I have 4 x 2950 switches plus 2 x 3750 (EMI) as core switch. Now I want to dual connect each L2 switch to both 3750 as a requirement of redundancy and 2 x 3750 will be inter-connected thru a UTP cable. STP will be enable on all 2950 & 3750, I also want both 3750 become active, how do I set it up without having L2 loop ? I read Cisco doc mentions HSRP is one of the solution. Does it mean if I enable HSRP on both
3750 ports, it'll avoid L2 loop ? Any other setting is required ?
Another question : I saw many posts about L2 & L3 redundancy, I'm little confusing. I know STP is the solution for L2 redundancy & HSRP /routing protocol is the soluton of L3. If my L2 switch is capable of L3 switching, how do I configure the switch port to Layer 2 only, or to Layer 3.
This gets more into the heart of basic LAN design. What function does your 3750 switches serve now? Is "ip routing" enabled? Are your 3750s acting in a L2-only capacity at present? Where are your L3 interfaces in your VLANs?
I'm going to assume that your 3750s are acting as your core routers and that your 2950s are distribution and access. I'm also assuming that each 2950 contain one or more different VLANs. The L3 interfaces on each VLAN are on each of the 3750s. Set up each link between the 2950s and 3750s as 1Q trunks. If you want you can delve into VTP, vlan pruning, allowed VLANs, native VLANs, etc but I won't cover that here. Create your L3 interfaces on your 3750s. Set up HSRP on the L3 vlan interfaces and point your users at that common IP for their gateway. Don't forget to set HSRP preemption and priority (HSRP is really easy to use). On your primary 3750 enable PVST and lower the priority on your VLANS so that the primary 3750 becomes the root bridge.
spanning-tree vlan XYZ priority
You could also use the "root primary" options to set this for you.
That glosses over quite a bit of misc stuff but that's the gist of what I think you're trying to do. It gives you a redundant L2 network without making L2 or L3 changes to your hosts. Read up on HSRP. It's really quite simple to use. I have example interface configs if needed. One thing to point out is that HSRP doesn't turn itself on until after you issue the "standby ip" command. The other standby commands do nothing until that point. A good rule of thumb is aaa.bbb.ccc.2 is your first HSRP member, .3 your second, .N etc and .1 is the actual standby IP.
You shouldn't have a L2 loop unless you pass the same VLANs between the
you cannot do this - a L2 loop has to be blocked at at least 1 point to prevent a loop.
there are few ways to get around it using multiple VLANs, but they are complex to do, and make support more difficult.
the better way is to split your 2950s up and make each one a separate subnet, then run the 3750s as routers in the core. But this does mean your network design is more complex, so you need to understnad how to put it together.
? I read Cisco doc mentions
this is only relevant if the 3750s are acting as routers - HSRP lets 2 router interfaces co-operate to give you a reliable default gateway.
most resilient campus networks are a hybrid. L2 on "edge" switches like your
2950s, and routing on central or core switches.
most of the cisco reference texxts for campus designs follow this 2 layer model, although the designs often are for more connections (or a 3 layer model designed for even larger scale)
more info than you ever wanted about Cisco reference designs:
A small side-track, but is there some reason you cannon connect the 3750's via the stack-cables and run them as one logical switch? This would eliminate the need for HSRP (only one IP address for each VLAN/SVI on the stack) and STP, since you could run cross-stack etherchannel on the 3750's and regular etherchannel on the uplink ports of the 2950's.
I want to active both 3750 (which means some wrkstation connects to first 3750 & some are connecting to second 3750), and each 2950 dual connect to both 3750, running multiple vlan, 1Q trunk is enable between 2950 & the core. The core will handle vlan routing. If you could post your example config of above requirement, it would be great.
For my scenario, I think routing (publicily known as L3 switching) should be enable on 3750 port where connecting to 2950 , To enable redundancy on the core switch, HSRP should be enable by interconnect them using a utp cable, If I plug that cable between two core switches, is it a L2 or L3 connection from switching point of view. If it's a L2 connection, it'll cause a L2 loop as each 2950 has dual path to the root ? How do I configure the port to make it as a L3 connection ?
I know you may think my question is odd, I'm confusing with L2 & L3 redundancy. Some articles point out to avoid L2 loop in my scenario (I thought my setup is a typical one, which has been used in many open discussion, Access+Distribution layer dual connect to the Core layer), it should enable L3 redundacy, I don't know how to configure it. Can you help me ?
If you are going to have multiple VLANS on the 2950, then the port to which it connects on the 3750 needs to be configured as a trunk.
You will then configured vlan interfaces on the 3750 for each of the vLANS configured on teh 2950. Each of these VLAN interfaces can be configued with HSRP on both 3750.
first 3750 & some are connecting to second 3750), and each 2950 dual connect to both 3750, running multiple vlan, 1Q trunk is enable between 2950 & the core. The core will handle vlan routing. If you could post your example config of above requirement, it would be great.
it depends where you allow the VLAN to get to.
