cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5280
Views
0
Helpful
14
Replies

Distribution layer Redundancy?

Jason Whitehead
Level 1
Level 1

Hello all, I am using a Catalyst 3560G layer 3 switch as my distribution switch, I am working on some network redundancy and this is a single point of failure, what is the best way to go about fixing this other than having a cold spare of the same model laying around?

Thank you,

-Jason

14 Replies 14

Jon Marshall
Hall of Fame
Hall of Fame

JasonWhitehead wrote:

Hello all, I am using a Catalyst 3560G layer 3 switch as my distribution switch, I am working on some network redundancy and this is a single point of failure, what is the best way to go about fixing this other than having a cold spare of the same model laying around?

Thank you,

-Jason

Jason

Is the existing 3560 responsible for inter-vlan routing ? And do you have access-layer switches uplinked to this switch.

If so the easiest thing to do is add another 3560 and connect them to each other with a L2 trunk and run HSRP for the inter-vlan routing. If you have the spare fibres you could uplink your access-layer switches to both 3560s.

If this isn't what you have let us know.

Jon

Hey Jon, Yes the switch currently does all inter-vlan routing, should I be making a trunk link between the distribution layer switches or configuring a EtherChannel?

also configuring HSRP, this is the link between the two switches, does this seem about right?

Switch1# configure terminal

Switch1(config)# interface gigabitethernet0/1

Switch1(config-if)# no switchport
Switch1(config-if)#ip add 192.168.1.2 255.255.255.0

Switch1(config-if)# standby ip 192.168.1.1

Switch1(config-if)# standby priority 120
Switch1(config-if)# standby 1 timers 5 15
Switch1(config-if)# end



Switch2# configure terminal
Switch2(config)# interface gigabitethernet0/1
Switch2(config-if)# no switchport
Switch2(config-if)#ip add 192.168.1.3 255.255.255.0
Switch2(config-if)# standby ip 192.168.1.1
Switch2(config-if)# standby priority 100
Switch2(config-if)# standby 1 timers 5 15
Switch2(config-if)# end

Can the virtual router interface be on the same subnet as the vlan 1 interface?

thanks

-Jason

Hi Jason,

Unfortunately that's not the correct way  to configure that. The link between the two switches shouldnot be  configured as Layer 3 link, it should be a L2 linkThe way to do it is  below :

1. Connect the two switches bac-to-back via a  L2 trunk link.

2. Connect all the access layer switches  via L2 trunk link to both the distribution 3560 switches.

3.  Configure MHSRP on the VLAN SVI's for active/standby redundancy.

4. Configure the PSVT for the active/standby vlan configurations at layer-2.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swhsrp.html#wp1061629

HTH,

Cheers,

-amit singh

Jason

As Amit says your config is for a L3 etherchannel. You actually want a L2 etherchannel trunk assuming you need to pass multiple vlans across the link.

Also be aware if you use MHSRP as Amit suggests this requires extra config in your DHCP setup because you need to explicitly setup multiple default-gateways on your DHCP server.

Nothing wrong with that but you can also simply load-balance vlans with HSRP active/standby and this does not require multiple default-gateways to be set.

Jon

Yes Multiple VLAN traffic needs to move across the link, all of my access layer switches have a trunk link to the current distribution switch which then does the Inter-Vlan routing, I do not want to setup multiple default gateways on my DHCP server, I would just like the second switch to become active and forward traffic if the first switch fails. so a trunk link between the two distribution switches is the way to go, This is configured the same as my access to distribution trunk links correct?

Thank you for the help.

JasonWhitehead wrote:

Yes Multiple VLAN traffic needs to move across the link, all of my access layer switches have a trunk link to the current distribution switch which then does the Inter-Vlan routing, I do not want to setup multiple default gateways on my DHCP server, I would just like the second switch to become active and forward traffic if the first switch fails. so a trunk link between the two distribution switches is the way to go, This is configured the same as my access to distribution trunk links correct?

Thank you for the help.

Jason

Yes you configure your interconnect between the two distribution switches as you have your uplinks from the access-layer switches. One thing you may want to do is to use more links on the interconnect and set the STP root and secondary to be your 2 distribution switches. That way STP will not block on the interconnect between your distro switches and blocks one of the uplinks instead which is what you want.

If you have multiple vlans one each access-layer switch then you can do a form of load-balancing by setting all the odd vlans as STP root on distro1 and all the even vlans as STP root on distro2. You then match the STP root with the HSRP active gateway ie. all the odd vlans have their active gateway on distro1 and all the even vlans have their active gateway on distro2.

