Design for redundancy of access switch
hello all,
I have the following design for a site:
Provider delivers channel with HSRP redundant routers, but access level in not redundant and represented by one switch.
Am I correct that there is no way no provide redundancy on access level only with access switches or there are any design proposals?!
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Reza describes, many hosts only have a single connection to network, so that single connection is always a possible point of failure. But there's a couple of things you can do to minimize the impact of a network infrastructure device failure.
When working with small appliance type switches, you might have multiple smaller switches rather than one large switch. For example, instead of having one 48 port switch, you might have two 24 ports switches, or six 8 port switches, etc.. If a switch fails, not all hosts lose connectivity.
You can also have additional ports, ideally enough to handle lost of any one unit of hardware, So, for example, if you have seven 8 port switches, when you only need 48 ports, if a switch fails, you only lose 1/7 of your hosts until they can be repatched into available ports on the other switches.
If some of your hosts have multiple NICs, then there are various method to use the two NICs to avoid a single network unit failure from dropping the host. Usually only shared servers merit that level of redundancy.
Similar Messages
-
2 Switch stack Design for redundancy
Hi Everyone,
I need to connect 2 switches in stack which will connect to 2 servers.
Each server will habe 12 NICs.
So for Redundancy purposes i can connect 6 ports from server A to Switch 1
6 Ports from server A to Switch 2
Same way i can do
6 ports from Server B to Switch 1
6 ports from Server B to switch 2
IF i go with above design and in case say switch 2 dies then stack will have single switch will it cause any outage?
Regards
MaheshDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
IF i go with above design and in case say switch 2 dies then stack will have single switch will it cause any outage?
It depends.
One of your two switches will run in the role of switch master, and if that switch fails, there's a brief impact as control plane function are taken over by the second switch. Whether this control plane switch over causes any impact to the server hosts depends on switch configuration and how (via L2 or L3) the hosts are communicating to other hosts. For example, if you're running default, regarding master switch MAC persistence, that MAC will change, which I understand, will drop Etherchannel. -
HSRP between 2 access switches and 2 core switches
Hi I am looking for running HSRP between 2 access switches and 2 core switches for client PC and Server network’s next-hop redundancy as per attached setup.
As you can see I have used one /29 network for connecting CORE & ACCESS switches & configure Interface VLAN10 (Layer 3 SVI) with shown IPs and standby IP (VIP).G0/1 on Access Switches & G2/1 on Core Switches are access ports for VLAN10.
There is a L2 Trunk interconnecting Core-Main/Backup & as well as Access-Main/Backup Switches allowing VLAN10 to allow VLAN10’s HSRP packets to pass through (apart from other HSRP instances).
Below are the HRSP & Trunk configuration on Core and Access Switches please have a look and suggest if they are correct in term of HSRP implementation, as I can see on both side HSRP master & standby status are fine as desired, but I can’t ping VIP of ACCESS Switch from CORE switch, but the VIP of CORE switch I can ping from ACCESS switch.
Access-Main
interface GigabitEthernet0/1
description ***Connected to CR-SW-01 PORT G2/1***
switchport access vlan 10
switchport mode access
load-interval 30
interface GigabitEthernet0/2
description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,40
switchport mode trunk
load-interval 30
interface Vlan10
description ***Connected to CR-SW-01 PORT G2/1***
ip address 10.10.11.1 255.255.255.248
standby 1 ip 10.10.11.2
standby 1 timers msec 200 msec 750
standby 1 preempt delay minimum 180
standby 1 authentication accvlan10
Access-Backup
interface GigabitEthernet0/1
description ***Connected to CR-SW-02 PORT G2/1***
switchport access vlan 10
switchport mode access
load-interval 30
interface GigabitEthernet0/2
description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,40
switchport mode trunk
load-interval 30
interface Vlan10
description ***Connected to CR-SW-02 PORT G2/1***
ip address 10.10.11.3 255.255.255.248
standby 1 ip 10.10.11.2
standby 1 priority 10
standby 1 timers msec 200 msec 750
standby 1 preempt delay minimum 180
standby 1 authentication accvlan10
Core-Main
interface GigabitEthernet2/1
description ***Connected to AC-SW-01 PORT G0/1***
switchport access vlan 10
switchport mode access
load-interval 30
interface GigabitEthernet2/2
description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
load-interval 30
interface Vlan10
description ***Connected to AC-SW-01 PORT G0/1***
ip address 10.10.11.4 255.255.255.248
standby 1 ip 10.10.11.5
standby 1 timers msec 200 msec 750
standby 1 preempt delay minimum 180
standby 1 authentication crvlan10
Core-Backup
interface GigabitEthernet2/1
description ***Connected to AC-SW-02 PORT G0/1***
switchport access vlan 10
switchport mode access
load-interval 30
interface GigabitEthernet2/2
description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
load-interval 30
interface Vlan10
description ***Connected to AC-SW-02 PORT G0/1***
ip address 10.10.11.6 255.255.255.248
standby 1 ip 10.10.11.5
standby 1 priority 10
standby 1 timers msec 200 msec 750
standby 1 preempt delay minimum 180
standby 1 authentication crvlan10Hi Rick thanks once again, so I am assuming I should use to configure as below and still one /29 subnet I can use to connect these Switches with the above static routings.
Access Switch-Main
interface Vlan10
description ***Connected to CR-SW-01 PORT G2/1***
ip address 10.10.11.1 255.255.255.248
standby 2 ip 10.10.11.2
standby 2 timers msec 200 msec 750
standby 2 preempt delay minimum 180
standby 2 authentication accvlan10
ip route 192.168.20.0 255.255.255.0 10.10.11.5
Access Switch-Backup
interface Vlan10
description ***Connected to CR-SW-02 PORT G2/1***
ip address 10.10.11.3 255.255.255.248
standby 2 ip 10.10.11.2
standby 2 priority 10
standby 2 timers msec 200 msec 750
standby 2 preempt delay minimum 180
standby 2 authentication accvlan10
ip route 192.168.20.0 255.255.255.0 10.10.11.5
Core Switch -Main
interface Vlan10
description ***Connected to AC-SW-01 PORT G0/1***
ip address 10.10.11.4 255.255.255.248
standby 1 ip 10.10.11.5
standby 1 timers msec 200 msec 750
standby 1 preempt delay minimum 180
standby 1 authentication crvlan10
ip route 192.168.40.0 255.255.255.0 10.10.11.2
Core Switch -Backup
interface Vlan10
description ***Connected to AC-SW-02 PORT G0/1***
ip address 10.10.11.6 255.255.255.248
standby 1 ip 10.10.11.5
standby 1 priority 10
standby 1 timers msec 200 msec 750
standby 1 preempt delay minimum 180
standby 1 authentication crvlan10
ip route 192.168.40.0 255.255.255.0 10.10.11.2 -
SAN design : core edge and dual-homing access switch
Hello all.
It may sound as a dumb question (from a LAN guy) but when designing a core/edge or edge/ecore/edge design, why do we connect access switches to both core switches ? Doesn't it break the isolation of a dual fabric backbone ?
If an access switch fails the fault (bug or anything else) will propagate to both core switches ? Am I wrong ?
Example :
http://www.cisco.com/en/US/prod/collateral/modules/ps5991/prod_white_paper0900aecd8044c807_ps5990_Products_White_Paper.html
or from netrworkers sessions in 2006Answer also from LAN guy,
Most likely this design diagram is due to assumption that there is no use of VSANs and SAN Multipathing drivers in host.
Following is excerpt from same like yo posted.
"SAN designs should always use two isolated fabrics for high availability, with both hosts and storage connecting to both fabrics. Multipathing software should be deployed on the hosts to manage connectivity between the host and storage so that I/O uses both paths, and there is non-disruptive failover between fabrics in the event of a problem in one fabric. Fabric isolation can be achieved using either VSANs, or dual physical switches. Both provide separation of fabric services, although it could be argued that multiple physical fabrics provide increased physical protection (e.g. protection against a sprinkler head failing above a switch) and protection against equipment failure. " -
Requirements for others to access my design in creative cloud
What are the requirements for others to access my design in creative cloud?
1-upload your file(s) to your Cloud storage
2-give them the link(s)
3-they do, of course, have to have the same software to open the files -
Hello,
I have an Spanning tree problem when i conect 2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy, with one IP of management)
In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
I dont know but do you like this solutions i want to try on sunday?:
Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
¿could you help me to control the root? ¿Do you think its better another solution? thanks!
CONFIG WITH PROBLEM
======================
3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
interface GigabitEthernet2/0/28
description VIRTUAL SNMP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
logging event trunk-status
shutdown
interface GigabitEthernet1/0/43
description VIRTUAL SNMP1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
shutdown
DELL M6220: (its only one swith)
interface Gi3/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit
interface Gi4/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exitF.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk -
Hi All
Can someone please explain why Cisco states that in a Campus Hierarchical modle if Vlans are spanned across Access switches in a distribution block, then the Distrubution to distribution link should be Layer 2. Is this really necesary or just a recommendation, and if so why? Can't this link be a L3 link when spanning vlans across Access switches in distribution block, as I understand the benefit of having a L3 distribution to distribution link so that SPT is avoided.
Please helpHello,
The cisco recommended design is L3 links, but these is only possible if you have no vlans you need to span over the hole network.
It depends on your topology or what you want achieve.
If you need for one or more vlan's spanned the LAN, you need to use a layer 2 connection between all switches and between distribution too.
In my company we have for example a few vlans for restricted areas, like device management or else, so we can't use L3 Links in the distribution area because these vlan's are terminated at the firewall. I think these is good thing.
I would recommend you if you don't have to span one or more vlan's across the network to use L3 Links, specially in the case of redundancy way's. So you need no spanning-tree, but need to use other protocols like GLBP or else. The works faster and are not so confusing (for some people) as STP.
best regards,
Sebastian -
With STP one of the port of the access switch connecting to the backup path should be blocked
Dear All,
I have setup my LAN with one L3 cisco 3750 and have 2 2960 as access switch. The two access switch are connected to the L3 switch directly and two access switch connected back to back for redundancy. There one VLAN configured between all these switches.
When I checked the show spanning-tree one of the access switch the ports is correct as below,
sw1#sh spa
VLAN0005
Spanning tree enabled protocol ieee
Root ID Priority 24581
Address 0001.4353.DB5A
Cost 4
Port 25(GigabitEthernet1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32773 (priority 32768 sys-id-ext 5)
Address 0001.C760.93AC
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Root FWD 4 128.25 P2p
Gi1/2 Altn BLK 4 144.26 P2p
whereas the in the other L2 switch both the port are in forwarding state.
sw2#sh spanning-tree
VLAN0005
Spanning tree enabled protocol ieee
Root ID Priority 24581
Address 0001.4353.DB5A
Cost 4
Port 25(GigabitEthernet1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32773 (priority 32768 sys-id-ext 5)
Address 0001.4256.9A77
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Root FWD 4 128.25 P2p
Gi1/2 Desg FWD 4 144.26 P2p
I want the redundant port to be blocked state. I tried changing the port priority of the access switch but did not yield any result.
Request for support.
EaswarHi Easwar,
What you see is STP working properly, and the port roles and states are exactly as they should be. Even on a redundant link between switches, exactly one port must be a Designated port in the Forwarding state. STP never blocks a redundant link between switches on both ends. First, it is not necessary to prevent loops: as long as your Sw1 has its port in the Blocking state, it will not be using that link to forward data. Second, if there was an unmanaged switch connected between Sw1 and Sw2 with some stations attached, and both Sw1 and Sw2 had their ports in the Blocking state, the stations connected to this unmanaged switch would be entirely cut off from the network.
Is there any particular reason why you want the port to be blocking?
