Design for redundancy of access switch

hello all,
I have the following design for a site:
Provider delivers channel with HSRP redundant routers, but access level in not redundant and represented by one switch.
Am I correct that there is no way no provide redundancy on access level only with access switches or there are any design proposals?!

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Reza describes, many hosts only have a single connection to network, so that single connection is always a possible point of failure.  But there's a couple of things you can do to minimize the impact of a network infrastructure device failure.
When working with small appliance type switches, you might have multiple smaller switches rather than one large switch.  For example, instead of having one 48 port switch, you might have two 24 ports switches, or six 8 port switches, etc..  If a switch fails, not all hosts lose connectivity.
You can also have additional ports, ideally enough to handle lost of any one unit of hardware,  So, for example, if you have seven 8 port switches, when you only need 48 ports, if a switch fails, you only lose 1/7 of your hosts until they can be repatched into available ports on the other switches.
If some of your hosts have multiple NICs, then there are various method to use the two NICs to avoid a single network unit failure from dropping the host.  Usually only shared servers merit that level of redundancy.

Similar Messages

  • 2 Switch stack Design for redundancy

    Hi Everyone,
    I need to connect 2 switches in stack which will connect to 2 servers.
    Each server will habe 12 NICs.
    So for Redundancy purposes i can connect 6 ports from server A to Switch 1
                                                                   6 Ports from server A to Switch 2
    Same way i can do
    6 ports from Server B to Switch 1
    6 ports from Server B to switch 2
    IF i go with above design and in case say switch 2 dies then stack will have single switch will it cause any outage?
    Regards
    Mahesh

    Disclaimer
    The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
    Posting
    IF i go with above design and in case say switch 2 dies then stack will have single switch will it cause any outage?
    It depends.
    One of your two switches will run in the role of switch master, and if that switch fails, there's a brief impact as control plane function are taken over by the second switch.  Whether this control plane switch over causes any impact to the server hosts depends on switch configuration and how (via L2 or L3) the hosts are communicating to other hosts.  For example, if you're running default, regarding master switch MAC persistence, that MAC will change, which I understand, will drop Etherchannel.

  • HSRP between 2 access switches and 2 core switches

    Hi I am looking for running HSRP between 2 access switches and 2 core switches for client PC and Server network’s next-hop redundancy as per attached setup.
    As you can see I have used one /29 network for connecting CORE & ACCESS switches & configure Interface VLAN10 (Layer 3 SVI) with shown IPs and standby IP (VIP).G0/1 on Access Switches & G2/1 on Core Switches are access ports for VLAN10.
    There is a L2 Trunk interconnecting Core-Main/Backup & as well as Access-Main/Backup Switches allowing VLAN10 to allow VLAN10’s HSRP packets to pass through (apart from other HSRP instances).
    Below are the HRSP & Trunk configuration on Core and Access Switches please have a look and suggest if they are correct in term of HSRP implementation, as I can see on both side HSRP master & standby status are fine as desired, but I can’t ping VIP of ACCESS Switch from CORE switch, but the VIP of CORE switch I can ping from ACCESS switch.
    Access-Main
    interface GigabitEthernet0/1
     description ***Connected to CR-SW-01 PORT G2/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet0/2
     description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,40
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to CR-SW-01 PORT G2/1***
     ip address 10.10.11.1 255.255.255.248
     standby 1 ip 10.10.11.2
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication accvlan10
    Access-Backup
    interface GigabitEthernet0/1
     description ***Connected to CR-SW-02 PORT G2/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet0/2
     description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,40
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to CR-SW-02 PORT G2/1***
     ip address 10.10.11.3 255.255.255.248
     standby 1 ip 10.10.11.2
     standby 1 priority 10
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication accvlan10
    Core-Main
    interface GigabitEthernet2/1
     description ***Connected to AC-SW-01 PORT G0/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet2/2
     description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,20
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to AC-SW-01 PORT G0/1***
     ip address 10.10.11.4 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10
    Core-Backup
    interface GigabitEthernet2/1
     description ***Connected to AC-SW-02 PORT G0/1***
     switchport access vlan 10
     switchport mode access
     load-interval 30
    interface GigabitEthernet2/2
     description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 10,20
     switchport mode trunk
     load-interval 30
    interface Vlan10
     description ***Connected to AC-SW-02 PORT G0/1***
     ip address 10.10.11.6 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 priority 10
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10

