Solved

hierarchical topology switch priority

Posted on 2013-10-23
44
332 Views
Last Modified: 2013-10-30
hi

question 1.  i wish to know how to go about deciding on which switch is the vtp server or client although i think it is as below but it does not look right to me  ?


core -  layer 3 switch - vtp server primary 4096
dist1 - layer 3 switch - vtp server 8192
dist2 - layer 3 switch - vtp server 12288
access1 - layer 2 switch - vtp client
access2 - layer 2 switch - vtp client

note: i have attached a screenshot


note: i have configured a 3 x triangle layer 2 2950 cisco switch using std stp/uplinkfast/backbonefast for the following:

switch a - vtp server1 (rootbridge)
switch b - vtp server 2 (secondary rootbridge)
switch c - vtp client

note: i have also configured the same as above but using (rstp/udld)
HIERACHICAL-TOPOLOGY-001.jpg
0
Comment
Question by:mikey250
  • 24
  • 11
  • 9
44 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 300 total points
ID: 39594823
Any special reason why you want 3 VTP servers?  Why not just have CORE as the VTP server and everything else as VTP clients?  If you want to use VTP?

All being a VTP server does is allow you to create a VLAN.  Once you create on CORE, it will be propagated to all your other switches.

All having dist1 and dist2 as VTP servers do is allow you to create a VLAN without having to logon to CORE.  I guess having one of them as a VTP server in case something were to happen to core would  not be bad idea.  But if something happen to CORE would your network still be functional?
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 200 total points
ID: 39594829
If you are routing at the distribution layer for the access layer switches, I don't see a reason the core switch would even need to know about the vlans below it.

It doesn't need to be involved in spanning tree or VTP. The dist switches can have L3 connections up to the core and rely on the routing protocol for failover. This will limit your spanning tree domain, which is a good thing.
0
 

Author Comment

by:mikey250
ID: 39596548
hi giltjr,

ok i had to make sure as i have never set something like this up before and although yes only 1 x core i realise if this has a fault there would be lost of network activity although users machines would be ok.

i assumed that due to using vtp server on specific switches was to ensure the root bridge, the secondary root bridge, 3rd root bridge due to preparing to use: std/802.1d/uplinkfast/backbonefast but this is for dist1, dist2 & access 1 & access2

& hsrp was for dist1 & dist2 & core
0
 

Author Comment

by:mikey250
ID: 39596562
hi soulja, thanks for that clarification!!!

no not routing at the distribution layer as the core was going to be separate from distribution so will have 3 layers, although yes i realise i could integrate both distribution & core together.

so for the time being to grasp my understanding separately i have decided to do it this way.

question 1.  ok so i should have the following below:  ?

core - just routing config

dist1 - vtp server1 primary/802.1d/backbonefast & i assume hsrp would be on both dist1 & dist2

dist2 - vtp secondary/backbonefast

access - vtp client/uplinkfast/backbonefast

access - vtp client/uplinkfast/backbonefast

note: i am beginning to realise as i have been writing out the config next to my diagram and starting to see.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39596755
A quick comment before I read your last two posts.  You do know that VTP mode has nothing to do with stp priorities.  There is no such thing as "vtp primary" or "vtp secondary".  There is only a mode when it comes to vtp; server, client, or transparent.  On some older Cisco switch you can turn vtp off.

Spanning tree has root bridge priority, with the lowest number being the highest priority.

HSRP has priority also, with the highest number being the priority.

With both spanning tree and HSRP if you leave the priorities at default the device with either the lowest or highest MAC address becomes the higher priority.  I can't remember off hand which it is.
0
 

Author Comment

by:mikey250
ID: 39596787
hi giltjr,  yes i realise:

vtp - passed vlan trunking info across connected switches
stp - determines switch path determination and redundant paths etc

my ios must be old but yes to below commands can also be used as i have added them but like you said on old cisco switch/ios as i have 3550 & 2950

spanning-tree vlan 2 root primary
spanning-tree vlan 2 root secondary

the new method is using 4096 and 8192 & 12288 and so on - which also works with my cisco switches also

"with both spanning tree and hsrp if you leave the priorities at default the device with either the lowest or highest mac address becomes the higher priority.  i can't remember off hand which it is."

