Rik, the set port host command turns off PAGP and DTP...
As far as the number of subnets, I am totally with you... You will want at
least 5 different VLANs, with my preference being for 8, for 1500 users
(leave yourself some room on each VLAN)... You can just use a 24-bit mask
for simplicitys' sake...
Separate the SC0 interfaces from production traffic by making use of
VLAN1...
In a campus environment, I would make the connections between the buildings
routed links... make each gig connection a separate subnet that connects the
MSFCs in each building... That way, in conjunction with CEF you can load
share across multiple links, eliminate spanning tree in the core, and make
use of faster routing protocol convergence...
-Brant
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Rik
Sent: Thursday, March 22, 2001 9:32 AM
To: [EMAIL PROTECTED]
Subject: Re: Cat6k vlan configuration
I am concerned with your numbers. 1500 users on an IP (I assume) subnet is
way too many! Remember, a VLAN will propagae all broadcasts. Each and
every ARP, BOOTP, etc. will traverse the entire backbone. I would suggest
you break this down into at least 3, preferably 5 VLANs to minimize the
affect that all of that broadcast traffic will have on your hosts. Setting
up one of the switches to be a VTP server will greatly minimize your
administrative efforts with VLANs.
Why would you disable CDP? This is a great resource for troubleshooting
Cisco equipment and produces no noticeable overhead. I would turn it back
on. What about trunking? Are the 2 VLANs going to need to talk to each
other? You can designate 2 separate switch ports/ router interfaces for
this and not use any trunking, or you could setup a single trunk port for
connecting to a single router interface and use less ports, which is
probably the more common way to do it. Of course, if you have an RSM, so
much the better.
What about Spanning Tree? I always purposely select the root bridge by
adjusting the bridge priority value. Typically do this with the switch that
will handle the most traffic. You can also setup a secondary root in case
the rpimary ever fails. By doing this, your root bridges are not selected
randomly. As a related topic, if you should happen to have any redundant
paths (which you hopefully do, especially between buildings), I suggest
putting them into a port group (Etherchannel, FastEtherchannel, etc.). No
sense letting Spanning Tree keep one down when you can benefit from the
added bandwidth from the additional link(s). If one fails, you still have
the redundancy.
Oh yeah, remember this: turn on portfast and turn off PAGP on ALL ports with
end hosts (servers, workstations, etc.) on them. Otherwise, you will have
problems. Trust me ;-}
Rik
"Karl Brenner" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> I've to upgrade a tokenring network with 1500 users to
> a gigabit backbone ethernet network.
>
> I worked my way trough the SAFE network design, but
> this is not quite finanzable.
>
> The network looks like this:
>
> Core/distribution: two cat6500 one native IOS the
> other hybride connected to a 7200 Wan router.
>
> The access layer switches are cat6000 with inlinepower
> for ip phones.
> There're is a data VLAN and an aux VLAN per switch.
> I have four of this switches in each building (there
> are two buildings). The buildings are connected via
> fibre.
> I'm looking for some demo solutions.
>
> Here is a demo config of the access layer switch,
>
> Cat6k-acc-usr> (enable) set timezone PST -0
> Cat6k-acc-usr> (enable) set summertime PST
> Cat6k-acc-usr> (enable) set summertime recurring
> Cat6k-acc-usr> (enable) set ntp server 10.10.0.12
> Cat6k-acc-usr> (enable) set client enable
>
> Cat6k-acc-usr> (enable) set cdp disable
> Cat6k-acc-usr> (enable) set ip http server disable
> Cat6k-acc-usr> (enable) set logging server 10.10.0.12
> Cat6k-acc-usr> (enable) set logging timestamp enable
>
> Cat6k-acc-usr> (enable) set port inlinepower 5/1-48
> auto (module/ports)
> Cat6k-acc-usr> (enable) set port speed 5/1-48 auto
> Cat6k-acc-usr> (enable) set port host 5/1-48
> Cat6k-acc-usr> (enable) set port inlinepower 6/1-48
> auto (module/ports)
> Cat6k-acc-usr> (enable) set port speed 6/1-48 auto
> Cat6k-acc-usr> (enable) set port host 6/1-48
> Cat6k-acc-usr> (enable) set vlan 10 floor1
> 10.1.10.0_data
> Cat6k-acc-usr> (enable) set vlan 110 floor1
> 10.1.110.0_voice
> Cat6k-acc-usr> (enable) set vlan 10 5/1-48
> Cat6k-acc-usr> (enable) set vlan 10 6/1-48
> Cat6k-acc-usr> (enable) set port auxiliaryvlan 5/1-48
> 110
> Cat6k-acc-usr> (enable) set port auxiliaryvlan 6/1-48
> 110
> Cat6k-acc-usr> (enable) set qos enable
> Cat6k-acc-usr> (enable) set port qos 5/1-48 trust-ext
> untrusted
> Cat6k-acc-usr> (enable) set port qos 6/1-48 trust-ext
> untrusted
> Cat6k-acc-usr> (enable) set port qos 5/1-48 trust
> trust-cos
> Cat6k-acc-usr> (enable) set port qos 6/1-48 trust
> trust-cos
> Cat6k-acc-usr> (enable) set qos acl ip ACL_IP-PHONES
> trust-cos ip any any
> Cat6k-acc-usr> (enable) set port qos 5/1-48 vlan-based
> Cat6k-acc-usr> (enable) set port qos 6/1-48 vlan-based
> Cat6k-acc-usr> (enable) commit qos acl all
> Cat6k-acc-usr> (enable) set qos acl map ACL_IP-PHONES
> 110
> Cat6k-acc-usr> (enable) set qos map 2q2t tx 2 1 cos 3
> Cat6k-acc-usr> (enable) set port qos 1/1 trust
> trust-dscp
>
> can you think of anything else?
>
> thanks for your help.
>
> Karl
>
> =====
> Karl Brenner
> 112 Belfield Park
> Stllorgen
> Co. Dublin
> Tel. ++353 (1) 260 12 98
>
> ____________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
