11-15-2011 12:36 PM - edited 03-07-2019 03:24 AM
Hi
Virtualization driving me crazy.
3750 switch connects to Blade-switch_1 and Blade-switch_2
Spanning-tree mode is configured as rapid-pvst on 3750 switch, do I need to configure rapid-pvst on both blade-switches or keep the default pvst config.
3750 is running VTP domain HQ and transparent mode
Both Blade_switches are running VTP domain CLI and transparent mode
To configure Etherchannel between 3750 and blade-switch_1 do I need to have all devices in same vtp domain
cheers
SAM
Solved! Go to Solution.
11-16-2011 01:11 AM
I have understand, i suggest the things i write before, and even if not necessary because you only have one "core" configure the rpvst on the blade if possible. If in future you will have possibility to add another core in case of faillure the different time of convergence between two protocol can create a temporary loop. Why you use a bpduguard on trunk? you will receive bpdu on that interface and the link will flap. Portfast trunk is not necessary with rpvst. Keep attention on 3020 with channel group on it's reccomended to use active or passive.
11-16-2011 11:27 AM
Yes sam, and also remove port-security aging time, i suppose it is a command from an old config.
That command will be used in this cases:
11-15-2011 01:01 PM
Hi,
Are the blade switches Cisco also? If yes, configure the same STP on all of them.
HTH
11-15-2011 01:32 PM
Hi Reza
These are cisco blade switches 3020 which comes with HP enclosure.
There are Two switches 3020 both interconnected.
My plan to connect these two switches 3020 to our existing 3750, looking at some config sample I build this configuration but not sure if loop is created
*configuration On 3750 *
interface range gi 0/21 -22
description connected to blade-switch_1
no ip add
switchport
sw trunk encap dot1q
sw trunk allowed vlan 3,4,5
sw trunk native vlan 3
sw mode trunk
spanning-tree guard root
channel-protocol lacp
channel-protocol 1 mode active
* Blade-switch-1 configuration *
int range g0/9 - 10
channel-group 1 mode on
description connected to 3750
*configuration On 3750 *
interface range gi 0/23 -24
description connected to blade-switch_2
no ip add
switchport
sw trunk encap dot1q
sw trunk allowed vlan 3,4,5
sw trunk native vlan 3
sw mode trunk
spanning-tree guard root
channel-protocol lacp
channel-protocol 1 mode active
* Blade-switch-2 configuration *
int range g0/9 - 10
description connected to 3750
channel-group 1 mode on
any comment on this config
cheers
SAM
11-15-2011 02:20 PM
Hi Sam,
If the blade switches are 3020, they then can be stacked together, so they logically act as one switch. Then you build an eEtherchannel between the stack and your 3750. This way you are logically connecting one switch (2 blade switches) to one 3750, and don't have to rely on SPT.
HTH
Reza
11-15-2011 09:19 PM
Hi Reza
once you push the 3020 switches to the enclosure how can you see if these are stacked. possible to see from switch cli.
For Etherchannel I will use the same channel-procotol no .1. going to both 3060 switches. Any comments on the Etherchannel-configuration
*configuration On 3750 *
interface range gi 0/21 -22
description connected to blade-switch_1
no ip add
switchport
sw trunk encap dot1q
sw trunk allowed vlan 3,4,5
sw trunk native vlan 3
sw mode trunk
spanning-tree guard root
channel-protocol lacp
channel-protocol 1 mode active
* Blade-switch-1 configuration *
int range g0/9 - 10
channel-group 1 mode on
description connected to 3750
*configuration On 3750 *
interface range gi 0/23 -24
description connected to blade-switch_2
no ip add
switchport
sw trunk encap dot1q
sw trunk allowed vlan 3,4,5
sw trunk native vlan 3
sw mode trunk
spanning-tree guard root
channel-protocol lacp
channel-protocol 1 mode active
* Blade-switch-2 configuration *
int range g0/9 - 10
description connected to 3750
channel-group 1 mode on
cheers
SAM
11-16-2011 12:26 AM
In the past i've configured some blade 3020 with etherchannel vs 2 core 6509-E, if i remember correctly there are four gigabit eth on 3020. If you have only one 3750 you can configure all interfaces in a channel for one switch and the same with the other... 2 differen't port channels.... The 3020 can't be configured as a stack. VTP is not necessary because is only for autoconfigure all vlan that you have on all switch, and in some case it can be dangerous and delete all vlan in a second. Tshe vlan used by the user doesn't need to exist on server switch, and i suggest, to filter the trunk on access switch only with the necessary vlans so the broadcast between in the server's vlan doesn't affect the trunk of the user switch and trunk of wifi access point if you have.
11-16-2011 12:47 AM
Thanks Fabio
I am summarising complete scenario. Please share your opinion on the full config and if you see any loop.
There is no trunk config between blade-switches (green-connection in diagram is disabled)
Spanning-tree configured is Rapid-PVST on 3750 and PVST on blade-switches
***On 3750 ***
*configuration On 3750 *
interface range gi 0/21 -22
description connected to blade-switch_1
no ip add
switchport
sw trunk encap dot1q
sw trunk allowed vlan 3,4,5
sw trunk native vlan 3
sw mode trunk
spanning-tree guard root
channel-protocol lacp
channel-protocol 1 mode active
interface range gi 0/23 -24
description connected to blade-switch_2
no ip add
switchport
sw trunk encap dot1q
sw trunk allowed vlan 3,4,5
sw trunk native vlan 3
sw mode trunk
spanning-tree guard root
channel-protocol lacp
channel-protocol 2 mode active
interface port-channel 1
no ip add
switchport
sw trunk encap dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
interface port-channel 2
no ip add
switchport
sw trunk encap dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
-------------------------------------------------------------------------end of config 3750 ----------------------------------------------
* Blade-switch-1 configuration *
int range g0/9 - 10
channel-group 1 mode on
description connected to 3750
interface port-channel 1
no ip add
switchport
sw trunk encap dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
interface GigabitEthernet0/1 & 2
description <<** BladeServer-1 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
spanning-tree bpduguard enable
interface GigabitEthernet0/3 - 4
description <<** BladeServer-2 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
spanning-tree bpduguard enable
-----------------------------------------------------end-of-config-Blade-sw1------------------------------------------------------------
* Blade-switch-2 configuration *
int range g0/9 - 10
channel-group 2 mode on
description connected to 3750
interface port-channel 2
no ip add
switchport
sw trunk encap dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
interface GigabitEthernet0/1 - 2 ( port 1 and port 2 )
description <<** BladeServer-1 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
spanning-tree bpduguard enable
interface GigabitEthernet0/3 & 4 ( port 3 and port 4)
description <<** BladeServer-2 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
spanning-tree bpduguard enable
-----------------------------------------------------end-of-config-Blade-sw2------------------------------------------------------------
cheers
SAM
11-16-2011 01:11 AM
I have understand, i suggest the things i write before, and even if not necessary because you only have one "core" configure the rpvst on the blade if possible. If in future you will have possibility to add another core in case of faillure the different time of convergence between two protocol can create a temporary loop. Why you use a bpduguard on trunk? you will receive bpdu on that interface and the link will flap. Portfast trunk is not necessary with rpvst. Keep attention on 3020 with channel group on it's reccomended to use active or passive.
11-16-2011 09:12 AM
Fabio Thanks. I take these input from your reply.
1. configure RPVST on blade-switch
2. Remove bpduguard on trunk < This is not clear >
3. 3020 with channel-group is recommended to use active or passive < 3750 switch is active so had 3020_blade_sw as ON > do you see any issues with this config
Thanks again
SAM
11-16-2011 09:26 AM
For the point 3 you could use active, for the point 2 on trunk links switch use bpdu, with this command the switch send bpdu and the bpduguard enable put in errdisable the port and the link goes down.
11-16-2011 09:37 AM
Hi Sam,
Each 3120 should have SBU type connector for stacking. The pins and size of the connector differs from the 3750 series, but there is a slot for stacking.
Are you planning on stacking them?
see table-1
Http://www.cisco.com/en/US/docs/switches/blades/3120/hardware/quick/guide/3120gsg.html
HTH
11-16-2011 09:53 AM
the 3020 of Sam if i'm not wrong hasn't the stack connector as 3120... isn't it?
11-16-2011 10:29 AM
Reza
I got < cisco WS-CBS3020-HPQ >
Fabio you are right.
P#2 can you help me with correct command
(( this is waht you posted earlier :::::
for the point 2 on trunk links switch use bpdu, with this command the switch send bpdu and the bpduguard enable put in errdisable the port and the link goes down. ))
11-16-2011 11:07 AM
Simple remove that command from the interface where you have configured, and in generally the bpduguard will be never configured on legittimate trunk port, but eventually on trunk with access point or access port where bpdu will not be received and if received someone is trying to plug in a switch. You can configure on core and distribution switch the command root guard to prevent some switch that want to become root of stp, but with bpduguard when receive a bpdu from a switch on that port it'will go in errdisable state.
11-16-2011 11:19 AM
Thanks
This is the change you referred
*********************
Blade_Switch#2
*********************
interface GigabitEthernet0/1 - 2 ( port 1 and port 2 )
description <<** BladeServer-1 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
NO spanning-tree bpduguard enable
interface GigabitEthernet0/3 & 4 ( port 3 and port 4)
description <<** BladeServer-2 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
NO spanning-tree bpduguard enable
**********************
Blade_Swith#1
**********************
interface GigabitEthernet0/1 & 2
description <<** BladeServer-1 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
No spanning-tree bpduguard enable
interface GigabitEthernet0/3 - 4
description <<** BladeServer-2 **>>
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,5
switchport mode trunk
switchport port-security aging time 20
no cdp enable
spanning-tree portfast trunk
No spanning-tree bpduguard enable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide