cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1884
Views
0
Helpful
5
Replies

What is optimal way to connect two core switch/routers

jimmyc_2
Level 1
Level 1

We have two 4507s at our core, running HSRP. We have three other 4507s at the edge, plus eight 2950s. All edge switches and WAN routers are connected to both core 4507s.

We have a Port-Group of two wires connecting the core switches together, and we built a VLAN interface (with an IP address) on each switch. This is L3 connection between the core switches.

We have NO direct trunk connecting the switches together, so there is no L2 connections directly between these two core switches. (The port-group mentioned above only operates on one VLAN)

I'm fighting all kind of STP and HSRP glitches, and I'm guessing that my connections between the core switches are partially to blame.

Bottom line: what is the preferred way to connect two core switch/routers?

5 Replies 5

Hi jim,

would recommend something similar to the sketch below!

The main point are;

* Layer-3 connections between Cores and Routers, these can be a access port/vlan/SVI on Core this vlan doesnt not be to be known by the peer core.

e.g. vlan2 for link btw C1 to R1 and vlan3 for link btw C2 to R2.

* Layer-2 trunk connections between Cores; allowing access vlans and preferable a new vlan to serve as a point-to-point link btw C1 and C2. e.g vlan4 for link between C1 and C2.

* Run Rapid-PVST and define pry/sec root bridges on C1 and C2.

* HSRP active gateway needs to align with the spanning topology or user L2 hops to gateway wont be optimal.

e.g. from below if C1 should be root bridge and HSRP active peer for VLAN100.

R1 R2

| |

L3 L3

| |

C1-L2-C2

\ /

\ X (blocked)

\ /

A1(User VLAN100)

Hope this help.

Good Luck!

Thanks for prompt, if somewhat disjointed, reply. We have a compressed distribution/core network. Access switches and access WAN routers feed into two core (EIGRP-enabled)4507s.

I have 15 HSRP groups on the core 4507s, basically one HSRP group for each VLAN coming in from the access devices.

Are you saying I should have one wire (or two in a port-group bundle) that connect the core 4507s, and allow this wire to trunk all VLANs between core switches? Or are you saying I should designate VLAN4 interface on each end and route between the two core switches?

BTY, The top core switch is both the root for STP and active (higher priority) for all HSRP.

Both, such that your trunk between cores with caryy access VLANs and VLAN4 only, and yes this link could be an etherchannel bundle preferable.

You would then form the following EIGRP Adj.;

C1<->C2 (over VLAN4)

C1<->R1 (over VLAN2)

C2<->R2 (over VLAN3)

Acces VLAN interfaces should be passive

The purpose of VLAN4 is for both core to have dedicated alternate paths out and not possible route through user vlans in the case of a failure between the cores directly connected Router.

Thanks Nyr,

I'd like to restate your suggestion, just to ensure I've got everything correct.

Your saying the following:

1. All VLAN interfaces connecting my core switches to my access switches should be passive.

2. VLAN4 is not passive, and is the routable connection between the core switches.

3. VLAN4, and all other VLANs, are trunked on a etherchannel port-group between the two core switches.

Thanks.

Hi Nyr,

You still out there? Please confirm that my understanding is correct, thanks.

1. All VLAN interfaces connecting my core switches to my access switches should be passive.

2. VLAN4 is not passive, and is the routable connection between the core switches.

3. VLAN4, and all other VLANs, are trunked on a etherchannel port-group between the two core switches.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco