Networking Best Practices - Connecting Two Switches

Similar Messages

• 10Gb Networking best practices

  I'm looking for good guidance on Hyper-V 2012 R2 network configuration best practices for a converged server. Meaning, dual 10Gb NICs and using SMB 3.0 file shares for storage. The servers also have two 1Gb NICs. I'm very familiar with VMware, but ramping
  up on HV networking best practices.
  Blog: www.derekseaman.com, VMware vExpert 2012/2013

  Derek,
  I tried to draw my prefered setup for this network configuration.
  I would create a Team with the two 1 GBit NICs and use it for Domain, DNS, Backup and any SystemCenter Agents.
  I would also Team the two 10 GBit NICs and than assign it to a Hyper-V Switch for the VMs. In Windows Server 2012 it is posible to create vNICs for the Management OS that use this Hyper-V Switch (Converged Network Design). I would create two vNICs SMB1
  and SMB2 to use them for Cluster and Livemigration traffic with SMB Multichannel. If your storage system supports SMB Multichannel you can also use both as storage NICs (but this depends wich vendor you have).
  Hope this helps.
  Grüße/Regards Carsten Rachfahl | MVP Virtual Machine | MCT | MCITP | MCSA | CCA | Husband and Papa |
  www.hyper-v-server.de | First German Gold Virtualisation Kompetenz Partner ---- If my answer is helpful please mark it as answer or press the green arrow.

• Networking "best practice" for setting up a farm

  Hi all.
  We would like to set an OracleVM farm, and I have a question about "best practice" for
  configuring the network. Some background:
  - The hardware I have is comprised of machines with 4 gig-eth NICs each.
  - The storage will be coming primarily from a backend NAS appliance (Netapp, FWIW).
  - We have already allocated a separate VLAN for management.
  - We would like to have HA capable VMs using OCFS2 (on top of NFS.)
  I'm trying to decide between 2 possible configurations. The first would keep physical separation
  between the mgt/storage networks and the DomU networks. The second would just trunk
  everything together across all 4 NICs, something like:
  Config 1:
  - eth0 - management/cluster-interconnect
  - eth1 - storage
  - eth2/eth3 => bond0 - 8021q trunked, bonded interfaces for DomUs
  Config 2:
  - eth0/1/2/3 => bond0
  Do people have experience or recommendation about the best configuration?
  I'm attracted to the first option (perhaps naively) because CI/storage would benefit
  from dedicated bandwidth and this configuration might also be more secure.
  Regards,
  Robert.

  user1070509 wrote:
  Option #4 (802.3ad) looks promising, but I don't know if this can be made to work across
  separate switches.It can, if your switches support cross-switch trunking. Essentially, 802.3ad (also known as LACP or EtherChannel on Cisco devices) requires your switch to be properly configured to allow trunking across the interfaces used for the bond. I know that the high-end Cisco and Juniper switches do support LACP across multiple switches. In the Cisco world, this is called MEC (Multichassis EtherChannel).
  If you're using low-end commodity-grade gear, you'll probably need to use active/passive bonds if you want to span switches. Alternatively, you could use one of the balance algorithms for some bandwitch increase. You'd have to run your own testing to determine which algorithm is best suited for your workload.
  The Linux Foundation's Net:Bonding article has some great information on bonding in general, particularly on the various bonding methods for high availability:
  http://www.linuxfoundation.org/en/Net:Bonding

• Best Practices for multi-switch MDS 9124 Impelementations

  Hi,
  I was wondering if anyone had any links to best-practices guides, or any experience, building mutli-swtich fabrics with the Cisco MDS 9124 or similar (small) switches? I've read most of the FibreChannel books out there and they all seem pretty heavy on theory and FibreChannel protocol operations but lack when it comes to real-world deployment scenarios. Something akin to the Case Studies sections a lot of the CCIE literature has, but anything would be appreciated.
  Regards,
  Meredith Shaebanyan