- yes i realise this as due to the election process, but i wish to make (dist1 - active & dist2 - standby) and have already written the hsrp configs for both dist1 & dist2.

i have written up my configs and (routing eigrp 1) for testing on my (core), but not sure if i should add any (hsrp) configs on the (core) or just leave hsrp configured in distr1 & dist2..!!

then once im happy with configs i can then move forward ensuring i have all things covered.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 200 total points
ID: 39596871
If you are using hsrp at the distribution layer you routing there as well.
0
 

Author Comment

by:mikey250
ID: 39596891
hi soulja, oh!!

so you are saying if i configure hsrp then the routing should be on the (same) layer 3 switch - ?

ok which means i dont need the (core) as it will be integrated into the distribution as you advised earlier.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39596906
The only reason to have HSRP on a pair devices is because they are configured as a default route for that subnet.

As I think  soulja stated before, depending on the size of your network you may not need your core separate from your distribution.  Typically the 3 level network is due to the size of your network.  At one time Cisco's recommendation was to separate the 3 levels once you go to 2000+ physical hosts.  Don't know if that is still true.

Physically we have a few hundred hosts and we have core and distribution collapsed.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 200 total points
ID: 39596932
Yes, if you are running hsrp on the dist layer and get rid of the core switch you will be running a collapse core design What do you have routing to your wan? That's usually the cores purpose which you will be handing down to your dist switches if you get rid of the core switch.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 200 total points
ID: 39596951
Also my first suggestion wasn't to get rid of the core. It was to reduce the spanning tree domain only up to the distribution layer. Upwards from distribution to the core would be layer 3  and rely on your routing for failover, not spanning tree.  If your access layer were l3 switches I would take it a step further and have l3 links down to that layer too.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 200 total points
ID: 39596955
Basically.  Screw spanning tree. Lol!
0
 

Author Comment

by:mikey250
ID: 39596957
hi giltjr, yes i read what (soulja) stated before.

yes ive read it states 2000+ for physical hosts

i just wanted to separate all 3 layers and experience for myself what went where and eventially go back to using just (access & distribution but having core inside distribution) instead of separating core.

you say:  "physically we have a few hundred hosts and we have core and distribution collapsed"

yes i understand if network is not large enough then distribution and core is not required.
0
 

Author Comment

by:mikey250
ID: 39596967
hi soulja, why screw spanning-tree because if i have a 3 triangle switch ie root bridge 4096 & 8192 for secondary for example then std/uplinkfast/backbonefast will function between access and distribution.

then you state to configure hsrp & routing protocols on the physical distribution switch,
which would be separated from stp as suggested earlier.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39597073
Are you trying to set this up for learning or is this for a production environment?
0
 

Author Comment

by:mikey250
ID: 39597078
hi soulja,

ive just done some more reading and understand now why you say:

"screw spanning tree"

this is because when i configure hsrp active (priority 200 and hsrp standby priority 100), this automatically ensures hsrp active becomes the root bridge and the standby the backup root bridge...!
0
 

Author Comment

by:mikey250
ID: 39597080
it will be setup for production but getting my facts correct 1st.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39597103
"this is because when i configure hsrp active (priority 200 and hsrp standby priority 100), this automatically ensures hsrp active becomes the root bridge and the standby the backup root bridge...! "

Depending on what you mean not really.  HSRP priority and spanning-tree are independent of of each other.

Take your example.  You could setup dist1 to have a bridge priority of 8192 and dist2 to have a bridge priority of 12288.  Howver for HSRP you could have dist1 set to 120 and dist2 be set to 140.

In that situation dist2 would be the active HSRP, but dist1 would be the root bridge.  dist2 uplinks would be blocked, so all traffic would flow dist1 to dist2 to get to the HSRP address.

If you want to do this, you would need to make sure that you have the same switch configured as the preferred HSRP and root bridge.
0
 

Author Comment

by:mikey250
ID: 39597188
hi giltjr,

ok i thought that was what (soulja) was explaining when stating to (screw stp lol)

we are going off track a little bit as i have written down my configs and just trying to fill in the blanks..

as for dist1 set to 120 & dist2 set to 140 - i am making dist1 higher priority hence below not dist2

anyway i have written hsrp as a high priority is more attractive hence - dist1 to priority 200 & dist2 to priority 100 - currently

as per previous comments i have made dist1 the root bridge with hsrp priority 200 & dist2 secondary root bridge with hsrp priority 100  - now i know the separate physical core is not a vtp server.
0
 

Author Comment

by:mikey250
ID: 39597202
hi soulja,

i have just noticed your extra comment below as i must have missed it when uploaded..

"also my first suggestion wasn't to get rid of the core. It was to reduce the spanning tree domain only up to the distribution layer. upwards from distribution to the core would be layer 3  and rely on your routing for failover, not spanning tree.  If your access layer were l3 switches I would take it a step further and have l3 links down to that layer too."

- ok not to get rid of core

yes as per my previous comments i have set dist1 vtp server rootbridge, dist2 vtp server secondary and access1 & 2 - vtp client

ive written down for (core) for only (routing protocol) with no spanning-tree

my access are 2950 layer 2
0
 

Author Comment

by:mikey250
ID: 39597205
i think now soulja, you have clarified for me my specific concerns.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39597256
What concern did I clarify? Also as giltjr stated, hsrp and spanning tree have nothing to do with one another.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:mikey250
ID: 39597307
yes i realise (giltjr) - gave good advice aswell

"also my first suggestion wasn't to get rid of the core. It was to reduce the spanning tree domain only up to the distribution layer. upwards from distribution to the core would be layer 3  and rely on your routing for failover, not spanning tree.  If your access layer were l3 switches I would take it a step further and have l3 links down to that layer too."
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39597318
I'm getting confused.  :(
0
 

Author Comment

by:mikey250
ID: 39597341
its ok i think i have all i need for this part so thanks for assistance.  sometime read comments in different order as did not receive on my laptop in that order hence maybe confusion from my part.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39597343
Okay, so give us a summary of your action plan.
0
 

Author Comment

by:mikey250
ID: 39597412
i will later integrate core & distribution together but for the time being i will do the below:

core - only configured for routing protocol & 2 x static route pointing to dest1 & dest2

dist1 - vtp server/rootbridge - 4096/backbonefast & hsrp priority 200 active
dist1 - connects to access1 & 2
dist1 - 1 x static route pointing to core int fa0/1

dist2 - vtp server/2nd root - 8192/backbonefast & hsrp priority 100 standby
dist2 - connects to access 2 & 1
dist2 - 1 x static route pointing to core int fa0/24

access1

ip default-gateway pointing towards - dest1
& uplinfast/backbonefast

access2

ip default-gateway pointing towards - dest2
& uplinkfast/backbonefast
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39597422
I still think you are not getting something.  

If dist1/dist2 are setup for HSRP what traffic do you plan to route through your core?

Maybe if you give us a sample of what VLAN's you plan to configure where and on which devices you will have what IP addresses.
0
 

Author Comment

by:mikey250
ID: 39597440
oh rrgh completley forgot about my vlans!! initially i wanted to allow 3 vlans so i know what to do!
0
 

Author Comment

by:mikey250
ID: 39597456
below is what i have come up with so far but did not know if i was to repeat same for multiple vlans!!

then i was going to look at (tracking) later

dest1  -  i am are this root bridge will propagate vtp across trunks but manually add usually int fa0/1 & 24

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.1.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.1.1
standby 2 priority 100
standby 2 ip 192.168.1.2

dest2

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.1.11 /24
standby 1 priority 200
standby 1 pree100
standby 1 ip 192.168.1.1
standby 2 priority 200
standby 2 ip 192.168.1.2
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39597467
Why oh why do you have two stand by IP addresses in the same subnet?  You only need one.

What are you doing on core?
0
 

Author Comment

by:mikey250
ID: 39597480
hi

i think i have just realised - multiple vlans should be in separate subnets not same

dest1  -  i am are this root bridge will propagate vtp across trunks but manually add usually int fa0/1 & 24

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.1.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.1.1
standby 2 priority 100
standby 2 ip 192.168.1.2

dest2

int fa0/1 & 24 - connected to dest1 & 2
switchport mode trunk
switchport trunk allowed vlan 2,3


int vlan 2
ip address 192.168.2.11 /24
standby 1 priority 200
standby 1 pree100
standby 1 ip 192.168.2.1
standby 2 priority 200
standby 2 ip 192.168.2.2
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39597615
Yes, I understand about the hsrp priority.

My question is why do you want 192.168.1.1 and 192.168.1.2 as HSRP floating addresses?

Doing this does absolutely nothing but add overhead.  All you need is ONE floating address.

Again on the core, what VLAN's?  What IP addresses?
0
 

Author Comment

by:mikey250
ID: 39597621
hi giltjr, ignore that other thread as i have have 2 subnets not 1 now!

after considering the advice given, i will not have a separate physical (core and will leave as just access and distribution) layers.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 200 total points
ID: 39597645
Okay, so you want to use and active/active MHSRP. You trying to get fancy with it. (In Tony Horton's voice). That configs looks good.

Regarding the routing protocol, you should enable it on the dist switches to if you are going to use it on the core.

I would put point to point L3 from the dist to the core switch.


EDIT****

Posted before seeing responses above. Yes, as giltjr stated running MHSRP is overkill for your setup.
0
 

Author Comment

by:mikey250
ID: 39597738
hi soulja, originally i was using the same subnet: 192.168.1.10 & 192.168.1.11 - that is what (jiltgr) was referring to..!

but i have now changed to:

192.168.1.10 - access1 - vlan 2 only
192.168.2.11 - access2 - vlan 3 only

i think im beginning to realise!!!

ok

i know how to configure router-on-stick & i know how to configure svi but somewhere along the line my head has gone blank!!

what do you suggest  ?


access 1 - for example vlan 2 - 192.168.1.10/24

access 2 - for example vlan 3 - 192.168.2.11/24

surely multiple vlans on separate subnets are created on (dest1 with hsrp active as group 1) and then repeat same svi vlan 2 & 3 on dest2 as group 2)  ?


dest1 priority 200 active group 1

ip routing

int vlan 2
ip address 192.168.1.10 /24

int vlan 3
ip address 192.168.2.11 /24

---------------------------

dest2 priority 100 for standby group 2
config identical to above dest1

-----------------------------

added to both: dest1 & dest2

router eigrp 1 - for example
network 192.168.1.0
network 192.168.2.0
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39598103
What I would suggest is:

Connect dist1 and dist2 to each other
Connect access1 & access 2 to dist1 and dist2

All interfaces between the switches would be configured as trunks allowing VLAN 2 and 3.

The above was part of your plan anyway so it is still good.

Do NOT use vlan 1 for any user traffic.  vlan1 by default is special.

Then config as follows:


dest1
int vlan 2
ip address 192.168.2.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.2.1
int vlan 3
ip address 192.168.3.10 /24
standby 1 priority 200
standby 1 preempt
standby 1 ip 192.168.3.1

set spantree root


dest2

int vlan 2
ip address 192.168.2.11/24
standby 1 priority 100
standby 1 preempt
standby 1 ip 192.168.2.1
int vlan 3
ip address 192.168.3.11 /24
standby 1 priority 100
standby 1 preempt
standby 1 ip 192.168.3.1

If your dist switches support pvst, then you could make dist1 root and primary HSRP for VLAN2 and make dist2 root and primary for HSRP.  Assuming traffic is split evenly between the vlan's you would be splitting the work load between the two switches.

There should be no reason for eirgp, both dist switches should know about all IP subnets.
0
 

Author Comment

by:mikey250
ID: 39598120
hi giltjr,

yes i see now!!!

i only added (eigrp) due to (core), but ok not needed in this case. thats ok!


