Build LAN resiliency with Spanning Tree and bridge groups

Christopher DeRemer · ‎10-27-2012

My thread is more about "best practice" than how to do something. If you're posting a response I'd appreciate if you have any White Papers that you could post as well, but I trust the commuities oppinons as well!

I have a site that is very dense, but not high throughput. I have 4x48 port switches all 3560 and 1 2851 router. The switches are pretty much full to the brim but the site is never completly lit, they just like to move around a lot. However i wanted to provide this site with as much redundnace as possible. So my first thought was to build redundant pathing with the switches so that they could loose a switch and not have a single point of failure. So therefore I built a ring. SW1 to SW2, SW2 to SW3, SW3 to SW4, SW4 to SW1. To make this even more redundant against port hardware failure, i used two uplinks for each and built an etherchannel. Here comes question 1.

Is it good practice to use Etherchannel and Spanning Tree together?

So i now have a good redundant LAN switching topology. I have multiple VLANs at the site so I am using Rapid-PVST. I did not set priorities on the switches as I don't think that is really truly necessary, but correct me if I am wrong!

Ok so next step is to make sure that my WAN connection for all of these switches is redundant. I have a 2851 router, with 1 of the built in interfaces dedicated to our ethernet hand-off WAN connection (MPLS in this case using BGP routing). The other would be used as an uplink. I also got an additional card for the Router so that i can have redudant local LAN connections. I then built up some IRB bridges so that I could uplink the Router to SW1 and SW3. So here comes Question 2

Is it good practice to use IRB Bridging on a Router to provide redundancy?

So at this site i have the first part running, and it works pretty well but I have had 1 strage issue, which has to do with after a failure and re-convergence of spanning-tree, it seems that DHCP starts failing to work. I actually had to go into each of my switches make a dummy VLAN interface and put on helper-addresses to get them to work. They are not L3 switches (programatically speaking) so they should just forward the broadcast packet onto the router, which DOES have the helper-addresses programmed, so i'm not sure what the deal is...

Also at another site I have the bridge router setup configured, just without so many switches, and no etherchannel between the switches. This seems to work flawlessly, but the site is very small so performance issues would be difficult to spot since they are just thin-clients coming back to a Citrix server over a single T1.

All posters thank you in advance for your help!

Cheers,

Chris (CapnDoody) DeRemer, CCENT

Reza Sharifi · ‎10-28-2012

Is it good practice to use Etherchannel and Spanning Tree together?

Sure, if your links are saturated and the traffic is coming from multiple sources than Etherchannel gives you more pipes to use. STP with treat the Etherchannel as one logical link.

So i now have a good redundant LAN switching topology. I have multiple VLANs at the site so I am using Rapid-PVST. I did not set priorities on the switches as I don't think that is really truly necessary, but correct me if I am wrong!

It is a lot easier to troubleshot the network, when you know what device is the root and what is the backup root. I would recommend setting priorities to determine that.

Usually, daisy chancing switches is not a recommend solution. If you have multiple 3560s at the access layer, you can simply uplink them to a set of 3750 stacked core/disto switches using Etherchannel. Then connect the 3750s to your router. In this case you can use the 3750s as a layer-3 device with all SVIs and helper address configured on them. The link between the 3750s and the router would be a routed link with a /30 subnet.

Also, here is a link for best practices when designing a campus network

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html#wp708865

HTH