    Hi Rick thanks once again, so I am assuming I should use to configure as below and still one /29 subnet I can use to connect these Switches with the above static routings.
    Access Switch-Main
    interface Vlan10
     description ***Connected to CR-SW-01 PORT G2/1***
     ip address 10.10.11.1 255.255.255.248
     standby 2 ip 10.10.11.2
     standby 2 timers msec 200 msec 750
     standby 2 preempt delay minimum 180
     standby 2 authentication accvlan10
    ip route 192.168.20.0 255.255.255.0 10.10.11.5
    Access Switch-Backup
    interface Vlan10
     description ***Connected to CR-SW-02 PORT G2/1***
     ip address 10.10.11.3 255.255.255.248
     standby 2 ip 10.10.11.2
     standby 2 priority 10
     standby 2 timers msec 200 msec 750
     standby 2 preempt delay minimum 180
     standby 2 authentication accvlan10
    ip route 192.168.20.0 255.255.255.0 10.10.11.5
    Core Switch -Main
    interface Vlan10
     description ***Connected to AC-SW-01 PORT G0/1***
     ip address 10.10.11.4 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10
    ip route 192.168.40.0 255.255.255.0 10.10.11.2
    Core Switch -Backup
    interface Vlan10
     description ***Connected to AC-SW-02 PORT G0/1***
     ip address 10.10.11.6 255.255.255.248
     standby 1 ip 10.10.11.5
     standby 1 priority 10
     standby 1 timers msec 200 msec 750
     standby 1 preempt delay minimum 180
     standby 1 authentication crvlan10
    ip route 192.168.40.0 255.255.255.0 10.10.11.2

  • SAN design : core edge and dual-homing access switch

    Hello all.
    It may sound as a dumb question (from a LAN guy) but when designing a core/edge or edge/ecore/edge design, why do we connect access switches to both core switches ? Doesn't it break the isolation of a dual fabric backbone ?
    If an access switch fails the fault (bug or anything else) will propagate to both core switches ? Am I wrong ?
    Example :
    http://www.cisco.com/en/US/prod/collateral/modules/ps5991/prod_white_paper0900aecd8044c807_ps5990_Products_White_Paper.html
    or from netrworkers sessions in 2006

    Answer also from LAN guy,
    Most likely this design diagram is due to assumption that there is no use of VSANs and SAN Multipathing drivers in host.
    Following is excerpt from same like yo posted.
    "SAN designs should always use two isolated fabrics  for high availability, with both hosts and storage connecting to both  fabrics. Multipathing software should be deployed on the hosts to manage  connectivity between the host and storage so that I/O uses both paths,  and there is non-disruptive failover between fabrics in the event of a  problem in one fabric. Fabric isolation can be achieved using either  VSANs, or dual physical switches. Both provide separation of fabric  services, although it could be argued that multiple physical fabrics  provide increased physical protection (e.g. protection against a  sprinkler head failing above a switch) and protection against equipment  failure. "

  • Requirements for others to access my design in creative cloud

    What are the requirements for others to access my design in creative cloud?

    1-upload your file(s) to your Cloud storage
    2-give them the link(s)
    3-they do, of course, have to have the same software to open the files

  • Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

    Hello,
    I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
    In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
     I dont know but do you like this solutions i want to try on sunday?:
     Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
    Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
    Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
    ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
     CONFIG WITH PROBLEM
    ======================
    3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
    interface GigabitEthernet2/0/28
     description VIRTUAL SNMP2
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 4,13,88,250
     switchport mode trunk
     switchport nonegotiate
     logging event trunk-status
     shutdown
    interface GigabitEthernet1/0/43
     description VIRTUAL SNMP1
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 4,13,88,250
     switchport mode trunk
     switchport nonegotiate
     shutdown
    DELL M6220: (its only one swith)
    interface Gi3/0/19
    switchport mode trunk
    switchport trunk allowed vlan 4,13,88,250
    exit
    interface Gi4/0/19
    switchport mode trunk
    switchport trunk allowed vlan 4,13,88,250
    exit

