Re: regarding VTP and STP..

gauravm · ‎02-21-2007

hi,

i m having 2 65xx Core switches with me and around 10 49xx and 10 3560 switches with me ..connected in a triangle (65xx with etherchaneel and all rest of switches with dual connection to both the core switches.

need to know what is the best way to configure them so as to avoid STP loops and also for VLAN's flow .

shall i divide the switches in half and make both the core as root ...or one as root ...

Kindly Help...

Danilo Dy · ‎02-21-2007

Make sure your design will avoid problem in the future (STP loop). When it goes in production, its difficult to change the design its a nightmare for both the network engineer and the user. Follow the design consideration in this article http://tcpmag.com/archives/article.asp?EditorialsID=20

Simplicity is the key

Jon Marshall · ‎02-21-2007

Hi

Assuming that your 49xx & 3560 switches are using Layer 2 links to the 6500's and that the 6500's are doing the routing for you vlans. Also assuming that your are running HSRP between your 6500's for the SVI's.

Also asssuming you are using PVST+ or RPVST+.

What you can do is split your odd and even vlans ie you have two 6500 Core_switch1 & Core_switch2.

Make Core_switch1 the spanning-tree root for the odd vlans and the spannng-tree secondary for the even vlans.

Make Core_switch2 the spanning-tree root for the even vlans and spanning-tree secondary for the odd vlans.

You also match up your HSRP active gateways to this ie.

Active gateways for odd vlans on Core_switch1 and active gateways for even vlans on Core_switch2.

This way you utilise both links for data traffic.

That's one way to do it, the other way is simply to have Core_switch1 spanning-tree root for all vlans and have teh active gateways for all vlans and Core_switch2 spanning-tree secondary for all vlans ahd have standby address for all vlans.

We use the first in our datacentre and it works fine for us. if you do use the first and you balance traffic over both links be aware if you lose a link all traffic has to go across the other one so you might get a congested link.

HTH

Jon

HTH

Jon

gauravm · ‎02-27-2007

hi jon,

i m also using fwsm in my 6513 ,just need to know will it make any change to your proposed config ...

what should i use for the gateways of my traffic ??

do we have such a config in production network anywhere and can u send me the main portion related to this ..

Thanks in advance

Jon Marshall · ‎02-27-2007

Hi Guarav

Are you

1) using single or multiple mode on your FWSM ?

2) Using routing or transparent or a mixture of both ?

3) What version of code are you using.

in our datacentre we only have version 2.3. This means that one of our FWSM's is the active module nd the other is standby for all vlans. So we don't split the vlans as we would with spanning tree and HSRP.

With version 3.1 you can run both modules in active mode but i haven't done this.

HTH

Jon

gauravm · ‎02-27-2007

hi jon,

i have version 3.1 with me and 2 vitual fw/contexts.

do we have document or link describing how to configure it way...kindly let me know

thanks in advance,

Jon Marshall · ‎02-27-2007

Hi

With v3.1 you can run active/active which means FWSM1 could be active for one of your contexts and standby for the other and vice-versa on FWSM2.

Attached is a link to configuring FWSM v3.1 on 6500 switches.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_book09186a0080579a1e.html

HTH

Jon

glen.grant · ‎02-27-2007

As Jon says this is the conventional design where the hsrp active side would be the STP root for that vlan and the other 6509 would be setup as secondary root . For faster convergence you can adjust the hsrp timers and use rapid spanning tree . If you adjust the hsrp timers make sure they are all exactly alike and do not make them too short as this could cause hsrp flapping .