Re: Full Mesh between two L3 Core Switch and 2 Core routers

amit_kulshrestha_2 · ‎11-18-2013

Respested All,

we have one new customer , for which i have to commission new network for them , there are two core router 3945 and two Core L3 switch 4507R , for local lan user i have configured HSRP in 5 User Vlans and is working fine with no problem, now i want to configure full mesh between both core switch and both core routers ,although i have configure 1 -1 port-channel interface 1 in both core switch,and it is L3 Interface . what next and how can i obtain that , kindly guide me.i have attach file also .

lmediavilla · ‎11-18-2013

Your design have an issue, your core switch must be just 1 device, either with VSS or Stack, you will cause problems doing etherchannels to different devices if they are not one logical bigger switch.

If you use LACP you will notice messages that there are two LACP neighbors instead of one.

Kind regards

amit_kulshrestha_2 · ‎11-18-2013

Thanxs for your reply ,this is how i have to do,can you guide little configuration of LACP.

port-channel interface which i have to create should be L2 or L3.

lmediavilla · ‎11-18-2013

Firts the core switch must be one, just one if not you will have problems.

For lacp config you can choose either layer 2 or layer 3, for layer 3 your core switch will have all layer 3 vlans and hsrp in all of them (3 ips per vlan)

int gi1/0/24

description Core1

switchport mode trunk

switchport trunk encap dot1q

channel-group 1 mode active

int gi1/0/24

description Core2

switchport mode trunk

switchport trunk encap dot1q

channel-group 1 mode active

int port-channel1

description Core

switchport mode trunk

switchport trunk encap dot1q

This is a layer 2 portchannel grunk with LACP

"show etherchannel summary" will show the LACP negotiation (must be on both sides)

You can get the full docuentation of etherchannel for the 4500 family in here

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/channel.html

amit_kulshrestha_2 · ‎11-18-2013

Thanxs , what dynamic protocol will be using for communication .

lmediavilla · ‎11-18-2013

there is no routing protogol, the etherchannel will use 802.1q for the trunk links and LACP for the etherchannel. All vlans will be layer 2 until they reach the core router.

regards

devils_advocate · ‎11-18-2013

As mentioned above, you should be looking at making your core switches a VSS pair really which will take spanning tree and HSRP out of the mix as both switches will be acting as a single entity. If you did not want to do this, you would need to have single links to your access switches (i.e one from each core switch but not in a port channel) and let spanning tree block one.

Using HSRP and spanning tree between core and access switches will work but...

A) You will have a small outage if one Core switch fails, all the HSRP groups need to transition over to the Standby switch and also the blocked links to the Access switches need to become active. Using VSS means resiliency and no outage.

B) As one of the links between each access switch and the core switches will be blocked by spanning tree, you have a switch sitting there doing nothing until its needed which is a waste really as you are only using 50% of the available total bandwidth.

VSS is the way forward

You also can't create a port channel between each core switch and the routers. A port channel needs to connect to a single entity both side in the form of a single switch/router, a VSS pair of switches or a switch stack.

Is each ISP advertising a default route to each router?

If so you need to be think about these and how to advertise these to your Core routers using a routing protocol such as EIGRP or OSPF.

Jon Marshall · ‎11-18-2013

I completely agree that VSS is the best solution. One small point though -

If you did not want to do this, you would need to have single links to your access switches (i.e one from each core switch but not in a port channel) and let spanning tree block one.

There is no reason why you cannot have etherchannels to your access switches even if you don't use VSS ie. each access switch has 2 etherchannels, one to the first core switch and one to the second. STP sees the etherchannel group as one logical port so it would simply block one etherchannel link and use the other one for forwarding. Before the advent of VSS this was a very common approach to a L2 access to L3 routed distro/core.

However as you say there is a small outage while STP switches over and the HSRP routers switch over.

Jon

lmediavilla · ‎11-18-2013

I don't agree with Jon Marshall, if you don't have VSS your port channels with LACP just won't work if you mix one cable to each core switch (like in the first post draw). If you don't use etherchannels you will have an active/standby topology which is not bad but not as good as VSS.

kind regards

Jon Marshall · ‎11-18-2013

From my original post -

ie. each access switch has 2 etherchannels, one to the first core switch and one to the second.

So i wasn't talking about trying to use an etherchannel from an access switch and spread it over both core switches. That's not possible, as you say, unless you are using VSS.. But you can still use etherchannels from an access switch to the core switches it's just that etherchannel_1 must terminate on 6500_1 only and etherchannel_2 must terminate on 6500_2 only.

Perhaps it was simply that i misunderstood the original point being made.

Jon