Search this Blog

Saturday, April 30, 2011

Cisco switch 10Mb port and trunk question in 1900 series

Can the trunk will form between two 10 Mbs ports. I performed the lab in gns3 where i configured the port speed 10 Mbs and found out trunk indeed did form. But i remember performing a lab using old 1900 series switches which had only 10 Mbs port where i tried to form a trunk and could not form it. It is just my memory relapsing or switches with 10 Mbs ports can not form trunk.


Make sure that the C1900 can support multiple VLANs. You can try this.

SW1#sh int f0/13 status

Port Name Status Vlan Duplex Speed Type
Fa0/13 connected trunk a-full 10 10/100BaseTX

SW1#sh int f0/13 trun

Port Mode Encapsulation Status Native vlan
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/13 1-4094

Port Vlans allowed and active in management domain
Fa0/13 1-7,10,16,26,29,33,36,44,52,57,63,80,255,783

Port Vlans in spanning tree forwarding state and not pruned
Fa0/13 none

Real switch

SW1#sh ver | i WS
cisco WS-C3560-48TS (PowerPC405) processor (revision D0) with 118784K/12280K bytes of memory.
Model number : WS-C3560-48TS-E
* 1 52 WS-C3560-48TS 12.2(25)SEB4 C3560-IPSERVICES-M
SW1#

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, April 28, 2011

FWSM and IDSM-2 with Sup-720 BackPlane question

QSolved Question : If you add to ur existing 6509-E Sup 720 1 FWSM and IDSM-2,does these reduce the performance of the box? Isn't the Backplane of the 6509-E sup 720 is 720 GB? We would like to add these to our core to protect the server farm. What is the bandwidth of SVI interface? What is the backplane of FWSM and IDSM-2?

QSolved Answer : In Cat6500 we have two data path - one via switch fabric and other through the 32-Gbps shared bus.

Of course, fabric-enabled modules use switch fabric path, while non-fabric modules use 32G shared bus.

I believe you have CEF256 based FWSM.
If so, it can have bandwidth of upto 6 Gbps (and switching-mode should be truncated in presence of other fabric-enabled modules)

Please click here for more details for the Firewall Service Module Config Guide - specifications

Sup720 switch fabric can support upto 18 20Gbps full-duplex (18 x 20gbps x 2 = 720 Gbps) channels.

As long as you have <6Gbps traffic to FWSM, it should not be a problem.

In this switch, Module 9 is a FWSM.
6509A#show fabric utilization
slot channel speed Ingress % Egress %
9 0 8G 2 0

Even though it has 8G fabric connection, it can have maximum of 6x 1Gbps port in the channel.

6509A#show etherchannel summary
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
280 Po280(SU) - Gi9/1(P) Gi9/2(P) Gi9/3(P) Gi9/4(P)
Gi9/5(P) Gi9/6(P)


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, April 27, 2011

HSRP, Fiber Links, and Uptime question


QSolved Question : All the satellite offices have to route everything to Cleveland via fiber then the traffic passes across the DS3 to New York. The other part of the question is, will HSRP work if the Cleveland location is physically destroyed and the DS3 is completely non-functional, and the fiber is completely non-functional at Cleveland. Will Columbus' router with HSRP route traffic to New York via fiber? If not, is it possible to make it so it does?

QSolved Answer : Short answer is no. HSRP functions with routers on the same lan segment (or vlan) not over distance like you suggest. From the diagram, Columbus is nothing more than another sattelite.

Assuming a failure at CLE and the DS-3, As long as NY has a route (logical and physical) to the sattelites, traffic should flow.

So, your issue is more one of a routing policy. Prefer the DS-3 over the fiber link at the NY router.

Wednesday, April 13, 2011

Need help planning redundancy.

Qsolved Question: Here is our current design.

We have 2 routers to 2 different providers.Both routers goto Sw001. Sw001 is an enhanced ios switch with ospf and bgp. Below Sw001 are couple of 3560 PoE switches that has phones and pc's connected too them. These are not enhanced switches.

What we would like to do is place another (hot spare) Sw0011 with an enhanced ios. We plan to put this switch between Sw001 and the access switches.So, if Sw001 goes down, we can just simply move the cables from Sw001 to Sw011.

We also wanted to plug one of the providers to Sw011 (as well as Sw001). Additionally, we were planning on running a crossover between Sw001 and Sw011 so that we can access the hot spare via the MPLS provider and via Sw001 (crossover). What would be the optimal design to get the end results we are looking for?

redundandt.jpg

Qsolved Answer:

Are you doing the inter-vlan routing for the vlans on the 3560s on sw001 ?

