Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Intra VLAN routing

Posted on 2006-11-24
14
Medium Priority
?
1,310 Views
Last Modified: 2008-01-09
we have two sites we are trying to link together as one Ethernet LAN. The idea is to have one  VTP domain and share same vlan information between both sites connected via 2 100MB ethernet extension - 100MB Colt Link and 100MB BT link.  I would to Load balance between to two links using spanning tree so vlan 1-7 will go via the colt link and vlan 8 -12 via the BT link so i can use both links at the same time.  I need to stop as much broadcast over both links. DHCP server will be at site A for IP address assignment. My only concern here is spanning tree and how to set it up to prevent loops and also routing between sites.

Site A
2 4500 Switches as The Distribution switches
6 3550 as Access switches.

Site B
2 4500 Switches as The Distribution switches
6 3550 as Access switches.
0
Comment
Question by:backbonemd
  • 8
  • 6
14 Comments
 
LVL 5

Expert Comment

by:WGhen
ID: 18006942
Hi,
If you have spanning tree turned on, it will prevent loops.  That's what it does.  Using spanning tree on those links and making it one VTP domain implies that you will trunk accross the links between the 4500 switches with no routers in between, correct?  Are you running one link between a 4500 at site A and site B and the other link between the other two 4500, or are both links between the same two 4500?

Force the interface on the 4500 (still assuming that's where the link is) to be the spanning tree root at site A for vlans 1-7...
conf t
     spanning-tree vlan 1-7 root primary
     spanning-tree vlan 8-12 root secondary

And on the other Site A interface (same 4500? other 4500?)....
conf t
     spanning-tree vlan 8-12 root primary
     spanning-tree vlan 1-7 root secondary


You could also remove the vlans from the trunk, but this way, if one of your links goes down, there's nothing to prevent them all from going over one line.  After doing these things you'll want to check to make shure it's working by issuing the command (example shown below)...
 Show interfaces trunk
Tech-Serv-SW#sh interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi1/1       auto         n-802.1q         trunking      1
Gi1/2       auto         n-isl                trunking      1

Port      Vlans allowed on trunk
Gi1/1       1-4094
Gi1/2       1-4094

Port        Vlans allowed and active in management domain
Gi1/1       1-6,8-10,15-18,20,40,49-51,66,69,98-99,105,128,140,144,146,150,160,1
70,180,200,207,220,253-254,300,319-320,511-514,521,555,606,613,640-641,666-667,6
70,700,777-778,800,816,888,900,909,991-993,999-1000
Gi1/2       1-6,8-10,15-18,20,40,49-51,66,69,98-99,105,128,140,144,146,150,160,1
70,180,200,207,220,253-254,300,319-320,511-514,521,555,606,613,640-641,666-667,6
70,700,777-778,800,816,888,900,909,991-993,999-1000

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/1       511,521,1000
Gi1/2       1-6,8-10,15-18,20,40,49-51,66,69,98-99,105,128,140,144,146,150,160,1
70,180,200,207,220,253-254,300,319-320,512-514,521,555,606,613,640-641,666-667,6
70,700,777-778,800,816,888,900,909,991-993,999-1000


I Hope this helps,
WGhen


0
 
LVL 4

Author Comment

by:backbonemd
ID: 18006990
WGhen

I have two Links between sites A and B and i am running two links between a 4500 at site A and site B and the other link between the other two 4500. see below

                            Fiber Link
Site A         4500 - - - - - - - - - -  4500
                    -                             -
                    -                             -
VLAN 1-5   100MB Colt              100MB BT  vlan 6 -12 allowed
                    -                             -
                    -                             -
Site B         4500 ------------------  4500
                             Fiber Link

So make the 4500 switches using the colt link root bridge for vlan 1-5 and and make the switches using the BT link root bridge for vlan 6-12 so load balance the vlan accross both links.   does this may sense?
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007006
i dont have routers between the switches - 4500''s will be doing any L3. LINK TERMINATED DIRECTLY ON THE 4500 SWITC HES.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 5

Expert Comment

by:WGhen
ID: 18007036
Yup,
Technically, it won't be "load ballanced" but you'll be running some traffic on each, but still allow all traffic to run on either link should one of the links fail.  So after telling the appropriate 4500 that it is the spanning tree root for the vlans that you wish it to carry you should be all set.  Use the show interfaces trunk to see if it is working.  I would recommend that you use the switches closest to the real core end of your network (site A?) as these root bridges.  There can be only one root bridge for each vlan, so don't do this at both end.  Spanning tree should block the other vlans that it sees comming from more than one way.  Try it and see if it works.  If not, we can tamper with priorities etc.

