Solved

Intra VLAN routing

Posted on 2006-11-24
14
1,283 Views
Last Modified: 2008-01-09
we have two sites we are trying to link together as one Ethernet LAN. The idea is to have one  VTP domain and share same vlan information between both sites connected via 2 100MB ethernet extension - 100MB Colt Link and 100MB BT link.  I would to Load balance between to two links using spanning tree so vlan 1-7 will go via the colt link and vlan 8 -12 via the BT link so i can use both links at the same time.  I need to stop as much broadcast over both links. DHCP server will be at site A for IP address assignment. My only concern here is spanning tree and how to set it up to prevent loops and also routing between sites.

Site A
2 4500 Switches as The Distribution switches
6 3550 as Access switches.

Site B
2 4500 Switches as The Distribution switches
6 3550 as Access switches.
0
Comment
Question by:backbonemd
  • 8
  • 6
14 Comments
 
LVL 5

Expert Comment

by:WGhen
ID: 18006942
Hi,
If you have spanning tree turned on, it will prevent loops.  That's what it does.  Using spanning tree on those links and making it one VTP domain implies that you will trunk accross the links between the 4500 switches with no routers in between, correct?  Are you running one link between a 4500 at site A and site B and the other link between the other two 4500, or are both links between the same two 4500?

Force the interface on the 4500 (still assuming that's where the link is) to be the spanning tree root at site A for vlans 1-7...
conf t
     spanning-tree vlan 1-7 root primary
     spanning-tree vlan 8-12 root secondary

And on the other Site A interface (same 4500? other 4500?)....
conf t
     spanning-tree vlan 8-12 root primary
     spanning-tree vlan 1-7 root secondary


You could also remove the vlans from the trunk, but this way, if one of your links goes down, there's nothing to prevent them all from going over one line.  After doing these things you'll want to check to make shure it's working by issuing the command (example shown below)...
 Show interfaces trunk
Tech-Serv-SW#sh interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi1/1       auto         n-802.1q         trunking      1
Gi1/2       auto         n-isl                trunking      1

Port      Vlans allowed on trunk
Gi1/1       1-4094
Gi1/2       1-4094

Port        Vlans allowed and active in management domain
Gi1/1       1-6,8-10,15-18,20,40,49-51,66,69,98-99,105,128,140,144,146,150,160,1
70,180,200,207,220,253-254,300,319-320,511-514,521,555,606,613,640-641,666-667,6
70,700,777-778,800,816,888,900,909,991-993,999-1000
Gi1/2       1-6,8-10,15-18,20,40,49-51,66,69,98-99,105,128,140,144,146,150,160,1
70,180,200,207,220,253-254,300,319-320,511-514,521,555,606,613,640-641,666-667,6
70,700,777-778,800,816,888,900,909,991-993,999-1000

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/1       511,521,1000
Gi1/2       1-6,8-10,15-18,20,40,49-51,66,69,98-99,105,128,140,144,146,150,160,1
70,180,200,207,220,253-254,300,319-320,512-514,521,555,606,613,640-641,666-667,6
70,700,777-778,800,816,888,900,909,991-993,999-1000


I Hope this helps,
WGhen


0
 
LVL 4

Author Comment

by:backbonemd
ID: 18006990
WGhen

I have two Links between sites A and B and i am running two links between a 4500 at site A and site B and the other link between the other two 4500. see below

                            Fiber Link
Site A         4500 - - - - - - - - - -  4500
                    -                             -
                    -                             -
VLAN 1-5   100MB Colt              100MB BT  vlan 6 -12 allowed
                    -                             -
                    -                             -
Site B         4500 ------------------  4500
                             Fiber Link

So make the 4500 switches using the colt link root bridge for vlan 1-5 and and make the switches using the BT link root bridge for vlan 6-12 so load balance the vlan accross both links.   does this may sense?
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007006
i dont have routers between the switches - 4500''s will be doing any L3. LINK TERMINATED DIRECTLY ON THE 4500 SWITC HES.
0
 
LVL 5

Expert Comment

by:WGhen
ID: 18007036
Yup,
Technically, it won't be "load ballanced" but you'll be running some traffic on each, but still allow all traffic to run on either link should one of the links fail.  So after telling the appropriate 4500 that it is the spanning tree root for the vlans that you wish it to carry you should be all set.  Use the show interfaces trunk to see if it is working.  I would recommend that you use the switches closest to the real core end of your network (site A?) as these root bridges.  There can be only one root bridge for each vlan, so don't do this at both end.  Spanning tree should block the other vlans that it sees comming from more than one way.  Try it and see if it works.  If not, we can tamper with priorities etc.