Jon

Hey Jon, My 3560G came in today and i have been looking into HSRP and know how to configure it now. Few more concerns before i get started, Should the configurations be identical between the two switches? it does my Inter-Vlan Routing, for example should the Vlan Interface IP addresses be the same for both switches or will this cause an IP conflict?

Also I do not get any HSRP commands when in a layer 2 interface, but they are all there when in a Layer 3 interface, Does this mean it needs to be configured on a L3 interface?

Let me know what you think, Thanks

JasonWhitehead wrote:

Hey Jon, My 3560G came in today and i have been looking into HSRP and know how to configure it now. Few more concerns before i get started, Should the configurations be identical between the two switches? it does my Inter-Vlan Routing, for example should the Vlan Interface IP addresses be the same for both switches or will this cause an IP conflict?

Also I do not get any HSRP commands when in a layer 2 interface, but they are all there when in a Layer 3 interface, Does this mean it needs to be configured on a L3 interface?

Let me know what you think, Thanks

Jason

HSRP is configured under L3 interfaces which on the 3560G will be your L3 vlan interfaces. To run HSRP between 2 switches you need 3 IP addresses from the same subnet. One is used for each switch L3 vlan interface and the 3rd is the VIP (Virtual IP) that is shared between them. The VIP is the IP address you use for the default-gateway on the clients for that vlan.

Edit - Just reread rest of post. To clarify you do not want to configure HSRP on physical ports you have made L3 routed ports with "no switchport". You configure the HSRP under the L3 vlan interfaces on your switches ie.

HSRP active switch

===============

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 auth

standby 10 priority 110

standby 10 preempt

HSRP standby switch

================

int vlan 10

ip address 192.168.5.3 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 auth

you do the above for each of your vlans.

Jon

Oh wow, thats awesome, so im going to need to configure all my vlans with hsrp?

Also should the configs be the same between the switches? identical interface addressing?

JasonWhitehead wrote:

Oh wow, thats awesome, so im going to need to configure all my vlans with hsrp?

Also should the configs be the same between the switches? identical interface addressing?

Jason

Not sure what you mean. If you look at the example i gave on HSRP active switch the physical address used is 192.168.5.2, on the standby it is 192.168.5.3 and the virtual IP is 192.168.5.1 so they are not identical.

If you mean identical for all the vlan interfaces then no each vlan will have it's own IP subnet so for each vlan you need 3 addresses as per the example for vlan but for each vlan those 3 IPs will be different.

Jon

It's all coming together now! Is load balancing done by making , say every other vlan with a higher priority and preempt?

Hi,

Yes.that's right.

You can do in another way also.

Hope the above said, If you increase the priority vlaue in primary switch for some vlans and that will be active in primary and you can increase the priority value for some vlan's in secondary switch.

You can get redundance as well as loadbalance.

Regards

Karuppu

Sorry for the delayed response, I was implementing HSRP, Everything is working well, I have all my access layer switches and servers plugged into both switches, when I pull the plug on one switch the other one comes up and everything is in working order.

Problems: I had done the load balancing by configuring a higher priority on every other VLAN and this was working for a while. but I'm not quite sure how I should be configuring STP, it had blocked the wrong ports on the access layer switch preventing hosts from getting access, Can someone point me in the right direction on how I should be configuring STP to enable load balancing and what version of STP I should use?


Also the convergence took about 30 seconds, the end users would certainly notice this =) what should I be setting the timers to?

I have studied EtherChannels and the purpose of them, But I do not think they will really help in redundancy with how my network is setup, Would it be a good idea to add another uplink from the access to the distribution layer switch and put them in a etherchannel group for performance?

Thank you for all the help so far.

Hi,

In distruibution layer level we should have the redundancy.

we can use 2x3560 in live network to make distribution layer network redundancy.

L3 redundancy:

1.Configure all the L3 definition and current running configuration in both the switches with HSRP.so we can get L3 redundancy,In this scenario initally all the L3 gateway will active in primary ( In primary switch, HSRP value should be higher than secondary switch).If primary switch is down, all the L3 definition will move into secondary.(For more information please go through HSRP) automatically, so there will be no service impact.

L2 Redundncy:

1.Connect back to back 3560 switches with etherchannel trunk.

2.Connect all the access switches to both distribution switch, in this scenario even if one primary switch is fail, access layer traffic will divert to secondary distribution switch.

so there will be no service impact.

Thanks & Regards

Karuppu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: