|
EIGRP is great, but I would recommend OSPF for optimal compatibility. If you want the One-True-Routing-Protocol it would be ISIS but lots of devices still don't support that  Anyway, use a Dynamic IGP, static routes suck. Also post your current environment and pretty much all the regular posters in this thread are well-experienced and trustworthy, so we can help you out.
|
#
?
Oct 31, 2012 06:56
|
|
|
|
| # ? May 29, 2024 20:25 |
|
|
I'm actually legit bummed they moved ISIS off the CCNP curriculum. When I was doing my CCNA I skipped ahead and did some reading on ISIS and I was all "hey this is wacky slash awesome" and then they switched poo poo up on me
|
|
#
?
Oct 31, 2012 08:31
|
|
|
Ok so here's what I'm starting with: Inside this mess are : * Patch panels going to 4 serverracks * 6 patch panels to offices * 7 HP Procurve switches connected to said patch pannels randomly * 1 HP Procurve switch/router connected to the other switches * 1 Cisco switch connected to a fiber backbone Not shown: Firewalls, some routers for external connections Network map of our datacenter (A) now:  SW-[ ]-19 goes to location (B) and (C). Traffic to WAN at (C) is routed through (A) then to (B) The plan: 1. Build a redundant network with 3 locations: (A) - Our main location with office users and servers (B) - New location where WAN is terminated, and routing is done (C) - Location with office users and a mirror of servers that can be used if location (A) goes down. 2. Clean up cabling at (A), separate subnets/vlans for management,servers and users Dedicate switches for "access layer" where only the office vlan is connected. Use STP for failover on switches in the distribution layer. My first idea: We move the main router and firewalls and other WAN connections from (A) to (B), and make the design something like this:  Where (A) will have server, office1 and management vlans and (C) will have server, office2 and management vlans Office1 will then be routed through (B) and back to (A) to access servers. Office2 will be routed through (B) and then (A) to access servers. If (A) goes down, Office2 is routed through (B) and back to (C). Writing this down, this sounds pretty terrible, and we should probably think of having a router in (A) and (C) that talks to router (B) if necessary, so that traffic between (A) and (A) doesn't have to go through (B)... But then again, we want some sort of ACL between Office1 and Servers and the router we have in (A) doesn't support that. Oh god I'm not very good at this....
|
|
#
?
Oct 31, 2012 09:14
|
|
|
Yeah, if that's what you're working with, OSPF is definitely the way to go.
|
|
#
?
Oct 31, 2012 16:43
|
|
|
zapateria posted:Ok so here's what I'm starting with:
|
|
#
?
Oct 31, 2012 16:56
|
|
|
zapateria posted:Ok so here's what I'm starting with: God in heaven  Don't forget to invest in some cable managers.
|
|
#
?
Oct 31, 2012 17:24
|
|
|
Did I show you guys this? This is what I inherited a year ago. Before  After 
|
|
#
?
Oct 31, 2012 20:45
|
|
|
I think it looks fine, just leave it as is.
|
|
#
?
Oct 31, 2012 21:34
|
|
|
Seriouspost: why do you need so many switches in your distribution layer?
|
|
#
?
Oct 31, 2012 21:36
|
|
|
jwh posted:Seriouspost: why do you need so many switches in your distribution layer? I probably don't, I literally just learned about those layers and tried to split the current devices up like that. We don't run STP now, so I was probably overly eager with my interconnections for implementing that. Also, the "core layer" is a fiber backbone that is maintained by other people and consists of cisco devices in a separate spanning tree. Can I hook two procurve switches from my distribution layer to one of those cisco devices and use spanning tree for failover or will that somehow not work? (That's why I just ran one line from SW1 to SW-[ ]-05)
|
|
#
?
Oct 31, 2012 22:14
|
|
|
What's the next step in trying to diagnose why a trunk won't come up? I've got one distribution switch connected to two access switches - all brand new 2960Gs, all connected right now with known-good cat5e. Port configs are standard cisco-switch macros. These are interface configs from the distribution switch, but they're identical on the access switch side of things. This one works: code:code:
|
|
#
?
Oct 31, 2012 22:31
|
|
|
Crossovers, explicit uplink ports, or are the switch ports doing auto MDIX? Maybe it's not detecting properly if the latter?
|
|
#
?
Nov 1, 2012 01:40
|
|
|
Mierdaan posted:What's the next step in trying to diagnose why a trunk won't come up? Random, but try pulling nonegotiate. Also are all these guys running the same code? rattrap posted:Crossovers, explicit uplink ports, or are the switch ports doing auto MDIX? Maybe it's not detecting properly if the latter? MDIX is on as long as you do not manually set speed or duplex.
|
|
#
?
Nov 1, 2012 05:02
|
|
|
Thinking out loud part 2: Reduced switches in distribution layer. Does this look less retarded now? The two datacenters (left and right) have a mirrored SAN where VMs are replicated. In case of Sandy II and datacenter 1 goes down, we'd like the servers to be started on datacenter 2, in the same VLAN and subnet. If we have all routing on R-01, this will be no problem (I think). But that means all traffic from client on SW32 to server on SW7 will go through the link to R-01 and back. Is there a better solution for this?
|
|
#
?
Nov 1, 2012 09:46
|
|
|
Tremblay posted:MDIX is on as long as you do not manually set speed or duplex. I was setting speed and duplex manually on one side for a bit, is there a way to tell if MDIX is on or not? That could well be the problem since i'm using straightthrough cables and relying on MDIX to do its magic. edit: set 'mdix auto' on the side of the trunk I can access without a car ride, no joy yet. Will try it from the other side as well later... Mierdaan fucked around with this message at 11:23 on Nov 1, 2012 |
|
#
?
Nov 1, 2012 11:16
|
|
|
Mierdaan posted:I was setting speed and duplex manually on one side for a bit, is there a way to tell if MDIX is on or not? That could well be the problem since i'm using straightthrough cables and relying on MDIX to do its magic. If you have hard coded speed or duplex on either side it runs the risk of disabling auto-mdix since it stops the flps from being sent iirc.
|
|
#
?
Nov 1, 2012 16:04
|
|
|
Well MDIX was definitely on on both interfaces according to sh contr eth gi1/0/xx phy det, so that wasn't it. Both switches are running 12.2(55)SE5, and pulling nonegotiate out from both sides didn't make any difference. ragzilla posted:If you have hard coded speed or duplex on either side it runs the risk of disabling auto-mdix since it stops the flps from being sent iirc. Mierdaan fucked around with this message at 16:16 on Nov 1, 2012 |
|
#
?
Nov 1, 2012 16:05
|
|
|
Nevermind, it was a mundane problem. The straight-through run our contractors ran for us was terminated incorrectly, but somehow passing their cable tests. They reterminated and it worked fine.  It turned out to be an annoying issue, because we'd hooked all these switches up together in the same lab before and had this problem, but then it was caused by the MDIX issue above. We fixed the speed/duplex, relocated them to their actual racks, and had the same symptom (notconnect), so I believed the contractor when he said it was passing wire tests.
|
|
#
?
Nov 1, 2012 17:44
|
|
|
Mierdaan posted:side of the trunk I can access without a car ride How far is this run? Edit. Looks like you got it, nm.
|
|
#
?
Nov 1, 2012 19:21
|
|
|
Fatal posted:How far is this run? MetroEthernet, for the record.
|
|
#
?
Nov 1, 2012 19:52
|
|
|
Mierdaan posted:I believed the contractor when he said it was passing wire tests. Layer 8 problem
|
|
#
?
Nov 1, 2012 21:51
|
|
|
Gap In The Tooth posted:Layer 8 problem 
|
|
#
?