If a 2950 link comes in on vl 101, and the trunk between the 2 3750s also carries vl 101, then there is a L2 loop in vl 101, and it will block somewhere. The same will go for each vl.
so to turn your Q around - if you dont want a L2 loop, then each 2950 should use different vlans, and the trunk between the 3750s should not have any of those vlan numbers on it.
finally - you need the 3750s operating as routers as discussed by J, and an IP address on the subinterface of each 2950 facing port for each vlan on each 3750.
The downside to this is the same problem I'm faced with at one of our sites. We have a stack of 4 3750Gs running the EMI code. It's functioning as the core router at that site. I can not upgrade that stack of switches without taking down the entire network. The Internet would be dead, same for the phone system, server farm, etc. Sticking with the 2 core router (L3 switch) design gives you resilency and redundancy options that wouldn't exist in the stack situation. Plus I've seen stacks fail before, whereas I haven't seen 2 independent switches fail simultaneously unless there was an environmental anomaly. Stacking an extra switch to each 3750 for additional ports would be worthwhile. Of course at that point you have to weight the extreme limitations of a L3 switch core vs actually installing a LAN router.
The other option is to use a 3800 with an EtherSwitch Service module. You can stack that with a 3750 to create a much better L3 core. It presents lots of options.
This is really pretty straightforward. The trick is in not trying to use L3 on your physical interfaces to the core. Do them as L2 trunks, i.e. "switchport".
Start at the middle, with your two 3750's, and tie them together with a trunk. Trunk ALL of your vlans between the core switches, and configure them nearly identically--you want full redundancy between them for failover and maintenance. Nick the spanning-tree priorities on both switches to insure that one or the other of them will always be the root switch.
On each switch, create a VLAN ## interface for each vlan to do the L3 routing. Configure HSRP to allow for failover between them. One switch always gets x.x.x.2, the other gets x.x.x.3, and use .1 as the standby address. (Well, you don't have to, but it's easier to keep track that way.) Give them both the same config for routing protocols, etc.
Now add your 2950 access switches with each tied to both 3750's. USE L2 INTERFACES for this as well. Trunk whatever vlans will actually be needed by each 2950, and do it the same to both core switches. (You can use VTP pruning to simplify the config & select vlans automatically based on what's actually used on each 2950's access ports.)
Well, of course it will create an L2 loop, but STP will take care of that for you. Routing protocols will converge faster than STP, so when you can, you might prefer to use L3 interfaces. That only works, however, if ALL of the switches you're connecting are L3 devices, and you're actually ROUTING between different subnets on different switches. (A MUCH more expensive enterprise.) Then you do L2 trunks side-to-side between switches that are redundant pairs, and L3 interfaces to connect vertically or diagonally to other "pods" of redundant pairs. Lots of little .29 subnets with HSRP on both ends, and either very large routing tables or very carefully designed summarization. I did a set of environments like this last year and it was a lot of fun, but the organization could afford to use 6509's like Kleenex. If you've got a single pair of L3 3750's and a bunch of L2 switches, you'll need to use L2/STP for your topological redundancy, and just use L3/HSRP for your inter-vlan routing redundancy.
This is getting a bit heavy for "intro to campus design, but no, you dont need L3 on every switch to do this.
if 1 of the edge 2950s has both uplinks to L3 switches, and no VLANs get passed thru the L3, then the VLANs stop at the terminating port on the L3.
under these specific conditions (ie 1 L2 switch, with 2 uplinks to L3 switches), then losing an uplink is reported to the L3 box, it drops the IP interfaces on VLANs which only go to that switch, and convergence is only limited by the routing protocol and HSRP.
You also need a dedicated transit subnet between the 2 central switches, and it would be best to use "passive" on the edge switch subnets, so that no transit traffic flows thru them.
To give an idea of the convergence time, with default timers on OSPf you get around 5.5 sec or so, and HSRP reacts in 3 to 4 sec. If you tune the timers, (which you might need if you worry about VoIP conversation being disrupted by a L3 switch or uplink failure), then this can be down to a few 100 mSec.
By contrast spanning tree usually takes ~30 sec to stabilise. Fast spanning tree can do a lot better in this topology if it is set up properly, and degrades fairly gracefully when things go wrong, but requires every switch to co-operate, whereas L3 convergence only depends on the central 3750s.
If the vlans go to other ports on the L3, then the vlan doesnt drop when you lose the port connection to the central switch, and you need to trunk the vlan between the 2 central switches to provide resilience.
routing size os going to depend on the number of edge switches - given 2 *
3750s in the middle this is going to top out at 40 to 50 subnets for now (or maybe 100 with separate subnets for Voip), so summarisation isnt needed.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.