  Hi Meridith
  www.Whitepapers.zdnet.com has links to good reading. It has links to items like:
  http://www.vmware.com/pdf/esx_san_cfg_technote.pdf is probably a typical SAN environment these days. It's basic and just put your 9124's in where the switches are.
  http://www.sun.com/bigadmin/features/hub_articles/san_fundamentals.pdf is for bigger SANs such as DR, etc.
  Things to consider with 9124's are:
  They can break so keep a good current backup on a tftp/ftp/scp server.
  Consider that if you have all the ports used, the two 8 port licences are not going to work on a replacement switch as they are bound to your hostid. The vendor that sold the switch should be able to get replacements quickly but you will lose time with them.
  Know exactly what the snmpserver command does as if you have your 9124 replaced and you load your backup config and you use Fabric Manager, it won't be able to manage the 9124 unless you change the admin password with snmpserver.
  9124/9134's don't have enough Buffer Credits to expand beyond about 10 km.
  Any ISL's used between switches should always be at least two and use Port Channels where possible.
  The 9124 or 9124e or 9134 are great value based switches. I keep a spare for training and emergencies. We use them in a core/edge solution and I am very satisfied with them. I have only had one failure with Cisco switches in the last 5 years and it was a 9140 that sat around for far too long doing nothing. The spare meant we were up and running in 30 minutes from the time we noticed the failure and got to the data centre. As there were two paths, no one actually noticed anything. My management system alerted me.
  Remember to make absolutely sure that any servers attached to the SAN have multipathing software. The storage array vendors (HDS, EMC, etc) can sell you the software such as HDLM or Powerpath. You can use an independent solution such as Veritas DMP. Just don't forget to use it.
  Follow the guidelines in the two documents and get some training as the MDS training is very good indeed. 5 days training and you will be confident about what to do in any sized SAN including Brocade and McData.
  A small SAN is just as satisfying as a large one. If in doubt, get a consultant to tell you what to do.
  Is that what you was after? I hope it was not too simple.
  Stephen

• Can I connect two switches to a server?

  We share an office with another company but we currently have separate servers and networks.
  I'm looking into the possibility of us sharing their server.
  The thing is we both have our own switches and and I want to avoid any rewiring of the network. Will I be able to use two switches?
  It's a 2x 2.8 GHz quad core intel xeon (with dual ethernet). So is it just a matter of connecting both switches to the server and configuring them in some way?

  Hi Christiaan,
  I end up doing this quite often. You have a few options, the simplest is below...
  How many users and devices that require network connections does each company have? If it's under 254 which it sounds like it is and your happy to have the users on the same network, sharing the same ISP. Then the easiest option is going to be your company sharing their network. You'd save a bit of money on your internet connection which could be used to increase the bandwidth on the other companies line if needed.
  You would do following. Make sure all devices that need a fixed IP address such as printers/mfds'/switches/WiFI/phone system (if applicable) are changed to a fixed IP address with the relevant subnet mask, dns and gateway from the other companies network. You'd obviously need to get the relevant numbers from their IT guy.
  Then you could use your switch as extra capacity on their network by linking it with their switch. Obviously you'd want to use the fastest possible connection between the switches or look to buying something new with more ports. If you both have something like the HP 1810G ProCurve or a compatible switch you can buy two fibre transceivers and connect them with a fibre cable, this will free up more ports for users on the switch or simply connect them via an ethernet cable. On the 1800 series you can use LACP which allows you to use up to 4 ethernet ports to improve the bandwidth thus giving you a 4gigabit connection to their network. Depending on how much traffic there is going to be you might want to skip that as there might be no need.
  Then it's just a case of creating your users on their server and creating an area for your company that only you have the access rights to and creating a shared area inter-company area if you want to easily ping them over files.
  What do you both use for email? Are you going to look to share a server for it?
  Hope that helps
  Beatle

• Cisco 2950 MT-RJ ports - Connect two switches?

  Hi Everyone,
  I'm wondering if I can connect two cisco 2950s together via the two MT-RJ ports they have?
  Basically, I'd like the fibre ports to be the trunk between the two switches if possible
  I have two of these: 
  Thanks!

  Hi,
  Yes, that is possible. As long as your fiber patch cable is good there should be no issues.
  HTH

• UI Design - Best Practice when Two UIs Trigger Same Event

  I have an application that allows users to take actions using several methods - right-click context menu selection, menu bar selected, key strokes, etc. I was wondering if anyone had any suggestions as to teh best practices for handling this in Cairngorm...
  Is it best to dispatch the same Cairngorm event in several places? I know this is one of the major reasons to use MVC, but, I hate to create duplicate code - maintenance is pain.
  Would is be considered good practice to have the container that serves as a parent for the context menu, menu bar, etc. to listen for events from these components, and then dispatch the Cairngorm Event?
  Thanks.

