4507 Design Help

Answered Question

Hello All. I'm looking for some feedback on a network design. We're replacing our 2821 with a 4507 and I have some questions about the best way to implement this. I've attach a simple diagram that shows our current config and the proposed new config. We currently have a 2950-12 that is connected to a second 2950-12 via fiber GB, using GBIC interfaces. The second 2950 is connected to the 2821 via copper int. I have a 4507 with the following modules:

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1     2  Supervisor IV 1000BaseX (GBIC)         WS-X4515         
3    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45  

4     6  1000BaseX (GBIC)                       WS-X4306-GB      

My initial thought was remove the 2950 currently connected to the 2821 and run the 2 fiber connects directly to Gi4/1 & Gi 4/2 on the 4306 blade. I would then configure these ports as an etterchannel in trunk mode to support our VLANs and configure VLAN interfaces as necessary. Int Gi3/1 would be configured in routed mode as the default gateway for 0.0.0.0. Have I overlooked anything in this configuration? Is this the best practice configuration?

All feed back is welcome.

Thanks,

Shawn

Attachment: 
I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 4 days ago

dlawson001 wrote:

Etherchannel is bad at redundancy so you may want to go with HSRP so that if one link goes down the entire link doesn't die (as would happen with etherchannel)

Removing the 2950 is a good call because its not doing anything but adding latency and an additional point of failure. You could probably even work it so that the WAN link goes directly into the 4507, freeing up more hardware, reducing latency and simplifying the design.

If the links from the 2950 switch are L2 then it should be etherchannel. How are you going to run HSRP on the same switch ie. you can't.

If a link fails in an etherchannel bundle then the other links stay up, that's the whole point of etherchannel.

As for removing the ASA you may want to check whether that is the company WAN or the internet. If it's the internet you definitely wouldn't want to remove the ASA.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Sun, 12/06/2009 - 15:16

[email protected]

Hello All. I'm looking for some feedback on a network design. We're replacing our 2821 with a 4507 and I have some questions about the best way to implement this. I've attach a simple diagram that shows our current config and the proposed new config. We currently have a 2950-12 that is connected to a second 2950-12 via fiber GB, using GBIC interfaces. The second 2950 is connected to the 2821 via copper int. I have a 4507 with the following modules:

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1     2  Supervisor IV 1000BaseX (GBIC)         WS-X4515         
3    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45  

4     6  1000BaseX (GBIC)                       WS-X4306-GB      

My initial thought was remove the 2950 currently connected to the 2821 and run the 2 fiber connects directly to Gi4/1 & Gi 4/2 on the 4306 blade. I would then configure these ports as an etterchannel in trunk mode to support our VLANs and configure VLAN interfaces as necessary. Int Gi3/1 would be configured in routed mode as the default gateway for 0.0.0.0. Have I overlooked anything in this configuration? Is this the best practice configuration?

All feed back is welcome.

Thanks,

Shawn

Shawn

Looks fine to me. One thing you may want to consider is instead of running a routed port connection to the ASA you use a "switchport access vlan .." and have a L3 vlan interface on the 4500. I only mention this as if you then want to add another firewall for redundancy you would need the inside interfaces in the same vlan. If you do then use a dedicated vlan for this connectivity.

Having said that if you aren't looking for redundancy in the future then nothing wrong with the design you have at present.

Jon

dlawson001 Sun, 12/06/2009 - 16:05

Etherchannel is bad at redundancy so you may want to go with HSRP so that if one link goes down the entire link doesn't die (as would happen with etherchannel)

Removing the 2950 is a good call because its not doing anything but adding latency and an additional point of failure. You could probably even work it so that the WAN link goes directly into the 4507, freeing up more hardware, reducing latency and simplifying the design.

Correct Answer
Jon Marshall Sun, 12/06/2009 - 16:09

dlawson001 wrote:

Etherchannel is bad at redundancy so you may want to go with HSRP so that if one link goes down the entire link doesn't die (as would happen with etherchannel)

Removing the 2950 is a good call because its not doing anything but adding latency and an additional point of failure. You could probably even work it so that the WAN link goes directly into the 4507, freeing up more hardware, reducing latency and simplifying the design.

If the links from the 2950 switch are L2 then it should be etherchannel. How are you going to run HSRP on the same switch ie. you can't.

If a link fails in an etherchannel bundle then the other links stay up, that's the whole point of etherchannel.

As for removing the ASA you may want to check whether that is the company WAN or the internet. If it's the internet you definitely wouldn't want to remove the ASA.

Jon

dlawson001 Mon, 12/07/2009 - 05:18

Good point on the HSRP. I hadn't been thinking clearly. HSRP would require a second device to uplink to however its still important to know that etherchanneling increases the likelyhood of something going down. A fiber, a gbic, or interface gonig bad would result in a total outage of both links.

If the devices are next to each other than this shouldn't be an issue and etherchannel away. Otherwise make sure your customer is aware of the potential downfal of etherchanneling. Especially since it'll provide more bandwidth than your internet can provide over a single link. The only advantage is available bandwidth for the LAN.

Jon Marshall Mon, 12/07/2009 - 06:19

dlawson001 wrote:

Good point on the HSRP. I hadn't been thinking clearly. HSRP would require a second device to uplink to however its still important to know that etherchanneling increases the likelyhood of something going down. A fiber, a gbic, or interface gonig bad would result in a total outage of both links.

If the devices are next to each other than this shouldn't be an issue and etherchannel away. Otherwise make sure your customer is aware of the potential downfal of etherchanneling. Especially since it'll provide more bandwidth than your internet can provide over a single link. The only advantage is available bandwidth for the LAN.

Could you elaborate on the etherchannel issue as i am still not really understanding whay you mean. You say if the devices are next to each other - do you mean physically ie. within the racks ? If one of the links in an etherchannel fails then traffic is simply sent on the remaining links so it's unclear what you mean.

As for providing more bandwidth than the internet connection, can't see the relevance because even a single link would very probably provide more bandwidth than the internet connection unless it was a very expensive internet connection

The advanatages of etherchannel are as you say more bandwidth within the LAN ie. client/server traffic and link redundancy but you seem to be suggesting there is no link redundancy ?

Jon

dlawson001 Mon, 12/07/2009 - 06:54

Ok. I checked with my co-worker and apparently I remembered a test incorrectly. I retract my statements about etherchannel.

Jon Marshall Mon, 12/07/2009 - 07:07

dlawson001 wrote:

Ok. I checked with my co-worker and apparently I remembered a test incorrectly. I retract my statements about etherchannel.

No problem, just wanted to get to the bottom of it.

Jon

Actions

This Discussion