"if your dist switches support pvst, then you could make dist1 root and primary hsrp for vlan2 and make dist2 root and primary for hsrp.  assuming traffic is split evenly between the vlan's you would be splitting the work load between the two switches."


yes i did read about load-balancing above but thought one step at a time.!

if vlan 2 traffic travel to dest1 & vlan 3 traffic travel to dest2 then does this not defeat object of hsrp ?

note: i have read about a specific vlan having an issue and that vlan automatically switches over to dest2 and so on, but if the actual dest1 hsrp active has an issue it can switch the complete link across to dest2 standby, making it become the temporary active until dest1 is fixed. - i did not want to move ahead to fast but yes i wish to know now!!

note: i have made those changes on paper regarding the ip address issues compared to mine as per your example so thanks for that!
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 39598351
--> "if vlan 2 traffic travel to dest1 & vlan 3 traffic travel to dest2 then does this not defeat object of hsrp ?"

When looking at HSRP you need to focus on a single vlans, not all vlans.  The value of HSRP is that if you lose one router, you have another router ready to take over without having to change any default routes on any devices.

Say dist1 fails, once dist2 sees that it will start responding to arp requests for 192.168.2.1 and it will now do all routing functions between the ip subnet 192.168.2.0/24 and all other ip subnets..  No changes to any devices, it just happens.

The same thing will happen fir 192.168.3.1 no matter which switch is primary for it.

The difference between having dist1 primary for both or splitting it, is that by having dist1 primary for both traffic between 192.168.2.0/24 and 192.168.3.0/24 will stay on a single device.  If you split it the traffic must flow between the devices.

What you have look at is how much traffic does each subnet have that NEVER leaves that subnet and how much traffic flows between the subnets.

If 99.999% of the traffic never leaves its own subnet, then by splitting up which switch is primary for that HSRP address you split the work load and you have less of a chance of overloading one switch while the other sits idle.

Now if 192.168.2.0/24 was used for desktops and 192.168.3.0/24 was used for servers, then a lot of the traffic would most likely be routing between the two, and you would want to have a single swtich be the HSRP primary so that the traffic would stay on the same device as much as possible.  That way you don't have a ton of traffic flowing between dist1 and dist2 when it does not need to.

--> "note: i have read about a specific vlan having an issue and that vlan automatically switches over to dest2 and so on, but if the actual dest1 hsrp active has an issue it can switch the complete link across to dest2 standby, making it become the temporary active until dest1 is fixed. - i did not want to move ahead to fast but yes i wish to know now!!"


Not sure what you mean here.  vlan's don't move.  If a connection between two switches have a problem and connectivity is lost the path that is taken may change assuming there is alternate path.  So if the uplink between dist1 and access1 has a problem and goes down, the connection between dist2 and access1 will become unblocked and traffic would flow between dist2 and access1.

The only time hsrp would "move" is if the primary switch fails or somebody does a shut on that vlan interface.  So in the example where an uplink had a problem.  dist1 would still "own" the HSRP address, but traffic from access1 would flow through dist2.
0
 

Author Comment

by:mikey250
ID: 39598448
yes i understand most of that but thanks for break down.

what about your comments below: ?

"if your dist switches support pvst, then you could make dist1 root and primary hsrp for vlan2 and make dist2 root and primary for hsrp.  assuming traffic is split evenly between the vlan's you would be splitting the work load between the two switches."
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39598591
What giltr means is that if you set dist1 as the spanning tree root for vlan 2 for example and and dist2 as the spanning root for vlan3, the layer 2 path for vlan 2 will flow to dis1 and the path for vlan 3 will flow to dist2.

At the same time you can configure dist1 as the active hsrp for vlan2 and make dist2 the active hsrp for vlan3. Thus you will have vlan 2 traffic flow over one switch and vlan 3 traffic flow over the other dist switch.
0
 

Author Comment

by:mikey250
ID: 39598643
hi soulja, i thought i was reading it wrong.  ok never heard of that!!

appreciated.
0
 

Author Comment

by:mikey250
ID: 39598646
in fact after reading those last comments, i do understand.  as both vlans would be on separate subnets and as there are 2 separate switches then yes 2 root bridge & 2 active hrsp can be done.

but i presume if i create multiple vlans on dist1/layer 3/hsrp-active, which connects to access1 where all host machines will be located

but if i then add dist2/layer 3/hsrp-standby with (exact same multiple vlans), then if there was  an issue it would automatically switchover and continue as normal  ?

thinking on corporation level not small to medium company.
0
 

Author Closing Comment

by:mikey250
ID: 39611726
sound advice!!! appreciated!!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now