• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

hierarchical topology switch priority

hi

question 1.  i wish to know how to go about deciding on which switch is the vtp server or client although i think it is as below but it does not look right to me  ?


core -  layer 3 switch - vtp server primary 4096
dist1 - layer 3 switch - vtp server 8192
dist2 - layer 3 switch - vtp server 12288
access1 - layer 2 switch - vtp client
access2 - layer 2 switch - vtp client

note: i have attached a screenshot


note: i have configured a 3 x triangle layer 2 2950 cisco switch using std stp/uplinkfast/backbonefast for the following:

switch a - vtp server1 (rootbridge)
switch b - vtp server 2 (secondary rootbridge)
switch c - vtp client

note: i have also configured the same as above but using (rstp/udld)
HIERACHICAL-TOPOLOGY-001.jpg
0
mikey250
Asked:
mikey250
  • 24
  • 11
  • 9
15 Solutions
 
giltjrCommented:
Any special reason why you want 3 VTP servers?  Why not just have CORE as the VTP server and everything else as VTP clients?  If you want to use VTP?

All being a VTP server does is allow you to create a VLAN.  Once you create on CORE, it will be propagated to all your other switches.

All having dist1 and dist2 as VTP servers do is allow you to create a VLAN without having to logon to CORE.  I guess having one of them as a VTP server in case something were to happen to core would  not be bad idea.  But if something happen to CORE would your network still be functional?
0
 
SouljaCommented:
If you are routing at the distribution layer for the access layer switches, I don't see a reason the core switch would even need to know about the vlans below it.

It doesn't need to be involved in spanning tree or VTP. The dist switches can have L3 connections up to the core and rely on the routing protocol for failover. This will limit your spanning tree domain, which is a good thing.
0
 
mikey250Author Commented:
hi giltjr,

ok i had to make sure as i have never set something like this up before and although yes only 1 x core i realise if this has a fault there would be lost of network activity although users machines would be ok.

i assumed that due to using vtp server on specific switches was to ensure the root bridge, the secondary root bridge, 3rd root bridge due to preparing to use: std/802.1d/uplinkfast/backbonefast but this is for dist1, dist2 & access 1 & access2

& hsrp was for dist1 & dist2 & core
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
mikey250Author Commented:
hi soulja, thanks for that clarification!!!

no not routing at the distribution layer as the core was going to be separate from distribution so will have 3 layers, although yes i realise i could integrate both distribution & core together.

so for the time being to grasp my understanding separately i have decided to do it this way.

question 1.  ok so i should have the following below:  ?

core - just routing config

dist1 - vtp server1 primary/802.1d/backbonefast & i assume hsrp would be on both dist1 & dist2

dist2 - vtp secondary/backbonefast

access - vtp client/uplinkfast/backbonefast

access - vtp client/uplinkfast/backbonefast

note: i am beginning to realise as i have been writing out the config next to my diagram and starting to see.
0
 
giltjrCommented:
A quick comment before I read your last two posts.  You do know that VTP mode has nothing to do with stp priorities.  There is no such thing as "vtp primary" or "vtp secondary".  There is only a mode when it comes to vtp; server, client, or transparent.  On some older Cisco switch you can turn vtp off.

Spanning tree has root bridge priority, with the lowest number being the highest priority.

HSRP has priority also, with the highest number being the priority.

With both spanning tree and HSRP if you leave the priorities at default the device with either the lowest or highest MAC address becomes the higher priority.  I can't remember off hand which it is.
0
 
mikey250Author Commented:
hi giltjr,  yes i realise:

vtp - passed vlan trunking info across connected switches
stp - determines switch path determination and redundant paths etc

my ios must be old but yes to below commands can also be used as i have added them but like you said on old cisco switch/ios as i have 3550 & 2950

spanning-tree vlan 2 root primary
spanning-tree vlan 2 root secondary

the new method is using 4096 and 8192 & 12288 and so on - which also works with my cisco switches also

"with both spanning tree and hsrp if you leave the priorities at default the device with either the lowest or highest mac address becomes the higher priority.  i can't remember off hand which it is."

- yes i realise this as due to the election process, but i wish to make (dist1 - active & dist2 - standby) and have already written the hsrp configs for both dist1 & dist2.

i have written up my configs and (routing eigrp 1) for testing on my (core), but not sure if i should add any (hsrp) configs on the (core) or just leave hsrp configured in distr1 & dist2..!!

then once im happy with configs i can then move forward ensuring i have all things covered.
0
 
SouljaCommented:
If you are using hsrp at the distribution layer you routing there as well.
0
 
mikey250Author Commented:
hi soulja, oh!!

so you are saying if i configure hsrp then the routing should be on the (same) layer 3 switch - ?

ok which means i dont need the (core) as it will be integrated into the distribution as you advised earlier.
0
 
giltjrCommented:
The only reason to have HSRP on a pair devices is because they are configured as a default route for that subnet.

As I think  soulja stated before, depending on the size of your network you may not need your core separate from your distribution.  Typically the 3 level network is due to the size of your network.  At one time Cisco's recommendation was to separate the 3 levels once you go to 2000+ physical hosts.  Don't know if that is still true.

Physically we have a few hundred hosts and we have core and distribution collapsed.
0
 
SouljaCommented:
Yes, if you are running hsrp on the dist layer and get rid of the core switch you will be running a collapse core design What do you have routing to your wan? That's usually the cores purpose which you will be handing down to your dist switches if you get rid of the core switch.
0
 
SouljaCommented:
Also my first suggestion wasn't to get rid of the core. It was to reduce the spanning tree domain only up to the distribution layer. Upwards from distribution to the core would be layer 3  and rely on your routing for failover, not spanning tree.  If your access layer were l3 switches I would take it a step further and have l3 links down to that layer too.
0
 
SouljaCommented:
Basically.  Screw spanning tree. Lol!
0
 
mikey250Author Commented:
hi giltjr, yes i read what (soulja) stated before.

yes ive read it states 2000+ for physical hosts

i just wanted to separate all 3 layers and experience for myself what went where and eventially go back to using just (access & distribution but having core inside distribution) instead of separating core.

you say:  "physically we have a few hundred hosts and we have core and distribution collapsed"

yes i understand if network is not large enough then distribution and core is not required.
0
 
mikey250Author Commented:
hi soulja, why screw spanning-tree because if i have a 3 triangle switch ie root bridge 4096 & 8192 for secondary for example then std/uplinkfast/backbonefast will function between access and distribution.

then you state to configure hsrp & routing protocols on the physical distribution switch,
which would be separated from stp as suggested earlier.
0
 
giltjrCommented:
Are you trying to set this up for learning or is this for a production environment?
0
 
mikey250Author Commented:
hi soulja,

ive just done some more reading and understand now why you say:

"screw spanning tree"

this is because when i configure hsrp active (priority 200 and hsrp standby priority 100), this automatically ensures hsrp active becomes the root bridge and the standby the backup root bridge...!
0
 
mikey250Author Commented:
it will be setup for production but getting my facts correct 1st.
0
 
giltjrCommented:
"this is because when i configure hsrp active (priority 200 and hsrp standby priority 100), this automatically ensures hsrp active becomes the root bridge and the standby the backup root bridge...! "

Depending on what you mean not really.  HSRP priority and spanning-tree are independent of of each other.

Take your example.  You could setup dist1 to have a bridge priority of 8192 and dist2 to have a bridge priority of 12288.  Howver for HSRP you could have dist1 set to 120 and dist2 be set to 140.

In that situation dist2 would be the active HSRP, but dist1 would be the root bridge.  dist2 uplinks would be blocked, so all traffic would flow dist1 to dist2 to get to the HSRP address.