    F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
    In this example:
    VLANS - Voice on 188, data on 57, management on 56.
    conf t
    hostname XXX-VOICE-SWXX
    no passwords complexity enable
    username xxxx priv 15 password XXXXX
    enable password xxxxxx
    ip ssh server
    ip telnet server
    crypto key generate rsa
    macro auto disabled
    voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
    vlan 56,57,188
    voice vlan id 188
    int vlan 56
    ip address 10.230.56.12 255.255.255.0
    int vlan1
    no ip add dhcp
    ip default-gateway 10.230.56.1
    interface range GE1 - 2
    switchport mode trunk
    channel-group 1 mode auto
    int range fa1 - 24
    switchport mode trunk
    switchport trunk allowed vlan add 188
    switchport trunk native vlan 57
    qos advanced
    qos advanced ports-trusted
    exit
    int Po1
    switchport trunk allowed vlan add 56,57,188
    switchport trunk native vlan 1
    do sh interfaces switchport po1
    !CATYLYST SIDE
    !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
    interface Port-channel1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,56,57,189
    switchport mode trunk

  • Spanning vlans across access switches in distribution block.... please help

    Hi All
    Can someone please explain why Cisco states that in a Campus Hierarchical modle if Vlans are spanned across Access switches in a distribution block, then the Distrubution to distribution link should be Layer 2. Is this really necesary or just a recommendation, and if so why? Can't this link be a L3 link when spanning vlans across Access switches in distribution block, as I understand the benefit of having a L3 distribution to distribution link so that SPT is avoided.
    Please help

    Hello,
    The cisco recommended design is L3 links, but these is only possible if you have no vlans you need to span over the hole network.
    It depends on your topology or what you want achieve.
    If you need for one or more vlan's spanned the LAN, you need to use a layer 2 connection between all switches and between distribution too.
    In my company we have for example a few vlans for restricted areas, like device management or else, so we can't use L3 Links in the distribution area because these vlan's are terminated at the firewall. I think these is good thing.
    I would recommend you if you don't have to span one or more vlan's across the network to use L3 Links, specially in the case of redundancy way's. So you need no spanning-tree, but need to use other protocols like GLBP or else. The works faster and are not so confusing (for some people) as STP.
    best regards,
    Sebastian

  • With STP one of the port of the access switch connecting to the backup path should be blocked

    Dear All,
    I have setup my LAN with one L3 cisco 3750 and have 2 2960 as access switch. The two access switch are connected to the L3 switch directly  and two access switch connected back to back for redundancy. There one VLAN configured between all these switches.
    When I checked the show spanning-tree one of the access switch the ports is correct as below,
    sw1#sh spa
    VLAN0005
      Spanning tree enabled protocol ieee
      Root ID    Priority    24581
                 Address     0001.4353.DB5A
                 Cost        4
                 Port        25(GigabitEthernet1/1)
                 Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
      Bridge ID  Priority    32773  (priority 32768 sys-id-ext 5)
                 Address     0001.C760.93AC
                 Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
                 Aging Time  20
    Interface        Role Sts Cost      Prio.Nbr Type
    Gi1/1            Root FWD 4         128.25   P2p
    Gi1/2            Altn BLK 4         144.26   P2p
    whereas the in the other L2 switch both the port are in forwarding state. 
    sw2#sh spanning-tree 
    VLAN0005
      Spanning tree enabled protocol ieee
      Root ID    Priority    24581
                 Address     0001.4353.DB5A
                 Cost        4
                 Port        25(GigabitEthernet1/1)
                 Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
      Bridge ID  Priority    32773  (priority 32768 sys-id-ext 5)
                 Address     0001.4256.9A77
                 Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
                 Aging Time  20
    Interface        Role Sts Cost      Prio.Nbr Type
    Gi1/1            Root FWD 4         128.25   P2p
    Gi1/2            Desg FWD 4         144.26   P2p
    I want the redundant port to be blocked state. I tried changing the port priority of the access switch but did not yield any result.
    Request for support.
    Easwar

