msaalim
asked on
Cisco 3560g configuration
We have 2 cisco 3560g switches, and would like to configure them for redundancy and failover. I have connected one server with nic teaming with one nic to each switch. It seems to be working ok. When I disconnected one nic, I can still ping. I am conern with any loopback issues. Both switches sh commands given below. Nic teaming Nics connected port13 on switch_S01 and other nic on port 11 on switch_S02. My understanding is that one should be in block or standby mode, but both seems to be in fwd mode. Also is it possible for both switches to be in load-balancing and failover mode? My understanding is it could either but cannot be in both, since one ip is assigned to nic teaming and it would only work in load balance mode if both nics connected to the same switch. We are not concern with load balance, but failover should be configured properly. Swich sh commands are separated by double dotted lines.
Thanks, Leo
----------
switch_S01# sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0018.b96a.2e00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0018.b96a.2e00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Gi0/13 Desg FWD 19 128.13 P2p
Po1 Desg FWD 3 128.616 P2p
switch_S01#sh
% Type "show ?" for a list of subcommands
Development_S01#sh etherchn annel
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
switch_S01#sh cluster
Command switch for cluster "ncicluster"
Total number of members: 1
Status: 0 members are unreachable
Time since last status change: 0 days, 1 hours, 8 minutes
Redundancy: Disabled
Heartbeat interval: 8
Heartbeat hold-time: 80
Extended discovery hop count: 3
--------------------------
--------------------------
switch_S02#sh etherchannel
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
switch_S02#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0018.b96a.2e00
Cost 3
Port 616 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.06f2.f900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/11 Desg FWD 19 128.11 Shr
Po1 Root FWD 3 128.616 P2p
Thanks, Leo
----------
switch_S01# sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0018.b96a.2e00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0018.b96a.2e00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Gi0/13 Desg FWD 19 128.13 P2p
Po1 Desg FWD 3 128.616 P2p
switch_S01#sh
% Type "show ?" for a list of subcommands
Development_S01#sh etherchn annel
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
switch_S01#sh cluster
Command switch for cluster "ncicluster"
Total number of members: 1
Status: 0 members are unreachable
Time since last status change: 0 days, 1 hours, 8 minutes
Redundancy: Disabled
Heartbeat interval: 8
Heartbeat hold-time: 80
Extended discovery hop count: 3
--------------------------
--------------------------
switch_S02#sh etherchannel
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
switch_S02#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0018.b96a.2e00
Cost 3
Port 616 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.06f2.f900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/11 Desg FWD 19 128.11 Shr
Po1 Root FWD 3 128.616 P2p
ASKER
I have created etherchannel for trunking between 2 switches by combining two ports. It's not portchannel, its etherchannel. Do you know in nic teaming configuration on the server, if both switches work in a load balance mode, or one nic is block by spantree tree, so that no looping occurs? In my senario, would it be loadbalancing and failover both, or only failover. Is there any configuration required for loadbalancing or failover or just connecting nic teaming nics with 2 swithces would do it automatically.
Thanks.
Thanks.
port channel is etherchannel. It was a conflict in terms. If you check your switch, you'll see that the etherchannel created a virtual interface called "Port-Channel 1".
I understand that NIC teaming load balances on the server, but the switches will not load balance. The data will go to whichever server NIC replies to the ARP request first.
Spanning tree only operates between switches, so since your server is not a switch (not sending BPDUs) it will not cause spanning tree on either of the ports to go into blocking mode.
Your current network will provide failover, but not true load balancing.
Depending on network conditions and how the server responds to ARP requests there will be some traffic across both links, but it will probably not be evenly balanced.
I understand that NIC teaming load balances on the server, but the switches will not load balance. The data will go to whichever server NIC replies to the ARP request first.
Spanning tree only operates between switches, so since your server is not a switch (not sending BPDUs) it will not cause spanning tree on either of the ports to go into blocking mode.
Your current network will provide failover, but not true load balancing.
Depending on network conditions and how the server responds to ARP requests there will be some traffic across both links, but it will probably not be evenly balanced.
ASKER
Can I make one switch as a root switch and other as stanby for failover, so that the nic teaming nics would only go to one switch unless a failover actually happens. Also whats server and client mode on the switch. If two switches are connected, does one has to be in client mode. what is the significance. I see both my switches in server mode.
Thanks,
Thanks,
ASKER
Disregard server and client mode question....Just consider other questions...
You cannot guarantee the functionality you want with this scenario.
Your current implementation should fulfill all the project requirements without worrying about load sharing. Load sharing would give you more bandwidth to the server, but if this is not an issue, then I would say your current setup is fine.
If you need more bandwidth to the server, I would reccomend removing one path of redundancy (i.e. one of the switches) and instead use a etherchannel group to connect to the server.
Your current implementation should fulfill all the project requirements without worrying about load sharing. Load sharing would give you more bandwidth to the server, but if this is not an issue, then I would say your current setup is fine.
If you need more bandwidth to the server, I would reccomend removing one path of redundancy (i.e. one of the switches) and instead use a etherchannel group to connect to the server.
ASKER
Is vtp domain name of any significance in my case? In our development environment, we don't need more than two switches with nic teaming consideration, but in our production, with nic teaming, our port density would extend to other 2 pair switches. In current configuration, although two of the switches are being used in redundant mode with failover in nic teaming configuration, but on both switches vtp domain name are defined differrently. And vtp mode is configured as transparent. You think it's the right configuration.
ASKER
I am trying to configure an interface as trunk port using command "switchport mode trunk" rececing message "command rejected: An interface whose trunk encapsulation is "Auto" can be configured to "trunk" mode.
Is it Ok to set encapsulation to isl (cisco proprietery) or do1q? These switches will be trunking to other cisco switches.
Any help will be appreciated.
Is it Ok to set encapsulation to isl (cisco proprietery) or do1q? These switches will be trunking to other cisco switches.
Any help will be appreciated.
I think you should keep the switches in vtp transparent mode. VTP doesn't really do anything for you functionally. It only eases the administrative burden of managing VLANs. In your case I don't think you really need it.
Go ahead an use the dot1q encapsulation. It has less overhead than ISL.
switchport encapsulation dot1q
switchport mode trunk
Those commands should set the trunk up for you.
Go ahead an use the dot1q encapsulation. It has less overhead than ISL.
switchport encapsulation dot1q
switchport mode trunk
Those commands should set the trunk up for you.
ASKER
What's the significance of vlan 1002-9049? I see on my existing switches, vlan trunking command list as "switch port trunk allowed vlan 1,3, 1002-4094. I know 1002-1005 is for token ring, fiddi and other, but why the whole range through 4094. Also if you don't have fddi or token ring on your network, you think you should still use 1002-1005 which is also enable by default on all switches.
Thanks, leo
Thanks, leo
The default ports of 1002-1005 won't hurt anything, don't worry about them.
As for the other port range (1006-4094) I'm not sure what command you are seeing them with, but it's probably just because you haven't blocked them.
Unless you need the higher end VLANs just block them as well.
As for the other port range (1006-4094) I'm not sure what command you are seeing them with, but it's probably just because you haven't blocked them.
Unless you need the higher end VLANs just block them as well.
ASKER
Blocking you mean that for trunking I should only use command "switch port trunk allowed vlan 1,3, 1002-1005" instead of using 9049. I thought higher numbers are used for some services and one should have it included.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also you mentioned that both ports were in forwarding mode. This is the correct functionality since a switch will not put a port into blocking mode unless it is connected to another switch.
This is also the desired function since if the port had gone into blocking mode it could take up to 50 seconds for the port to unblock.
This solution should failover correctly, but as you said, load balancing will not function. For load balancing to function, you would need to use the port channel group, which means that both nics on the server should connect to the same switch.