Design Question

We proposed a standard setup for a LAN to one of our customers, where the servers are connected access switches (3500 series), and the access switches are dually homed to two 6513 distribution switches. The two 6513 are connected together via etherchannel, and each 6513 switch has MSFC, SSL Module and CSM module. Each 6513 is also connected to a Netscreen firewall.

The etherchannel between the two distribution switches is trunked and we use to transport L2 and L3 traffic, and we use HSRP as well. So, basically it’s standard setup.

But the customer wants to use the etherchannel between the two distribution switches as pure L3, so he wants us to remove the trunking and create a new VLAN to interconnect the two distribution switches, and we use IGP only between the switches.

For any traffic that should use L2 and need to go between the two distribution switches, like HSRP packets it should go through the access switches instead of going directly between the two distribution switches.

1) Does the customer request meet Cisco best practice?

2) If not, does our solution can be considered as the best practice?

3) What are the problems in the customer request?

4) Having the two firewalls in active/active mode or active/standby mode, and having CSM in active/active mode or active/standby mode, either way, will that make the customer request valid?

5) One of the customer arguments for using L3 was that the OSPF convergence time is better than STP convergence time… Is that a valid argument

Thanks for your help..

Re: Design Question

Hi Ahmed,

You may get a response here. But I think this question is a better fit in the "LAN, Switching and Routing" forum.

Rgds, Dan

Re: Design Question


L3 only between core,

to ensure stability you might need to have all redundant devices (top/down) in active/standby mode.

having them in active/active mode could lead to packet loss during single link failure within your network.