WGhen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007063
WGhen sorry to be a pain but  i Just need to clarify what switch will be the root and what switches will be the secondary at each sites. i know i can only have one root and one than one secondary. right ?


SO Force the interface on one of the 4500 at site A  (connected to 100mb colt ) to be the spanning tree root at site A for vlans 1-7...
conf t
     spanning-tree vlan 1-7 root primary
     spanning-tree vlan 8-12 root secondary

And on the other Site B interface (other 4500  connected to BT link)
conf t
     spanning-tree vlan 8-12 root primary
     spanning-tree vlan 1-7 root secondary



0
 
LVL 5

Expert Comment

by:WGhen
ID: 18007263
Where would you say the real core of your network is?  Site A?  If so then you go to the switch I've called 4500(A1)...
       conf t
        spanning-tree vlan 1-5 root prinary
        spanning-tree vlan 6-12 root secondary

Then on the switch I've called 4500(A2)...
       conf t
        spanning-tree vlan 6-12 root prinary
        spanning-tree vlan 1-5 root secondary
 



                            Fiber Link
Site A       4500(A1) - - - - - - - - - 4500(A2)
                    -                             -
                    -                             -
VLAN 1-5   100MB Colt              100MB BT  vlan 6 -12 allowed
                    -                             -
                    -                             -
Site B       4500(B1) -----------------4500(B2)
                             Fiber Link

That should do it.  If for some reason we have to coerce it a little more we can add some more incentive for it to do what you want but this should work.  


NOTE ***** You will want to enable root guard on the ports on the 4500's that trunk to each of the 3500's to avoid having one of the 3500's that might just by chance have a lower MAC address from electing itself as the root foreverything.  This is a danger and happens sometimes and will degrade network performance.  Root guard on the ports leading to the 3500's will prevent that from happening.

WGhen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007324
cool.  Finally is there a way to limit unnecessary broadcast over the links?
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007363
WGhen, one LAST Question HONESTLY MATE - by having the root and second root at site A how will STP work for the catalyst  3550 at site B connected to the 4500's at site B - Dont we need to have at  least a root at site B to prevent loop or will the catalyst 3550 at site B  use the Root at SITE A as well? hope i havent confused myself.

0
 
LVL 5

Accepted Solution

by:
WGhen earned 2000 total points
ID: 18007488
>>> Dont we need to have at  least a root at site B to prevent loop...
NO !!!  You can only have ONE root per vlan per VTP domain.  Enable root guard on every port that connects to a 3500.  Since it's all one VTP domain STP will take care of the rest.
Yes, the Site B 3500s will use the root over a Site A.  But we are not talking about traffic routing here, we are talking about who is the master that watches for loops and things.  That in turn determins where a block gets thrown if one should be nexessary.  In your environment blocks will always be in effect on the vlans you want to force down one or the other of the pipes.  The root will never block access to itself so it will tell the 4500s at the Site B end to disallow 6-12 or 1-5.  


>>> is there a way to limit unnecessary broadcast over the links...
Well, not really.  VLANs logically segment the network into different broadcast domains so that packets are switched only between ports within the VLAN.  That means that you've designed a network (without routers in between) that will promote the delivery of broadcasts to all of its vlan which ever end of the link that may be.


0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007538
thank you very much for your input.  500 points is yours..............
0
 
LVL 5

Expert Comment

by:WGhen
ID: 18007577
Hi,
Thanks!
Still here for a while if you have more questions.

Cheers
WGhen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18007834
WGhen both sites will have their own conenction to the internet. the idea is to have one VLAN HSRP group  IP  for site A and have another one for site B with different standby IP - I want each site to use their own internet connection. is this possible?
0
 
LVL 5

Expert Comment

by:WGhen
ID: 18046401
Hi,
Yes.
Sorry.  I somehow missed this extra question...
IP routes should be carefully put in so that each site sends all it's non internal unkown (meaning internet) traffic out it's own connection to the ISP
WGHen
0
 
LVL 4

Author Comment

by:backbonemd
ID: 18052296
thanks mate.  
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question