L2 Link to DC2

Ibrahim Jamil · ‎02-23-2012

Hi Guys

when y extend the servers subnet to onother data center over dark fiber ,so the port will be configured as trunk and only allow the vlan server to cross the trunk,let say the vlan server is VLAN 10,so command will be like below

int g1/1

desc L2 Link to DC2

switchport trunk encapsulation dot1q

switchport mode trunk

switchport allow vlan 10

is it correct?

what is the command to isolate STP domain each other?

Thanks

Ibrahim

Reza Sharifi · ‎02-23-2012

Hi

Your config is correct keep in mined if you. Have only one vlan crossing the link you can have the link as an access port

Not sure what you mean by stp domain

Are you referring to MST domain?

HTH

Sent from Cisco Technical Support iPhone App

Ibrahim Jamil · ‎02-23-2012

Hi Riza

isolate STP Domain is to filter BPDU on each side of the Link to prevent TCN issue

fb_webuser · ‎02-23-2012

You are not specific in your description. What do you mean when you say you want to "isolate STP domains from each other"?

There are many ways to do this. You can convert the link to a pure L3 link, and route the traffic between the sites using IP.

You can also do what sharifimr mentioned, convert the access port in each end to an access-port (switchport access vlan xxx / switchport mode access).

If you need to share bridged traffic in the form of a VLAN between the sites, but you do not want to exchange BPDUs between switches, you can enable BPDUFilter on the interfaces (spanning-tree bpdufilter enable), but DO NOT do this if you have redundant links, unless they are part of a port-channel/etherchannel.

If you have ASR1Ks or a Nexus 7K laying around, you can configure an OTV link, in which case you don't have to think about those pesky L2 issues associated with classic Ethernet...

HTH

Atle

---

Posted by WebUser Atle Ørn Hardarson

Ibrahim Jamil · ‎02-23-2012

Hi Atle

what is the ideal solution for that

is it trunk or access

the business driver for that is the goecluster for high availability

fb_webuser · ‎02-23-2012

Well, you can safely do switchport mode access / switchport access vlan 10

that would be a safe and sensible solution. Remember, there is no need for a 802.1Q trunk unless you are planning on transporting multiple VLANs through the link.

---

Posted by WebUser Atle Ørn Hardarson

Ibrahim Jamil · ‎02-24-2012

Hi

if i only transport the vlan servers [VLAN 10]over trunk,maybe that will stops the servers from communication with other VLANs,am i right?

fb_webuser · ‎02-25-2012

Yes, you can manually prune other VLANs from the link with the "switchport trunk allowed" command:

interface XX

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 10

This will only allow traffic for VLAN 10 over the trunk

Atle

---

Posted by WebUser Atle Ørn Hardarson

Ibrahim Jamil · ‎02-25-2012

Hi

interface X/X

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 10

This will only allow traffic for VLAN 10 over the trunk

now the servers can comunicate with other VLAN let say user vlan in VLAN 100

Thanks