  Would it be considered good practice to have the container that serves as a parent for the context menu, menu bar, etc. to listen for events from these components, and then dispatch the Cairngorm Event?
  Yes, this is described by Steven Webster in his series of articles on Cairngorm.
  Dispatching the same Cairngorm event from different locations is a perfectly regular practice. This is even an advantage. The same code (the command, the delegate) can be triggered from different places.

• Best practice for two differing encryption types

  I'm using a Aironet 1232g and I want to use WPA2-PSK. I have the XP clients connected appropriately (via WPA2-AES CCMP), however I also have a Ricoh Digital Sender (copier) that only supports WEP. What is the best security practice in this scenario? Can I enable two SSID's one with WPA2-PSK and the other with WEP? If so, do I need to establish a VLAN on the AP? Any help is appreciated.

  Hi Scott,
  your thougts are right.
  You have to establish 2 seperate VLANs on the AP. In the "encryption Manager" you setup the VLAN to encryption type association.
  Then you need to define the VLANs to SSIDs in the "SSID Manager".
  If you have a WDS running setup the "Server groups" in the WDS Section of "Wireless Services"
  Do not forget to change the switchport (where the AP is connected to) to trunking mode.
  I hope that helps.
  Best regards,
  Frank
  P.S. Please rate helpful posts.

• Best practice for unmanaged switch to cisco switch

   In our environment, I have to allow some users to have a unmanaged switch which is connected to access port. 
   I put this configuration for each port which is connected to unmanaged switch (Netgear 8 port)
   interface GigabitEthernet1/0/47
   switchport port-security maximum 3
   spanning-tree guard root
  end
   port-security maximum 3: only allow 3 mac
   spanning-tree guard root: just in case to protect root bridge if someone put managed switch with lower bridge ID. 
   I connected one cable from unmanaged switch to another port to make a loop for test. 
   It showed that switch got "Loop-back detected" and put err-disable port automatically. So I don' t need to worry about this.
  Apr  7 18:33:01.370: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/47.
  Apr  7 18:33:01.370: %PM-4-ERR_DISABLE: loopback error detected on Gi1/0/47, putting Gi1/0/47 in err-disable state
  Apr  7 18:33:02.373: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down
  Apr  7 18:33:03.379: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
  LAB_HQ_Fiber(config-if)#
   What are the option do you use usually to protect from unmanaged switch? 
   I am not able to use "spanning-tree bpduguard" because it will block a port 
   I can use "spanning-tree bpdufilter" to protect a STP area, but I don't think this is a big matter. 

  Hello
  If you need to attached these kind of switches/hubs - Make sure you shutdown all unused ports on the managed switch so to limit any further unauthorized attachments looping back into the network from the unmanageable device, This way you can managed these unmanageable devices to a certain extent.
  As for the stp root, you should manually set your stp priority on the managed switch to a low level anyway so as to not allow any other new device negotiate its self to become the root, and for the ports you are aware of that will have these devices attached, i would disable portfast and also advise against using bpdufilter as this negates the stp process.
  Int range fa0/x -xxx
  description unmanaged devices
  no cdp enable
  On all managed switches and on all ports you DONT expect to have unmanaged hubs/switches I would suggest to apply
  spanning-tree loopguard default
  udld enable
  udld aggressive
  int range fa0/x -xxx
  description access ports
  switchport port-security
  switchport port-security aging type inactivity
  switchport port-security violation restrict/shutdown
  switchport port-security maximum 2
  spanning-tree portfast
  spanning-tree bpduguard enable
  spanning-tree guard root
  no cdp enable
  One last thing I also wouldn't enable error recover either, as you would want to know the reason why your ports are erroring and not go chasing your tail as the reason why your having intermittent network issues.
  res
  Paul

• Home Networking Best Practice for Performance

  Hi there first time poster.  I have 3 wireless routers at home (Linksys WRT54G's) .  I have WEP password setup for security and everything works great.  My only question is, is there anything I can look for in the settings that may boost intranet and internet.  Just trying to make sure I have the settings set to get the best performance.  2 of the routers have a linksys firmware on it the other has something called talisman.  These were given to me.
  I know that one thing I can do is change the antennae on them to boost the wireless signal but I'm not sure if that improves the performance.  I assume that would come from settings.  Thanks in advance.