If you want to do this, you would need to make sure that you have the same switch configured as the preferred HSRP and root bridge.
0
 
mikey250Author Commented:
hi giltjr,

ok i thought that was what (soulja) was explaining when stating to (screw stp lol)

we are going off track a little bit as i have written down my configs and just trying to fill in the blanks..

as for dist1 set to 120 & dist2 set to 140 - i am making dist1 higher priority hence below not dist2

anyway i have written hsrp as a high priority is more attractive hence - dist1 to priority 200 & dist2 to priority 100 - currently

as per previous comments i have made dist1 the root bridge with hsrp priority 200 & dist2 secondary root bridge with hsrp priority 100  - now i know the separate physical core is not a vtp server.
0
 
mikey250Author Commented:
hi soulja,

i have just noticed your extra comment below as i must have missed it when uploaded..

"also my first suggestion wasn't to get rid of the core. It was to reduce the spanning tree domain only up to the distribution layer. upwards from distribution to the core would be layer 3  and rely on your routing for failover, not spanning tree.  If your access layer were l3 switches I would take it a step further and have l3 links down to that layer too."

- ok not to get rid of core

yes as per my previous comments i have set dist1 vtp server rootbridge, dist2 vtp server secondary and access1 & 2 - vtp client

ive written down for (core) for only (routing protocol) with no spanning-tree

my access are 2950 layer 2
0
 
mikey250Author Commented:
i think now soulja, you have clarified for me my specific concerns.
0
 
SouljaCommented:
What concern did I clarify? Also as giltjr stated, hsrp and spanning tree have nothing to do with one another.
0
 
mikey250Author Commented:
yes i realise (giltjr) - gave good advice aswell

"also my first suggestion wasn't to get rid of the core. It was to reduce the spanning tree domain only up to the distribution layer. upwards from distribution to the core would be layer 3  and rely on your routing for failover, not spanning tree.  If your access layer were l3 switches I would take it a step further and have l3 links down to that layer too."
0
 
giltjrCommented:
I'm getting confused.  :(
0
 
mikey250Author Commented:
its ok i think i have all i need for this part so thanks for assistance.  sometime read comments in different order as did not receive on my laptop in that order hence maybe confusion from my part.
0
 
SouljaCommented:
Okay, so give us a summary of your action plan.
0
 
mikey250Author Commented:
i will later integrate core & distribution together but for the time being i will do the below:

core - only configured for routing protocol & 2 x static route pointing to dest1 & dest2

dist1 - vtp server/rootbridge - 4096/backbonefast & hsrp priority 200 active
dist1 - connects to access1 & 2
dist1 - 1 x static route pointing to core int fa0/1

dist2 - vtp server/2nd root - 8192/backbonefast & hsrp priority 100 standby
dist2 - connects to access 2 & 1
dist2 - 1 x static route pointing to core int fa0/24

access1

ip default-gateway pointing towards - dest1
& uplinfast/backbonefast

access2

ip default-gateway pointing towards - dest2
& uplinkfast/backbonefast
0
 
giltjrCommented:
I still think you are not getting something.  

If dist1/dist2 are setup for HSRP what traffic do you plan to route through your core?

Maybe if you give us a sample of what VLAN's you plan to configure where and on which devices you will have what IP addresses.
0
 
mikey250Author Commented:
oh rrgh completley forgot about my vlans!! initially i wanted to allow 3 vlans so i know what to do!
0
 
mikey250Author Commented:
below is what i have come up with so far but did not know if i was to repeat same for multiple vlans!!

then i was going to look at (tracking) later

dest1  -  i am are this root bridge will propagate vtp across trunks but manually add usually int fa0/1 & 24

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.1.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.1.1
standby 2 priority 100
standby 2 ip 192.168.1.2

dest2

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.1.11 /24
standby 1 priority 200
standby 1 pree100
standby 1 ip 192.168.1.1
standby 2 priority 200
standby 2 ip 192.168.1.2
0
 
giltjrCommented:
Why oh why do you have two stand by IP addresses in the same subnet?  You only need one.

What are you doing on core?
0
 
mikey250Author Commented:
hi

i think i have just realised - multiple vlans should be in separate subnets not same

dest1  -  i am are this root bridge will propagate vtp across trunks but manually add usually int fa0/1 & 24

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.1.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.1.1
standby 2 priority 100
standby 2 ip 192.168.1.2

dest2

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.2.11 /24
standby 1 priority 200
standby 1 pree100
standby 1 ip 192.168.2.1
standby 2 priority 200
standby 2 ip 192.168.2.2
0
 
giltjrCommented:
Yes, I understand about the hsrp priority.

My question is why do you want 192.168.1.1 and 192.168.1.2 as HSRP floating addresses?

Doing this does absolutely nothing but add overhead.  All you need is ONE floating address.

Again on the core, what VLAN's?  What IP addresses?
0
 
mikey250Author Commented:
hi giltjr, ignore that other thread as i have have 2 subnets not 1 now!

after considering the advice given, i will not have a separate physical (core and will leave as just access and distribution) layers.
0
 
SouljaCommented:
Okay, so you want to use and active/active MHSRP. You trying to get fancy with it. (In Tony Horton's voice). That configs looks good.

Regarding the routing protocol, you should enable it on the dist switches to if you are going to use it on the core.

I would put point to point L3 from the dist to the core switch.


EDIT****

Posted before seeing responses above. Yes, as giltjr stated running MHSRP is overkill for your setup.
0
 
mikey250Author Commented:
hi soulja, originally i was using the same subnet: 192.168.1.10 & 192.168.1.11 - that is what (jiltgr) was referring to..!

but i have now changed to:

192.168.1.10 - access1 - vlan 2 only
192.168.2.11 - access2 - vlan 3 only

i think im beginning to realise!!!

ok

i know how to configure router-on-stick & i know how to configure svi but somewhere along the line my head has gone blank!!

what do you suggest  ?


access 1 - for example vlan 2 - 192.168.1.10/24

access 2 - for example vlan 3 - 192.168.2.11/24

surely multiple vlans on separate subnets are created on (dest1 with hsrp active as group 1) and then repeat same svi vlan 2 & 3 on dest2 as group 2)  ?


dest1 priority 200 active group 1

ip routing

int vlan 2
ip address 192.168.1.10 /24

int vlan 3
ip address 192.168.2.11 /24

---------------------------

dest2 priority 100 for standby group 2
config identical to above dest1

-----------------------------

added to both: dest1 & dest2

router eigrp 1 - for example
network 192.168.1.0
network 192.168.2.0
0
 
giltjrCommented:
What I would suggest is:

Connect dist1 and dist2 to each other
Connect access1 & access 2 to dist1 and dist2

All interfaces between the switches would be configured as trunks allowing VLAN 2 and 3.

The above was part of your plan anyway so it is still good.

Do NOT use vlan 1 for any user traffic.  vlan1 by default is special.

Then config as follows:


dest1
int vlan 2
ip address 192.168.2.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.2.1
int vlan 3
ip address 192.168.3.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.3.1

set spantree root


dest2

int vlan 2
ip address 192.168.2.11/24
standby 1 priority 100
standby 1 preempt
standby 1 ip 192.168.2.1
int vlan 3
ip address 192.168.3.11 /24
standby 1 priority 100
standby 1 preempt
standby 1 ip 192.168.3.1

If your dist switches support pvst, then you could make dist1 root and primary HSRP for VLAN2 and make dist2 root and primary for HSRP.  Assuming traffic is split evenly between the vlan's you would be splitting the work load between the two switches.

There should be no reason for eirgp, both dist switches should know about all IP subnets.
0
 
mikey250Author Commented:
hi giltjr,

yes i see now!!!

i only added (eigrp) due to (core), but ok not needed in this case. thats ok!


"if your dist switches support pvst, then you could make dist1 root and primary hsrp for vlan2 and make dist2 root and primary for hsrp.  assuming traffic is split evenly between the vlan's you would be splitting the work load between the two switches."


yes i did read about load-balancing above but thought one step at a time.!

if vlan 2 traffic travel to dest1 & vlan 3 traffic travel to dest2 then does this not defeat object of hsrp ?

note: i have read about a specific vlan having an issue and that vlan automatically switches over to dest2 and so on, but if the actual dest1 hsrp active has an issue it can switch the complete link across to dest2 standby, making it become the temporary active until dest1 is fixed. - i did not want to move ahead to fast but yes i wish to know now!!

note: i have made those changes on paper regarding the ip address issues compared to mine as per your example so thanks for that!
0
 
giltjrCommented:
--> "if vlan 2 traffic travel to dest1 & vlan 3 traffic travel to dest2 then does this not defeat object of hsrp ?"