Nov 1, 2012 22:07
|
|
|
I didn't mean it as an insult, it happens to all of us at some stage. I mean just yesterday I wondered why I could ping an SBS server but not connect via NFS. It took me thirty minutes of trying and Googling before I realised someone else had installed the NIC and assigned the IP address. Opened properties on the card and lo and behold 'File and Printer Services for Microsoft Networks' was unticked.
|
|
#
?
Nov 1, 2012 22:58
|
|
|
zapateria posted:design stuff You have a lot of switches. Even in your 2nd design it just looks like you shuffled switches around. What's the port density like on the procurves? Is there any way you can get rid of them rather than re-using/re-cabling all of them to a new design spec? The more switches and VLANs and things you have, the more complexity you're adding to your L2 domain. Get rid of some access switches (spares pool etc) and collapse the distro and core layers. What are those BSW's for? Can't you get rid of those? KISS principle always applies. You can make your VLANs but if your requirement is failover in case DC1 goes down (with servers/VMs in the same subnet) you're going to have to configure a lot of loving trunks (unless you can get rid of a lot of switches). zapateria posted:If we have all routing on R-01, this will be no problem (I think). But that means all traffic from client on SW32 to server on SW7 will go through the link to R-01 and back. Is there a better solution for this? Correct, and sadly no, since I'm assuming that the router is the only thing you have that's doing anything L3. Powercrazy posted:EIGRP is great, but I would recommend OSPF for optimal compatibility. If you want the One-True-Routing-Protocol it would be ISIS but lots of devices still don't support that EIGRP is great if you're all Cisco and you're not a network engineer by trade. Aside from the fact that you throw all of your interop options out the window if you choose to go with it, Cisco's flowchart for troubleshooting a 'stuck in active' route literally spans two pages in a book. No thanks. IS-IS is not the "one true routing protocol" and countless presentations have been done by people comparing ISIS to OSPF with the intent to answer the question "which one is better?" and the result is always "neither." I'm also confused on the "lots of devices" part - a big portion of the SP industry uses ISIS... Why do static routes suck? They don't. Picking a routing protocol to use (or not use) needs to be dictated by your design and your requirements, not by some dude saying "dude don't use static routes they suck". Microsoft published a presentation that detailed using BGP as their IGP to accommodate a design, they thought about it beforehand, and they picked BGP because they had automated configuration generation technology to mitigate the config complexity, and they didn't give a poo poo about convergence time (because yes BGP takes loving forever to do this - but it's not RIP amirite????) so they used it.
|
|
#
?
Nov 3, 2012 20:17
|
|
|
atticus posted:Microsoft published a presentation that detailed using BGP as their IGP to accommodate a design, they thought about it beforehand, and they picked BGP because they had automated configuration generation technology to mitigate the config complexity, and they didn't give a poo poo about convergence time (because yes BGP takes loving forever to do this - but it's not RIP amirite????) so they used it.
|
|
#
?
Nov 3, 2012 20:51
|
|
|
Static routes have specific benefits and places where you should use them. However they are not scalable and they very quickly go from, I just need to add one or two static routes on one or two routers, to I need to update every single router with 7 different static routes, and then oh god, how many layer 3 loops do I have? If you have more than 3 layer 3 devices in your network, you need to use a dynamic IGP. If you want failover, you NEED to use a dynamic IGP. That Microsoft paper is pretty interesting honestly.
|
|
#
?
