Solved

trunking SFP ports

Posted on 2006-10-30
17
939 Views
Last Modified: 2012-06-21
Hey All,

 I currently have a catalyst 3560g switch and I am about to purchase a catalyst 2960/g both switches have sfp ports. So I am going to also purchase the sfp modules. I was wondering if trunking these would be pretty much the same as trunking regular ethernet or is there a difference? Also one of the switches has four sfp ports would it be a good idea to use etherchannel for the extra bandwidth between the 2 switches? One more question what type of fiber cables should I purchase for example LC/LC, SC/SC, SC/LC, multimode, single mode, duplex single mode etc. Thanks in advance
0
Comment
Question by:wilsj
  • 6
  • 6
  • 5
17 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 17838680
Trunking configuration is the same as for any other type of port. Sure, use etherchannel to increase your bandwidth.

SFPs always use LC connectors. If the distance is under 2km, use multimode fiber and SX SFPs. It's a lot cheaper. If a long distance, use singlemode fiber and LX connectors.
0
 
LVL 1

Expert Comment

by:rrobbinstx
ID: 17839703
Are you running VTP? If so the trunk configuration is a bit different. Are the 2 switches local or are they interfacing with a patch panel or some other device. Etherchannel.. GE... GOLLY...What kind of traffic are you running between the two switches?
0
 
LVL 5

Author Comment

by:wilsj
ID: 17839855
I'm not running vtp at the moment. the switches are right next to each other so they are local. The reason I ask about the etherchannel is because we move move voice files(alot of voice files) than anything. I've only got 2 cisco switches though. I have convinced my company to buy only cisco products from now on. here is the setup. Vlan2 consists of 9 3com switches(unmanaged) plugged into ports 1-9 The next cisco switch I get will be configured with the sfp ports.


      Router
          |
      pix515
        |     \=Dmz        
  3560 Catalyst Switch
  |     |     |      |       |        |      
  V2   V3   V7   V9   V10  V11

VLAN2=192.168.1.0/24
VLAN3=192.168.3.0/24
VLAN7=192.168.7.0/24
VLAN9=192.168.9.0/24
VLAN10=192.168.10.0/24
VLAN11=192.168.11.0/24
0
 
LVL 1

Assisted Solution

by:rrobbinstx
rrobbinstx earned 250 total points
ID: 17839891
So it looks as though you have one 3560 with 6 vlans. You will want to configure VTP so that VLAN changes are propogated to both switches. of course configure one as the VTP server and one as the client in the same VTV domain. In order to propogate the VLANs out you will neet to trunk the ports and use either isl or dot1q encapsulation. Cisco now reccommends dot1q. eg.

interface gigabitethernet 0/1
 no ip address
 switchport mode trunk
 switchport encapsulation dot1q

You will want to do this so as your network grows you can manage your vlans more effeciently. Do you have the router configured to do intra vlan routing?

I would also agree with mike that you will want to use multimode SX as the cost is lower. You would want duplex as you need a transmit and receive.

Does that answer your question at all?  
0
 
LVL 5

Author Comment

by:wilsj
ID: 17842395
This is pretty exciting to me I just passed my CCNA yesterday and now I get to do some actual cisco stuff!

I do have ip routing enabled on the switch. I will configure the switch I have now as the server andthe new one as a client. dot1q will forward native vlan traffic right?
Thanks for the advice guys.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 17843538
I have to tell you, Cisco strongly recommends these days that VTP NOT be used. Well, technically you have to use it, but it should be set to transparent on both switches. The reason is that people tend to make mistakes, and those mistakes- like deleting a vlan- propagate to both switches. It's not hard to set up vlans:

config t
vlan 2
vlan 3

Duh :-)
0
 
LVL 5

Author Comment

by:wilsj
ID: 17843908
I have a lot of traffic on vlan 1. Will the dot1q route this traffic? I think it will if I remember correctly.
0
 
LVL 1

Expert Comment

by:rrobbinstx
ID: 17844099
The trunkport encapsulation only allows the vlan.dat to propogate out. As far as not using VTP, if you have a netowrk as large as ours (150+ vlans, 80 routers and 70+switches) you would want to use VTP as manual administration is a nighmare. As far as acidentally deleting a vlan... If you do things like that you may want to not work on the network anymore. And none of our Cisco SE's would ever NOT recommend using VTp but they d recommend using dot1q as opposed to isl encapsulation as it is an IEEE standard not ICCC. (ICCC is my cisco standard joke. Well, its funny to me)
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 5

Author Comment

by:wilsj
ID: 17844141
lol that is pretty funny. When I do the VTP and dot1q will I have any problems routing the vlan1(native VLAN) traffic?
0
 
LVL 1

Expert Comment

by:rrobbinstx
ID: 17844170
The traffic itself will route according to your route statements. You must have a router to route intra-vlan traffic. If connecting the new swith to the router you should configure the router interfaces with subinterfaces for each vlan. IF switch to switch use a crossover and trunk between the two. No you should not have any problem routing the vlan 1 traffic although we use vlan 1 only for our management and specify additional vlans for the other swervice groups.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 17844208
I used to work at a large financial institution with thousands of switches and routers and we avoided it like the plague. On the other hand, we also didn't spread vlans all over the place.

If you are running the same vlans all over your organization then yes, VTP makes sense (if you're careful). But we try to keep a Layer 3 separation between different sites. At the bank we even kept vlans separated by floors in a building. The reason is that spanning tree is something that it's good to avoid when possible. And we didn't mind the manual administration because we wanted the control over how our network worked.

As far as vlan 1-- by default, vlan 1 is the native vlan for dot1q encapsulation. This means that it does not have a vlan tag, which makes it less secure. It is also used for some VTP functions if you're using VTP. Cisco recommends that you not put user data on vlan 1 because of this, and also because it is the default vlan- more chance of problems. I would suggest if you can, to move those users to something else and leave vlan 1 for the automated functions.
0
 
LVL 1

Expert Comment

by:rrobbinstx
ID: 17844241
Mike is correct, many configurations depend on your particular design, for us, VTP is great because we do need the same vlans on all our devices. Not sure where spanning tree got thrown in but im willing to bet he meant vtp.
0
 
LVL 5

Author Comment

by:wilsj
ID: 17844326
I don't need the router to route my vlan traffic the 3560 will do that for me. To move the traffic off of VLAN 1, can I just move the IP Address to VLAN2 and move all the ports from vlan1 to vlan2? And have the connection from the pix firewall point to vlan 2 as the next hop address instead of vlan1. Here is the config on the switch and the pix.

spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 description Connection to Pix
 switchport mode access
 duplex full
 speed 100
!
interface GigabitEthernet0/2
 switchport mode access
!
interface GigabitEthernet0/3
 switchport mode access
!
interface GigabitEthernet0/4
 switchport mode access
!
interface GigabitEthernet0/5
 switchport mode access
!
interface GigabitEthernet0/6
 switchport mode access
!
interface GigabitEthernet0/7
 switchport mode access
!
interface GigabitEthernet0/8
 switchport mode access
 duplex full
 speed 100
!
interface GigabitEthernet0/9
 switchport mode access
!
interface GigabitEthernet0/10
 switchport access vlan 11
 switchport mode access
!
interface GigabitEthernet0/11
 switchport access vlan 9
 switchport mode access
!
interface GigabitEthernet0/12
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/13
 switchport access vlan 9
 switchport mode access
!
interface GigabitEthernet0/14
 switchport access vlan 9
 switchport mode access
!
interface GigabitEthernet0/15
 switchport access vlan 9
 switchport mode access
!
interface GigabitEthernet0/16
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/17
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/18
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/19
 switchport access vlan 7
 switchport mode access
!
interface GigabitEthernet0/20
 switchport access vlan 9
 switchport mode access
!
interface GigabitEthernet0/21
 switchport access vlan 7
 switchport mode access
!
interface GigabitEthernet0/22
 switchport access vlan 7
 switchport mode access
!
interface GigabitEthernet0/23
 switchport access vlan 9
 switchport mode access
!
interface GigabitEthernet0/24
 switchport access vlan 7
 switchport mode access
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 no ip address
!
interface Vlan3
 ip address 192.168.3.1 255.255.255.0
!
interface Vlan5
 no ip address
!
interface Vlan7
 ip address 192.168.7.254 255.255.255.0
!
interface Vlan9
 ip address 192.168.9.1 255.255.255.0
!
interface Vlan10
 ip address 192.168.10.1 255.255.255.0
!
interface Vlan11
 ip address 192.168.11.1 255.255.255.0
!
interface Vlan100
 no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip http server
!
no cdp run
!
control-plane

Here is the pix route to the switch


inside 192.168.1.0 255.255.255.0 192.168.1.2 1 CONNECT static
        inside 192.168.3.0 255.255.255.0 192.168.1.1 1 OTHER static
        inside 192.168.7.0 255.255.255.0 192.168.1.1 1 OTHER static
        inside 192.168.9.0 255.255.255.0 192.168.1.1 1 OTHER static
        inside 192.168.10.0 255.255.255.0 192.168.1.1 1 OTHER static
        inside 192.168.11.0 255.255.255.0 192.168.1.1 1 OTHER static
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 250 total points
ID: 17844348
Nah, I meant spanning tree. If you have multiple paths between your various switches, you have a spanning tree that includes multiple loops that spanning tree must block. You will have a heck of a time troubleshooting if you have spanning tree instability because it's hard to figure out how it SHOULD be working. Good design at Layer 2 starts with limiting the number of possible loops, and also configuring your spanning tree root so that the end result is predictable.

Here's the reason for the last statement. By default, the spanning tree rot is determined by the LOWEST MAC address. Guess which switch that usually is... it's the oldest switch you have- maybe. the truth is, you can't be sure without poking around. And so when you're troubleshooting and ports are being blocked by spanning tree, how do you know which ones should be blocked normally and which indicate something is wrong?

In the drawing above those 3Coms are single-homed so spanning tree won't be a problem, but if you ever decide to dual-home them or do some failover connectivity, you should consider spanning tree and design it to be as predictable as your IP addressing.
0
 
LVL 1

Expert Comment

by:rrobbinstx
ID: 17844378
Oh I see where you were going with that. I wasnt aware that he was doing reduntant links. Guess I missed that one.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 17844416
He isn't, but he might...

as far as the routing, it looks like you just have 2 physical connections from the PIX to the switch? so just make sure the switch ports connect to the correct vlan for the subnet the PIX interface is in.
0
 
LVL 5

Author Comment

by:wilsj
ID: 17844990
Ok thanks a lot guys.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now