Add redundancy on switch

Answered Question
May 3rd, 2012

Hi all

In our branch site we got 3560 switch and Two switches 2960.  Both the 2960 switches are connected to 3560 and all working.

To have back redundancy we want the unuse port on both 2960 to connect to each other.

3560 gi0/0------------------------------------gi0/0 2960_sw_1

3560 gi0/1-------------------------------------gi0/0 2960_sw_2

configuration on all ports above are

switchport trunk encapsulation dot1q

switchport mode trunk

we want to connect now

2960_sw_1 gi 0/1--------------------------------------------gi0/1 2960_sw_2

do we need the same config on gi0/1 of 2960_sw1 & sw2.

Also 3560 is reachable via two different path which path will be preferred and how to ensure there is no loop

thanks to all

Paul

I have this problem too.
0 votes
Correct Answer by Sergey Fer about 1 year 11 months ago

That is acceptable config for 3560. It has high probability to be STP root in all VLANs that you have now and will create in the future. If 3560 is your Core devise it is not bad design. Therefore your new link (between two Cat2960s) will automatically be blocked by one of 2960s.

Take into considerations that this described behavior will take place in all VLANs you have. So your switches must have the identical VLAN databases (be VTP syncronized, for example) and Native VLANs on your trunks must be identical on both sides of each trunk.

It is not neccessary to make any STP config changes to 2960s if you are not ready to deep dive into STP.

STP itself doesn't restrict anybody to connect any device to any port. It has another settings that (by default) are off. That setting are port-based and you may or may not want use them. They are:

- PortFast (spanning-tree portfast). One of 3560's port is set as portfast. It is a acceleration technology that allows switch to speed up it's STP procedure when end host or another STP-not-aware device is connected to port.

- BPDU Guard (spanning-tree bpduguard enable). This (and only this) technology will block the port if it will see any STP traffic on it. So if you will connect any switch to a port where BPDU Guard is enabled, that port will be blocked.

- BPDU Filter (spanning-tree bpdufilter enable). This technology creates a boundary of a STP domain and filters STP traffic through a port in both directions.

If you do not use any of these technologies you are free to connect any device to your switch(es). Probably your new device will generate it's own STP frames and will become part of your STP domain. Is it a good or bad? It's not a technological but design question. When you have 3 switches - it is a simple case, when you have more switches you need to think about design in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Sergey Fer Thu, 05/03/2012 - 01:04

WoW

Connecting two Cisco switches to each other you will automatically start a number of network activities:

1. Autonegotiation (L1 Ethernet). This protocol will try to negotiate speed and duplex on both sides.

Hope thes stage will finish correctly without precise configuration and you will get 1G/Full Duplex.

2. DTP (Dynamic Trunking Protocol). This protocol will try to negotiate Trunk/Access mode and (if trunk) trunking protocol (ISL or 802.1q). 2960 doesn't support ISL, 3560 - does. But they are by default in "dynamic auto" state, therefore they will not negotiate anything through DTP. So if you wish to have a trunk - you need to state this directly on both sides or to make one side "dynamic desirable" with a command switchport mode dynamic desirable. If you prefer static method through switchport mode trunk command it is recommended to turn DTP off using switchport nonegotiate command.

3. If you have a trunk you will automatically will have VTP (VLAN Trunking Protocol) on it. As I can see it already works. Nothing is needed to do.

4. The last but definitely NOT the least. You will have STP (Spanning-tree Protocol). By default Cisco switches use per-VLAN STP. This means that you will have one STP instance in each VLAN. Is STP already set up? If not - first of all prepare a good configuration for it. 3560 probably must be a root for all VLANs and your new link must be blocked for all VLANs. This protocol (STP) will make a loop-free topology for you in your new network and helps you in determining which path to use. If you will not set it up correctly, your network will start behave inpredictably.

paultim68 Thu, 05/03/2012 - 01:39

Hi all

thanks fsv for the info, how to check if STP is configured or it got default STP config. the 2960 switch are in vtp client mode now.

Sergey Fer Thu, 05/03/2012 - 01:54

Well, it's difficult to describe STP in a few words...

If you didn't configure STP all switches will have default configs. Try show running-config | incl spanning. If you will not see many strings - you have no config for STP. It is not good because you do not have a full control over you network and soon network will take control over you Joke...

Let's start from the beginnig. Try command show spanning-tree on your 3560 and 2960s. It will show you your current STP configuration and describes topology you have in your network. Because of there is no loops in network yet the most important thing you'll see is who is a root(s) in your STP tree(s).

paultim68 Thu, 05/03/2012 - 02:32

FSV

it shows pvst-mode, 3560 as root bridge for vlans

output of command show running-config | incl spanning

show running-config | incl spanning

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-1024 priority 0

spanning-tree portfast

is this correct config for STP on 3560. I do not see any config for STP on 2960

do STP also avoid anyone connecting wireless-accces-point and another switch to the same 2960, we need this too..

thanks

Paul

Correct Answer
Sergey Fer Thu, 05/03/2012 - 03:04

That is acceptable config for 3560. It has high probability to be STP root in all VLANs that you have now and will create in the future. If 3560 is your Core devise it is not bad design. Therefore your new link (between two Cat2960s) will automatically be blocked by one of 2960s.

Take into considerations that this described behavior will take place in all VLANs you have. So your switches must have the identical VLAN databases (be VTP syncronized, for example) and Native VLANs on your trunks must be identical on both sides of each trunk.

It is not neccessary to make any STP config changes to 2960s if you are not ready to deep dive into STP.

STP itself doesn't restrict anybody to connect any device to any port. It has another settings that (by default) are off. That setting are port-based and you may or may not want use them. They are:

- PortFast (spanning-tree portfast). One of 3560's port is set as portfast. It is a acceleration technology that allows switch to speed up it's STP procedure when end host or another STP-not-aware device is connected to port.

- BPDU Guard (spanning-tree bpduguard enable). This (and only this) technology will block the port if it will see any STP traffic on it. So if you will connect any switch to a port where BPDU Guard is enabled, that port will be blocked.

- BPDU Filter (spanning-tree bpdufilter enable). This technology creates a boundary of a STP domain and filters STP traffic through a port in both directions.

If you do not use any of these technologies you are free to connect any device to your switch(es). Probably your new device will generate it's own STP frames and will become part of your STP domain. Is it a good or bad? It's not a technological but design question. When you have 3 switches - it is a simple case, when you have more switches you need to think about design in advance.

Actions

Login or Register to take actions

This Discussion

Posted May 3, 2012 at 12:39 AM
Stats:
Replies:5 Avg. Rating:5
Views:565 Votes:0
Shares:0
Tags: redundancy, add
+

Related Content

Discussions Leaderboard

Rank Username Points
1 14,997
2 8,150
3 7,725
4 7,083
5 6,727
Rank Username Points
175
84
75
59
55