[c-nsp] swouters - graphing of Vlan's

Rolf Mendelsohn rolf-web at cyberops.biz
Thu Dec 15 00:52:36 EST 2005


Hi Gert,

Thanks, that's what we're doing atm with 1841's.

My problem is that I need to specifiy each VLAN which should be trunked to 
each 1841 under "switchport trunk allowed vlan " - i.e. as far as I've seen 
there aren't any routers which run STP.

Another question: Is the 2970 the smallest switch which supports MSTP?

Ascii Diagram
				Internet	VPN's
				   C1841	C1841
				       |	 |
	     2900XL<-------->C3550(1)<---Wireless Trunk--> 2900XL(2)
	Building			^						^
	Vlans			|						W. Trunk
				     Trunk					    	|
					|						2900XL(3)
				     3550
				Servers, Office

3550 (1) is our main switch at our main PoP.

Connected to the switches we have Alvarion Breezemax Base Stations, which uses 
802.1q to (1,2,3) in the diagram above. From the main 3550(1) we have to 
routers connected via trunks. the VPN 1841 does VRF / graphing for VPN 
connections. The other 1841 does internet.

Aside from the 2900XL, 3550's which run RPVST, we have to manually specify 
each vlan under allowed vlan's - both on the Alvarion and on the 1841 trunk 
ports. The Wireless links are only 10Mbits, so i don't want unneccessary 
traffic going over the trunks. It seems to me that pruning of the trunks only 
works correctly a trunk (e.g. at (3) has an accurate "allowed vlan" list.

I want to get 2960's in order to handle more than 68 Vlan's, but am also 
concerned about making sure that we can move to MSTP in order to avoid 
running too many STP instances. In the future we will have another link 
between (1) and (3).

Can anybody give me any good pointers on this design, bearing in mind that we 
need to have a large numbers of vlan's in order to provide a VPN-type / L2 
internet service and that the sites (1,2,3) are far apart.

Regards,
Rolf

On Wednesday 14 December 2005 09:30 pm, Gert Doering wrote:
> Hi,
>
> On Wed, Dec 14, 2005 at 01:49:37PM +0200, Rolf Mendelsohn wrote:
> > We're in Angola so our bandwidth utilisation currently is very small
> > (bandwidth is expensive in Africa :>).
>
> If the bandwidth used is small, one possible approach could be to use
> a Cisco 3640 (router) or something along that line, and run a 100Mbit
> 802.1q trunk between your switches (doing only layer2 then) and the
> router.
>
> 12.2 and up properly count traffic on 802.1q subinterfaces on routers
> (but you need to use SNMP to read the counters, "show int" doesn't
> display them - for whatever funny reason).
>
> Another approach would be to get a used Cat5000 with a RSM (route switch
> module) - but be aware that this will never do IPv6, and is an end-of-life
> product.  But it should be fairly cheap.
>
> gert

-- 
Rolf Mendelsohn
Internet Technologies Angola
Cell:  +244-92-3524981


More information about the cisco-nsp mailing list