Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1336
Views
0
Helpful
2
Replies

HSRP 3 tier multilayer switching design

Go to solution
Nicholas Beard
Level 1
Level 1

‎01-25-2011 05:10 AM - edited ‎03-06-2019 03:10 PM

Any help with designing HSRP within the following design would be greatly appreciated -

Four Access switches (4 x 2960)

Two Distribution switches (2 x 3560)

One Core Switch (1 x 3560)

Each Access switch has the following VLANs -

VLAN 10 - Management VLAN only

VLAN 20 - Voice VLAN

VLAN 30 - Department 1 Data VLAN

VLAN 40 - Department 2 Data VLAN

Each Distribution Switch has the following VLANs -

VLAN 10 - Management VLAN only

VLAN 20 - Voice VLAN

VLAN 30 - Department 1 Data VLAN

VLAN 40 - Department 2 Data VLAN

VLAN 50 - Server VLAN

VLAN 100 - Internet Gateway

Core switch has the following VLANs -

VLAN 10 - Management VLAN only

VLAN 50 - Server VLAN

VLAN 100 - Internet Gateway

The Access layer switches have redundant layer 2 uplinks to the distribution layer and the distribution layer switches are interconnected with layer 3 links.  The Distribution switches also have layer 3 uplinks into the core.  The servers currently reside within the distribution layer due to bandwidth requirements.

Each access layer switch has IP Phones setup with desktops as follows -

switchport mode access

switchport access vlan 30 or vlan 40 (department depending)

switchport voice vlan 20

mls qos trust cos

switchport priority extend cos 0

spanning-tree portfast

spanning-tree bpduguard enable

I have loadbalanced the VLANs from the access layer switches to the distribution layer over the trunk links as follows -

Dist 1 -

spanning-tree vlan 1,10,20 priority 0

spanning-tree vlan 30,40,50 priority 28672

Dist 2 -

spanning-tree vlan 30,40,50 priority 0

spanning-tree vlan 1,10,20 priority 28672

I would like to achieve the following -

1)  Setup and configure HSRP within the distribution switches to provide redundant gateway routing for the department and server VLANs.  Is it possible to create three HSRP groups based on the 3 VLANs?

2)  Will the above configuration split the data and voice traffic across distribution switches efficiently and effectively traverse the core to the internet?

3)  The servers have approximately a 50/50 load for traffic back to the access layer and also out to the internet.  Based on this would the servers be most efficiently placed within the Distribution layer, or the Core layer?

Many Thanks for any help

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee

‎01-25-2011 08:49 AM

Hi Nicholas,

This looks good.  Also, I like the L3 link from dist1 to dist2.

To Answer your questions:

1) Yes, you can have 3 HSRP groups.  Ex:

interface vlan 10

--snip--

standby 10

--snip--

interface vlan 20

--snip--

standby 20

--snip--

etc

2) The config STP config you listed won't actually be loadbalancing the traffic between the two switches.  The reason here is that there isn't a blocked link from dist to access.  This is GOOD!  So what this means is that traffic on the access switch can either go to dist 1 or dist 2 directly.  You'll want to use HSRP to influence their path.  So which ever is STP root, that switch will also have the higher HSRP priority.  This will direct the traffic for that vlan to go to that switch.

3) For servers...do they have two NICs?  If so you could attach them to each dist switch and run them in an active/passive mode in case of a failure.  If not you'll have a single point of failure whether they are at Core or Dist.   If single NIC, then I'd attach them to the Core.  Reason being is that server to server traffic would be contained there.  If you split them between Dist switches, then server to server traffic would have to cross access switches.  Now if there isn't much of that, then either I think is fine.

Also, you'll want to get your ARP timeout BELOW your MAC aging time.  So default ARP timeout is 4 hours, your CAM aging time is 5 min.  You want to do this because you could have asymetric routing back down to your users at the distribution layer...this is fine almost every HSRP design has it.

I don't want to flood this post about this, but you can read more about this situation here (Cause 1):

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

I usually suggest to drop ARP timeout to below 5 mins to prevent any flooding due to this.

The design looks, you could also use GLBP for load-balancing the traffic instead of HSRP.  Either way all the above applies.

Chad

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee

‎01-25-2011 08:49 AM

Hi Nicholas,

This looks good.  Also, I like the L3 link from dist1 to dist2.

To Answer your questions:

1) Yes, you can have 3 HSRP groups.  Ex:

interface vlan 10

--snip--

standby 10

--snip--

interface vlan 20

--snip--

standby 20

--snip--

etc

2) The config STP config you listed won't actually be loadbalancing the traffic between the two switches.  The reason here is that there isn't a blocked link from dist to access.  This is GOOD!  So what this means is that traffic on the access switch can either go to dist 1 or dist 2 directly.  You'll want to use HSRP to influence their path.  So which ever is STP root, that switch will also have the higher HSRP priority.  This will direct the traffic for that vlan to go to that switch.

3) For servers...do they have two NICs?  If so you could attach them to each dist switch and run them in an active/passive mode in case of a failure.  If not you'll have a single point of failure whether they are at Core or Dist.   If single NIC, then I'd attach them to the Core.  Reason being is that server to server traffic would be contained there.  If you split them between Dist switches, then server to server traffic would have to cross access switches.  Now if there isn't much of that, then either I think is fine.

Also, you'll want to get your ARP timeout BELOW your MAC aging time.  So default ARP timeout is 4 hours, your CAM aging time is 5 min.  You want to do this because you could have asymetric routing back down to your users at the distribution layer...this is fine almost every HSRP design has it.

I don't want to flood this post about this, but you can read more about this situation here (Cause 1):

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

I usually suggest to drop ARP timeout to below 5 mins to prevent any flooding due to this.

The design looks, you could also use GLBP for load-balancing the traffic instead of HSRP.  Either way all the above applies.

Chad

0 Helpful

Go to solution
Nicholas Beard
Level 1
Level 1
In response to Chad Peterson

‎01-27-2011 04:03 AM

Chad, Thanks for the reponse, you are correct about the load balancing because there is no physical loop between the switches.  This was intended due to the Layer 3 link between the distribution switches.  So basically I can create HSRP groups with group id's matching the VLAN, and prirotise them based on the STP of the distribution switch reponsible for the VLAN.

The servers basically have either 2 or 4 physical NIC's setup as redundant teams.

Your ARP timeout information was extremely useful, thank you very much indeed for this.  I will ensure this is rolled out as part of the HSRP design when performing the configuration.

Also, i think im correct in saying the Cisco 3500 series switches do not support GLBP?

Thanks again. Nick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card