Adding a second Cisco switch to the main switch

This depends on whether you want an active standby or just a spare.

If you don't have additional links to the other switches, then it sounds like you're looking a spare or backup switch.

In that case, the easiest way is to copy the config of the existing switch to the backup switch.  Put it in the rack under the existing switch with no cables connected.   If/when your primary switch fails, power up the switch and move the cables over to the backup switch. You could leave it powered up but since this a manual operation, the boot time isn't going to make much of a difference.

There are other ways to approach this.  but without redundant links, it won't be much better.

just add second 3750 to the first one and stack it, with the cisco stack cables. and create portchannels with a member on both switches.
then when 1 fails the other will take over.

before you add a second switch make sure the ios is the same as the first one.

Thank you. I like the idea of having the switch as a member online and ready to take over. As thats what I am used to too. However not sure if we take this route how to configure the trunk ports. Can I ask for an explanation of, if we set the second switch as a member, do we just open the trunk ports manually and leave them empty until if/when the master fails? or will the trunk automatically be configured by adding it as a member. Thank you

So you have a second link that you can use?

It sounds like you're confusing "trunk" ports with "channel groups".

Once the new switch is a member of the stack, make the port on the new switch that is connected to the second link identical to the existing port.

Once that is done, create a channel-group with the two ports.

conf t
int range g1/0/1 , g2/0/1
 channel-group 1 mode active

You will need to do the same on the remote switch.

Hi,

I may be confusing the question or mis-understanding. I like the idea of adding the switch and creating a stack in case the core fails the 2nd will take over. But in order to do that your saying I have to do a channel group, which I'm not familiar with, will do some research. The scenario I am thinking of .., adding the 2nd switch with stacking cables, the 2nd switch comes on line as a member with nothing plugged in but power.  The core switch fails, the 2nd takes over and then all we have do is move all the network cables and fiber cables from the failed switch.

I think the first option given - copy the the config to second switch and just have it there is what were looking for. Just like the idea in case of an emergency not dealing with configs, just moving cables over.

If you don’t have a cable for the second switch and you have to physically have to move the cable to the other switch, stacking doesn’t really provide anything.

Just copy the config and have the switch as a hot spare.

Hi,

Thanks, we have no redundant or secondary links, copying the config is the best option for our needs, going to start working on that. Is there any special considerations I need to know when copying.

Reading when copying a config.. have to apply no shut commands on vlan interfaces, anything like that I would need to know?

If you are using VTP, you need to know what is the server.

If it is some other stack, then you are OK.  Set your new secondary 3750 as a client so that it will pick up all VLANs.

If you are not using VTP, then make sure you manually create all VLANs on the new secondary 3750.

If the primary 3750 is the only VTP server, then you will have to plan carefully.  You will lose VTP if the primary 3750 goes down.  You do not want to make the secondary 3750 a server.  If you bring it online and connect the trunks, the secondary may erase VLANs that exist on all of the switches because it is out of date.

Channel group behaves as well in load balancing mode and fail over mode so it seems to fit with your case.
It's a brillant techno and commutation time is almost immediate (not like stp...).

Whatever solution you chose, I'd recomand a disaster simulation (out of production hours). VTP for me is not an issue, if the central switch is VTP master and other switches VTP slaves, in case master is replaced, slaves will either keep old VTP info or switch it to the new one (the same).

Hi All,

Apologies for the delay and keeping this going. I think the approach of copy the config and having the switch as a hot spare\standby is what is best. I do have a follow-up question with all the other comments.

The core switch has a connect to our firewall on one of the ports, then the trunk ports connect via fiber  to other stacks of switches, I believe that connection is more of an uplink rather than anything else. I wanted to know how I can confirm that, I can post the config for the core switch or is there another way to tell. * Also if this falls to another question I can open a new one. Please let me know.

Thanks,

Post the output of:

show etherchannel summary
show int trunk

To me risq=0 if :

You enter "do wr" (to be sure running config = starting config)
You save and restaore your config with tftp or ???
You use exact same switch (Model // OS release...)
You put the same câbles at the same place

Hope you use real Cisco transcievers otherwise switch will more than shutdown the ports (You'll need to restart the switch physically  // no sh doesn't work).
In case you have concurrent transcivers :

no errdisable detect cause gbic-invalid
service unsupported-transceiver

(It took me few hours before finding these hidden commands).

Hi ,

Please see below, for the commands. Thanks,

Gswitch#show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/9     on               802.1q         trunking      1
Gi1/0/49    on               802.1q         trunking      1
Gi1/0/50    on               802.1q         trunking      1
Gi1/0/51    on               802.1q         trunking      1
Gi1/0/52    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/9     1-4094
Gi1/0/49    10,30,40,50
Gi1/0/50    1,10,30,40,50
Gi1/0/51    10,30,40,50
Gi1/0/52    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/9     1,10,20,30,40,50,60,200
Gi1/0/49    10,30,40,50
Gi1/0/50    1,10,30,40,50
Gi1/0/51    10,30,40,50
Gi1/0/52    1,10,20,30,40,50,60,200

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/9     1,10,20,30,40,50,60,200
Gi1/0/49    10,30,40,50
Gi1/0/50    1,10,30,40,50
Gi1/0/51    10,30,40,50
Gi1/0/52    1,10,20,30,40,50,60,200

Select allOpen in new window

Gswitch#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 0
Number of aggregators:           0

Group  Port-channel  Protocol    Ports

Select allOpen in new window

Most connections between switch and firewall are uplinks using a single VLAN on the switchport.  Keeps it simple.  Especially since a lot of small-business firewall/routers don't handle sub-interfaces & VLANs well.

Which port is the connection to your firewall?

Also, look at the config of the firewall port.  If you only see one subnet, then you don't need a trunk.   Trunks would be connected with multiple sub-interfaces for each VLAN.

This was the best solution for what we wanted to accomplish. Thanks