Fw: [c-nsp] Migration to Layer 3

Mon Nov 8 09:51:54 EST 2004

> Thanks for the answer!
>
> My problem is that I allways have the risk that a client network fall down
> my network.  Today it ocurred again, An employee conected a new client to
the
> network on a port that has the config like this:
>
> interface FastEthernet0/21
>  description F/O NewClient
>  switchport access vlan 987
>  switchport mode access
>  switchport nonegotiate
>  ip access-group 135 in
>  service-policy input policy_portNewClient_in
>  service-policy output policy_portNewClient_out
>  storm-control broadcast level 5.00
>  storm-control multicast level 5.00
>  no cdp enable
>  arp timeout 1800
>  spanning-tree portfast trunk
>  spanning-tree bpduguard enable
>  spanning-tree guard root
> end
>
> And by an error in the port configuration lacked>
>  switchport port-security
>  switchport port-security mac-address 0011.93bc.2045
>
> And then all network was without service.
>
> I think it could be "mac overflow" but I'm not sure, The bandwith
utilization
> by that port only had a peak of 16KB (MRTG Graphs) .  That's why
> I think moving to layer 3 I can avoid this kind of problems and it's easy
for some
> clients, but now I have in the metro ethernet some
> clients with 802.1q configured. Example I have clients that has too many
> presence points in differents parts of the city, and all of it has a same
> VLAN ID. I have catalyst 3550 on the backbone, so I think I could migrate
to
> VRF in a transparent mode to the clients.
>
> But when a read about VRF, the requirement was: a CE, a PE and a router.
I
> only have in the backbone too many catalyst 3550, but NOT switches 6000.
So
> I need to use VRF in this environment.  The example in the manual of Cisco
> 3550 is too complex and require at least 6 switches and one of that is a
> 6500 switch. I only have a lab with 2 switches 3550.  Can I configure in
> this 2 switches a VRF session or how many switches 3550 I need at least?
> Can somebody help me with a simple example of VRF Config. or any link that

> could help me?.
>
> Thanks.
>
> Alexandra Alvarado
>
> ----- Original Message ----- 
> From: "Saku Ytti" <saku+cisco-nsp at ytti.fi>
> To: "Alexandra Alvarado" <aaaa at telconet.net>
> Sent: Friday, November 05, 2004 7:04 AM
> Subject: Re: [c-nsp] Migration to Layer 3
>
>
> > On (2004-11-04 18:38 -0500), Alexandra Alvarado wrote:
> >
> > > I have a big network witch around 50 cisco switches 3550; 20 cisco
> switches 2950 and 10 non cisco switches, I use for to have loop free the
> MSTP Protocol, and for to manage diferents VLANS 802.1q.  I think is time
to
> migrate to layer 3, but; my problem is:
> >
> > 2950 doesn't do L3.
> >
> > > 1) How to migrate to layer 3 do it in a transparent mode?
> >
> > Move one customer at a time to L3.
> >
> > > 2) I don't want to change the configuration 802.1q with some of my
> clients. Or how to do to coexist layer 2 and layer 3?
> >
> > Yes, with 3550 you can have L2 and L3 interfaces in same box at the same
> > time.
> >
> > > 3) Can protocols like SVIs, L2TP, VRF could help me to work with layer
2
> and 3 on the switches at the same time?
> >
> > L2TP isn't supported on 3550 or 2950. Only 1 SVI is supported on 2950,
for
> > management. And VRF is only supported on 3550.
> >
> > Before diving in to this, ask yourself what are the problems you're
trying
> > to fix with the migradation, how much do they problems cost you money
> > and how much does the L3 migradation cost.
> >
> > -- 
> >   ++ytti