Need guidance on Cisco 6513 install

The best suggestion I can give is to break this into manageable parts/ pieces for you to configure. At a high level, here is a brief list of the major areas that you need to focus on:

1. System (name, IP, contact)
2. Administrative (SNMP & Logging)
3. AAA (AAA, TACACs)
4. Layer 2/3 (Vlans, hsrp, spantree, etc)
5. Routing (Protocol & Statics)

1 and 2 are necessary but not overly important, whereas 3, 4, and 5 basically define your whole architecture. Do you have another switch (6513) showing up for redundancy? If not, I'm surprised they wouldn't do two 6509s or 6506's if you only have 3 line cards and since there is no redundancy in a single switch. Regardless (no need to question what is already defined), how is the network expected to be designed or grow in the future?

In its most basic configuration, you need vlans for VOIP, Users, Servers, and the link to the 2800. However, and depending how large this network may or may not get, I would consider being ahead of the curve in that event.

10.2.0.0 - Loopbacks of network devices 10.2.1.0 - VLAN 1 for management interfaces on switches (using vlan 1 can be debated, but you can always choose another vlan number and same IP addresses) 10.2.2.0 - Routing Vlan 10.2.3.0 - 2nd Routing VLAN (for secondary adjacencies) 10.2.5.0 - Management interfaces for servers, appliances, etc (including iLO, Console, etc)

The rest of the IPs I would carve up as you see fit. You could do it by server type (wintel, linux, aix, sun, vm, etc), or you could do it by project, or you could do a big /23 or /22 and just put all your servers there. I like to split it up in some way to help keep the traffic central.

As to the routing vlans, these are key to your routing config. Whatever routing protocol you choose to run, make 'passive-interface' the default (so that no interface will create an adjacency out of the gate), and only allow the vlan 2 and vlan 3 interfaces to exchange routing information. This means that every router you put into this network going forward will have one interface in vlan 2, and one in vlan 3, for redundancy. This is kind of moot since you only have one 'core' 6513, but whatever. In a two core environment, both switches would have both vlans, but core 1 would be the spantree/hsrp owner for vlan 3 (and all other odd vlans), and core 2 would be the spantree/ hsrp owner for vlan 2 (and all other even vlans). If one core dropped, all other routers would still continue to communicate on vlan

3 uninterrupted.

Lastly, you need to consider if you are doing a layer 2 or distributed layer 3 network model. The difference is that a layer 2 model will create all networks/vlans on the 6513 and trunk them out to other devices as necessary. The distributed layer 3 model is to help distribute layer 3 routing load and take load off the backbone, and this is done by only creating small vlans on each pair of switches, and then creating routing adjacencies to all other pairs. This means that vlans are not trunked, and all traffic on a vlan will stay within a pair of switches unless it needs to go elsewhere. No more traversing a trunk to get to your MSFC router to move to a different vlan and then back to the same pair of switches. A more costly solution, but in very large networks, this is a must.

As referenced above, make sure your spantree and hsrp priorities are set properly. Even though you don't have a 2nd core, that doesn't mean you can't plan for one. Set up hsrp (even though there is no other hsrp partner), and this device will just be the .2 on each vlan, and have .1 as the hsrp address. This way if another core shows up, you don't have to break anything, you just add it in as .3 in each network and setup hsrp. At that point you'll also want to make each switch own some vlans. The highest priority is the hsrp 'owner', so do something like 140 for all odd vlans on core 1, and 130 for all odd vlans on core 2. Then 140 for all even vlans on core 2, and 130 for all even vlans on core 1. Just helps distribute load from vlans. For spantree, same thing, except lower wins. You'll want 8192 on the layer 2 'owning' switch, and something slightly higher for the failover. NO OTHER SWITCH should have either of these spantree priorities for the same networks, put all others at 32768 or whatever. Again I would distribute these against odd/even vlans differently, which won't do anything while you have one core, but can help when you add a second.

As for routing, I would consider turning up OSPF or EIGRP, and make sure you use the passive stuff I talked about above. You only want adjacencies where it makes sense, no need to go overboard. You would create network statements for each 10.2 or 10.1 network, and then if you were running eigrp, you can do a ip summary-address eigrp command on your routing vlan interfaces (vlan 2 and vlan 3) with a summary of your networks in this location (10.2.0.0). If you are going to use

10.2.0.0 in any other location (say 10.2.128.0), then do not do this summary, and adjust it as necessary).

