Solved: Question for QinQ

katerina.dardoufa · ‎09-30-2011

Hello Community!

My company wants to create a split site for one of our applications. The approach to doing this is QinQ. In reallity we want to connect two switches over MetroEthernet, and bridge the two sites (5 vlans in total). For security reasons I was thinking of configuring both switches in VTP mode transparent and only creating the appropriate VLANs, but I got stuck when thinking about which switch should be the STP root... Does it matter??? Should I leave STP to do its job without any manual interference?

The other thing is that we are going to use two different providers for the metro ethernet, so we want to utilize both links (load balance traffic), so some vlans should prefer LinkA and the others LinkB. My approach to this would be to set vlan port-priority. I don't think that cost would have the same effect!

If we go with vlan port-priority should it be configured on both switches, or just on the root?

Finally is using udld and loop-guard a good idea for STP loop protection, or since our switches will connect to metroethernet switches from the provider, it won't make any difference?

To summarize, my questions are the following:

VTP mode Transparent?
Manually configure STP root?
Use vlan port-security and if yes configure all (4 trunks) ports?
Use udld and loop-guard for loop prevention?

Any ideas, thoughts, comments would be really helpful!

Thank you in advance,

Katerina

smitesh kharecha · ‎09-30-2011

Hi Katerina,

Definately if you want vlan as local vlan only and not to be propagated to other switch, then let it be transparent.

Not too sure on the port priority, but it should work if you set it only on root.

(And in the case if it doesn't you can always go and set on all trunk interfaces )

Regards,

Smitesh

View solution in original post

smitesh kharecha · ‎09-30-2011

Hi Katerina,

Since here you are planning for Q in Q, below are my suggestions:

1. VTP mode Transparent ??

- Why you would want VTP in transparent mode, when you can have single VTP domain if you don't go for transparent mode. My suggestion will be make one of your switch server and others as client.

2. Manually Configure STP root ?

- Definately a good idea.

3. Use vlan port-security and if yes configure all (4 trunks) ports ?

- depends on your company policy.

4. Use udld and loop-gaurd for loop prevention.

- udld will be good to use, if you want to disable the link ( in the event of link failure) and want to have alternate STP path.

-loop-gaurd always help in switched network and esp. when you have manual configure root and haven't given any considerations to other switches. It will also protect you from introduction of new switch ( of older hardware) accidentally becoming root.

HTH,

Smitesh

katerina.dardoufa · ‎09-30-2011

Thank you for your reply Smitesh!

I think that VTP mode transparent is prefferable, in the case that we want to create a vlan on a site, that we don't want to propage to the other site.
ok
I was reffering to vlan port priority (I accidentaly wrote security). My question is if the priority needs to be set on all trunk interfaces, or only on the interfaces of the root.
ok.

Thanks in advnace,

Katerina

smitesh kharecha · ‎09-30-2011

Hi Katerina,

Definately if you want vlan as local vlan only and not to be propagated to other switch, then let it be transparent.

Not too sure on the port priority, but it should work if you set it only on root.

(And in the case if it doesn't you can always go and set on all trunk interfaces )

Regards,

Smitesh

katerina.dardoufa · ‎09-30-2011

Thank you Smitesh!

I think I will start with the root trunks and see how that goes!