Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
15
Helpful
6
Replies

Simple Distribution/Access Layer Design

Nicholas Beard
Level 1
Level 1

‎11-16-2010 06:43 AM - edited ‎03-06-2019 02:04 PM

An uninformed sales department has sold the following to a customer with approximately 45 end users on its first floor -

1. Cisco 2960G x 24 Port

2. Cisco 2960G x 24 Port

3. Cisco 2960 x 48 Port with 4 GB SFP

4. ASA 5510

The current (laughable) design, was to connect the two 2960G switches with a L2 etherchannel and then daisy chain the non G 2960 off the 1st 2960G.  Unfortunately, i have been tasked with implementing this so called "solution" and am not willing to do so, for quite obvious reasons.   I am looking at a better solution to present to the customer as follows -

Unfortunately i am stuck with making the best of what has been ordered.  Therefore i propose to use both the 2960G switches as the collapsed Distribution Layer with a L2 etherchannel between them (no layer 3 is a problem).  Set the first 2960G as the primary root bridge and the second as the secondary root bridge.   Then use dual etherchannel links from the 2960 48 to each of the 2960G switches.  The network will have two VLANs which will have to traverse the distribution layer due to the Layer 2 limitation.  STP will mean the the secondary 2960G uplink will be in a blocking state therefore i plan to use RSTP for rapid convergance should the primary switch ever fail.  I will then setup the access layer switch with portfast and BPDU guard on all access ports, and use uplink fast on the uplink channels.

I will then have the ASA 5510 sat with redundant interfaces within the two distribution switches.

I also plan on placing the Servers off the primary distribution switch due to the limitation of 100MB from the access switch.

My question therefore, is...

1.  Is this an acceptable solution and are then any additional recommendations anybody can make?

2.  Is the placement of the servers the best possible solution in this scenario?

3.  What are the drawbacks and benefits of clustering the two distribution switches?  Will i still be able to perform the above solution with the switches clustered?

Thank you for your time everyone.

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎11-16-2010 08:09 AM


Nicholas

As you say, L3 switches would be better.


Personally i would do much as you say with a few proviso -

1) When you say there are 2 vlans, does that include the server vlan ? If not i would "load-balance" the 2 vlans on the 48 port switch over both uplinks ie. one uplink to primary switch is active for one vlan and the other uplink is active for the other vlan

2) you should look if at all possible to dual hone your servers to both 24 port switches. The loss of the primary switch takes out all servers which is not really acceptable. Failing that, and depending on what apps the servers are for, spread the servers over the 2 24 port switches. That way if you lose one switch there is a chance that the users can still do meaningful work. Like i say though, it depends on the apps on the servers.

3) RSTP should be a given in modern networks as long as the hardware supports it.

4) routing between vlans off the ASA is not a great idea but i totally understand you are limited by the equipment provided.

Jon

lamav
Level 8
Level 8
In response to Jon Marshall

‎11-16-2010 11:12 AM

Jon, I sent you a private message....thanks

0 Helpful

Nicholas Beard
Level 1
Level 1
In response to Jon Marshall

‎11-19-2010 12:35 AM

Jon,

Thanks for the reply, unfortunately the original design prevailed over my attempted efforts to my amazement (poor customer).

A quick question, regarding load balancing the VLANs across the redundant uplinks.  Would this mean i would need to run MST and setup the switches within an MST region?  It seems a little overkill for two VLANs but i guess it is future proof and any additional VLANs could then be added.

With regards the servers, they are setup as full LACP 4GB channels therefore i was unable to load balance them.  If i was to cluster the distribution switches, would that allow me to then setup a full LACP cluster across switches?  In this typical small campus block design, would clustering the switches detract from anything?

Thanks

Nick

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Nicholas Beard

‎11-19-2010 12:52 AM 

ttgmaverick wrote:
Jon,
Thanks for the reply, unfortunately the original design prevailed over my attempted efforts to my amazement (poor customer).
A quick question, regarding load balancing the VLANs across the redundant uplinks.  Would this mean i would need to run MST and setup the switches within an MST region?  It seems a little overkill for two VLANs but i guess it is future proof and any additional VLANs could then be added.
With regards the servers, they are setup as full LACP 4GB channels therefore i was unable to load balance them.  If i was to cluster the distribution switches, would that allow me to then setup a full LACP cluster across switches?  In this typical small campus block design, would clustering the switches detract from anything?
Thanks
Nick

Nick

No you don't need to use MST. You simply alternate the STP (RSTP preferably) root for the vlans between the 2 switches and match that with the HSRP active gateway. So the link between the 2 24 port switches should never block. The uplink that blocks is the one going to the STP secondary switch.

No you cannot run etherchannel across the cluster. For that you would need 3750 switches running MEC (Multichassis etherchannel) or VSS (6500) or VPC (Nexus). I would strongly recommend not etherchanneling the servers to the same switch unless throughput is the main concern. It is too much of a single point of failure. If you have multiple NICs which you do if you can etherchannel you would be far better to dual hone to both 24 port switches.

Jon

Nicholas Beard
Level 1
Level 1
In response to Jon Marshall

‎11-19-2010 01:30 AM

Ah i see, so set the port priorities for spanning tree to alternate distribution switches based on the VLAN membership.  With regards the servers, it is often dependant on their role within the network.  For example, i would often load balance a domain controller for redundancy, but use LACP for throughput on an Exchange Server.  In this scenario i was unfortunately, limited by the equipment on offer and as such had to run with the single switch server connection.  What advantages does the clustering feature on the 2960 switches offer, other than the obvious reduction in administrative overhead?

Thank you for your time, sorry to pose so many questions!!

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Nicholas Beard

‎11-19-2010 01:40 AM 

ttgmaverick wrote:
Ah i see, so set the port priorities for spanning tree to alternate distribution switches based on the VLAN membership.  With regards the servers, it is often dependant on their role within the network.  For example, i would often load balance a domain controller for redundancy, but use LACP for throughput on an Exchange Server.  In this scenario i was unfortunately, limited by the equipment on offer and as such had to run with the single switch server connection.  What advantages does the clustering feature on the 2960 switches offer, other than the obvious reduction in administrative overhead?
Thank you for your time, sorry to pose so many questions!!

Nick

No need to apologise, asking questions is what CSC is for

Clustering simply allows you to manage a group of switches with one management IP. In terms of throughput etc, in your case it offers nothing unfortunately. Really the big improvement would be if you could run 3750s as mentioned but i suspect that is not an option.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card