| Author |
Message |
genki
Guest
|
 Posted:
Tue Dec 06, 2005 5:20 pm Post subject:
Layer 2 design question |
|
|
Hi,
I have a design question.
The network is as follows,
1 6509, CatOS sup1a. Gigabit trunks (ISL) to approx 7 different
departments, each has approx 4 switches, either 3548's or 3550's. This
is growing. Some are in stacks. Most have
2 gigabit trunks to the 6509, with one being for redundancy.
Here's the problem. I have inherited this network. All the switches are
in VTP server mode.
All the ports are in VLAN1 and they just default gateway VLAN1 out to
the router.
How do I proceed with this ?
I think I should be creating separate VLANS for each cluster of
switches (essentially per
department VLANS) on the 6509 this would decrease the broadcast domain
size and spanning tree table sizes, it seems to be what Cisco
recommends. What would this buy me ?
Can I do this migration to another VLAN without downtime ?
I think Cisco recommends that I take user traffic off VLAN1 and leave
it for control traffic, CDP,
STP, VTP etc.
Also do I either turn the 6509 into vtp server mode and all the
switches into client, or everthing into transparent mode ? If I take a
switch from client or server to transparent will it's VLANS
get withdrawn ?
In addition I am seeing STP: port up. STP port down etc, messages on
the switches. I thought that once STP had converged I should not be
seeing this unless something
changes. Nobody it's taking ports up/down except me. Is there an STP
problem or is this normal ?
Any other suggestions would be appreciated. I just want to get this
network back on it's
feet again.
Thanks Genki |
|
| Back to top |
|
 |
Guest
|
| Posted:
Tue Dec 06, 2005 5:20 pm Post subject:
Re: Layer 2 design question |
|
|
You want to read:-
"Campus Network Multilayer Architecture and Design Guidelines"
from
http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns432/networking_solutions_package.html
[Thanks Kate0]
| Quote: | VTP?
Not really worth having. Basically lets |
you add VLANS to the network from any switch
console and they get propagated automatically.
Quickie advice is, "Transparent"
| Quote: | I think I should be creating separate VLANS
Pretty reasonabe, some people like 2 per pair |
of uplinks which allows you to use both uplinks
for traffic.
However - Have you a suitable central router? (MSFC)
| Quote: | STP: port up. STP port down etc, messages
If you enable portfast on the links that connect to |
end stations (PCs, printers, servers) then these
may go away.
You have asked a big question, sorry for the small answer. |
|
| Back to top |
|
|
genki
Guest
|
| Posted:
Tue Dec 06, 2005 5:20 pm Post subject:
Re: Layer 2 design question |
|
|
Hey thanks for the link, that's a very interesting docuyment.
I will try enabling portfast to see if it helps.
We have 3620's at the middle connecting two sites with a T1. That's
about it.
No MSFC's.
Thanks for you reply. Appreciate it. |
|
| Back to top |
|
|
DigitalVinyl
Guest
|
| Posted:
Wed Dec 07, 2005 7:13 am Post subject:
Re: Layer 2 design question |
|
|
"genki" <dtushingham@gmail.com> wrote:
| Quote: | Hey thanks for the link, that's a very interesting docuyment.
I will try enabling portfast to see if it helps.
We have 3620's at the middle connecting two sites with a T1. That's
about it.
No MSFC's.
Thanks for you reply. Appreciate it.
You can't subnet/vlan off the seprate building/switch stacsks without |
a central router to get them all to work together.
It sounds like you use one network, no routing, except to cross the
T1's on the way out. Breaking off VLANs(IP subnets) has a lot of
subtle impacts. If you do not run a Windows domain with a ADS/WINS
server, browsing teh network for other PCs will be affected. WINS/ADS
is what enables Windows PCs to browse fro PCs/Servers/Printers beyond
your broadcast domain. You may also have some software/systems that
assume a flat network. They may rely upon broadacast to get to things.
It affects Norton Ghost for instance--if you use it across the network
for image backup/deployment.
However you defintiely need to portfast/bpduguard every port that is
not a run to another switch. That will end those STP messages. Also
you need to set the Spantree priority of the main 6509 to a low
number(1,10,4096). The starting default is around 32767. This creates
a center for the spanning tree algorithm. All the paths are calculated
optimizing the shortest path to the center. If this isn't done then
typically the switch with the lowest mac address becaomes the
center--which can cause a sub-optimal configuratoin and make for a lot
of subtle problems.
DiGiTAL_ViNYL (no email) |
|
| Back to top |
|
|
genki
Guest
|
| Posted:
Thu Dec 08, 2005 5:20 pm Post subject:
Re: Layer 2 design question |
|
|
Hey thanks, very good information there. I just had a 15 minute outage
caused by VTP withdrawing one of the
main VLANs in the network. I've asked for permission to turn VTP mode
to transparent on every switch in the
network (they do not have more than 4 vlans and rarely create/delete
vlans)
Will be doing that tonight, along with installing a NAMM module into
the central 6509.
Thanks for the info.
Genki |
|
| Back to top |
|
|
Hansang Bae
Guest
|
| Posted:
Fri Dec 09, 2005 9:21 am Post subject:
Re: Layer 2 design question |
|
|
genki wrote:
| Quote: | Hey thanks, very good information there. I just had a 15 minute outage
caused by VTP withdrawing one of the
main VLANs in the network. I've asked for permission to turn VTP mode
to transparent on every switch in the
network (they do not have more than 4 vlans and rarely create/delete
vlans)
Will be doing that tonight, along with installing a NAMM module into
the central 6509.
|
I also found that for the most part NAM modules are a waste of money.
Completely underpowered.
--
hsb
"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not be able to
reply to emails sent to my account. Please post a followup instead.
******************************************************************** |
|
| Back to top |
|
|
genki
Guest
|
| Posted:
Fri Dec 09, 2005 11:28 pm Post subject:
Re: Layer 2 design question |
|
|
Well, I installed this Nam-1 module last night out of hours.
(The company that I'm consulting for had already made the purchase)
I had any time to configure it further than enabling the web server and
getting
it on the network.
One interesting thing that I noticed is this,
I setup a continuous ping to the 6509 prior to inserting the NAM-1
module.
When I inserted the NAM-1 module, I noticed a large latency increase
for about
4 pings, then back to normal.
It didn't DROP traffic but the latency would have screwed any voip
session etc.
Also the fact that it appears to be running Linux and Apache!
Genki |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in