Solved

Cisco 3560g configuration

Posted on 2006-11-29
14
1,309 Views
Last Modified: 2008-01-09
We have 2 cisco 3560g switches, and would like to configure them for redundancy and failover. I have connected one server with nic teaming with one nic to each switch. It seems to be working ok. When I disconnected one nic, I can still ping. I am conern with any loopback issues. Both switches sh commands given below. Nic teaming Nics connected port13 on switch_S01 and other nic on port 11 on switch_S02. My understanding is that one should be in block or standby mode, but both seems to be in fwd mode. Also is it possible for both switches to be in load-balancing and failover mode? My understanding is it could either but cannot be in both, since one ip is assigned to nic teaming and it would only work in load balance mode if both nics connected to the same switch. We are not concern with load balance, but failover should be configured properly. Swich sh commands are separated by double dotted lines.

Thanks, Leo
----------
switch_S01# sh spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0018.b96a.2e00
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0018.b96a.2e00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/13           Desg FWD 19        128.13   P2p
Po1              Desg FWD 3         128.616  P2p


switch_S01#sh
% Type "show ?" for a list of subcommands
Development_S01#sh etherchn annel
Channel-group listing:
----------------------

Group: 1
----------
Group state = L2
Ports: 2   Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol:   LACP

switch_S01#sh cluster
Command switch for cluster "ncicluster"
        Total number of members:        1
        Status:                         0 members are unreachable
        Time since last status change:  0 days, 1 hours, 8 minutes
        Redundancy:                     Disabled
        Heartbeat interval:             8
        Heartbeat hold-time:            80
        Extended discovery hop count:   3
----------------------------------
----------------------------------
switch_S02#sh etherchannel
Channel-group listing:
----------------------

Group: 1
----------
Group state = L2
Ports: 2   Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol:   LACP

switch_S02#sh spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0018.b96a.2e00
             Cost        3
             Port        616 (Port-channel1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0019.06f2.f900
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/5            Desg FWD 4         128.5    P2p
Gi0/11           Desg FWD 19        128.11   Shr
Po1              Root FWD 3         128.616  P2p

0
Comment
Question by:msaalim
  • 7
  • 6
14 Comments
 
LVL 1

Expert Comment

by:Sean64
Comment Utility
I'm a little confused about this setup.  You never mention port channels on the switch, but from the output you listed it appears you are trying to use them.  However you cannot use a port channel between 2 switches, the ports have to be on the same switch.
Also you mentioned that both ports were in forwarding mode.  This is the correct functionality since a switch will not put a port into blocking mode unless it is connected to another switch.
This is also the desired function since if the port had gone into blocking mode it could take up to 50 seconds for the port to unblock.
This solution should failover correctly, but as you said, load balancing will not function.  For load balancing to function, you would need to use the port channel group, which means that both nics on the server should connect to the same switch.
0
 

Author Comment

by:msaalim
Comment Utility
I have created etherchannel for trunking between 2 switches by combining two ports. It's not portchannel, its etherchannel. Do you know in nic teaming configuration on the server, if both switches work in a load balance mode, or one nic is block by spantree tree, so that no looping occurs? In my senario, would it be loadbalancing and failover both, or only failover. Is there any configuration required for loadbalancing or failover or just connecting nic teaming nics with 2 swithces would do it automatically.

Thanks.
0
 
LVL 1

Expert Comment

by:Sean64
Comment Utility
port channel is etherchannel.  It was a conflict in terms.  If you check your switch, you'll see that the etherchannel created a virtual interface called "Port-Channel 1".
I understand that NIC teaming load balances on the server, but the switches will not load balance.  The data will go to whichever server NIC replies to the ARP request first.
Spanning tree only operates between switches, so since your server is not a switch (not sending BPDUs) it will not cause spanning tree on either of the ports to go into blocking mode.
Your current network will provide failover, but not true load balancing.
Depending on network conditions and how the server responds to ARP requests there will be some traffic across both links, but it will probably not be evenly balanced.
0
 

Author Comment

by:msaalim
Comment Utility
Can I make one switch as a root switch and other as stanby for failover, so that the nic teaming nics would only go to one switch unless a failover actually happens. Also whats server and client mode on the switch. If two switches are connected, does one has to be in client mode. what is the significance. I see both my switches in server mode.

Thanks,
0
 

Author Comment

by:msaalim
Comment Utility
Disregard server and client mode question....Just consider other questions...
0
 
LVL 1

Expert Comment

by:Sean64
Comment Utility
You cannot guarantee the functionality you want with this scenario.

Your current implementation should fulfill all the project requirements without worrying about load sharing.  Load sharing would give you more bandwidth to the server, but if this is not an issue, then I would say your current setup is fine.

If you need more bandwidth to the server, I would reccomend removing one path of redundancy (i.e. one of the switches) and instead use a etherchannel group to connect to the server.  
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:msaalim
Comment Utility
Is vtp domain name of any significance in my case? In our development environment, we don't need more than two switches with nic teaming consideration, but in our production, with nic teaming, our port density would extend to other 2 pair switches. In current configuration, although two of the switches are being used in redundant mode with failover in nic teaming configuration, but on both switches vtp domain name are defined differrently. And vtp mode is configured as transparent. You think it's the right configuration.

0
 

Author Comment

by:msaalim
Comment Utility
I am trying to configure an interface as trunk port using command "switchport mode trunk" rececing message "command rejected: An interface whose trunk encapsulation is "Auto" can be configured to "trunk" mode.

Is it Ok to set encapsulation to isl (cisco proprietery) or do1q? These switches will be trunking to other cisco switches.

Any help will be appreciated.
0
 
LVL 1

Expert Comment

by:Sean64
Comment Utility
I think you should keep the switches in vtp transparent mode.  VTP doesn't really do anything for you functionally.  It only eases the administrative burden of managing VLANs.  In your case I don't think you really need it.

Go ahead an use the dot1q encapsulation.  It has less overhead than ISL.

switchport encapsulation dot1q
switchport mode trunk

Those commands should set the trunk up for you.

0
 

Author Comment

by:msaalim
Comment Utility
What's the significance of vlan 1002-9049? I see on my existing switches, vlan trunking command list as "switch port trunk allowed vlan 1,3, 1002-4094. I know 1002-1005 is for token ring, fiddi and other, but why the whole range through 4094. Also if you don't have fddi or token ring on your network, you think you should still use 1002-1005 which is also enable by default on all switches.

Thanks, leo

0
 
LVL 1

Expert Comment

by:Sean64
Comment Utility
The default ports of 1002-1005 won't hurt anything, don't worry about them.
As for the other port range (1006-4094) I'm not sure what command you are seeing them with, but it's probably just because you haven't blocked them.
Unless you need the higher end VLANs just block them as well.

0
 

Author Comment

by:msaalim
Comment Utility
Blocking you mean that for trunking I should only use command "switch port trunk allowed vlan 1,3, 1002-1005" instead of using 9049. I thought  higher numbers are used for some services and one should have it included.
0
 
LVL 1

Accepted Solution

by:
Sean64 earned 500 total points
Comment Utility
Correct.
VLANs 1-1023 are valid under ISL and 802.1q.  VLANs 1024-4095 are extended VLANs only supported by 802.1q.  They do not work with VTP, and so for a simple network that needs less than 1000 VLANs, you would probably not use the extended VLANs.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now