Then give your 2800 an interface in vlan 2 and/or 3, in EIGRP, make sure someone has a default route, and redistribute connected. Also make sure you have default information originate for whichever router has the default.

Again, I'm sure I've missed some things, but this is the best advice I can provide on short notice from an architectural standpoint. I'm sure others will correct me/add on where I have missed something.

Merv, not sure what is up, but this is the 2nd post that I can't see any text you have added. It just shows the original post. You had one like this yesterday. Guess it could be my browser or something, or the way google groups is reading this, but something isn't right. Just thought I'd let you know.

well I would use routed ports on the 6513 for the link to the 2811 router and to the 3750 which is a layer 3 switch

If you need to have the same VLANS on the 6513 as on the 3750, then the link between the two needs to be configured as a trunk

I personally would not do that but you will need to look at your requirements

! 6513

int descrption link to 2811 no switchport ip addr x.x.x.x m.m.m.m cdp no shut

int description link to 3750 no switchport ip addr x.x.x.x m.m.m.m cdp no shut

! 3750

int description link to 6513 no switchport ip addr x.x.x.x m.m.m.m cdp no shut

what is the addressing scheme in you rnetwork ?

what IGP routing protocol is used - EIGRP ?

1. you need a diagram, showing the physical layout.

once you have that you need to know which subnet will be there, and that gives you some idea of the VLANs you may need.

hint - VLANs are a powerful tool, but the simplest structure that will do the job and maps VLANs to physical "lumps" of network is a good place to aim for.

RTFM - the cisco manuals are good, and all are freely available on line.

1 thing to watch for with 6513 and 10G modules is that some slots have 1 rather than 2 backplane fabric connections, and high bandwidth modules may not run in those slots.

but - if you bought it from a reseller then they should already have set it up, checked the power budget, checked the modules work, checked that the IOS is compatible? If you bought a collection of bits then you may have to do some of this for yourself, and you may find some constraints......

Cisco 6500 best practice guide

this one is for IOS style setups - you can also run a 65xx using CatOS, or a hybrid of the 2 but that is getting less common.

I really appreciate all the responses so far, this helps a lot.

We actually do have a Visio diagram for this and have the subnet scheme defined. I would attach a PDF of the drawing if I could. We'll be using EIGRP for routing protocol. Here is the subnet scheme:

10.2.1.0 Routers, switches, WAPS, etc 10.2.10.0 Servers 10.2.100.0 Workstations, printers 10.2.101.0 Workstations, printers 10.2.200.0 VoIP

The 3750 will have the VoIP equipment, so it will need to have ports on the 10.2.200.0 subnet. I suppose at this time, the 6513 does not need any ports on the 10.2.200.0 subnet. Given the connection between the 6513 and 3750 with 10GB fiber, does it make more sense to be a trunk port (that's what I'm thinking)?

Also, the 6513 has only a single W32 supervisor card, unfortunately. This network will eventually (over next 5 months) have around 300 workstations. We will bring in another 6513 from another location as we migrate servers and users to the building that I've described in this scenario. Both 6513's will have single SUP cards at that time and our plan is to connect them together with a pair of 10GB fiber cards (XENPAKs). The 3750 will come out at that point, being replaced by the future 6513. There may be 20 to 30 servers connecting to the future

6513 as well. So that's what the future network will look like.

Thanks aga> well I would use routed ports on the6513for the link to the 2811

configure EIGRP routing process and check that the link between the

6513 and the 2811 is enabled for EIGRP

show ip eigrp iterface

show ip eigrp nei

Given the direction to have dual 6513's , I would use trunking between

6513 and 3750

to make sure that EIGRP updates are not sent to SVI interfaces ( VLANS) given that there is no router or layer 3 switch to receive them, you may want to make all interfaces passive under the EIGRP routing process except for one to 2811 router.

router eigrp xxx network 10.2.1.0 255.255.255.0 eigrp log-neighbor-changes passive-interface default no passive-interface

logging buffer 100000 no logging console

You might also consider the link between the 6513s, and configure it as a layer 2 Etherchannel with GLBP. You'll benefit from a more fault-tolerant switch configuration without the klunkiness of HSRP group assignments. This is especially helpful for teamed NIC configurations on your servers.

snipped-for-privacy@gmail.com wrote: