Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
979
Views
0
Helpful
3
Replies

How to configure SPT ( in our side ), to connect to ISP Layer 2 links

bensonlei
Level 1
Level 1

‎07-25-2019 11:34 PM

Hi, guys,

ISP provides a internet line to my company, for the last mile WAN link ( their customer end), they provide two layer 2 lines connecting to our two separated C2960 switches ( as below ):


ISP -----L2 Switch Line 1   -------- C2960-1 (vlan 10)  ---- Our Layer 3 device1
               L2 Switch Line 2   -------- C2960-2 (Vlan 10)  ---- Our Layer 3 device2


For our C2960 switches:
1. C2960-1 (vlan 10) --trunked---C2960-2 (vlan 10);

2. Both C2960 switches enables the cisco default pvst.

3  Layer-3 devices/Firewall in  Active-Active mode.
4. At this moment, all switch ports connected to ISP Layer 2 switches are in "forwarding" state, we have not yet configured the trunk for this vlan, ( network loop occurred if we configured trunk for vlan 10, this is verified ).

 

SW1 & SW2 configuration:
interface GigabitEthernet0/1
 description To Internet line
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpdufilter enable
!


interface GigabitEthernet0/7
 description To Inter-SW trunk
 switchport trunk allowed vlan 94,96,98,99
 switchport mode trunk
!

 

 

ISP side:

1. We do not know what device they use for their Layer 2 network,
2. We do not know their device configurations,
3. We found the same some ISP MAC addresses  from our switches.
 
How we configure our Layer 2 switches ( interfaces and trunk ), so one switch port (connected to ISP ) is in "forwarding" state (active), another port is in "blocked" state ( standby ) for resilient links for ISP connection ?

0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎07-25-2019 11:55 PM

>...

>How we configure our Layer 2 switches ( interfaces and trunk ), so one switch port (connected to ISP ) is in "forwarding" state (active), another port is in "blocked" state ( standby ) for resilient links for ISP connection ?

 

  - Such setups (intrAnet concepts) are not advisable when making a connection to an ISP which is basically L3 based. Have  a look into routers and firewalls which can use techniques such as BGP or  PBR (policy based routing) for redundancy purposes.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

bensonlei
Level 1
Level 1
In response to marce1000

‎07-26-2019 03:05 AM

Hi Marce,

It is not layer 3 concern.

ISP demarcation ( or ISP modem ) provides 2 network lines ( for redundancy network -) to our C2960 switches:

If we allow vlan 10 in trunk, network loop occurs.

How we configure the switches, for preventing network loop but providing resilient network connection, thx ?

 

0 Helpful

marce1000
VIP
VIP
In response to bensonlei

‎07-26-2019 03:55 AM

 

>..

1>We do not know what device they use for their Layer 2 network,
2. >We do not know their device configurations,

 

   - Indeed , sometimes Layer2 setups are used BUT, then you need all sufficient information from the ISP to set this up. The above items must be resolved 'without diplomacy' ; otherwise working on it makes no sense. Get sufficient information from the  ISP.

  M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card