PC 101 can ping PC 201 and vice versa. So InterVLAN routing is working.
If I break the link between ALS02 and CLS01, HSRP goes nuts.
show standby brief on CLS01 shows:
vl101 active, local with the remote node as standby
vl102 active, local, with the remote node as unknown
on CLS02, it shows
vl101 standby, with the remote node as active (10.10.101.2)
vl102 active, with the remote node as unknown.
I have a serious design flaw here and I don't know what it is.
Well, for one, HSRP more than likely doesn't use the routed path since both HSRP nodes are on the same subnet. If both diagonal links went dead, the HSRP'd SVIs on both sides would become active I think, each thinking they are the surviving members.
Ok, now I'm even more confused. I started another thread today regarding the layer 3 vs layer 2 link. My initial design had a Layer 2 link and I had spanning tree all figured out, everything seemed to be fine (on paper).
The CCNP Switch book (from Cisco Press) indicates that in a collapsed core, the two core switches have to be linked with a L3 link (best practice).
Now that complicated things for me and I'm trying to figure out how to make this work.
You're right about HSRP running over the uplinks. Isn't there a way to make this work through the L3? Why would Cisco recommend that if that's not going to work?
Its obvious that you need layer2 when you want to run hsrp on the core. You have learned that through experience now.
An alternative design that Cisco may point at is to have an all-L3 backbone.
For this one, the uplinks are also routed links and you must a run a routing protocol instead of STP.
In that case, hsrp is not necessary because the L3 for the acess layer is terminated on the access switch itself.
A potential drawback of this solution is that every acess switch has its own layer3 (ip range) which may lead to some inflexibility regarding the movement of devices between cabinets.
As to your last question: You have to opt for one of the solutions. Either L3 on the core with L2 in the access and on the uplinks or....
A completely L3 backbone in which hsrp is replaced by a routing protocol. You need to be able to run ospf/eigrp on the acces layer. This adds additional requirements to the capabilities of your access switches.
What could be done if a layer 3 link is needed would be to make that link a nonrouted link and create an SVI for it to run across the link along with your layer 2 vlans . This gives you layer 3 link for your routing protocols but would also keep your hsrp in the correct state. In your original drawing I assume the uplinks are trunked . Technically if say vlan 101 is on a single switch and the uplink goes down the SVI itself should have gone down on that side . If it did not then I assume you have trunked the uplinks and did not manually prune off unneeded vlans (best practice) which would then have kept that SVI in a up condition .If the plan is to have certain vlans across multiple switches then you would need the layer 2 crosslink for hsrp .
I don't think I 'need' a layer 3 link - it seems to complicate things a lot more that necessary, however I don't really want to do it the easy way, I want to do it the RIGHT way.
Option A: L3 switches everywhere - which is a no go as we already bought the gear
Option B: L2 link between the core switches which was my original design
Option C: What Glen proposed and I don't understand - Note that this is my first "complex" design with Cisco gear, I'm an IT vet of 22 years (Microsoft, Vmware, etc...) but completely new to this depth of telecom config/design. I did the CCNA last year and working on the CCNP as I design this lol
Yes my uplinks are all trunks. The VLANs are local to each L2 switch only, no VLANs across switches.
What do you mean by: "make that link a nonrouted link and create an SVI for it to run across the link along with your layer 2 vlans . This gives you layer 3 link for your routing protocols but would also keep your hsrp in the correct state."
and this is not clear either for me:
"Technically if say vlan 101 is on a single switch and the uplink goes down the SVI itself should have gone down on that side . If it did not then I assume you have trunked the uplinks and did not manually prune off unneeded vlans (best practice) which would then have kept that SVI in a up condition"
VLAN 101 is local to ALS01, and also exists on CLS01 for the SVI 101 interface of course. Now, if any of the links between the ALS and the CLS goes down, I get isolation issues. Where/what manual pruning would I need to do? I'm not using VTP at all so the only VLANs that exist are the appropriate ones at the appropriate place.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...