If so you should not be having to swap cables around in case of failure if you buy a 2nd switch. What you do is -

1) connect sw001 to sw0011 with a L2 etherchannel trunk

2) run HSRP between the L3 vlan interfaces on sw001 and sw0011

3) connect the 3560 switches to both sw001 and sw0011.

4) If you have multiple vlans on the 3560 switches then you can load-balance your vlans by making sw001 STP root for odd numbered vlans and HSRP active for odd numbered vlans. sw0011 will be STP root for even numbered vlans and HSRP active for even vlans.

The above is a very common setup. If sw001 fails then it will automatically failover to sw0011 without you having to do anything. A variation on the above is to run GLBP on sw001 and sw0011 and have a L3 interconnect between sw001 and sw0011 but either way is better than what you have.

As for the routers, ideally you want to connect each router to both switches ie. sw001 and sw0011 because if sw001 fails then it takes down the router with it unless that router is also connected to sw011. But you may not have the spare router interfaces for that so if that is the case simply connect one router to sw001 and one to sw0011.

Actually, your servers should have connections to both switches with teaming, where one connection is active and one is in standby. If you can do this then everything should be automatic ie. no manual intervention at all

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, April 12, 2011

STP: when switch will not send BPDU?

Qsolved Question : We have STP enabled for all vlans on all ports. In what port role/state the switch will NOT send PBDU ?

In the ciscopress article we found sentence:

"By default, the spanning tree does not send BPDUs on root or alternative ports." On several other pages on some of them i found that port in BLK state send BPDUs, and on other that it will not send BPDUs.

What is true ? And is there any difference between forwarding BPDUs in STP and creating BPDUs in RSTP (regarding situations in which switch will not send BPDUs) ?

Qsolved Answers:

Switches will exchange initially BPDU to Elect the Root Switch. As long as the root switch is elected the Root will send BPDUs to the downstream switches and there will be no BPDU sent from Downstream switches to the Root unless there is TCN. This means that BPDUs will be not send from blocked port because the BPDUs are sent from the connected on the opposite side Designated Port. When the port in Role Root or Blocked no BPDUs should be send out of that interface only receive.In nexus was introduced feature Bridge Assurance and the feature is getting introduced in 6500 and other IOS switches. If that feature is enabled the ports are going to exchange BPDUs between each other as hello packets and that will break the Rule above but it will not affect the STP functionality.There is one more situation where BPDUs will be not send out of the interface. This is when PortFast is enabled on the interface.

Actually, portfast on a 2950/3560 is only telling the switch not to react to changes on the configured interface. For example, on a switch running the default ieee-compatible pvst , if you configure f0/5 with switchport mode access and spanning-tree portfast and run wireshark on the pc on that port, you will still see BPDUs. Portfast tells the switch not to send a TCN (topology change notification) BPDUS based on changes to the portfast-configured interface. If a BPDU is RECEIVED on a portfast interface, it loses it's portfast status and begins taking part in the normal spanning tree operations. The command to completely eliminate BPDUs being sent/received on an interface is the spanning-tree bpdufilter.Please click here for the configuration guide.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

what extent would spanning tree not be viable to use?

Qsolved Question: During a CBT Nugget video it mentions Spanning-Tree is really only effective to around 4-5 daisy chained switches. Wondering if this is the case and to what extent would spanning tree not be viable to use?

Qsolved Answer:

  • The STP is capable of handling any switched topology with a default maximum diameter of 18 or less switches (the limit of 18 is given by the fact that BPDUs are in fact stored only for max_age-message_age seconds where the message_age is a BPDU hop counter set to 0 on root bridge and incremented on each subsequent STP bridge). The statement that STP is effective only for 4-5 switches is, in my opinion, an overstatement. It protects any reasonable switched topology against bridging loops. An overly large switched domain would become problematic for another reasons, not just because of STP.

    Additional bit of knowledge - if memory serves, the default spanning-tree timers were based on some assumptions of a network with a diameter of seven switches. The diameter can (at least when I last looked) be changed, but rarely does there seem to be a need to - especially with RPVST being as quick as it is.

    As to your question about spanning-tree in general, it seems that the push now is to have routed interfaces between devices where possible. It used to be that switching was significantly faster than routing, and as gear improves that's not really the case anymore. I'm sure there are benchmarks somewhere that will show a slight difference in some uses but nothing to really be alarmed about. As you may have guessed or already seen, spanning-tree doesn't know your intentions and when you plug something into the network it can cause STP to reconverge, sometimes with less-than-desireable results - with routed interfaces, it's significantly easier to direct traffic flows. In fairness, there are still things than can go wrong in a primarily routed network, but in my experience they're generally easier to plan, predict, and manage.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */