Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
0
Helpful
4
Replies

aggregation switch ?

frank123
Level 1
Level 1

‎08-07-2018 04:14 PM - edited ‎08-07-2018 04:14 PM

We have 2 offices with 6 switches ( 2 x sg350x (BB and CC )  and 1 xsg550x  (A / D) in each location tied via a EVC fiber on suppliers equipment..

 

A B B /-----/ C C D

the 550x are for all servers via fiber 10G.
the 350X are for users/printers/etc.

right now all connections from users go to vlans (10 of them )  of switch BB/CC in each locations
200 users ON B / C stacks + 100 servers VM's from the A / D switches

Servers are uplinked (SG500 ) to the SG350 which is tied to firewall X

so A --> BB  --> X
and location B

D -- > CC -->B ---> X

mainly the location 1 STACK of 350s connect to firewall.

im getting alot of ARP tcam util problems, since lots of mac/etc..

should i put a 3750 or what since it's EOL as the aggregation , let's call it H switch.. in this way ?

A --- > H
BB stack --> H
CC stack --> H

H --> FIREWALL X

but then BB stack still needs arp for D / CC as well ?

what is best advice ?

Labels:
0 Helpful
4 Replies 4

Seb Rupik
VIP Alumni
VIP Alumni

‎08-08-2018 12:32 AM

Hi there,
Issues with ARP traffic are normally only seen on networks with very large subnets which looking at your endpoint numbers and VLANs can't be the case.


What may not be helping your situation is VLAN sprawl, with each VLANs broadcast traffic being seen across the entire network. Do you have STP forwarding ports for most VLANs on each switch? Or are VLANs divided on building/ floor basis as opposed to user function?

 

Where are the VLANs routed? On the firewall?

 

As a first iteration of your topology I would suggest that you reduce the size of the VLAN broadcast domains by limiting VLANs to the buildings and also routing them there. Then run Layer3 links to the firewall, configuring the routes either statically or dynamically between the firewall and building Layer3 switches.

 

If you require your servers to be firewalled off from your users, then you will have to route the server VLANs on the SG550's and run a Layer3 link to the firewall via the SG350. If you are vMotioning between the buildings then you will need maintain part of the existing design and keep the routing for the server VLANs on the firewall.

 

cheers,
Seb.

0 Helpful

frank123
Level 1
Level 1
In response to Seb Rupik

‎08-08-2018 04:15 AM

Hi

 

thanks for your explanation.

 

All switches are L3 Mode with intervlan

 

my office 1 user vlan is lets say 20 on switch BB's and office 2 is 25 on switch CC's

servers both in location 1 and 2 are on vlan 100 on the sg500's 

all switch have 0.0.0.0 of the firewall ( maybe thats the issue ? ) should they have the 0.0.0.0 of the next up switch vlan ip ? 

 

all switches have default settings of 

 

GVRP all ports to  

GVRP State Dynamic VLAN
Creation		 GVRP
Registration

disabled   enabled       enabled

 

and STP 


in image attached

Preview file
383 KB
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to frank123

‎08-08-2018 06:05 AM

Are you able to share the running config of the switches? With an indication of which inter-switch ports are connected?

 

Also what are the "ARP tcam util problems" you are seeing and on which switches?

 

cheers,

Seb.

 

0 Helpful

frank123
Level 1
Level 1
In response to Seb Rupik

‎08-08-2018 07:34 AM

arp full memory issue, max resource util as in 320 out of 320

0 Helpful
Customers Also Viewed These Support Documents