On my distribution switch I will have an etherchannel to each access switch. If I have the same vlan spanning those access switches, wouldn't I need bridging for that?

Robert

robert.juric wrote:
On my distribution switch I will have an etherchannel to each access switch. If I have the same vlan spanning those access switches, wouldn't I need bridging for that?
Robert

Robert

No you don't need BVIs. If your distro switches are connected by a L2 trunk then STP will simply block one of the uplinks to the access switches per vlan. You simply configure a L3 SVI for each vlan on each distro switch and run HSRP between the vlan interfaces.

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Ohhhh I see, when I mentioned the above I was thinking of connecting the distro switches with via L3 interfaces. So then I thought STP wouldn't have a part in the design. Would I be correct if the distro switches were connected to each other by L3 interfaces? If so, what would the pros/cons be of either setup?

Robert

robert.juric wrote:
Ohhhh I see, when I mentioned the above I was thinking of connecting the distro switches with via L3 interfaces. So then I thought STP wouldn't have a part in the design. Would I be correct if the distro switches were connected to each other by L3 interfaces? If so, what would the pros/cons be of either setup?
Robert

Robert

Even if you connect the distro switches via L3 you still don't need BVIs because HSRP can still flow via the access-layer switches ie. if an access-layer switch has a L2 connection to each distro switch then HSRP messages will flow between the distro switches via the access-layer switches.

And yes, if you use L3 interconnect on the distro switches STP will not need to block any links although you should still enable STP for safety.

Jon

Ok, I see. I'm starting to understand. I assume in this situation it would be better to keep the L2 trunk between the distro switches to avoid the HSRP traffic from having to tranverse the access switch?

robert.juric wrote:
Ok, I see. I'm starting to understand. I assume in this situation it would be better to keep the L2 trunk between the distro switches to avoid the HSRP traffic from having to tranverse the access switch?

Good question actually. I have read design guides where Cisco recommend not using the access-layer switches as transit switches for traffic between 2 other switches ie. the distro switches in your case.

But if you run a L2 trunk then you do now have L2 loops in your topology which in itself is no bad thing but it takes more config if you want to use both uplinks from the access-layer switch. You can use both uplinks, note the L2 distro interconnect should never block, but you can only do it per vlan so for each vlan one uplink will be forwarding and one will be blocking.

If you have RSTP support on your switches then you don't really lose much in failover times.

I have also seen designs where the L3 is used and so HSRP traffic needs to go via the access-layer links. Advantage is both uplinks can forward traffic for the same vlan.

Personally it has always felt "wrong" to me to use the access-layer switches to pass traffic from one distro switch to the other so i would use a L2 trunk.

Jon

Robert:

Just to hit this from a different direction...I think you may be confused regarding terminology.

Before we had switches, we had bridges. Therefore, the two terms that are meant to describe the forwarding of packets based on MAC addresses are oftentimes used interchangably.

However, within the context of your question, bridging refers to the ability to forward packets between 2 or more router interfaces that have hosts connected to them in the same IP subnet. Unlike a L2/L3 switch, that can have many access ports in the same VLAN (and by extension, the same IP subnet), a router cannot have two routed interfaces that belong to the same IP subnet. For example, e0/0 -- 10.10.10.1/24 and e0/1 10.10.10.2/24 are not permissible on the same router. So,  to allow hosts on the same IP subnet to communicate through the router, bridging is configured.

With bridging, both router interfaces are placed into a bridge group and STP is enabled for that bridge group, simulating switched connections.

If a host hanging off one of these two bridged interfaces needs to connect to a host on another IP subnet, the traffic is forwarded to the BVI, which will have an IP address assigned to it and will act as the routed gateway for the bridged subnet.

In summary, to forward L2 frames from an access layer switch, up an L2 uplink, and into a distro switch requires only that you allow a switch to be a switch and do what it does naturally. The distro switches will have SVIs configured on both switches for that vlan and you can have HSRP configured under those interfaces. SVIs are also routed interfaces that act as the gateway for the hosts on the vlan.

HTH

Victor

"Would I be correct if the distro switches were connected to each other by L3 interfaces? If so, what would the pros/cons be of either setup?"

ideally, both a layer 2 and a layer 3 connection should exist between distribution layer switches.

L2 to fulfill the HSRP L2 adjacency requirements

L3 for faster router convergence -- its also can be a requirment when deploying multicasting.

As far as cross traffic is concerned, make the STP root bridge the same as the HSRP primary for each vlan. Flip flop them from vlan to vlan for load sharing.

HTH

Victor

How would you have both a L2 and L3 connection between the switches?

Robert:

Im not sure I understand your confusion. Do you mean that rhetorically or are you asking how to go about doing it?

I guess I'm speaking a little too literally, when you talk about both L2 and L3 connections, I though you meant over the same connection. I understand that I would have a L2 link physically connecting the distro switches, and then I would still have a L3 pathway connecting the switches through my edge router. Is that what you were talking about? Or did you mean having both L2 and L3 connections physically connecting the switches?

The latter...

Example...

EDIT (I added some SVI configs to be complete) EDIT

DISTRO 1

interface te9/1

description L2 trunk to distro 2 te9/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

interface te9/2

description routed interface to distro 2 te9/2

ip address 10.10.10.1 255.255.255.252

interface vlan 2

description user vlan

ip address 2.2.2.2 255.255.255.0

standby 2 ip 2.2.2.1

standby 2 priority 110

interface vlan 3

description user vlan

ip address 3.3.3.2 255.255.255.0

standby 3 ip 3.3.3.1

standby 3 priority 100

router ospf 1

passive-interface default

no passive-interface te9/2

network 10.10.10.1 0.0.0.0 area 0

network 2.2.2.2 0.0.0.0 area 0

network 3.3.3.2 0.0.0.0 area 0

==============================================

DISTRO 2

interface te9/1

description L2 trunk to distro 1 te9/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

interface te9/2

description routed interface to distro 1 te9/2

ip address 10.10.10.2 255.255.255.252

interface vlan 2

description user vlan

ip address 2.2.2.3 255.255.255.0

standby 2 ip 2.2.2.1

standby 2 priority 100

interface vlan 3

description user vlan

ip address 3.3.3.3 255.255.255.0

standby 3 ip 3.3.3.1

standby 3 priority 110

router ospf 1

passive-interface default

no passive-interface te9/2

network 10.10.10.1 0.0.0.0 area 0

network 2.2.2.3 0.0.0.0 area 0

network 3.3.3.3 0.0.0.0 area 0