12-10-2007 05:10 AM - edited 03-05-2019 07:54 PM
Hello,
I have attached a picture of the way it is plugged, and wonder why I see no port blocks on one of the 6500's, but three of the 4 ports on the other one are blocked?
If I shut down interfaces on the 6500 that has blocked ports it does failover, but takes about 5-7 seconds. I have two questions...
Should I be seeing any blocked ports when I run "show spanning-tree blocked-ports" on either of the two 6500's?
Will I need to manually configure additionally anything with spanning-tree or is this normal?
12-10-2007 05:35 AM
Hi William
Which switch is the root switch and which switch is the secondary root.
Could you choose one vlan and do a 'sh spanning-tree vlan "number"' on all the switches.
Presumably the uplinks from the 4948's are L2 trunks ?
Jon
12-10-2007 05:46 AM
SiteA6500#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 001c.b12c.e682
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 001c.b12c.e682
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi5/1 Desg FWD 4 128.513 P2p
Gi5/2 Desg FWD 4 128.514 P2p
Po1 Desg FWD 3 128.1665 P2p
Po2 Desg FWD 3 128.1666 P2p
SiteB6500#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 001c.b12c.e682
Cost 7
Port 1666 (Port-channel2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 001c.b19c.78c2
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi5/1 Altn BLK 4 128.513 P2p
Gi5/2 Altn BLK 4 128.514 P2p
Po1 Altn BLK 3 128.1665 P2p
Po2 Root FWD 3 128.1666 P2p
I am using GLBP between the two 6500's and all connections between the 4948's and 6500's are layer 2 trunks. I have used the preempt on the SiteB 6500 as I wouldn't really want traffic for the vlan2 to be handled by the SiteA 6500 unless the SiteB one failed.
I know it is a bit unrelated but here is the vlan2 config for each device...
SiteA6500
interface Vlan2
ip address 10.75.0.3 255.255.0.0
no ip redirects
glbp 2 ip 10.75.0.1
SiteB6500
interface Vlan2
ip address 10.75.0.2 255.255.0.0
no ip redirects
glbp 2 ip 10.75.0.1
glbp 2 priority 110
glbp 2 preempt
You will notice I don't specify the load-balance type for GLBP... Not sure if that is a good idea or not. :)
Thanks for your help.
12-10-2007 05:55 AM
SiteB4948#1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 001c.b12c.e682
Cost 4
Port 48 (GigabitEthernet1/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001c.5875.5180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/48 Root FWD 4 128.48 P2p
Po1 Desg FWD 3 128.641 P2p
SiteB4948#2#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 001c.b12c.e682
Cost 4
Port 48 (GigabitEthernet1/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001c.5875.4640
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/48 Root FWD 4 128.48 P2p
Po2 Desg FWD 3 128.642 P2p
SiteA4948#1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 001c.b12c.e682
Cost 3
Port 641 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.a2e5.1780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/48 Desg FWD 4 128.48 P2p
Po1 Root FWD 3 128.641 P2p
SiteA4948#2#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 001c.b12c.e682
Cost 3
Port 642 (Port-channel2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.a2e5.7040
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/48 Desg FWD 4 128.48 P2p
Po2 Root FWD 3 128.642 P2p
Sorry Jon... I guess you wanted it from all 6... :)
12-10-2007 06:00 AM
William
Have to nip into a long meeting so i'l be quick.
1) Is there any reason why you do not have a L2 trunk between your 6500 switches ? You are running GLBP across the access-layer switches - is this intended ?
2) From each 4948 you have an etherchannel to one switch and a single connection to the other. If you do not want the 6500 blocking then you need to maniipulate the spanning-tree costs on the 4948 switches either per port or per vlan.
3) You should also explicity set where your spanning-tree root and secondaryt are rather than leave it to chance.
HTH
Jon
Jon
12-10-2007 06:13 AM
Hi,
Thanks for your post...
1) I have only 4 pair of fiber between SiteA and SiteB and thought it prudent to connect them the way you see it. Is this not recommended?
I guess I didn't see an alternative to running it across the access layer given the fact that I can only terminate the fiber on the 720-3b's and wanted to physically connect each access layer switch to each 6500. I am all ears for alternatives though :)
2) Each 4948 is connected to each 6500 you are correct. Is it recommended to configure spanning-tree "port by port" or "vlan by vlan"? It sure seems easier if I was to do "vlan by vlan"
3) I read a previous post on here where they were talking about using GLBP and STP and found there seemed to be a differing opinon on whether or not to let spanning-tree figure it out on its own or to specify spanning-tree? What is the correct way to do it? Is it indeed to not "leave it to chance"
I appreciate your help...
12-10-2007 09:30 AM
Hey Jon,
You back yet?
12-10-2007 10:45 AM
William
1) No it's fine if that the fibre you have. Can a single link carry all the traffic that the etherchannel does ?
As for alternatives, it comes back to the question above. If a single link will carry all the traffic from the 4948 to the 6500 i would be tempted to remove the etherchannels and leave only a single link in it's place and use some of the spare fibres to create a L2 trunk between your 6500 switches.
2) It is recommended to configure your root and secondary switch explicitly rather than leave to chance. If you connect up your 6500's with a trunk link i would set your 6500's to be root and secondary. Explicity setting port costs/vlan costs is only necessary if you are not happy with the topology STP has worked out.
3) The thing about GLBP is it will use both gateways one per 6500. So with HSRP what people often do is to have one 6500 (switch1) be the spanning-tree root for odd vlans and also have the active HSRP gateway for odd vlans on the same switch and then on the other switch (switch2) have that as root for the even vlans and the HSRP active gateway for even vlans. Each 6500 would then be spanning tree seondary and standby HSRP gateway for the other set of vlans.
With this setup you can load-balance your vlans from the 4948's ie. the uplink to switch1 is used for odd vlans and blocking on even vlans and the uplink to switch2 is active for even vlans and blocking for odds.
But as said GLBP will use both gateways. But you still don't necessarily want to leave STP to chance because you may later connect an older 3500 switch for example with the lowest mac-address and suddenly that has become root for all vlans.
I would suggest making your layer 3 gateway switches (the 6500's) the root and secondary for the vlans. No need to do odds and evens for reasons already stated.
Overall there is nothing wrong with your design and there are always more than one way to get the job done. Just wanted to give an alternative option.
Apologies for the delay in getting back, it was a very long and boring meeting !
Jon
12-10-2007 11:00 AM
Hello Jon,
I really appreciate your insight...
I guess its time to say what I would ideally want to happen... Then you can suggest the best way for that to occur.
1)I was kind of hoping that the links from SiteA to SiteB and the reverse would only be used if the traffic is destined for a vlan that is preempted on the other side... Does that make sense?
I guess I ether-channeled thinking the link would be faster from the "local" 4948 to it's "local" preempted vlan. Is that how it works? Will the preempted vlan handle the traffic as long as it is alive? (Cause that's what I want)
Pretty much all of my vlans currently exist on SiteA or SiteB, meaning SiteA vlans are only currently on SiteA etc... From a traffic perspective that is sort of how I want it to work.
2)So I guess you are saying that the spanning-tree config is only needed on the 6500's and not on the 4948's. Right?
3)I would ideally like to turn off the load-balancing from what I hear you say. Is that something that is a bad idea?
As stated, I appreciate your insight :)
12-10-2007 11:17 AM
William
1) It does make sense but if you want to keep site A vlans traffic within site A unless you have a hardware failure then you don't want to use GLBP because that will use both 6500's equally.
You need to know how much traffic is moved across your uplinks to know whether a single link could cover the traffic that normally goes over the etherchannel link.
2) As long as you are happy with the ports that STP ends up blocking. Because your paths are via the access-layer for all traffic you may well find some of the ports on your 6500's blocking.
3) Refer to above.
Okay, lets assume a single fibre uplink can handle the traffic from a 4948.
If you were to go with my previous suggestion and connect your 6500's, then you could use HSRP instead of GLBP, set the site A 6500 to be spanning-tree root for site A vlans and also make the site A 6500 the active HSRP gateway for the odd vlans and then vice-versa in site B.
This would achieve what you want but it does depend on how much traffic is moving from the 4948's to the 6500 switches.
Jon
12-10-2007 11:34 AM
Hello Jon,
If I use the "load-balancing none" command on each vlan would I not achieve the same thing (HSRP) as you describe? (And not have to redo my configuration!)
Also what is the purpose of the preempt command if not to direct to a specfic device?
The spanning-tree idea makes sense to me thanks... :)
12-10-2007 11:42 AM
1) To be honest i don't know as i have never set it up this way. You could try and see what happens.
2) preempt command allows one router to take over from another. If the primary router fails even without preempt on the standby router it will stiil takeover. preempt is useful where you have active router with 110, standy router of 100. Active router is tracking an interface which goes down and you lower the priority from 110 to 90. The standby router now has a higher priority and will take over but only if it has preempt on.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide