im starting to think how to do a redundancy between my 2 cores switches (4506).
So I did a topology (attachment) and i'd like some help about some questions.
About the connections, Should I plug the switches like the picture? Or not?
How should I do that?
About Spanning-tree, How will spanning-tree work? Will it help me? Should I configure it?
Thanks so much.
The best design is to connect two trunks from each 3560 each one to different core switch.
If you are going to use Layer2 design, be careful to run and apply Rapid Per-VLAN STP with HSRP.
But be careful to match STP parameters with HSRP.
For example, the first 3506 switch is connected by two trunks to the core switches, one of the two trunks will be blocked by STP and the other is forward, at the same time the core switch which the forwarded trunk is attached must be in HSRP active and the other core will be in standby (blocked trunk.
One more hint, make half of the VLANs to be STP forwarded and HSRP active at the first core and the second half is STP forwarded and HSRP active at the second core switch to load-balance the traffic.
Ok...I will make half of the Vlans to be STP forwarded like you said.
But, i cant plug two trunk from each 3560 to a diferent core switch, cause i dont have many ports on the core switches.
If I stay with this network design...will i have problems?
If you don't have enough ports at the core you will split half of the VLANs to one of the two core switches and the second hald to the second core switch as we said before. BUT, this will make the two trunks from those access witches to the core very congested, imagine that you have (8) 3560 switches one of the two trunks will carry the traffic from the four access switches. i.e. one Gbps trunk will carry the traffic from the four access switches!
in addition to the availability, image one of the trunks between between access switches goes down?!!!
Plus the access switches will act as transit switches.
I advise you to purchase a new network ethernet module to each of the two core switches.
Unfortunately, my superiors will not buy another ethernet module, so i have to work with this topology at all.
But, if I use this topology, like you said, what happen if a 3560 switch plugged at one of cores goes down... what happens with the host that have this trunk as you primary way? Will the host flow trought the other trunk?
OK, as we said make the first core switch root switch for half of the VLANs and the second one root switch for the other VLANs.
Make sure that the blocked link not the trunk between the two core switches, this trunk must be forward all the time for all the VLANs.
If one of the trunks failed all the traffic will use 1 Gbps trunk only!
For STP use Rapid-PerVLAN STP.
Please remember that this STP type is per VLAN, so for each VLAN you will see STP instance.
The configuration is by enable the STP mode at each switch first.
At the core switches, issue the following command,
spanning-tree vlan 10,20,30 root primary
spanning-tree vlan 40.50.60 root secondary
For HSRP, make the interface VLANs for 10.20.30 active and the VLAN interfaces 40.50.60 standby
spanning-tree vlan 40,50,60 root primary
spanning-tree vlan 10,20,30 root secondary
For HSRP, make the interface VLANs for 40,50,60 active and the VLAN interfaces 10,20,30 standby
Using the example you gave me, what happens on the first core if a packet came from the vlan 40, and the second core is the active for vlan 40...the first core send the packet to the second core?
Core1 will forward to core2 through the trunk between the two cores.
It is high recommended to be the STP root with HSRP active at the same core.
Please rate when done.
Are you running a routing-enabled image on the switches? If I were you, here's what I would do:
* Use only layer-3 links in the core
* Dual-uplink all the access-layer switches at layer-3
* Configure an IGP (OSPF or EIGRP) throughout the routing domain.
* Configure each of the hosts in their respective vlan segments. Their default gateway would be an SVI on their respective 3560.
* Don't connect the access-layer 3560's together unless you have a very good reason for doing so.
In implementing things this way you'll get much faster failover times than HSRP can provide, and you'll nearly eliminate having to deal with spanning-tree completely. By dual-uplinking the access-layer switches, you'll have the added benefit of load balancing instead of at best working in an active/standby scenario.
The scenario you said is really the correct, but, on my organization its impossible to do, because of money and others issues.
I really want to do this way, but i cant.
Thank you so much