02-20-2010 08:36 AM - edited 03-06-2019 09:48 AM
Hello all, I am using a Catalyst 3560G layer 3 switch as my distribution switch, I am working on some network redundancy and this is a single point of failure, what is the best way to go about fixing this other than having a cold spare of the same model laying around?
Thank you,
-Jason
02-20-2010 08:55 AM
JasonWhitehead wrote:
Hello all, I am using a Catalyst 3560G layer 3 switch as my distribution switch, I am working on some network redundancy and this is a single point of failure, what is the best way to go about fixing this other than having a cold spare of the same model laying around?
Thank you,
-Jason
Jason
Is the existing 3560 responsible for inter-vlan routing ? And do you have access-layer switches uplinked to this switch.
If so the easiest thing to do is add another 3560 and connect them to each other with a L2 trunk and run HSRP for the inter-vlan routing. If you have the spare fibres you could uplink your access-layer switches to both 3560s.
If this isn't what you have let us know.
Jon
02-22-2010 10:51 AM
Hey Jon, Yes the switch currently does all inter-vlan routing, should I be making a trunk link between the distribution layer switches or configuring a EtherChannel?
also configuring HSRP, this is the link between the two switches, does this seem about right?
Switch1# configure terminal
Switch1(config)# interface gigabitethernet0/1
Switch1(config-if)# no switchport
Switch1(config-if)#ip add 192.168.1.2 255.255.255.0
Switch1(config-if)# standby ip 192.168.1.1
Switch1(config-if)# standby priority 120Switch1(config-if)# standby 1 timers 5 15Switch1(config-if)# end
Switch2# configure terminal
Switch2(config)# interface gigabitethernet0/1
Switch2(config-if)# no switchport
Switch2(config-if)#ip add 192.168.1.3 255.255.255.0
Switch2(config-if)# standby ip 192.168.1.1
Switch2(config-if)# standby priority 100Switch2(config-if)# standby 1 timers 5 15
Switch2(config-if)# end
Can the virtual router interface be on the same subnet as the vlan 1 interface?
thanks
-Jason
02-22-2010 12:38 PM
Hi Jason,
Unfortunately that's not the correct way to configure that. The link between the two switches shouldnot be configured as Layer 3 link, it should be a L2 linkThe way to do it is below :
1. Connect the two switches bac-to-back via a L2 trunk link.
2. Connect all the access layer switches via L2 trunk link to both the distribution 3560 switches.
3. Configure MHSRP on the VLAN SVI's for active/standby redundancy.
4. Configure the PSVT for the active/standby vlan configurations at layer-2.
HTH,
Cheers,
-amit singh
02-22-2010 02:39 PM
Jason
As Amit says your config is for a L3 etherchannel. You actually want a L2 etherchannel trunk assuming you need to pass multiple vlans across the link.
Also be aware if you use MHSRP as Amit suggests this requires extra config in your DHCP setup because you need to explicitly setup multiple default-gateways on your DHCP server.
Nothing wrong with that but you can also simply load-balance vlans with HSRP active/standby and this does not require multiple default-gateways to be set.
Jon
02-22-2010 03:07 PM
Yes Multiple VLAN traffic needs to move across the link, all of my access layer switches have a trunk link to the current distribution switch which then does the Inter-Vlan routing, I do not want to setup multiple default gateways on my DHCP server, I would just like the second switch to become active and forward traffic if the first switch fails. so a trunk link between the two distribution switches is the way to go, This is configured the same as my access to distribution trunk links correct?
Thank you for the help.
02-22-2010 03:14 PM
JasonWhitehead wrote:
Yes Multiple VLAN traffic needs to move across the link, all of my access layer switches have a trunk link to the current distribution switch which then does the Inter-Vlan routing, I do not want to setup multiple default gateways on my DHCP server, I would just like the second switch to become active and forward traffic if the first switch fails. so a trunk link between the two distribution switches is the way to go, This is configured the same as my access to distribution trunk links correct?
Thank you for the help.
Jason
Yes you configure your interconnect between the two distribution switches as you have your uplinks from the access-layer switches. One thing you may want to do is to use more links on the interconnect and set the STP root and secondary to be your 2 distribution switches. That way STP will not block on the interconnect between your distro switches and blocks one of the uplinks instead which is what you want.
If you have multiple vlans one each access-layer switch then you can do a form of load-balancing by setting all the odd vlans as STP root on distro1 and all the even vlans as STP root on distro2. You then match the STP root with the HSRP active gateway ie. all the odd vlans have their active gateway on distro1 and all the even vlans have their active gateway on distro2.
Jon
03-03-2010 12:19 PM
Hey Jon, My 3560G came in today and i have been looking into HSRP and know how to configure it now. Few more concerns before i get started, Should the configurations be identical between the two switches? it does my Inter-Vlan Routing, for example should the Vlan Interface IP addresses be the same for both switches or will this cause an IP conflict?
Also I do not get any HSRP commands when in a layer 2 interface, but they are all there when in a Layer 3 interface, Does this mean it needs to be configured on a L3 interface?
Let me know what you think, Thanks
03-03-2010 01:01 PM
JasonWhitehead wrote:
Hey Jon, My 3560G came in today and i have been looking into HSRP and know how to configure it now. Few more concerns before i get started, Should the configurations be identical between the two switches? it does my Inter-Vlan Routing, for example should the Vlan Interface IP addresses be the same for both switches or will this cause an IP conflict?
Also I do not get any HSRP commands when in a layer 2 interface, but they are all there when in a Layer 3 interface, Does this mean it needs to be configured on a L3 interface?
Let me know what you think, Thanks
Jason
HSRP is configured under L3 interfaces which on the 3560G will be your L3 vlan interfaces. To run HSRP between 2 switches you need 3 IP addresses from the same subnet. One is used for each switch L3 vlan interface and the 3rd is the VIP (Virtual IP) that is shared between them. The VIP is the IP address you use for the default-gateway on the clients for that vlan.
Edit - Just reread rest of post. To clarify you do not want to configure HSRP on physical ports you have made L3 routed ports with "no switchport". You configure the HSRP under the L3 vlan interfaces on your switches ie.
HSRP active switch
===============
int vlan 10
ip address 192.168.5.2 255.255.255.0
standby 10 ip 192.168.5.1
standby 10 auth
standby 10 priority 110
standby 10 preempt
HSRP standby switch
================
int vlan 10
ip address 192.168.5.3 255.255.255.0
standby 10 ip 192.168.5.1
standby 10 auth
you do the above for each of your vlans.
Jon
03-03-2010 01:14 PM
Oh wow, thats awesome, so im going to need to configure all my vlans with hsrp?
Also should the configs be the same between the switches? identical interface addressing?
03-03-2010 01:34 PM
JasonWhitehead wrote:
Oh wow, thats awesome, so im going to need to configure all my vlans with hsrp?
Also should the configs be the same between the switches? identical interface addressing?
Jason
Not sure what you mean. If you look at the example i gave on HSRP active switch the physical address used is 192.168.5.2, on the standby it is 192.168.5.3 and the virtual IP is 192.168.5.1 so they are not identical.
If you mean identical for all the vlan interfaces then no each vlan will have it's own IP subnet so for each vlan you need 3 addresses as per the example for vlan but for each vlan those 3 IPs will be different.
Jon
03-03-2010 02:22 PM
It's all coming together now! Is load balancing done by making , say every other vlan with a higher priority and preempt?
03-03-2010 06:09 PM
Hi,
Yes.that's right.
You can do in another way also.
Hope the above said, If you increase the priority vlaue in primary switch for some vlans and that will be active in primary and you can increase the priority value for some vlan's in secondary switch.
You can get redundance as well as loadbalance.
Regards
Karuppu
03-11-2010 01:10 PM
Sorry for the delayed response, I was implementing HSRP, Everything is working well, I have all my access layer switches and servers plugged into both switches, when I pull the plug on one switch the other one comes up and everything is in working order.
Problems: I had done the load balancing by configuring a higher priority on every other VLAN and this was working for a while. but I'm not quite sure how I should be configuring STP, it had blocked the wrong ports on the access layer switch preventing hosts from getting access, Can someone point me in the right direction on how I should be configuring STP to enable load balancing and what version of STP I should use?
Also the convergence took about 30 seconds, the end users would certainly notice this =) what should I be setting the timers to?
I have studied EtherChannels and the purpose of them, But I do not think they will really help in redundancy with how my network is setup, Would it be a good idea to add another uplink from the access to the distribution layer switch and put them in a etherchannel group for performance?
Thank you for all the help so far.
02-20-2010 08:56 AM
Hi,
In distruibution layer level we should have the redundancy.
we can use 2x3560 in live network to make distribution layer network redundancy.
L3 redundancy:
1.Configure all the L3 definition and current running configuration in both the switches with HSRP.so we can get L3 redundancy,In this scenario initally all the L3 gateway will active in primary ( In primary switch, HSRP value should be higher than secondary switch).If primary switch is down, all the L3 definition will move into secondary.(For more information please go through HSRP) automatically, so there will be no service impact.
L2 Redundncy:
1.Connect back to back 3560 switches with etherchannel trunk.
2.Connect all the access switches to both distribution switch, in this scenario even if one primary switch is fail, access layer traffic will divert to secondary distribution switch.
so there will be no service impact.
Thanks & Regards
Karuppu
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: