02-23-2012 09:02 AM - edited 03-07-2019 05:08 AM
Hi Guys
when y extend the servers subnet to onother data center over dark fiber ,so the port will be configured as trunk and only allow the vlan server to cross the trunk,let say the vlan server is VLAN 10,so command will be like below
int g1/1
desc L2 Link to DC2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport allow vlan 10
is it correct?
what is the command to isolate STP domain each other?
Thanks
Ibrahim
02-23-2012 09:44 AM
Hi
Your config is correct keep in mined if you. Have only one vlan crossing the link you can have the link as an access port
Not sure what you mean by stp domain
Are you referring to MST domain?
HTH
Sent from Cisco Technical Support iPhone App
02-23-2012 09:56 AM
Hi Riza
isolate STP Domain is to filter BPDU on each side of the Link to prevent TCN issue
02-23-2012 11:27 AM
You are not specific in your description. What do you mean when you say you want to "isolate STP domains from each other"?
There are many ways to do this. You can convert the link to a pure L3 link, and route the traffic between the sites using IP.
You can also do what sharifimr mentioned, convert the access port in each end to an access-port (switchport access vlan xxx / switchport mode access).
If you need to share bridged traffic in the form of a VLAN between the sites, but you do not want to exchange BPDUs between switches, you can enable BPDUFilter on the interfaces (spanning-tree bpdufilter enable), but DO NOT do this if you have redundant links, unless they are part of a port-channel/etherchannel.
If you have ASR1Ks or a Nexus 7K laying around, you can configure an OTV link, in which case you don't have to think about those pesky L2 issues associated with classic Ethernet...
HTH
Atle
---
Posted by WebUser Atle Ørn Hardarson
02-23-2012 11:43 AM
Hi Atle
what is the ideal solution for that
is it trunk or access
the business driver for that is the goecluster for high availability
02-23-2012 12:11 PM
Well, you can safely do switchport mode access / switchport access vlan 10
that would be a safe and sensible solution. Remember, there is no need for a 802.1Q trunk unless you are planning on transporting multiple VLANs through the link.
---
Posted by WebUser Atle Ørn Hardarson
02-24-2012 02:18 AM
Hi
if i only transport the vlan servers [VLAN 10]over trunk,maybe that will stops the servers from communication with other VLANs,am i right?
02-25-2012 03:50 AM
Yes, you can manually prune other VLANs from the link with the "switchport trunk allowed" command:
interface XX
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10
This will only allow traffic for VLAN 10 over the trunk
Atle
---
Posted by WebUser Atle Ørn Hardarson
02-25-2012 04:09 AM
Hi
interface X/X
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10
This will only allow traffic for VLAN 10 over the trunk
now the servers can comunicate with other VLAN let say user vlan in VLAN 100
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide