06-22-2018 04:13 AM - edited 03-08-2019 03:27 PM
I would like to optimise our existing core to floor infrastructure:
We have 4 floors altogether with rougly 4x 48 port switches per floor.
Each floor has its only dedicated fibre link direct to the Core switch in our Data Centre (some 10Gb and some 1Gb uplinks - we are slowly upgrading to 10Gb uplinks throughout).
The DC core switch is configured as a layer 3 switch and has all the vlan interfaces set with an IP address which is in fact the default gateway address assigned to PCs and Servers. For example - PCs are on VLAN 22, interface VLAN 22 is set as IP address 172.22.1.252/24 which is the PC configured gateway. And the Server VLAN 20 interface on the Core switch has IP address 172.16.1.252/24 representing the default GW of the Servers. In effect the Core switch is the Layer 3 switch Gatway.
The VTP mode on the Core switch is set to SERVER.
Each floor switch is a Layer 2 switch - for those capable of running Layer 3 they have been dumbed down to only be a Layer 2 switch (no IP routing).
The uplink trunks allow VLAN 20 and 22 from Core to Floors.
The floor switches VTP mode is TRANSPARENT.
Is this an optimised configuration for our estate? Are there any glaring mistakes here?
06-22-2018 06:26 AM
06-25-2018 12:55 AM
So ideally I should not be spanning vlans across to a central L3 switch (in my case the core) - why is this? And how else would I configure a central point of routing if I am strictly not really allowed to do this?
Incidently, I went round to all floor switches and cleaned up the excess vlans by changing them all from client to transparent then deleting vlans that were not needed so that I could control which vlans were stored on which switch.
I don't fully understand VTP and how it helps apart from just automatically uploading vlan information to the clients from the server which I can control manually myself? Do VTP domains have any further use?
06-25-2018 04:13 AM
07-02-2018 03:37 AM
Hi Joseph - can you clarify this - I don't fully understand.
"And how else would I configure a central point of routing if I am strictly not really allowed to do this?"
An you're doing. I.e. your central L3 switch would be configured almost like it is now, you just wouldn't have the same VLAN on more than one trunk.
I didn't add this earlier, but the management vlan between the floor switches and the core is vlan 120 name SWITCH-MGMT-VLAN. So the switches to the core are accessed via the addressing on VLAN 120 - i.e. the core IP address is 10.10.120.1/24, and 1st Floor Switch A has address 10.10.120.11/24 etc. This is in addition to the two vlans I mentioned earlier - vlan 20 server vlan and vlan 22 client PC network.
06-22-2018 09:16 AM
@chris.george wrote:
The VTP mode on the Core switch is set to SERVER.
Ideally, VTP should be set to Client or OFF.
06-23-2018 05:57 AM
07-02-2018 03:05 AM
Sorry it's been a while getting back to you guys...
So "ideally" the core switch should be set transparent or off - OK good advice - but why? Will the core switch being the only VTP mode SERVER in the estate be detrimental or confusing for it? Will this perhaps cause the odd hiccup in the network for example?
07-02-2018 03:21 AM
Hi,
A clear definition about VTP mode server:
VLAN Trunking Protocol (VTP) Server mode is the default VTP mode for all Catalyst switches. At least one server is required in a VTP domain to propagate VLAN information within the VTP domain. We can create, add, or delete VLANs of a VTP domain in a Switch which is in VTP Server mode and change VLAN information in a VTP Server. The changes made in a switch in server mode are advertised to the entire VTP domain.
So it is advisable to stop advertising the VTP information and avoid updated from any wrong server.
Regards,
Deepak Kumar
07-02-2018 03:28 AM
OK so nothing serious then in terms of routing, switching packets, spanning tree etc.
Just an advisory to prevent switches being updated.
07-02-2018 04:04 AM
07-02-2018 03:46 AM
Hello Chris!
I don´t see any problem with your topology. You are doing something as known as "Collapsed Core" architecture which is the way to go when working with small networks. So, having the "core" switch routing among VLANs is fine, don´t worry.
Regarding the VTP, VLANs etc, the way you did is OK also. However, if there are no VTP clients on your network there is no use for a VTP server. You could set all of them to transparent, and configure the VLANs individually/manually on each of them if that´s what you want.
Because VTP domains are tricky sometimes, I would only run it on such a small network in cases where the ITIL is boldly applied, meaning that I would have to register a CHANGE process to all of the Configuration Items being involved (boring). So, let´s say that the client requests you to add the VLAN XYZ to all of the floors. To accomplish that without VTP, you will have to place a CHANGE to all the 5 switches, while with VTP, the CHANGE will actually occur only at the DC switch.
I hope this helps you!
Cisco - Small Enterprise Design
07-05-2018 12:26 AM
I've been reading some of that Cisco documentation - looks like I have some changes to make.
In my collapsed backbone infrastructure ALL the floor switches are set to vlan 22 (which I guess isn't horrendous because we are a small network) - each floor consists of 4x 48 port switches, and we have 4 floors in total.
The Server room switches are set to vlan 20 for the Servers (there are other vlans of course with more specific duties).
I've noticed a couple of switches have 'low memory' as a result of my change to try and streamline our solution (i.e. floor switches that were layer 3 have been stripped down for layer 2 duties only).
What really annoys me is that ARP seems to want to tell all the switches in my network were everything is on vlan 22 and vlan 20 so it populates those CAM tables which I assume is eating up memory resources.
I'm just trying to work out how to lessen the overhead on the floor switches. I don't want the floor switches learning information automatically from ARP broadcasts about all the other clients on vlan 22 because I don't do client to client comms (peer to peer). All I want is for the floor switches to be populated with the necessary vlan 20 mac addresses because obviously the clients (vlan 22) need access to the servers (vlan 20).
How do I optimise this?
07-05-2018 08:13 AM
07-06-2018 02:45 AM
Yes the floor switches do know about each other I guess because all the floor switches a configured for the user vlan of 22.
The one fibre link from each of the floor switches (of which in total there are about 16) 802.1Q trunk down and converge to the Core switch in the computer room.
The Core switch is configured mostly for vlan 20 which are where the servers reside.
On each of the fibre uplinks from the Core to the Floor I have 'allowed vlan 20,22'.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide