[c-nsp] Migration to Layer 3

Alexandra Alvarado aaaa at telconet.net
Sun Nov 7 11:27:15 EST 2004

Thanks for the answer!

My problem is that I allways have the risk that a client network goes down
my network.  Today ocurred again, An employee conected a new client to the
network on a port that has the config like this:

interface FastEthernet0/21
 description F/O NewClient
 switchport access vlan 987
 switchport mode access
 switchport nonegotiate
 ip access-group 135 in
 service-policy input policy_portNewClient_in
 service-policy output policy_portNewClient_out
 storm-control broadcast level 5.00
 storm-control multicast level 5.00
 no cdp enable
 arp timeout 1800
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 spanning-tree guard root

And for any error the port had not the next commands:

 switchport port-security
 switchport port-security mac-address 0011.93bc.2045

And the all networks goes down.

I think could be "mac overflow" but I'm not sure, The bandwith utilization
for that port only had a peak of 16KB (MRTG Graphs) .  That's why
I think moving to layer 3 I can avoid this kind of problems and for some
clients I not have problems, but now I have in the metro ethernet some
clients with 802.1q configured. Example I have clients that has too many
presence points in differents parts of the city, and all of its has a same
VLAN ID. I have catalyst 3550 on the backbone, so I think I could migrate to
VRF in a transparent mode for the clientes.

But when a read about VRF, the requirement was: a CE, a PE and a router.  I
only have in the backbone too many catalyst 3550, but NOT switches 6000. So
I need to use VRF in this environment.  The example in the manual of Csco
3550 is too complex and require at least 6 switches and one of that is a
6500 switch. I only have a lab with 2 switches 3550.  Can I configure in
this 2 switches a VRF session or how many switches 3550 I need at least?
Can somebody help me with a simple example of VRF Config. or any link that
could help me?.


Alexandra Alvarado

----- Original Message ----- 
From: "Saku Ytti" <saku+cisco-nsp at ytti.fi>
To: "Alexandra Alvarado" <aaaa at telconet.net>
Sent: Friday, November 05, 2004 7:04 AM
Subject: Re: [c-nsp] Migration to Layer 3

> On (2004-11-04 18:38 -0500), Alexandra Alvarado wrote:
> > I have a big network witch around 50 cisco switches 3550; 20 cisco
switches 2950 and 10 non cisco switches, I use for to have loop free the
MSTP Protocol, and for to manage diferents VLANS 802.1q.  I think is time to
migrate to layer 3, but; my problem is:
> 2950 doesn't do L3.
> > 1) How to migrate to layer 3 do it in a transparent mode?
> Move one customer at a time to L3.
> > 2) I don't want to change the configuration 802.1q with some of my
clients. Or how to do to coexist layer 2 and layer 3?
> Yes, with 3550 you can have L2 and L3 interfaces in same box at the same
> time.
> > 3) Can protocols like SVIs, L2TP, VRF could help me to work with layer 2
and 3 on the switches at the same time?
> L2TP isn't supported on 3550 or 2950. Only 1 SVI is supported on 2950, for
> management. And VRF is only supported on 3550.
> Before diving in to this, ask yourself what are the problems you're trying
> to fix with the migradation, how much do they problems cost you money
> and how much does the L3 migradation cost.
> -- 
>   ++ytti

More information about the cisco-nsp mailing list