Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1063
Views
5
Helpful
5
Replies

Cisco 9500 Virtual Stack-wise Domain

Go to solution
Learnercisco
Level 1
Level 1

‎03-09-2020 12:22 AM

Hi tech guys,

 

I have the following scenario,

 

1- 2 Core with (9500)----------> Stackwise virtua domain 1

2- 2 Distribition (9500)----------> Stackwise virtua domain 2

3- 2 Distrbution (9500)----------> Stackwise virtua domain 3

4- 130 Access Switches are connected to 4 distribution. 

4 distrbution are connected to 2 Core Switches. you can see the Senario  below.

 

 

                                                                                                               Core 

 

                                                                                        Distribution A+B       Distribution C+D

                                                                                       65 Accessswitces        65 Access Switches

 

 

Please suggest me where i can create the management vlan from Core to disirrbution and disrtibution to Access. if i use the same subnet from Core to Access for management vlan ?

 

thanks in advace ?

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Learnercisco
Level 1
Level 1
In response to balaji.bandi

‎03-09-2020 07:38 AM

Thanks for your reply

i have the design below.

from Core to Distribution > Layer 3 MEC (OSFP)

from Distribution to Access > Layer 2 MEC.

 

===============================================================================

2 Options :

 

Options 1 : if this is L2 network, you need to have managmenet VLAN extended from Core to distribution and access

                 MGMT SVI should be created on all switches. ( core is the Gateway)

we will put the Management VLAN Domain. 

=================================================================================

Please confirm if Cisco prime infrastrucure 3.7 Monitor stackwise Virtual chassis for active and standby switch ?

we will create Dual-Active Detection with enhanced PAgP (only one IP address and add in the prime management)

*

Example

both the switches use the same IP addresses, SSH keys, and STP bridge IDs. Cisco StackWise Virtual detects a dual-active scenario and takes recovery action. Dual-active-detection link is the dedicated link used to mitigate this.

*

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎03-09-2020 01:46 AM - edited ‎03-09-2020 01:48 AM

H
if your just using a vlan you can start at the core and work down as i presume either the core or the dist or both are L3 it will need to be advertised there too and then trunked in the layer 2 section.And yes you can use the same subnet just select one for mgmt traffic thats big enough for all current equipment and make sure it has space for additional switches too in case of expansion

for better security you should look at using the mgmt ports and connect them back to an isolated mgmt switch connected through a firewall so your mgmt traffic is completely isolated from prod traffic instead of just vlan isolation, switches without a mgmt port can still use the mgmt vlan too as well

 

Also if you do use the mgmt ports connect back both switches in the stack to the mgmt switch for resiliency incase the active switch flips over

Go to solution
Learnercisco
Level 1
Level 1
In response to Mark Malone

‎03-09-2020 08:06 AM

Hi Mark,

 

Thanks for valued feedback. 

Can you provide more details on below. Suggest any document related to this implementation. Thanks

"

if i want to make the firewall as an management Gateway for All LAN Devices Mangment

 

"

for better security you should look at using the mgmt ports and connect them back to an isolated mgmt switch connected through a firewall so your mgmt traffic is completely isolated from prod traffic instead of just vlan isolation, switches without a mgmt port can still use the mgmt vlan too as well

"

Thanks again for your Support

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-09-2020 06:44 AM

2 Options :

 

Options 1 : if this is L2 network, you need to have managmenet VLAN extended from Core to distribution and access

                 MGMT SVI should be created on all switches. ( core is the Gateway)

 

Option 2:  if the L3 network, you are using OSPF you can about the Loopback and dedicated interface IP or dedicated VLAN.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Learnercisco
Level 1
Level 1
In response to balaji.bandi

‎03-09-2020 07:38 AM

Thanks for your reply

i have the design below.

from Core to Distribution > Layer 3 MEC (OSFP)

from Distribution to Access > Layer 2 MEC.

 

===============================================================================

2 Options :

 

Options 1 : if this is L2 network, you need to have managmenet VLAN extended from Core to distribution and access

                 MGMT SVI should be created on all switches. ( core is the Gateway)

we will put the Management VLAN Domain. 

=================================================================================

Please confirm if Cisco prime infrastrucure 3.7 Monitor stackwise Virtual chassis for active and standby switch ?

we will create Dual-Active Detection with enhanced PAgP (only one IP address and add in the prime management)

*

Example

both the switches use the same IP addresses, SSH keys, and STP bridge IDs. Cisco StackWise Virtual detects a dual-active scenario and takes recovery action. Dual-active-detection link is the dedicated link used to mitigate this.

*

 

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Learnercisco

‎03-09-2020 08:12 AM

prime sees it as one switch only logical , thats why you connect both sup cables back to mgmt or else if using a vlan have a link for each switch
0 Helpful
Customers Also Viewed These Support Documents