When looking at HSRP you need to focus on a single vlans, not all vlans.  The value of HSRP is that if you lose one router, you have another router ready to take over without having to change any default routes on any devices.

Say dist1 fails, once dist2 sees that it will start responding to arp requests for 192.168.2.1 and it will now do all routing functions between the ip subnet 192.168.2.0/24 and all other ip subnets..  No changes to any devices, it just happens.

The same thing will happen fir 192.168.3.1 no matter which switch is primary for it.

The difference between having dist1 primary for both or splitting it, is that by having dist1 primary for both traffic between 192.168.2.0/24 and 192.168.3.0/24 will stay on a single device.  If you split it the traffic must flow between the devices.

What you have look at is how much traffic does each subnet have that NEVER leaves that subnet and how much traffic flows between the subnets.

If 99.999% of the traffic never leaves its own subnet, then by splitting up which switch is primary for that HSRP address you split the work load and you have less of a chance of overloading one switch while the other sits idle.

Now if 192.168.2.0/24 was used for desktops and 192.168.3.0/24 was used for servers, then a lot of the traffic would most likely be routing between the two, and you would want to have a single swtich be the HSRP primary so that the traffic would stay on the same device as much as possible.  That way you don't have a ton of traffic flowing between dist1 and dist2 when it does not need to.

--> "note: i have read about a specific vlan having an issue and that vlan automatically switches over to dest2 and so on, but if the actual dest1 hsrp active has an issue it can switch the complete link across to dest2 standby, making it become the temporary active until dest1 is fixed. - i did not want to move ahead to fast but yes i wish to know now!!"


Not sure what you mean here.  vlan's don't move.  If a connection between two switches have a problem and connectivity is lost the path that is taken may change assuming there is alternate path.  So if the uplink between dist1 and access1 has a problem and goes down, the connection between dist2 and access1 will become unblocked and traffic would flow between dist2 and access1.

The only time hsrp would "move" is if the primary switch fails or somebody does a shut on that vlan interface.  So in the example where an uplink had a problem.  dist1 would still "own" the HSRP address, but traffic from access1 would flow through dist2.
0
 
mikey250Author Commented:
yes i understand most of that but thanks for break down.

what about your comments below: ?

"if your dist switches support pvst, then you could make dist1 root and primary hsrp for vlan2 and make dist2 root and primary for hsrp.  assuming traffic is split evenly between the vlan's you would be splitting the work load between the two switches."
0
 
SouljaCommented:
What giltr means is that if you set dist1 as the spanning tree root for vlan 2 for example and and dist2 as the spanning root for vlan3, the layer 2 path for vlan 2 will flow to dis1 and the path for vlan 3 will flow to dist2.

At the same time you can configure dist1 as the active hsrp for vlan2 and make dist2 the active hsrp for vlan3. Thus you will have vlan 2 traffic flow over one switch and vlan 3 traffic flow over the other dist switch.
0
 
mikey250Author Commented:
hi soulja, i thought i was reading it wrong.  ok never heard of that!!

appreciated.
0
 
mikey250Author Commented:
in fact after reading those last comments, i do understand.  as both vlans would be on separate subnets and as there are 2 separate switches then yes 2 root bridge & 2 active hrsp can be done.

but i presume if i create multiple vlans on dist1/layer 3/hsrp-active, which connects to access1 where all host machines will be located

but if i then add dist2/layer 3/hsrp-standby with (exact same multiple vlans), then if there was  an issue it would automatically switchover and continue as normal  ?

thinking on corporation level not small to medium company.
0
 
mikey250Author Commented:
sound advice!!! appreciated!!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 24
  • 11
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now