Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5648
Views
0
Helpful
19
Replies

Core network changes & problems

Go to solution
jplenbrook
Level 1
Level 1

‎06-13-2015 09:27 AM - edited ‎03-08-2019 12:32 AM

Hi everybody,

Here is some background first of all.

We have 1941/K9 series and now decided to replace our HP ProCurves with three Cisco Catalyst 3750G. We have them configured as a stack in our test environment. Our current network is on 192.168.10.0 /24 and we don’t use any VLANs. We just have interface gigabitEthernet 0/1 configured on 1941/K9 and that interface then goes to our HP ProCurve. HP ProCurve has got default configuration so basically it is a dumb switch which just interconnects our devices.

As our 1941/K9 has only got 2 ports – one for WAN, one for LAN; we have purchased additional EWIC with 4 ports (I do not have part number however I can probably find on Monday).

What I want to achieve is the below.

  1. Have 2 VLANS (or more in future) – 192.168.10.0 /24 and 192.168.10.50 /24.
  2. Preferably have 4 (if not possible, 2) links going from 1941/K9 to 3750G stack to provide redundancy and load balancing. We will connect let’s say one cable per switch in scenario where we have 3 cables/ports and in scenario with 4 cables/ports, there will be 2 going to the master and then one per member and so on.

Here is a drawing of what I would like to achieve (PLAN 1 is the main one). I will explain about PLAN 2 in a minute.

It is very simple design, however I ran into some problems because of 1941/K9.

First of all, we only have one 1941/k9 therefore I am unable to play around with the configuration in the test environment and GNS3 does not support this model. I have decided to use Cisco Packet Tracer as it should include every command that I need.

PLAN 1:

Basically, since the configuration doesn’t need to be complex and we only have one logical switch (3x3750 in a stack), I thought that I will configure an EtherChannel and 802.1Q Trunking between Catalyst L3 Switch and a 1941/K9 Router.

I have also followed a guide from Cisco website:

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/24042-158.html#sthash.ssXraOw5.dpuf

I got Catalyst 3750G configured as required however:

  1. I have created channel-group 1.
  2. When I try to assign interfaces to channel-group 1 either by going manually to each individual one or by using interface range command it will either not recognize channel-group command on switch modules installed in 1941/K9 (when going to each individual interface) or when I use interface range command it will recognize the command however it will say:
Router(config-if-range)#channel-group 1 mode on 

% Interface range command failed for FastEthernet0/0/0

% Command failed on interface FastEthernet0/0/0. Aborting
  1. Due to the above, I am unable to configure an EtherChannel and also EtherChannel trunking. At the beginning of the Cisco guide it doesn’t mention 1941/K9 as supported router for EtherChannel trunking so this makes me think that maybe this is something that I can’t configure with this model?
  2. I am also unable to create interface channel-group 1.10 – it will not recognize this command.

PLAN 2

If this is the case, how else would you achieve my scenario? I was thinking about having normal LAN interfaces so let’s say:

- gigabitEthernet 0/0/0, gigabitEthernet 0/0/1 -> channel-group 1 (ip add 192.168.10.254 255.255.255.0)

- gigabitEthernet 0/0/2, gigabitEthernet 0/0/3 -> channel-group 2 (ip add 192.168.50.254 255.255.255.0)

However how would you then allow both channels to be up as spanning-tree won’t allow it to avoid loop probably. Also like I said earlier, I can’t assign 4 new interfaces to channel-group for some reason as mentioned in point 2.

I hope someone can advise :)

Looking forward to hearing from you.

Labels:
0 Helpful
19 Replies 19

Go to solution
pille1234
Level 3
Level 3
In response to jplenbrook

‎06-14-2015 09:11 AM

This

ip route 192.168.200.0 255.255.255.252 GigabitEthernet0/1

is a useless entry, the router knows better than any administrator what networks it is connected to.

In regards to STP, well that is a complete different topic. I suggest the standard L2 security features, at the very least enable Portfast and BPDU-Guard on all edge ports.

 

 

0 Helpful

Go to solution
jplenbrook
Level 1
Level 1
In response to pille1234

‎06-14-2015 01:53 PM

Well spotted. I forgot to delete that static route. I had it configured to check some differences however you are right, it is unnecessary.

In relation to portfast and BPDU-guard on all the access ports. We have some users connecting their small 4 or 8 port unamanged L2 switches to be able to connect more devices via a single port in the wall. Would it not create a loop when portfast is enabled? Also if BPDU-guard is enabled, this would mean a lot of work for me to either remove both settings from the specific interface and restart it if user connects their small l2 switch.

I am thinking about implementing EIGRP redistributed network so we don't have to play around with static routes and it is dynamic. This way, I can implement subnets directly from the catalyst 3750. What do you think about it? Instead of static, go dynamic.

I was also thinking about /30 network in between a router and a switch. What are the benefits of having /30 network in between, over normal sub-interfaces on a router and trunk instead of /30 network? I assume that the only traffic that would have to go up the link would be MPLS, WAN or another subnet on the same router. Is that correct? Local subnet would be switched on the switch without need to go to the router.

0 Helpful

Go to solution
jplenbrook
Level 1
Level 1
In response to jplenbrook

‎06-15-2015 02:22 PM

Please, can anyone give their opinions on what we have established here and answer my last post?

I would appreciate it a lot.

0 Helpful

Go to solution
pille1234
Level 3
Level 3
In response to jplenbrook

‎06-16-2015 02:25 PM

Hi,

Neither Portfast nor BPDU-Guard is going to create a loop. In fact, BPDU-Guard is one of the best ways to detect and break a loop. You don't want to remove it from ports connected to unmanaged switches, quite the opposite in fact. There are alot of documents out there describing the technology and when and where it shoud be used. 

 

If you feel comfortable with dynamic routing protocols, then go ahead with it. I'm usuallly a big fan of dynamic routing, because it makes managing big networks so much easier. If you should go ahead with EIGRP is another question. If you already do use OSPF as your posted config suggests I would go ahead with OSPF, otherwise you need to configure route redistribution from one protocol to another, which adds a lot of complexity and other disadvantages.

 

To your last question, what is the benefit of a layer-3 port over subinterfaces. In your small setup there's not much difference either way. However it is good practise to keep your layer-2 domain as small as possible. First, you spare a vlan id for future use, second and more important, you keep spanning tree out of it. Pure layer-3 connections usually have a much better convergence time than switchports that need to go through all spanning tree phases before passing traffic. When you start using dynamic routing protocols it gets even more important.  Rule of thumb: Use Layer 2 in the access where it's needed, don't use it where it's not.

 

Regards

.

0 Helpful

Go to solution
jplenbrook
Level 1
Level 1
In response to pille1234

‎06-18-2015 04:27 AM

Hi,

Thanks for all your responses. I apperciate it a lot.

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card