  So you need to improve the wireless signal on your computers. Here are some settings which you do it on your router, i think this might improve the wireless signal strength on your computers.
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1
  Leave username blank & in password use admin in lower case...
  For Wireless Settings, please do the following : -
  Click on the Wireless tab
  -Here select manual configuration...Wireless Network mode should be mixed...
  -Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
  - Set the Wireless channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
  Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
  For Wireless Security : -
  Click on the Sub tab under Wireless > Wireless Security...
  Change the Wireless security mode to WEP, Encryption should be 64 bits.Leave the passphrase blank, don't type in anything...
  Under WEP Key 1 type in any 10 numbers please(numbers only and no letters eg: your 10 digit phone number) and click on save settings...
  Please make a note of WEP Key 1 as this is the Security Key for the Wireless Network...
  Click on Advanced Wireless Settings
  Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
  Now see if you can locate your Wireless Network and attempt to connect... And check the signal strength on your computers.

• WLC5508 connected two switches

  Dear All,
  I have a WLC 5508 and a brief connected like below.
  Internet->Router->2960G A-> (Port0)  WLC5508 (Port1) -> 2960G B-> Access Points <-> wireless clients
  My Question : Is the above topology work? The access points register to the controller via 2960B, and the data traffic ffrom wireless clients go through from 2960G B to WLC port 1, and WLC pass it to port 0 itself and then go to internet?
  Thanks.
  Mic

  As long as you don't have LAG enabled that will work. You do need to specify a dynamic interface in which the Internet traffic will egress. Your management will be primary port 1 and the your dynamic interface will be primary port 2. Of course port 1 and port 2 would have to be on a different subnet.
  If you have both on the same subnet, that will not work. You would trunk the ports and only allow the vlans for that port. Port 1 connected to the switch would only allow the vlan for the management. Port 2 connected on the switch will only allow the vlan for that dynamic interface.
  Sent from Cisco Technical Support iPhone App

• Best Practice connecting VmWare ESX with a Channel

  Hello
  which methode (fix,pagp or lacp) should I use with an ESX server and what other interesting point should I care about it?
  The customer would like to connect the ESX Server to a WS-4006 Chassis with WS-X4013 supervisor.
  many thanks for any input
  Oliver

  Few server MFG's support PAGP, so you'll probably end up using LACP, which is fine (that's what we use). It's a straight forward setup.
  interface Port-channel11
  description ESX_Server 2
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 402,403,541-544
  switchport mode trunk
  switchport nonegotiate
  no ip address
  end
  HTH and please rate.

• Best Practice for Networking in UCS required

  Hi
  We are planning to deploy UCS n our environment. The Fabric Interconnects A and B will need to connect to pair of Catalyst 4900 M switch. Whats is the best practice to connect? How should the 4900 switch be configured? Can I do port channel in UCS?
  Appreciate your help.
  Regards
  Kumar

  I highly recommend you review Brad Hedlund's videos regarding UCS networking here:
  http://bradhedlund.com/2010/06/22/cisco-ucs-networking-best-practices/
  You may want to focus on Part 10 in particular, as this talks about running UCS in end-host mode without vPC or VSS.
  Regards,
  Matt

• Network Services Best Practices

  Hello
  I've been using the Network Services Best Practices document  (27 Sep 2006) for some years now and I wonder if there has been actually an update to it. If not would you guys have any new Network Best Practices document you would suggest? Something that talks about Virutalization, etc.... would be great

  Hi Scott,
  Thank you for posting your issue in the forum.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Best Regards,
  Justin Gu

• Enable port security between Two switches

  Hi Everyone,
  I connected two switches together  via below config
  Switch A
  int gi0/1
  switch mode access
  switchport access vlan 10
  Switch B
  int gi0/1
  switch mode access
  switchport access vlan 10
  They work fine with above config.
  I did the Test below
  However when i changed Config of Switch B  as below
  int gi0/1
  switch mode access
  switchport access vlan 10
  switchport port-security  
  Switch B is unable to ping its default gateway.
  Also Switch B is not reachable via SSH.
  Port is up up and in STP forwarding state.
  Switch B can see Switch A as a neighbour.
  Also Switch B is not reachable via SSH.
  I know that switchport port-security we use only when connecting to PC.
  S does this mean that  on above scenario layer 1 and layer 2 are up but layers beyond 3 and above are not reachable like ping,ssh etc??
  Regards
  MAhesh

  I was just trying to see how the switches behave with this config.Nothing much just  exploring the options in the network world
  Ideally if you want to connect two switches together in Layer 2, Dot1Q trunking is the way to go.  You do not want to put port security because it is useless.