08-07-2018 04:14 PM - edited 08-07-2018 04:14 PM
We have 2 offices with 6 switches ( 2 x sg350x (BB and CC ) and 1 xsg550x (A / D) in each location tied via a EVC fiber on suppliers equipment..
A B B /-----/ C C D
the 550x are for all servers via fiber 10G.
the 350X are for users/printers/etc.
right now all connections from users go to vlans (10 of them ) of switch BB/CC in each locations
200 users ON B / C stacks + 100 servers VM's from the A / D switches
Servers are uplinked (SG500 ) to the SG350 which is tied to firewall X
so A --> BB --> X
and location B
D -- > CC -->B ---> X
mainly the location 1 STACK of 350s connect to firewall.
im getting alot of ARP tcam util problems, since lots of mac/etc..
should i put a 3750 or what since it's EOL as the aggregation , let's call it H switch.. in this way ?
A --- > H
BB stack --> H
CC stack --> H
H --> FIREWALL X
but then BB stack still needs arp for D / CC as well ?
what is best advice ?
08-08-2018 12:32 AM
Hi there,
Issues with ARP traffic are normally only seen on networks with very large subnets which looking at your endpoint numbers and VLANs can't be the case.
What may not be helping your situation is VLAN sprawl, with each VLANs broadcast traffic being seen across the entire network. Do you have STP forwarding ports for most VLANs on each switch? Or are VLANs divided on building/ floor basis as opposed to user function?
Where are the VLANs routed? On the firewall?
As a first iteration of your topology I would suggest that you reduce the size of the VLAN broadcast domains by limiting VLANs to the buildings and also routing them there. Then run Layer3 links to the firewall, configuring the routes either statically or dynamically between the firewall and building Layer3 switches.
If you require your servers to be firewalled off from your users, then you will have to route the server VLANs on the SG550's and run a Layer3 link to the firewall via the SG350. If you are vMotioning between the buildings then you will need maintain part of the existing design and keep the routing for the server VLANs on the firewall.
cheers,
Seb.
08-08-2018 04:15 AM
Hi
thanks for your explanation.
All switches are L3 Mode with intervlan
my office 1 user vlan is lets say 20 on switch BB's and office 2 is 25 on switch CC's
servers both in location 1 and 2 are on vlan 100 on the sg500's
all switch have 0.0.0.0 of the firewall ( maybe thats the issue ? ) should they have the 0.0.0.0 of the next up switch vlan ip ?
all switches have default settings of
GVRP all ports to
GVRP State | Dynamic VLAN Creation |
GVRP Registration |
---|
disabled enabled enabled
and STP
in image attached
08-08-2018 06:05 AM
Are you able to share the running config of the switches? With an indication of which inter-switch ports are connected?
Also what are the "ARP tcam util problems" you are seeing and on which switches?
cheers,
Seb.
08-08-2018 07:34 AM
arp full memory issue, max resource util as in 320 out of 320
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide