Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3337
Views
3
Helpful
7
Replies

Best Practice VSS and HSRP setup

Go to solution
MOHAMMAD ALHAJ EID
Level 1
Level 1

‎08-12-2017 03:52 AM - edited ‎03-08-2019 11:43 AM

Dear Gentlmen, 

I 've two core switches, 6509-E with Sup 2T version 15.2(1)SY1a, connected to each other using L2 trunk port channel,  My plan to connect two distribution switches  VSS 4500-X switches to both of the core switches as in the following setup " Each core switch has his own IP" and both of the switches are having the same IP. 

CORE 1 (6509)-------L2  Trunk port channel------Core 2 (6509) 

   ( int T1/1)                                                            ( int T1/1)

     |                                                                          |

     |                                                                          |

   (int  T1/1/1)                                                       ( int T2/1/1)                                                                   

    VSS1 (4500-x)------VSL port channel----------VSS2 ( 4500X)

While most important  I don't want to change any physical connectivity and don't want to convert the core switches into VSS setup

1- Can I run L3 port channel in interfaces T1/1/1 & T2/1/1 which has one IP in the same sub net of the core switches, And if yes what are the best practices so I use HSRP or GLBP in the core switches ? 

2- If the above is not possible, Shouldn't I use both 4500-X in VSS setup and do the following setup instead and loose the feature of the port channel so I use single trunk and HSRP or GLBP in all the four switches? 

CORE 1 (6509)-------L2  Trunk port channel------Core 2 (6509) 

   ( int T1/1)                                                            ( int T1/1)

     |                                                                          |

     |                                                                          |

   (int  T1/1/1)                                                       ( int T/1/1)                                                                   

 (4500-x-1 )------L2 trunk port channel---------- ( 4500X-2 )

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-14-2017 06:36 PM

Hi,

If the plan is to have all vlans terminate on the distribution switches than it is easier to use the 4500x and build them as VSS.  This way you don't need to worry about HSRP, VRRP, etc.. You than need 2 layer-3 Portchannels, one connecting one 6509 to both vss 4500x chassis and another one for connecting the other 6509 to both vss chassis.

HTH

View solution in original post

Go to solution
ronbuchalski
Level 1
Level 1
In response to Reza Sharifi

‎08-14-2017 07:46 PM

We have a setup similar to what you describe.  In our case, the 4500-X VSS is a pure Layer 3 switch - no VLANs at all.  All connections to the 4500-X are Layer 3 port-channels, with one port-channel member on each switch in the 4500-X VSS, for redundancy.  The 4500-X is running EIGRP and peers with the Layer 3 switches directly adjacent to it.

But I think that the OP may be talking about using the 4500-X as a Layer 2 VSS switch, and the VLANs would be routed at the core switches, which is why he is asking about HSRP/GLBP.  While that can be done, you will need Layer 2 trunk connections from the 4500-X-VSS to the two core switches, and then one of the two uplinks will be in blocking mode because of Spanning Tree.

If the OP is talking about the reverse option, where the Layer 2 VLANs would be routed by the 4500-X VSS, then once again, the connections between the 4500-X VSS switches and the core switches would need to be Layer 2 trunks, and Spanning Tree would also block one uplink path.  But since the VSS is, in effect, a single switch, you would have one SVI per VLAN, so you would not need to set up HSRP/VRRP.

-rb

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-14-2017 06:36 PM

Hi,

If the plan is to have all vlans terminate on the distribution switches than it is easier to use the 4500x and build them as VSS.  This way you don't need to worry about HSRP, VRRP, etc.. You than need 2 layer-3 Portchannels, one connecting one 6509 to both vss 4500x chassis and another one for connecting the other 6509 to both vss chassis.

HTH

Go to solution
ronbuchalski
Level 1
Level 1
In response to Reza Sharifi

‎08-14-2017 07:46 PM

We have a setup similar to what you describe.  In our case, the 4500-X VSS is a pure Layer 3 switch - no VLANs at all.  All connections to the 4500-X are Layer 3 port-channels, with one port-channel member on each switch in the 4500-X VSS, for redundancy.  The 4500-X is running EIGRP and peers with the Layer 3 switches directly adjacent to it.

But I think that the OP may be talking about using the 4500-X as a Layer 2 VSS switch, and the VLANs would be routed at the core switches, which is why he is asking about HSRP/GLBP.  While that can be done, you will need Layer 2 trunk connections from the 4500-X-VSS to the two core switches, and then one of the two uplinks will be in blocking mode because of Spanning Tree.

If the OP is talking about the reverse option, where the Layer 2 VLANs would be routed by the 4500-X VSS, then once again, the connections between the 4500-X VSS switches and the core switches would need to be Layer 2 trunks, and Spanning Tree would also block one uplink path.  But since the VSS is, in effect, a single switch, you would have one SVI per VLAN, so you would not need to set up HSRP/VRRP.

-rb

0 Helpful

Go to solution
MOHAMMAD ALHAJ EID
Level 1
Level 1
In response to ronbuchalski

‎08-15-2017 08:31 AM

I meant the HSRP to be configured a SVI-1 in the core 6509 1 and SVI-2 in the core switch-2 , What do you think as a best practice to keep one of these link in spanning tree block mode and configure the HSRP in both core switches or we do EIGRP between three routers ( Core1,core 2, VSS switches), However how can I consider for example te1/1/1 and te2/1/1 in both VSS chasis in one L3 port channel while from the other side of the core switches are configured as a sinle in trunk in each core... Do you mean to configure the interfaces t1/1/1 and te2/1/1 in one access vlan, And then configure SVI representing both interfaces and from the other side single trunk links ? 

0 Helpful

Go to solution
MOHAMMAD ALHAJ EID
Level 1
Level 1
In response to Reza Sharifi

‎08-15-2017 08:22 AM

What if I can't connect two connections between each core switch to the two VSS chasis ? s the distance is very far from each core switch to the VSS, Can I run single trunk link ? 

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to MOHAMMAD ALHAJ EID

‎08-15-2017 09:02 AM

If the distance is very far, you can use single-mode optics with single mode fiber. depending on the fiber you have in place but usually if the distance is above 300 or 400 meters then you need to use single-mode.

HTH 

0 Helpful

Go to solution
MOHAMMAD ALHAJ EID
Level 1
Level 1
In response to Reza Sharifi

‎08-15-2017 12:38 PM

Ya, But I mean from design perspective, Can I connect single trunk from each core switch to one of the VSS "One Leg"  switches instead of the cross design. 

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to MOHAMMAD ALHAJ EID

‎08-15-2017 12:51 PM

For VSS, the recommendation is to always connect to both VSS switches and not just one.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card