11-29-2012 12:26 AM - edited 03-07-2019 10:18 AM
Hi All,
I am facing an issue for interconnecting two redundant switches to redundant switches of the customer. below is the design
Customer switch 1 ---------------VRRP IP ------------------Customer Switch 2
| |
| |
| |
| |
Switch 1 ------------------------------Vrrp Ip -----------------------Switch 2
When Cust switch 2 connects to switch 2, i am getting high CPu on switch 2 and everything going haywire. Customer dont want to use any routing protocol or Spanning tree. i have done static routing on switch 1 to the VRRP IP of the customer. Also static routing on switch 2 with a lower AD to the VRRP IP of the customer.All these is sharing a same vlan.
Any suggestions would be highly appreciated.
thanks a lot in advance
dathan
Solved! Go to Solution.
11-29-2012 01:04 PM
Hi,
if you would disable the dedicated vlan from the trunk, your VRRP packets would still pass from one of your switches to the other through the customer switches, wouldn't they?
What I would recommend though would be
a) using a VRRP group different from that the customer is using,
b) securing your VRRP by MD5 (or text at least) authentication
See
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp.html#wp1055513
for details.
HTH,
Milan
11-29-2012 01:03 AM
Hi,
I suppose a dedicated VLAN is used just for your interconnection to the customer?
But still, how are those switches connected physically?
Do all the lines in your diagram mean physical connections?
If yes, without STP running, you could create an L2 loop easily with both the customer switches connected each to the other on L2 and your switches also connected each to the other.
So if the customer doesn't accept STP running with you, you would need to disconnect your switches physically within the interconnection VLAN and break the L2 loop manually?
Customer switch 1 ---------------VRRP IP ------------------Customer Switch 2
| |
| |
| |
| |
Switch 1 Switch 2
Your switches would then send the VRRP hello packets through the customer switches on L2 and everything should work.
Or the opposite way, depending on your environment:
Customer switch 1 Customer Switch 2
| |
| |
| |
| |
Switch 1 ---------------------------VRRP IP----------------------Switch 2
HTH,
Milan
11-29-2012 08:22 AM
Hi Milan,
thanks a lot for ur reply.
Yes...there is a dedicate vlan for interconnection.
Yes, the lines in my diagram means physical connection. i cant break the interconnection between my switches because i am also having other vlan's which serves my LAN. So i need VRRP for gateway redudancy. I assume the same situation is for the customer. they might also have their own internal vlans.
if i use a ptp link between switch 1 & customer switch 1 (i.e L3 connection) and switch 2 & customer switch 2 and then do static route, will it solve the issue? do i need to use any dynamic routing protocols?
Appreciate your great help and support.
regards
dathan
11-29-2012 08:46 AM
Hi,
with L3 ptp connections between your switches and the customer switches you would lose the VRRP advantages, wouldn't you?
So some dynamic routing protocol would be necessary then.
If I understand correctly, you just need to break the L2 loop within the VLAN used for the interconnection with your customer.
If your switches are connected each to the other via a trunk, why don't you just disable that dedicated VLAN on the trunk?
That would break the L2 loop for that VLAN and everything should start workink, shouldn't it?
HTH,
Milan
11-29-2012 09:25 AM
Hi,
yes, with the L3 ptp connections,i wont be having that interconnect vlan or vrrp advantage. The issue is that the customer dont want to run any routing protocol or stp.
by the way, if i exclude that dedicated vlan from the trunk, i will also lose the vrrp advantage right? So i wont be having the virtual ip for this vlan?
thanks a lot for your advices...
11-29-2012 01:04 PM
Hi,
if you would disable the dedicated vlan from the trunk, your VRRP packets would still pass from one of your switches to the other through the customer switches, wouldn't they?
What I would recommend though would be
a) using a VRRP group different from that the customer is using,
b) securing your VRRP by MD5 (or text at least) authentication
See
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp.html#wp1055513
for details.
HTH,
Milan
11-29-2012 01:20 PM
Hi Milan,
Thanks a lot for your reply. I didnt thought about sending of vrrp frames through customer switches.Thanks.
let me try your recommendation and will update your with the outcome.
Appreciate your great help.
regards
dathan
12-17-2016 11:52 PM
Hi
I have same problem and same scenario.and my question if the link from switch 1 that send VRRP message to switch 2 be down the VRRP message not arrived the switch 2 ,and what we will do to solved this problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide