Re: Spanning tree query for extending existing lan

RichardJewell · ‎02-10-2014

Hi Guys,

I've got a network setup where I need to add a new set of switches have some new vlans that are independant to the existing environment but i have some of the existing vlans propogate accross.

My current setup is:

and my new design is this:

The 5505-02 is there so that i can easily manage acl's so that only some users can access the new vlans such as 200. And in the future put in idfw to manage this via AD groups.

My concern is regarding spanning tree. The current set up the 3750-01 , 2960-01, sf300-01 and sf300-02 are all set to default pvst where the 3750-01 is the root bridge for all existing vlans

With having the vlan 101 and 102 being propagated across to the new environment what is the best way of tackling STP for this? could I manually set the root primary and the priority to be lowest for these two vlans as the 3750-01? And then the same for the new 200 and 201 as the new 3750-02?

Or would setting a different mode be best i.e mst?

thanks

Rich

Jon Marshall · ‎02-10-2014

Rich

Are you proposing to use the same IP subnet for vlans 101 and 102 on the new switches ?

If so unless the ASA 5505-02 is in transparent mode then you will not be able to extend vlans 101 and 102 across to the new switches ie. if it is in routed mode that is a L3 hop and you generally can't extend a L2 vlan across a L3 hop. There are technologies that allow you to do this but i dont think any of them are supported on the 3750 switches.

If you are making the ASA 5505-02 transparent then it would need to be transparent for a trunk link and i don;t know whether this is possible. You may want to ask in the firewalling forums.

So before worrying about STP can you clarify what you are going to be doing with ASA 5505-02 and that whether or not you are proposing to use the same IP subnet for those vlans on the new switches ?

One last question. Any particular reason why you are using a square topology as opposed to simply using multiple uplinks from each 2960 to the 3750 stack ?

Jon

RichardJewell · ‎02-12-2014

Jon,

thanks for the quick reply. I was hope to doing this in a staged migration but i'll have to remove the ASA first, so that i can propagate the l2 vlans over until all the devices are all migrated onto the vlans that originate and terminate on the new side of the network, bit of a oversight

the setup of the cabs for the 3750x and the 2960s has already been in place for some time , there is currently a unmaged netgear setup which this will be replacing, hence the square topology. actually got a stack for the new core of two 3750x.

So ignoring the 5505 which wont be there initally can you now shed some light on the STP side?

thanks

Rich

Jon Marshall · ‎02-12-2014

Rich

You are propogating vlans 101 and 102 to the new switches. Is this a temporary measure or this permanent ?

Same question in reverse for the new vlans ie. are they going to be extended back to 3750-01 ?

And for all vlans where is the inter vlan routing going to be done ?

It's good to have one root bridge if possible but there may be an argument for using two here.

Note also that if the existing vlans are only being extended temporarily and the new vlans are only for 3750-02 then using a routed connection beween the switch stacks is also an option.

I don't think either way you need MST as we are not dealing with a lot of vlans but if you could clarify the above it would help to suggest the best way.

Jon