Nov 3, 2012 20:52
|
|
|
Bluecobra posted:BGP timers can certainly be adjusted. AFAIK, the lowest values are 1 second keepalives and 3 second holddown timers. Right, which is the point I made about RIP earlier ITT. Powercrazy posted:Static routes have specific benefits and places where you should use them. However they are not scalable and they very quickly go from, I just need to add one or two static routes on one or two routers, to I need to update every single router with 7 different static routes, and then oh god, how many layer 3 loops do I have? Agreed, they don't scale, but disagree about 'more than 3 L3 devices + failover' arguments - you can get basic failover with floating statics and by using gateway redundancy protocols. There's a big difference between "need/must" and "want/should". If zapateria only has one L3 device, why does he "need" to use OSPF? 3 routers is probably a reasonable watermark to use to decide if you want to bother with the manual configuration that static routing requires, but OTOH that's entirely up to the person that's operating the network they're designing. If it were me, I'd be like "whatever, 3 routers, no big deal" but I'm also not taking into account change/growth velocity. If I know that I'm going to be adding 8 more routers within the year, then yeah, I'll opt for an IGP. It's really just a "right-tool-for-the-job" argument more than anything else. edit: this question is directed at zapateria but if you only have one box doing L3, why are you configuring any static routes?? atticus fucked around with this message at 21:30 on Nov 3, 2012 |
|
#
?
Nov 3, 2012 21:12
|
|
|
atticus posted:You have a lot of switches. In the 2nd design, 6 of the switches are used as access layer switches. 4 of them are completely full (48 ports each), one has PoE and is used for WLAN access points only (half full) so that leaves 1 switch with spare ports. I've already filled one trashcan with cables that were tangled into the rack but weren't connected though, so it's not impossible that I can free up one switch after some more cleaning. atticus posted:What are those BSW's for? Can't you get rid of those? The BSW are Blade Switches for the servers so we can't get rid of them. Ironically, there are 4 of them but the "HP gold partner" consultant that set everything up wired them so that even with 4 network cards, nothing is redundant. I confirmed this yesterday by pulling one of them - half the servers went down. Part of the project is cleaning up this. atticus posted:edit: this question is directed at zapateria but if you only have one box doing L3, why are you configuring any static routes?? The L3 switch has 3 point-to-point links to remote networks that are statically routed, and there are the 4 routers connected to SW4 in the first diagram. I didn't include those on the second design because they will not be part of the failover plan. Plus the firewall has a bunch of static routes to external networks.
|
|
#
?
Nov 4, 2012 08:05
|
|
|
I have a question regarding multicast in my network. I currently have a sparse-mode setup across 4 different VLANs. All the VLANs terminate at the core, and the access switches are layer2 only. I'm curious if I need to specify the RP on the access switches as well. Currently, I've only specified the RP to a loopback address on the core. This is a Force10 network.
|
|
#
?
Nov 8, 2012 21:06
|
|
|
No, RP is only a concern with layer-3 boundaries.
|
|
#
?
Nov 8, 2012 21:22
|
|
|
I have a 3750 hanging off of our 2 Core routers with a P2P setup between each of them. EIGRP handles route selection. I have the hello/hold timer on these two interfaces down to 1:3. Auto summary is turned off and redistribute Static is turned on for the EIGRP as. The Core's originally did not see the static routes on the 3750 at all but turning on redistribute static fixed that. Problem was that they would then report the routes but show a preferred route of Null0 due to an ACL we have setup. EIGRP works fine for the non static advertised routes out of the 3750. Currently we have just static'd the ranges that the 3750 needs to forward out to customers from the Cores to the 3750. I'm assuming that the "EIGRP Stub Connected Summary" command is the culprit? If I'm not mistaken, it prevents other routers from learning ranges from the stub router. I'm going to update the 3750 to an advanced ip services OS and remove that but wanted to brush it by you guys first. ed Or would eigrp stub static on the 3750 fix my problems? Zuhzuhzombie!! fucked around with this message at 15:45 on Nov 12, 2012 |
|
#
?
Nov 12, 2012 15:36
|
|
|
Zuhzuhzombie!! posted:Or would eigrp stub static on the 3750 fix my problems? If it is then from what you've described as long as you don't need to send summaries (it doesn't sound like you are, do you have any ip summary-address eigrp config on your interfaces?) this should do what you need... Edit: Make it eigrp stub connected static along with redistribute connected if you need routes to any connected interface (e.g. your management loopback/svi). ruro fucked around with this message at 10:24 on Nov 13, 2012 |
|
#
?
Nov 13, 2012 09:42
|
|
|
I don't think that it's technically a stub. We have a couple of 3750s that we use to encapsulate traffic in various VLANs and then allow those VLANs out of a trunk to our Occam, Fuji, Lucent, and our ATT offnet transport ring. These each have multiple connections back to our core routers. One cable per customer, with IP advertising and assignment on the Core. The switch I'm asking about is basically doing like our Core network does. We are advertising /30s, have one half of that /30 on an interface, cable that interface to one of the above mentioned hosts, tag it with a VLAN, and allow that VLAN out of whatever trunk. The problem I ran into was additional /28s, /29s, etc, that were being ip routed to the far end of a customers /30 were not propagating the static routes back to the Cores. Definitely no summaries. There will be no classful routing done off of this box. I'll give it a shot this evening. I have redistribute static there. Before that was in place the core routers were not learning anything from the 3750, but redistribute static then showed them learning it, but preferring the global null0 route we have for our /18s.
|
|
#
?
Nov 13, 2012 19:32
|
|
|
What does the eigrp rib look like at the core? And why isn't the longer prefix being installed into the fib? route-map?
|
|
#
?
Nov 13, 2012 21:55
|
|
|
We have the largest ranges as a whole routed to null0 and let ip route smaller sub ranges when needed. Way I understand it this will kill any spoof traffic in a range that we are currently not using/unassigned. RIB looks fine at a glance. Successors and Feasible Successors seem correct, but I'm not sure what to look for. I have to look into this this weekend as any attempt to have the 3750 advertise the static routes resulted in loss of traffic. I did no trouble shooting when I was alerted that the customers who had static routes went down and only reverted to EIGRP Stub Router from EIGRP Stub Static. I suspect the static routes in the core and the EIGRP statement created a routing loop but will have to investigate in a maintenance window.
|
|
#
?
Nov 13, 2012 23:52
|
|
|
I feel silly not knowing this, but a standard rack for basically all Cisco equipment from a 6500 to a 2960G is 19" or 24"? I want to buy a rolling half rack and mount some PDU's to it, but I'm not sure which one I need. e: Ok looks like a 19" should fit everything. Anyone have any recommendation for a good rack with Power/Cooling etc. This is intended for just me, and I'd like to be able to move it fairly easily. ate shit on live tv fucked around with this message at 02:50 on Nov 14, 2012 |
|
#
?
Nov 14, 2012 02:34
|
|
|
Powercrazy posted:I feel silly not knowing this, but a standard rack for basically all Cisco equipment from a 6500 to a 2960G is 19" or 24"? 19"
|
|
#
?
Nov 14, 2012 02:49
|
|
|
Powercrazy posted:e: Ok looks like a 19" should fit everything. Anyone have any recommendation for a good rack with Power/Cooling etc. This is intended for just me, and I'd like to be able to move it fairly easily. The cooling bits a typo right? You can't just magic away heat. This rack will heat up the room it's in unless you have some way to duct the heat away (or some kind of elaborate portable split system). Is this just for rolling around inside a facility, or for travel?
|
|
#
?
Nov 14, 2012 03:17
|
|
|
I'm trying to make a connection from a Cisco switch's FastEthernet interface to a 2501 router's AUX port. The terminals are RJ-45 on both sides, but what type of cable do I need? The switch is a Catalyst 2924 XL if that makes any difference.
|
|
#
?
Nov 14, 2012 03:24
|
|
|
|
| # ? May 29, 2024 20:25 |
|
|
sootikin posted:I'm trying to make a connection from a Cisco switch's FastEthernet interface to a 2501 router's AUX port. The terminals are RJ-45 on both sides, but what type of cable do I need? The switch is a Catalyst 2924 XL if that makes any difference. I don't see this working since the AUX port doesn't speak ethernet. http://www.cisco.com/en/US/products/hw/routers/ps332/products_tech_note09186a0080094ce6.shtml#topic8
|
|
#
?
Nov 14, 2012 03:57
|
|