WGhen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007063
WGhen sorry to be a pain but  i Just need to clarify what switch will be the root and what switches will be the secondary at each sites. i know i can only have one root and one than one secondary. right ?


SO Force the interface on one of the 4500 at site A  (connected to 100mb colt ) to be the spanning tree root at site A for vlans 1-7...
conf t
     spanning-tree vlan 1-7 root primary
     spanning-tree vlan 8-12 root secondary

And on the other Site B interface (other 4500  connected to BT link)
conf t
     spanning-tree vlan 8-12 root primary
     spanning-tree vlan 1-7 root secondary



0
 
LVL 5

Expert Comment

by:WGhen
ID: 18007263
Where would you say the real core of your network is?  Site A?  If so then you go to the switch I've called 4500(A1)...
       conf t
        spanning-tree vlan 1-5 root prinary
        spanning-tree vlan 6-12 root secondary

Then on the switch I've called 4500(A2)...
       conf t
        spanning-tree vlan 6-12 root prinary
        spanning-tree vlan 1-5 root secondary
 



                            Fiber Link
Site A       4500(A1) - - - - - - - - - 4500(A2)
                    -                             -
                    -                             -
VLAN 1-5   100MB Colt              100MB BT  vlan 6 -12 allowed
                    -                             -
                    -                             -
Site B       4500(B1) -----------------4500(B2)
                             Fiber Link

That should do it.  If for some reason we have to coerce it a little more we can add some more incentive for it to do what you want but this should work.  


NOTE ***** You will want to enable root guard on the ports on the 4500's that trunk to each of the 3500's to avoid having one of the 3500's that might just by chance have a lower MAC address from electing itself as the root foreverything.  This is a danger and happens sometimes and will degrade network performance.  Root guard on the ports leading to the 3500's will prevent that from happening.

WGhen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007324
cool.  Finally is there a way to limit unnecessary broadcast over the links?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Author Comment

by:backbonemd
ID: 18007363
WGhen, one LAST Question HONESTLY MATE - by having the root and second root at site A how will STP work for the catalyst  3550 at site B connected to the 4500's at site B - Dont we need to have at  least a root at site B to prevent loop or will the catalyst 3550 at site B  use the Root at SITE A as well? hope i havent confused myself.

0
 
LVL 5

Accepted Solution

by:
WGhen earned 500 total points
ID: 18007488
>>> Dont we need to have at  least a root at site B to prevent loop...
NO !!!  You can only have ONE root per vlan per VTP domain.  Enable root guard on every port that connects to a 3500.  Since it's all one VTP domain STP will take care of the rest.
Yes, the Site B 3500s will use the root over a Site A.  But we are not talking about traffic routing here, we are talking about who is the master that watches for loops and things.  That in turn determins where a block gets thrown if one should be nexessary.  In your environment blocks will always be in effect on the vlans you want to force down one or the other of the pipes.  The root will never block access to itself so it will tell the 4500s at the Site B end to disallow 6-12 or 1-5.  


>>> is there a way to limit unnecessary broadcast over the links...
Well, not really.  VLANs logically segment the network into different broadcast domains so that packets are switched only between ports within the VLAN.  That means that you've designed a network (without routers in between) that will promote the delivery of broadcasts to all of its vlan which ever end of the link that may be.


0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007538
thank you very much for your input.  500 points is yours..............
0
 
LVL 5

Expert Comment

by:WGhen
ID: 18007577
Hi,
Thanks!
Still here for a while if you have more questions.

Cheers
WGhen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007834
WGhen both sites will have their own conenction to the internet. the idea is to have one VLAN HSRP group  IP  for site A and have another one for site B with different standby IP - I want each site to use their own internet connection. is this possible?
0
 
LVL 5

Expert Comment

by:WGhen
ID: 18046401
Hi,
Yes.
Sorry.  I somehow missed this extra question...
IP routes should be carefully put in so that each site sends all it's non internal unkown (meaning internet) traffic out it's own connection to the ISP
WGHen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18052296
thanks mate.  
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Eigrp Router 5 49
site to site tunnel not autostarting 5 36
Trunk port configuration for Wireless VLANs 11 57
svg file 10 41
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now