cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1756
Views
0
Helpful
8
Replies

4507 Design Help

shawn
Level 1
Level 1

Hello All. I'm looking for some feedback on a network design. We're replacing our 2821 with a 4507 and I have some questions about the best way to implement this. I've attach a simple diagram that shows our current config and the proposed new config. We currently have a 2950-12 that is connected to a second 2950-12 via fiber GB, using GBIC interfaces. The second 2950 is connected to the 2821 via copper int. I have a 4507 with the following modules:

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1     2  Supervisor IV 1000BaseX (GBIC)         WS-X4515         
3    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45  

4     6  1000BaseX (GBIC)                       WS-X4306-GB      

My initial thought was remove the 2950 currently connected to the 2821 and run the 2 fiber connects directly to Gi4/1 & Gi 4/2 on the 4306 blade. I would then configure these ports as an etterchannel in trunk mode to support our VLANs and configure VLAN interfaces as necessary. Int Gi3/1 would be configured in routed mode as the default gateway for 0.0.0.0. Have I overlooked anything in this configuration? Is this the best practice configuration?

All feed back is welcome.

Thanks,

Shawn

1 Accepted Solution

Accepted Solutions

dlawson001 wrote:

Etherchannel is bad at redundancy so you may want to go with HSRP so that if one link goes down the entire link doesn't die (as would happen with etherchannel)

Removing the 2950 is a good call because its not doing anything but adding latency and an additional point of failure. You could probably even work it so that the WAN link goes directly into the 4507, freeing up more hardware, reducing latency and simplifying the design.

If the links from the 2950 switch are L2 then it should be etherchannel. How are you going to run HSRP on the same switch ie. you can't.

If a link fails in an etherchannel bundle then the other links stay up, that's the whole point of etherchannel.

As for removing the ASA you may want to check whether that is the company WAN or the internet. If it's the internet you definitely wouldn't want to remove the ASA.

Jon

View solution in original post

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

shawn@inetsecurity.biz

Hello All. I'm looking for some feedback on a network design. We're replacing our 2821 with a 4507 and I have some questions about the best way to implement this. I've attach a simple diagram that shows our current config and the proposed new config. We currently have a 2950-12 that is connected to a second 2950-12 via fiber GB, using GBIC interfaces. The second 2950 is connected to the 2821 via copper int. I have a 4507 with the following modules:

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1     2  Supervisor IV 1000BaseX (GBIC)         WS-X4515         
3    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45  

4     6  1000BaseX (GBIC)                       WS-X4306-GB      

My initial thought was remove the 2950 currently connected to the 2821 and run the 2 fiber connects directly to Gi4/1 & Gi 4/2 on the 4306 blade. I would then configure these ports as an etterchannel in trunk mode to support our VLANs and configure VLAN interfaces as necessary. Int Gi3/1 would be configured in routed mode as the default gateway for 0.0.0.0. Have I overlooked anything in this configuration? Is this the best practice configuration?

All feed back is welcome.

Thanks,

Shawn

Shawn

Looks fine to me. One thing you may want to consider is instead of running a routed port connection to the ASA you use a "switchport access vlan .." and have a L3 vlan interface on the 4500. I only mention this as if you then want to add another firewall for redundancy you would need the inside interfaces in the same vlan. If you do then use a dedicated vlan for this connectivity.

Having said that if you aren't looking for redundancy in the future then nothing wrong with the design you have at present.

Jon

Etherchannel is bad at redundancy so you may want to go with HSRP so that if one link goes down the entire link doesn't die (as would happen with etherchannel)

Removing the 2950 is a good call because its not doing anything but adding latency and an additional point of failure. You could probably even work it so that the WAN link goes directly into the 4507, freeing up more hardware, reducing latency and simplifying the design.

dlawson001 wrote:

Etherchannel is bad at redundancy so you may want to go with HSRP so that if one link goes down the entire link doesn't die (as would happen with etherchannel)

Removing the 2950 is a good call because its not doing anything but adding latency and an additional point of failure. You could probably even work it so that the WAN link goes directly into the 4507, freeing up more hardware, reducing latency and simplifying the design.

If the links from the 2950 switch are L2 then it should be etherchannel. How are you going to run HSRP on the same switch ie. you can't.

If a link fails in an etherchannel bundle then the other links stay up, that's the whole point of etherchannel.

As for removing the ASA you may want to check whether that is the company WAN or the internet. If it's the internet you definitely wouldn't want to remove the ASA.

Jon

Thanks for the feedback. HSRP is not an option at this time due to budget but we are adding a second SUP IV for some redundancy. The ASA has to stay, its our internet gateway.

Cheers,

Shawn

Good point on the HSRP. I hadn't been thinking clearly. HSRP would require a second device to uplink to however its still important to know that etherchanneling increases the likelyhood of something going down. A fiber, a gbic, or interface gonig bad would result in a total outage of both links.

If the devices are next to each other than this shouldn't be an issue and etherchannel away. Otherwise make sure your customer is aware of the potential downfal of etherchanneling. Especially since it'll provide more bandwidth than your internet can provide over a single link. The only advantage is available bandwidth for the LAN.

dlawson001 wrote:

Good point on the HSRP. I hadn't been thinking clearly. HSRP would require a second device to uplink to however its still important to know that etherchanneling increases the likelyhood of something going down. A fiber, a gbic, or interface gonig bad would result in a total outage of both links.

If the devices are next to each other than this shouldn't be an issue and etherchannel away. Otherwise make sure your customer is aware of the potential downfal of etherchanneling. Especially since it'll provide more bandwidth than your internet can provide over a single link. The only advantage is available bandwidth for the LAN.

Could you elaborate on the etherchannel issue as i am still not really understanding whay you mean. You say if the devices are next to each other - do you mean physically ie. within the racks ? If one of the links in an etherchannel fails then traffic is simply sent on the remaining links so it's unclear what you mean.

As for providing more bandwidth than the internet connection, can't see the relevance because even a single link would very probably provide more bandwidth than the internet connection unless it was a very expensive internet connection

The advanatages of etherchannel are as you say more bandwidth within the LAN ie. client/server traffic and link redundancy but you seem to be suggesting there is no link redundancy ?

Jon

Ok. I checked with my co-worker and apparently I remembered a test incorrectly. I retract my statements about etherchannel.

dlawson001 wrote:

Ok. I checked with my co-worker and apparently I remembered a test incorrectly. I retract my statements about etherchannel.

No problem, just wanted to get to the bottom of it.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: