1. Home
  2. Cisco Systems
  3. Layer 2 design question

Layer 2 design question

Hi,

I have a design question.

The network is as follows,

1 6509, CatOS sup1a. Gigabit trunks (ISL) to approx 7 different departments, each has approx 4 switches, either 3548's or 3550's. This is growing. Some are in stacks. Most have 2 gigabit trunks to the 6509, with one being for redundancy.

Here's the problem. I have inherited this network. All the switches are in VTP server mode. All the ports are in VLAN1 and they just default gateway VLAN1 out to the router.

How do I proceed with this ?

I think I should be creating separate VLANS for each cluster of switches (essentially per department VLANS) on the 6509 this would decrease the broadcast domain size and spanning tree table sizes, it seems to be what Cisco recommends. What would this buy me ? Can I do this migration to another VLAN without downtime ?

I think Cisco recommends that I take user traffic off VLAN1 and leave it for control traffic, CDP, STP, VTP etc.

Also do I either turn the 6509 into vtp server mode and all the switches into client, or everthing into transparent mode ? If I take a switch from client or server to transparent will it's VLANS get withdrawn ?

In addition I am seeing STP: port up. STP port down etc, messages on the switches. I thought that once STP had converged I should not be seeing this unless something changes. Nobody it's taking ports up/down except me. Is there an STP problem or is this normal ?

Any other suggestions would be appreciated. I just want to get this network back on it's feet again.

Thanks Genki

Reply to
genki
Loading thread data ...

You want to read:-

"Campus Network Multilayer Architecture and Design Guidelines"

from

formatting link
Kate0]

Not really worth having. Basically lets you add VLANS to the network from any switch console and they get propagated automatically. Quickie advice is, "Transparent"

Pretty reasonabe, some people like 2 per pair of uplinks which allows you to use both uplinks for traffic. However - Have you a suitable central router? (MSFC)

If you enable portfast on the links that connect to end stations (PCs, printers, servers) then these may go away.

You have asked a big question, sorry for the small answer.

Reply to
anybody43

Hey thanks for the link, that's a very interesting docuyment.

I will try enabling portfast to see if it helps.

We have 3620's at the middle connecting two sites with a T1. That's about it. No MSFC's.

Thanks for you reply. Appreciate it.

Reply to
genki

You can't subnet/vlan off the seprate building/switch stacsks without a central router to get them all to work together.

It sounds like you use one network, no routing, except to cross the T1's on the way out. Breaking off VLANs(IP subnets) has a lot of subtle impacts. If you do not run a Windows domain with a ADS/WINS server, browsing teh network for other PCs will be affected. WINS/ADS is what enables Windows PCs to browse fro PCs/Servers/Printers beyond your broadcast domain. You may also have some software/systems that assume a flat network. They may rely upon broadacast to get to things. It affects Norton Ghost for instance--if you use it across the network for image backup/deployment.

However you defintiely need to portfast/bpduguard every port that is not a run to another switch. That will end those STP messages. Also you need to set the Spantree priority of the main 6509 to a low number(1,10,4096). The starting default is around 32767. This creates a center for the spanning tree algorithm. All the paths are calculated optimizing the shortest path to the center. If this isn't done then typically the switch with the lowest mac address becaomes the center--which can cause a sub-optimal configuratoin and make for a lot of subtle problems. DiGiTAL_ViNYL (no email)

Reply to
DigitalVinyl

Hey thanks, very good information there. I just had a 15 minute outage caused by VTP withdrawing one of the main VLANs in the network. I've asked for permission to turn VTP mode to transparent on every switch in the network (they do not have more than 4 vlans and rarely create/delete vlans)

Will be doing that tonight, along with installing a NAMM module into the central 6509.

Thanks for the info.

Genki

Reply to
genki

I also found that for the most part NAM modules are a waste of money. Completely underpowered.

Reply to
Hansang Bae

Well, I installed this Nam-1 module last night out of hours. (The company that I'm consulting for had already made the purchase)

I had any time to configure it further than enabling the web server and getting it on the network.

One interesting thing that I noticed is this,

I setup a continuous ping to the 6509 prior to inserting the NAM-1 module. When I inserted the NAM-1 module, I noticed a large latency increase for about

4 pings, then back to normal.

It didn't DROP traffic but the latency would have screwed any voip session etc.

Also the fact that it appears to be running Linux and Apache!

Genki

Reply to
genki

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.