[Last Call] Learn how to a build a cloud-first strategyRegister Now


Layer2 switch questions. Shop talk, looking for good advice

Posted on 2009-02-13
Medium Priority
Last Modified: 2012-05-06
2008 AD native
250 users
One domain One site

We have a mismash of switches all chained together to accomodate 250 users and 25 servers

We have an hp pro curve users on old 10/100 switches and we are integrating several layer2 power connect switches. They run spanning tree and I was wondering of how cabale these switches are.

If I VLAN out, I would need a router to router traffic. Is this correct? Example switch1 has a Vlan of 172.x.x.x would switch 4 know about this vlan? I am told this will not work, but wanted to be sure. Heck if the switches can talk to each other, why cant they let other switches know.

Question2: If I run 2 uplink cables between switches, without using LAG aggreagation, will the switches pass traffic on both uplinks? This is the way we have it now, but I suspect one link is being used, and spanning tree is blocking the other line via spanning tree. The concept I guess is like a server, you can only have one ethernet in each subnet (unless you nic team). I would hope it sees both routes, and use them. But it was told to me this would cause a routing loop, and spanning tree would block the extra line to prevent this.  

We have initially planned to link each 10/100 user switch to the procurve AND have them link to each user switch. But as it is told to me, this will fail cause loops and cause ports to be blocked.

The solution would be a layer3 switch. The difference in price is $450 for L2 and $1500 for L3. I want to be sure before I spend the $$$$
Question by:pkwillis
LVL 10

Accepted Solution

atlas_shuddered earned 1200 total points
ID: 23639340
pkwillis -

not a lot of experience with ProCurves but the underlying layer 2 and 3 concepts you are going to need to use are the same.

VLANs and trunking is pretty straightforward.  VLANs are used to segregate larger networks into smaller, more manageable networks.  More directly, they help by reducing the size of broadcast domains, reducing collisions on the wire.  A broadcast domain, also known as a collision domain is a logical area on a network wherein all devices are able to identify and send traffic directly to a peer (layer 2) without the need for transferring across a network boundary (layer 3 or routing).  Its a little more in depth that this but it will serve for the purpose.  The entire goal of your vlan is to reduce the size of your broadcast domain, usually to increase performance, stabilize communications or to logically bound/segregate traffic for management/security reasons.

Trunking allows you to stack multiple switches with vlan traffic passing between each, however, it does not allow individual vlans to communicate amongst each other - for this you will need a router to connect each.

Here's how it goes.  On your switches you will configure each of the ports to belong to a vlan.  As traffic is initiated on any of these ports, each frame is tagged with a vlan tag.  These tags identify traffic's originating/assigned vlan as it traverses the switch.  The devices that are connected to the ports configured to the same vlan will be tagged as residing on the same vlan and thus able to talk to each other.  Any devices connected to ports configured on differing vlans will be tagged as being on differing vlans and not be able to talk to each other.

Trunks carry vlan tagged traffic between two switches.  Same scenario as above but the traffic originates on one switch and needs to carry to a second to complete its transmission.  Trunking allows for this to happen.

Your second question is directed more toward packet storming caused by bridging loops.  Bridging loops occur when one or more switches are interconnected in a way that allows broadcast traffic to originate, multiply and continue into infinitum, ultimately bringing the network down.  Yes, if you connect two switches to each other with two or more cables and they are not 1.) virtually combined through some type of port aggregation or 2.) Spanning Tree Protocol (STP) is not utilized/enforced, you will create a bridging loop.

Port aggregation allows for the link to be configured in a way where multiple ports on either side appear as one or as a hot-standby set.  STP is used to dynamically manage potential loop sources, placing those sources into a standby, inactive/listening or shutdown state.  If you want to use both of the lines for your uplink/trunk, you will need to configure them as aggregates with the appropriate technology (Cisco uses ether-channel).

My suggestion on your two proposed solutions.  First, definitely identify and interconnect your switches through a core switch.  Second, don't take up time trying to interconnect your access switches to each other.  One, it defeats the purpose of building a core switch and two, doing so will create a bridge loop that either will bring your network down or, STP will shunt, leaving you with only one active path anyway - the second would be a waste.  Incidentally, STP will elect a root bridge logically, be sure to "fix" the election so that your core always gets this role, otherwise, you may end up with it acting as little more than a bottle-neck that looks really well designed.

Second, if you implement multiple vlans and want them to be able to talk to each other at all, you can either implement a layer 3 switch or a router (assuming it will support router-on-a-stick with your procurves)

Hope I covered it all for you.


Assisted Solution

Donboo earned 800 total points
ID: 23642265
Besides what Atlas has written I would suggest to you before you start adding switches be it HP, Cisco or D-LINK or whatever is to make a security policy/network requirements for your network. It dosnt have to be a grand plan it could be just a few simple things like whether or not you want to make sure noone can attack a switch to the network without you knowing about it or noone can setup a DHCP server on the network without your knowledge.

Cisco has some really nice features to combat these problems on their catalyst series I am not sure that HP procurve has similar features.

Also I think the best approach would be to use a Layer 3 switch as core switch to router between you vlans and use layer2 switches as access switches and then let a router/firewall connect to your layer3 switch to provide internet access.

If interessted you can read about the features here www.cisco.com/go/catalyst and you should probably look at the 2969 series as layer 2 and 3560 series as layer3.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month18 days, 3 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question