    Hi Easwar,
    What you see is STP working properly, and the port roles and states are exactly as they should be. Even on a redundant link between switches, exactly one port must be a Designated port in the Forwarding state. STP never blocks a redundant link between switches on both ends. First, it is not necessary to prevent loops: as long as your Sw1 has its port in the Blocking state, it will not be using that link to forward data. Second, if there was an unmanaged switch connected between Sw1 and Sw2 with some stations attached, and both Sw1 and Sw2 had their ports in the Blocking state, the stations connected to this unmanaged switch would be entirely cut off from the network.
    Is there any particular reason why you want the port to be blocking?
    Best regards,
    Peter

  • Metro Ethernet Design With Redundant Head Ends

    We're getting ready to turn up some metro ethernet circuits that were just installed by AT&T. AT&T has provided a VLAN for each remote site (so each site has its own VLAN), and those VLANs are trunked to our head end switches (Cisco 3750 Metro Switches).
    I'm struggling with the best design for IP routing. We currently use OSPF on our internal network, and I was going to extend OSPF to our metro solution as well, but I'm not so sure now.
    I don't want routing to occur directly between head end #1 and head end #2, we already have redundant paths within our corporate network, and allowing our two head ends to route between each other via our metro ethernet solution is not what we want. However, running OSPF on each of the VLANs which have been provisioned for us would permit routing between the head ends.
    We simply need to allow redundanny for our remote locations in the event that one head end were to fail, all of the traffic to/from the remote site would be routed through the head end which is still online.
    Anyone suggestions on the best routing design for this situation would be greatly appreciated. I've attached a network diagram to make things clear. I believe I can also go back to AT&T and request one VLAN that includes all sites if that would simply things. I just need to make sure I can still do our traffic shaping because the remote sites are only 10mbps and the head ends are 1gbps.
    Thanks,
    -Steve

    just at a glance it looks as if you should be able to have stp on and setup 1 site as primary and other as secondary

  • Recommended Design for WAAS in both Data center and Branch Offices

    Hi All,
    I need to purchase different appliances for WAAS, but before I decide what to purchase, I need to know exactly how I am going to put these devices so that I can know which one to purchase and how the designs will be.
    My environment is as follows:
    I have two core routers (ASR 1000 series) at Data center, two 6509 switches (expecting to insert the ACE module, and FW module) and the I have access switches which connects servers.
    At the branch offices, I am expecting to place ASR1000 series also.
    Now, I need to know the recommended designs for these WAAS appliances so that, I can know in advance what to purchase(i.e. how many WAAS CM, Core WAE, and Edge WAE).
    Any input will highly be appreciated.
    Thanks,

    If you purchase the Standard Edition, your license supports:
    One installation of Cisco Security Manager on one Windows-based server.
    The configuration or management of 5 devices (in the Standard-5 option) or 25 devices (in the Standard-25 option). This excludes Catalyst 6500 and 7600 Series devices and their associated service modules.
    If you purchase either the Standard-5 or Standard-25 license, you cannot purchase an incremental device license. Your license is fixed at either 5 or 25 devices.

  • [solved] DHCP snooping in environment with core and access switches

    Hello,
    I'd like to know what steps are needed to configure DHCP snooping in my environment:
    1) two core switches Catalyst 6500 (VSS): VLAN defined here, DHCP server connected here
    2) access switches Catalyst 3750: clients connected here
    Access switches are connected to core ones via trunk ports (fiber optics).
    How many snooping databases are required?  One for core and next for each stack?

    Hi Marian,
    If your network is properly designed and connected so that clients, including DHCP clients, are attached to the access layer switches, then the DHCP Snooping should be run only on access switches. Running DHCP Snooping on core switches is not going to increase the security because the DHCP communication has already been sanitized on the access layer.
    If you intend to save the DHCP Snooping database then each switch performing the DHCP Snooping needs to have its own database if you intend to use a persistent storage for it. However, you can always have the switch to save the database to its own FLASH, alleviating the need for a centralized networked storage.
    I am not sure if this answers your question so please feel welcome to ask further.
    Best regards,
    Peter

  • BBSM - Basic design for Wireless

    I am designing a wireless/BBSM network for a customer. The will have AP's available with both a guest SSID and an Employee SSID. They have non-cisco switches. Can I still use BBSM for guest wireless access?

    As long as the BBSM has IP/SNMP connectivity to the Aironet APs you should not have a problem. I would recommend you use the AP settings with packet inactivity timer in network elements.

  • Design for "featured providers"

    I don't know what the feature is called but when you click in the itunes store on podcast and then on "featured providers" then you can see that big podcast providers with more than one podcast seem to have their own "chapter" "section" or whatever it is called. (so what is it called?). Just take a look at BBC for example. It is defined by a distinct design with a huge space on top with their logo and image material and a text block. Further down you have a box with all their podcasts.
    My question is: how do I provide a design for this. Where do I upload the background design files and when, do I do that when I register the podcasts? Can anyone tell me how this feature is called at all? I have noticed that providers that aren't even on the "featured providers" list have their own chapters.

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    As Reza describes, many hosts only have a single connection to network, so that single connection is always a possible point of failure.  But there's a couple of things you can do to minimize the impact of a network infrastructure device failure.
    When working with small appliance type switches, you might have multiple smaller switches rather than one large switch.  For example, instead of having one 48 port switch, you might have two 24 ports switches, or six 8 port switches, etc..  If a switch fails, not all hosts lose connectivity.
    You can also have additional ports, ideally enough to handle lost of any one unit of hardware,  So, for example, if you have seven 8 port switches, when you only need 48 ports, if a switch fails, you only lose 1/7 of your hosts until they can be repatched into available ports on the other switches.
    If some of your hosts have multiple NICs, then there are various method to use the two NICs to avoid a single network unit failure from dropping the host.  Usually only shared servers merit that level of redundancy.

  • Design for wireless project....need help....

    Hi Team
    i have a requirement from client and need suggestions on the design. Client has 1 main office and 5 remote branches. client requires wireless in all offices. approx 600 access points with 100 in each location client requires all wireless access points to be registered at HO controller and a redundant controller to be at the branch. if the controllet @ HO goes down access point to be served by the controller local to the site.
    Is this type of a design possible ? kindly do help me in suggesting the best for my clent.
    Thanks !!!

    The 7500 has two 10 gig connections that can be used. So you will need a 10 gig module to connect that to. You don't need to use a tertiary wlc unless you have one available. Usually two is good enough. Again.. You need to decide if you want to go local or h-reap. You can go either way, but why put one wlc in HQ and the other at the remote site. If your concern is 100% redundancy, then put two out at each site. If you have more money to use, then add another WLC at HQ for your tertiary. Now I don't think you need more than a 5508-500 at HQ because the percentage of loosing all 6 sites WLC's is pretty slim. If you go h-reap, then put the WLC's at HQ. Get 3 5508-500 for redundancy unless you have the WiSM2. If you have 10gig, then two 7500's will do. You have many options.
    Thanks,
    Scott Fella
    Sent from my iPhone

  • What are the major differences between a Access Switch and Aggregation Switch w.r.t Carrier Ethernet domain?

    In a Carrier Ethernet domain,Could someone please help me understand what's the basic difference between Access Switch and Aggregation Switch both in terms of s/w and h/w functionalities. MEF deals OAM,CFM, EVC provisioning only at the access edge switches. Do we need to repeat all these at the aggregation level? or  is it just used for routing purpose? Do we have a separate Fault Management at the aggregation level?

    Duplicate posts.  :P
    Go here:  https://supportforums.cisco.com/discussion/12137156/what-are-major-differences-between-access-switch-and-aggregation-switch-wrt

Maybe you are looking for