Best regards,
Peter -
Metro Ethernet Design With Redundant Head Ends
We're getting ready to turn up some metro ethernet circuits that were just installed by AT&T. AT&T has provided a VLAN for each remote site (so each site has its own VLAN), and those VLANs are trunked to our head end switches (Cisco 3750 Metro Switches).
I'm struggling with the best design for IP routing. We currently use OSPF on our internal network, and I was going to extend OSPF to our metro solution as well, but I'm not so sure now.
I don't want routing to occur directly between head end #1 and head end #2, we already have redundant paths within our corporate network, and allowing our two head ends to route between each other via our metro ethernet solution is not what we want. However, running OSPF on each of the VLANs which have been provisioned for us would permit routing between the head ends.
We simply need to allow redundanny for our remote locations in the event that one head end were to fail, all of the traffic to/from the remote site would be routed through the head end which is still online.
Anyone suggestions on the best routing design for this situation would be greatly appreciated. I've attached a network diagram to make things clear. I believe I can also go back to AT&T and request one VLAN that includes all sites if that would simply things. I just need to make sure I can still do our traffic shaping because the remote sites are only 10mbps and the head ends are 1gbps.
Thanks,
-Stevejust at a glance it looks as if you should be able to have stp on and setup 1 site as primary and other as secondary
-
Recommended Design for WAAS in both Data center and Branch Offices
Hi All,
I need to purchase different appliances for WAAS, but before I decide what to purchase, I need to know exactly how I am going to put these devices so that I can know which one to purchase and how the designs will be.
My environment is as follows:
I have two core routers (ASR 1000 series) at Data center, two 6509 switches (expecting to insert the ACE module, and FW module) and the I have access switches which connects servers.
At the branch offices, I am expecting to place ASR1000 series also.
Now, I need to know the recommended designs for these WAAS appliances so that, I can know in advance what to purchase(i.e. how many WAAS CM, Core WAE, and Edge WAE).
Any input will highly be appreciated.
Thanks,If you purchase the Standard Edition, your license supports:
One installation of Cisco Security Manager on one Windows-based server.
The configuration or management of 5 devices (in the Standard-5 option) or 25 devices (in the Standard-25 option). This excludes Catalyst 6500 and 7600 Series devices and their associated service modules.
If you purchase either the Standard-5 or Standard-25 license, you cannot purchase an incremental device license. Your license is fixed at either 5 or 25 devices. -
[solved] DHCP snooping in environment with core and access switches
Hello,
I'd like to know what steps are needed to configure DHCP snooping in my environment:
1) two core switches Catalyst 6500 (VSS): VLAN defined here, DHCP server connected here
2) access switches Catalyst 3750: clients connected here
Access switches are connected to core ones via trunk ports (fiber optics).
How many snooping databases are required? One for core and next for each stack?Hi Marian,
If your network is properly designed and connected so that clients, including DHCP clients, are attached to the access layer switches, then the DHCP Snooping should be run only on access switches. Running DHCP Snooping on core switches is not going to increase the security because the DHCP communication has already been sanitized on the access layer.
If you intend to save the DHCP Snooping database then each switch performing the DHCP Snooping needs to have its own database if you intend to use a persistent storage for it. However, you can always have the switch to save the database to its own FLASH, alleviating the need for a centralized networked storage.
I am not sure if this answers your question so please feel welcome to ask further.
Best regards,
Peter -
BBSM - Basic design for Wireless
I am designing a wireless/BBSM network for a customer. The will have AP's available with both a guest SSID and an Employee SSID. They have non-cisco switches. Can I still use BBSM for guest wireless access?
As long as the BBSM has IP/SNMP connectivity to the Aironet APs you should not have a problem. I would recommend you use the AP settings with packet inactivity timer in network elements.
-
Design for "featured providers"
I don't know what the feature is called but when you click in the itunes store on podcast and then on "featured providers" then you can see that big podcast providers with more than one podcast seem to have their own "chapter" "section" or whatever it is called. (so what is it called?). Just take a look at BBC for example. It is defined by a distinct design with a huge space on top with their logo and image material and a text block. Further down you have a box with all their podcasts.
My question is: how do I provide a design for this. Where do I upload the background design files and when, do I do that when I register the podcasts? Can anyone tell me how this feature is called at all? I have noticed that providers that aren't even on the "featured providers" list have their own chapters.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Reza describes, many hosts only have a single connection to network, so that single connection is always a possible point of failure. But there's a couple of things you can do to minimize the impact of a network infrastructure device failure.
When working with small appliance type switches, you might have multiple smaller switches rather than one large switch. For example, instead of having one 48 port switch, you might have two 24 ports switches, or six 8 port switches, etc.. If a switch fails, not all hosts lose connectivity.
You can also have additional ports, ideally enough to handle lost of any one unit of hardware, So, for example, if you have seven 8 port switches, when you only need 48 ports, if a switch fails, you only lose 1/7 of your hosts until they can be repatched into available ports on the other switches.
If some of your hosts have multiple NICs, then there are various method to use the two NICs to avoid a single network unit failure from dropping the host. Usually only shared servers merit that level of redundancy. -
Design for wireless project....need help....
Hi Team
i have a requirement from client and need suggestions on the design. Client has 1 main office and 5 remote branches. client requires wireless in all offices. approx 600 access points with 100 in each location client requires all wireless access points to be registered at HO controller and a redundant controller to be at the branch. if the controllet @ HO goes down access point to be served by the controller local to the site.
Is this type of a design possible ? kindly do help me in suggesting the best for my clent.
Thanks !!!The 7500 has two 10 gig connections that can be used. So you will need a 10 gig module to connect that to. You don't need to use a tertiary wlc unless you have one available. Usually two is good enough. Again.. You need to decide if you want to go local or h-reap. You can go either way, but why put one wlc in HQ and the other at the remote site. If your concern is 100% redundancy, then put two out at each site. If you have more money to use, then add another WLC at HQ for your tertiary. Now I don't think you need more than a 5508-500 at HQ because the percentage of loosing all 6 sites WLC's is pretty slim. If you go h-reap, then put the WLC's at HQ. Get 3 5508-500 for redundancy unless you have the WiSM2. If you have 10gig, then two 7500's will do. You have many options.
Thanks,
Scott Fella
Sent from my iPhone -
In a Carrier Ethernet domain,Could someone please help me understand what's the basic difference between Access Switch and Aggregation Switch both in terms of s/w and h/w functionalities. MEF deals OAM,CFM, EVC provisioning only at the access edge switches. Do we need to repeat all these at the aggregation level? or is it just used for routing purpose? Do we have a separate Fault Management at the aggregation level?
Duplicate posts. :P
Go here: https://supportforums.cisco.com/discussion/12137156/what-are-major-differences-between-access-switch-and-aggregation-switch-wrt
Maybe you are looking for
-
Store Issues with Application Connection
Trying to use the latest itunes to update applications on my Iphone 3. I am able to view items in the store and everything, but when i try to downlaod an application, or podcast, Itunes informs me that I cannot do this beause the connection has timed
-
Vid card issues I think??
Good day, I'm having some major issues with my card "I think" When playing MOH Pacific Assault, Battlefield Vietnam, and Doom3 my sys locks up and/or I get major video corruption. I have tried updating all of the drivers forward and backward and no l
-
Can I use an iPad as a chartplotter?
Background - I'm in the backwaters of intercoastal waterways of British Columbia, Canada and there's no wifi or cell phone towers anywhere around. The old fashion way before iPad was a usb gps connected to a pc laptop running a navigation program usi
-
Transport-Cockpit: No authorization for using the vehicle-resource
Hi everyone In my planning profile I determined a sprinter as vehicle resource. As soon as I start the Transport Cockpit the freight orders appear, indeed, but TM claims that there's no authorization for my sprinter. The sprinter does not appear in t
-
have several ringtones in my itune. while synchronising 2 errors appear.1. several objects could not be found,2. an iphone was found but could not be indentified. iph.4s was new reset, ios 6