Cisco Catalyst 6513-E SUP-2T VSS & WiSM2 HA

Hi,
I have around 2000 APs in my network and have 2 x WiSM2 modules and 2 x HA SKU Wism2 with 1000 AP licenses each.
How an I acheive HA for my WLCs for total 2000 APs.?
Can i install both Primary WISM2 in one chassis and both HA WISM2 in second chassis ( in VSS mode )? In this way if whole chassis fails or one WISM2 fails, APs will switchover to second chassis which have standby WISM2 for takeover.? Is it a valid approach?

I have around 2000 APs in my network and have 2*WiSM2 modules with 1000 AP licenses each and my core switch is 65K-Sup2T in VSS.
Ok, here's what WE'VE done with WiSM2 and HA in a VSS environment.
You have two WiSM2's and servicing 2000 APs.  So if you want to get HA SSO up and running you need:
1.  TWO more WiSM2 with HA SSO license;
2.  Four IP addresses;
3.  VLANs of your management and redundancy should be bridged across the 2nd pair
4.  Make sure you use 7.5.X firmware; and
5.  High Availability (AP SSO) Deployment Guide

Similar Messages

  • Qu. about Deploying MPLS on Sup-2T VSS

    Hi,
    We are planning to deploy a new campus network comprising of a Core (Nexus 7K), 2 client aggregation modules (Catalyst 6500 /w Sup-2T VSS) and a single Data Centre module (Nexus 7k).
    MPLS is being deployed to provide segregation of services. Now in a traditional MPLS campus deployment, we would have a pair of Core switches performing the P, or LSR function, and the aggregation devices each performing the role of the PE, or LER. Load balancing would be achieved by using different RDs for each PE.
    In the world of VSS however we obviously change this model, with a pair of PE switches appearing as "one" to the Core or P node. In this scenario we would just use the one RD and use a Layer-3 Port channel from the VSS node to each P node to provide the resilience.
    I have read a few posts about this type of deployment and the general consensus seems to be sticking with a non VSS deployment, mainly for simplicity and the ability to have greater visibility into what is going on under the hood.
    Has anyone deployed MPLS using VSS ? Does anyone have any views or recommendations as to why one would choose one particular method over the other ?
    I think my personal preference will be to go non VSS, then at least we have the same configuration across all aggregation modules (Nexus / Catalyst).
    Any help would be greatly appreciated.
    Chris.

    Hi Alessio,
    The underlying design will be a traditional Access - Distribution - Core - Distribution - Access model. With a hierarchical OSPF backbone design, i.e. area 0 for Core and backbone links, with the distribution switches configured as ASBRs. We are then planning to configure an iBGP overlay on this, and then MPLS VPN using MP-BGP to provide network segregation. This is something I have done before on a Catalyst / Nexus backbone and works well, I have just never used VSS to accomplish this. So I just wanted to understand if there are any best practice recommendations for VSS which may not be in the path isolation design doc.
    For example, in a traditional non VSS deployment, load balancing is typical configured by configuring different RD's across a pair of PEs with the same RT which route a common subnet. Different VPNv4 prefixes are then advertised to the Core / P nodes for the same IPv4 subnets. In a VSS deployment, this isn't possible, because obviously there is only a single control plane, so load balancing is achieved by the hash algorythm used on the Layer 3 port channels connecting the PE to the Core - are there any other considerations such as this which I need to be aware of ?
    I hope this helps explain the design a little better.
    Chris.

  • Installing New network card on a Cisco Catalyst 6500 VSS mode

    Hi All.
    I need to install a new network card on Cisco Catalyst 6500 VSS mode, I need to follow any special procedures or is it only insert the new card and the Catalyst automatically recognizes the card?
    Thank you So mucho. 

    Hi,
    Just insert the blade and the switch should recognize it. For the 6500 series the blades are hot swap able.
    HTH

  • LMS 4.2.3: Catalyst 6500 with SUP-2T is invisible in Inventory

    Catalyst 6506 with SUP-2T (s2t54-advipservicesk9-mz.SPA.151-1.SY1.bin) was discovered by LMS, but he is invisible in Inventory. I see this switch on Topology and Cisco View is working fine, but I never seen him in Hardware Summary Tab for example. How to fix this problem ?

    That's odd.
    I'd imagine your system package updates are current given that you're on 4.2.3. Just in case, you would check via Admin > System > Software Center >Device Update. Check the Inventory Config And Image Management check box, and click Check for Updates.
    Once that's confirmed, please let us know does it show up at all in the DCR Inventory? (Reference) If not, what if you add it manually there?

  • Cisco Catalyst Supervisor communication issue?

    Hey all,
    I had a slight issue regarding two supervisor engines on a Cisco Catalyst 4500 device where the keepalives between the two sups lost communication for roughly 50~ seconds.  This triggered an SNMP alert but it looks like they regained connectivity before a switchover was initiated.  Has anyone ever experienced anything like this before?

    You obviously need to configure the ports etc. but the switch should recognise the module as long as you have an IOS that supports it.
    There is nothing extra to do, you just slot the module in.
    If you are connecting all your distribution switches to the 6500 then if you don't need a vlan/IP subnet in multiple buildings then you should use L3 connections to the 6500.
    Note also that you may want to consider at some time in the future a second supervisor or another chassis as this 6500 with one supervisor is a single point of failure ie. if it goes then there is no communication between buildings.
    Jon

  • CISCO CATALYST 4507R+E + Supervisor 8-E

    Hi,
    I need help and clarification regarding the software license of Sup 7-E and Sup 8-E. Based on the catalog  it ships with IOS XE universal image? Here are my inquiries.
    1. With IOS XE universal image, what is the software license installed in Sup 7-E and Sup 8-E? Is it LAN Base or IP Base?
    2. Is there an option to purchase the Sup 7-E or Sup 8-E with an Enterprise Base license?
    3. How many priority queue does it support?
    Thank you,

    Please find answer:
    1- Cisco provides LAN Base software only when purchasing SUP7E or SUP7L-E bundle with a single Supervisor, in all other cases IP Base license is provided at no additional cost.
    There will continue to be three packages: LAN Base, IP Base, and Enterprise Services.  ( IP Base and Enterprise services to be purchases seperately)
    2-
    Q.    Which licenses are available for Supervisor Engine 7-E, 7L-E or a Cisco Catalyst 4500-X Series system?
    A.     See Table 1 for package licenses. These will be delivered with new Supervisors or available as an upgrade through Cisco software activation. The Cisco Catalyst 4500-X Series only supports IP Base (default) and Enterprise Services (as an upgrade).
    Table 1.       Package licenses
    Package Name
    Prerequisites
    License Types
    LAN Base
    None
    Permanent
    IP Base
    IP Base
    Permanent, temporary
    Enterprise Services
    IP Base
    Permanent, temporary
    Q.    Where can I learn more about Cisco software activation?
    A.     http://www.cisco.com/go/sa.
    3- http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
    HtH
    Regards
    Inayath
    *Plz dont forget to rate usefull posts.

  • Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working

    I have a Cisco Catalyst 4507R+E  (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
    When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
    The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
    I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
    The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?

    I have 2 Core switches, single SUP on each.
    Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
    although the code is newer than 3.2.2SG.
    Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
    otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
    We´ve sent a show tech to Cisco support while the issue was happening.
    Current modules on the Core switches.
    Mod Ports Card Type                              Model              Serial No.
    ---+-----+--------------------------------------+------------------+-----------
    1    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1627L48B
    2    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1629L0ZY
    3     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1629L1PD
    5    12  1000BaseX (SFP)                        WS-X4612-SFP-E     JAE163007EO
    M MAC addresses                    Hw  Fw           Sw               Status
    --+--------------------------------+---+------------+----------------+---------
    1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1                               Ok      
    2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1                               Ok      
    3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E       Ok      
    5 a493.4c44.13e8 to a493.4c44.13f3 1.1                               Ok      
    Mod  Redundancy role     Operating mode      Redundancy status
    ----+-------------------+-------------------+----------------------------------
    3   Active Supervisor   SSO                 Active                           

  • Recommended IOS XE version for Cisco Catalyst 4500X-16 SFP+ Switch

    Could someone confirm IOS XE version for Cisco Catalyst 4500X-16 SFP+ Switch please.
    It already has 03.06.00.E on it. I am planning to configure VSS on it with similar switch.
    VSS will participate in various Etherchannels (MES).
    Just wondering if there are any known bugs in this IOS XE release.

    Use the Bug Search Tool to look for issues with vss, vsl, etc.
    https://tools.cisco.com/bugsearch/

  • Connection of LC/APC fiber patch cords to Cisco Catalyst 6500 $ Cisco Access 3750 Switches

    I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
    I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
    Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"

    Thank you,  but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.  
    So what type of transceiver should I use to connect LC/APC patch cord to cisco switches?  Is there another type or SFP+ still can be used? 

  • Cisco Catalyst 2955 Causes Some Devices to "Die" During Boot

    I posted this question in the LAN section of the forums, but I realize this is probably the proper forum for my question.
    I have recently purchased a Cisco Catalyst model WS-2955C-12 switch. During POST (boot), the console reports that the switch undergoes what is known as a "FRONT-END LOOPBACK TEST". During this test the 14 port lights on the device light up amber for a moment, connectivity is lost, and after a second or two the lights go off and connectivity returns. We've found that the moment the lights go off at the end of this test, if we have a specific device (with a specific ethernet chip) directly connected to the switch the ethernet chip is adversely affected by this test - the device "goes dark" and is not capable of communicating with anything (including other switches, routers, etc...) until it is power-cycled. What exactly does this FRONT-END LOOPBACK TEST do (I know it's for validating the ports for hardware defects), and what does it send across the wire that could be causing my ethernet chip onboard the device to go bonkers?
    Thanks!
    -Danny

    The ethernet chip on the device (the device is a National Instruments product) is an STMicro STE10/100E, and I'm fairly confident I now know what's happening but I don't know why.
    When my ethernet chip is in Autonegotiate mode, the "FRONT-END LOOPBACK TEST" performed by the catalyst does something where, at the conclusion of the test, the ethernet chip goes into an autonegotiation state and never comes back out of it. I'm thinking the "FRONT-END LOOPBACK TEST" is sending something across the wire that's confusing this specific ethernet chip; I've tried 3 Intel parts and also a Broadcom part and they rode it out in autonegotiation mode just fine. If I put the STE chip into a manually-configured mode the "FRONT-END LOOPBACK TEST" doesn't cause it to "go dark".
    So, my question is really what does the FRONT-END LOOPBACK TEST do? Does it perform a remote loopback test (the STE10/100E doesn't support loopback tests)?
    -Danny

  • Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms

    With Wilson Bonilla
    Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla. 
    Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms.  With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.  
    Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
    Remember to use the rating system to let Wilson know if you've received an adequate response. 
    Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

    Hello NetNavi.
    Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
    In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
    In regards to Private VLANS:
    What is a Private Vlan?
    A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
    What is a primary Vlan?
    The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
    What is a secondary Vlan?
    A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
    What does it happen to host within a secondary isolated Vlan?
    Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
    What does it happen to host within the secondary community Vlan?
    Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
    What are the benefits of implementing private Vlans?
    Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
    Examples:
    ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
    DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
    I would like to share this documentation with you for further information and configuration guidelines
    http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
    This document explains what Cisco Catalyst switches support Private Vlans. 
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
    Let me know if you have further questions.
    Regards
    Wilson B.

  • Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

    Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
    Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
    ipv6 dhcp database disk0://DHCPV6-DB
    ipv6 dhcp pool VLAN206IPV6
     prefix-delegation pool VLAN206IPV6-POOL
     dns-server 2620:B700:0:1001::53
     domain-name global.bio.com
    ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
    interface Vlan206
     description *** IPv6 Subnet ***  
     ip address 10.2.104.2 255.255.255.0
     ipv6 address 2620:B700:0:12C7::2/64
     ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
     ipv6 nd managed-config-flag
     ipv6 dhcp server VLAN206IPV6
     standby version 2
     standby 0 ip 10.2.104.1
     standby 0 preempt
     standby 6 ipv6 2620:B700:0:12C7::1/64
     standby 6 preempt
    I'm getting a result from my debug as follows:
    Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
    Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
    Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
    Apr 10 16:28:03.861 PDT:   src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
    Apr 10 16:28:03.861 PDT:   dst FF02::1:2
    Apr 10 16:28:03.861 PDT:   type SOLICIT(1), xid 8277025
    Apr 10 16:28:03.861 PDT:   option ELAPSED-TIME(8), len 2
    Apr 10 16:28:03.861 PDT:     elapsed-time 101
    Apr 10 16:28:03.861 PDT:   option CLIENTID(1), len 14
    Apr 10 16:28:03.861 PDT:     00010001195FD895F01FAF10689E
    Apr 10 16:28:03.861 PDT:   option IA-NA(3), len 12
    Apr 10 16:28:03.861 PDT:     IAID 0x0FF01FAF, T1 0, T2 0
    Apr 10 16:28:03.861 PDT:   option UNKNOWN(39), len 32
    Apr 10 16:28:03.861 PDT:   option VENDOR-CLASS(16), len 14
    Apr 10 16:28:03.861 PDT:   option ORO(6), len 8
    Apr 10 16:28:03.861 PDT:     DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
    Apr 10 16:28:03.861 PDT:   src FE80::21D:E6FF:FEE4:4400
    Apr 10 16:28:03.861 PDT:   dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
    Apr 10 16:28:03.861 PDT:   type ADVERTISE(2), xid 8277025
    Apr 10 16:28:03.861 PDT:   option SERVERID(2), len 10
    Apr 10 16:28:03.865 PDT:     00030001001DE6E44400
    Apr 10 16:28:03.865 PDT:   option CLIENTID(1), len 14
    Apr 10 16:28:03.865 PDT:     00010001195FD895F01FAF10689E
    Apr 10 16:28:03.865 PDT:   option STATUS-CODE(13), len 15
    Apr 10 16:28:03.865 PDT:     status code NOADDRS-AVAIL(2)
    Apr 10 16:28:03.865 PDT:     status message: NOADDRS-AVAIL

    Hello,
    maybe hitting the following bug.
    Pv6 Address Assignment Support for IPv6 DHCP Server
    CSCse81385
    Hope this helps

  • Alternative switch to Cisco Catalyst 3750v2-24FS and 3750-24FS

    I`m looking for an alternative to these two switches:                 
    1.  WS-C3750V2-24FS-S  Cisco Catalyst 3750V2-24FS Switch with 24 100FX SFP + 2 Gigabit Ethernet SFP Ports
    2. Cisco Catalyst 3750-24FS (WS-C3750-24FS-S 100BASE-FX)
    They are now EOL and not available.
    I have a campus style network and need to be able to connect multiple 100FX fibre switches back to a central switch. The 1st unit uses 100FX SFP modules and the second has in-built 100FX ports. I`m struggling to find anything from Cisco that will give me multiple (i.e 12+) 100FX ports.
    Could anyone please point me in the right direction?
    Many thanks,
    Paul

    Hi Paul ,
    Replacement for both switch is WS-C3650-48TS-S.
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/eos-eol-notice-c51-730227.html
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/end_of_life_c51-687707.html
    Regards
    Don't forget to rate helpful posts
    Sent from Cisco Technical Support iPhone App

  • Cisco Catalyst 3850 as ntp master

    Hi All,
    I have 2 x Cisco Catalyst 3850 stacked together. What are your recommendations if I use the C3850 as a ntp master for all edge switches connected in my network? All edge switches must be authenticated if it needs NTP sychronization. But other than that, what are the downsides?
    For example,
    1. I heard that switches do not have an internal clock so is a poor device to be a centralized NTP master.
    2. I have also read that switches also have slow CPU processors that may lack the processing required.
    3. Its NTP sychronization will use external NTP servers which are resolved into IP addresses (e.g. pool.ntp.org). IP address can change. What other more reliable NTP sources are there?
    4. Any other thoughts and comments are most welcome.

    Firstly, DO NOT use the command "ntp master".  Cisco do not recommend using this commands because this will confuse the NTP propagation inside the network.  
    Next, all Cisco devices do not have a dedicated clock.  All appliances need to get SNTP/NTP time synch from somewhere.  This "somewhere" could either be a dedicated GPS-based NTP server and/or a time synch somewhere out in the internet.  
    You can also use the command "ntp update-calendar".  This new command allows appliances to take regular "snapshot" of the time and save it into the NVRAM.  In case there was a reboot or a power failure, the appliance's time is not too far away instead of waiting 5 to 10 minutes for SNTP/NTP to synch.

  • Debian Linux Bonding and Cisco Catalyst 3750 - best practise?

    Hello everybody,
    I would like to know what's best practice to do this:
    The two NICs of a Debian Linux server wants to be connected with two Switchports of a Cisco Catalyst 3750 switch(stack). My goal is to have load-balancing and failover.
    My /etc/network/interfaces looks like this:
    iface bond0 inet static
           address 192.168.0.30
           netmask 255.255.255.0
           network 192.168.0.0
           broadcast 192.168.0.255
           gateway 192.168.0.1
           dns-nameservers 192.168.0.10 192.168.0.20
           dns-search xyz.mycompany.com
           slaves eth0 eth1
           bond_mode ???
           bond_miimon 100
           bond_downdelay 200
           bond-updelay 200
    First question: What bond mode should I use?
    The switchports looks like this:
    interface GigabitEthernet3/0/4
     switchport access vlan 20
     switchport mode access
     spanning-tree portfast
    What changes are necessery here? Something like this?
    interface GigabitEthernet3/0/4
     switchport trunk encapsulation dot1q
     switchport mode trunk
     spanning-tree portfast
    Thanks a lot for suggestions, hints, etc.! :-)
    Greets
    Stephan

    Hi Michael,
    thanks a lot for your answer - and sorry for my late reply!
    I like to show you my solution - I hope that it is a solution. ;-)
    My config on the switch(stack):
    switch#show etherchannel summary
    Group  Port-channel  Protocol    Ports
    ------+-------------+-----------+-----------------------------------------------
    2      Po2(SU)         LACP      Gi3/0/3(P)  Gi4/0/3(P)
    switch#show running-config interface GigabitEthernet 3/0/3
    Building configuration...
    Current configuration : 172 bytes
    interface GigabitEthernet3/0/3
     description myserver, eth0
     switchport access vlan 20
     switchport mode access
     channel-group 2 mode active
     spanning-tree portfast
    end
    lansw01#show running-config interface GigabitEthernet 4/0/3
    Building configuration...
    Current configuration : 172 bytes
    interface GigabitEthernet4/0/3
     description myserver, eth1
     switchport access vlan 20
     switchport mode access
     channel-group 2 mode active
     spanning-tree portfast
    end
    switch#show running-config interface port-channel 2
    Building configuration...
    Current configuration : 82 bytes
    interface Port-channel2
     switchport access vlan 20
     switchport mode access
    end
    The /etc/network/interfaces of my Debian machine looks like this:
    auto lo
    iface lo inet loopback
    auto bond0
            iface bond0 inet static
            address 192.168.1.xxx
            netmask 255.255.255.0
            gateway 192.168.1.xxx
            dns-nameservers 192.168.1.xxx
            dns-search xxx.xxx.xxx
            bond-mode 4
            bond-miimon 100
            bond-downdelay 200
            bond-updelay 200
            bond-lacp-rate 1
            slaves eth0 eth1
    This setup seems to work well. But I'm wondering that there is nothing with "trunking" in my setup. Would you like to give me your opinion about this?
    Thanks a lot and many greets
    Stephan

Maybe you are looking for