.

I can use MST also in place of PVST+

Pls suggest.

Regards,

Dipesh P.

Dear Giuseppe,

Is it ok if we implement VTP Server and Client?

And can you pls give me the one example of Reliable Static Routing as per my configuration?

Pls help.

Regards,

Dipesh P.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: