[c-nsp] Point to Point T1's and vlan nightmares

JP Senior SeniorJ at bennettjones.com
Fri Jul 27 17:21:11 EDT 2012


It sounds like you should be focusing more on a layer 3 solution than a layer 2 solution - run an IGP between your 3560s or 3750s. Even if you did have proper fiber connectivity between locations, you should be isolating VTP (if _absolutely_ required) to single sites.  You should also reconsider running VTP in the first place, it's a terrible protocol which can destroy entire networks in a single packet.

Do you have any specific reason to run layer 2 between sites in a private network?  It is extremely rare that this is ever a good idea and management of vlans using a single vtp source isn't one of them.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Blake Pfankuch
Sent: 27 July 2012 1:51 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Point to Point T1's and vlan nightmares

OK, First off if this is a bad idea just say so and move on, I don't want to start a giant flame war :)  Also forgive me for this being a little long winded.

Working with a customer of mine who is actually doing a very nice switching replacement.  All switches are Cisco 3750X or Cisco 3560X and will be supporting multiple vlans.  Currently they have about 8 locations which are point to point T1 connected, and about 6 more that are connected on a private fiber ring.  Eventually they will all be on a private fiber ring, and this will all be a moot point, but I'm looking for the "keep it pretty until its complete" solution right now.

Because of the quantity of vlans being added, and the fact that it will be customer managed, I would like to force a single VTP domain across all locations, and have a single primary server running under vtp3.  This will prevent they user from adding conflicting vlans at different sites and having to pay me to come fix it for a week before they can turn up fiber.  My questions is as follows.

Within Location A, I have a Cisco 3750X stack connected to a cisco 2921 router.  This router has 3 dual port T1 wic's.  Example Location B site has a Cisco 3750X stack connected to a Cisco 2901 router with a single T1 wic.

On Location A switch I create the following

Interface vlan 801
Ip address 172.16.255.1 255.255.255.252

Int gi 1/0/1
Switchport trunk encapsulation dot1q
Switchport mode trunk
Switchport trunk allowed vlan 801
Switchport trunk native vlan 801

Then connect gi 1/0/1 to gi0/0 on the Location A2921 router and configure on the router as follows.

Int gi 0/0
No ip address

Int gi 0/0.801
No ip route cache
Bridge-group 1

Int ser 0/0/0
No ip address
Bridge-group 1

Int bvi1
No ip address

Bridge 1 protocol ieee

Then connect that Location A 2921 ser 0/0/0 to Location B 2901 ser 0/0/0 and apply this configuration to the 2901

Int gi 0/0
No ip address

Int gi 0/0.801
No ip route cache
Bridge group 1

Int ser 0/0/0
No ip address
Bridge-group 1

Int bvi 1
No ip address

Bridge 1 protocol ieee


>From Gi 0/0 on this router connect to gi 1/0/1 on the cisco 3750X stack at location B with the following configuration.

Interface vlan 801
Ip address 172.16.255.2 255.255.255.252

Int gi 1/0/1
Switchport trunk encapsulation dot1q
Switchport mode trunk
Switchport trunk allowed vlan 801
Switchport trunk native vlan 801


This "should" in my mind leave the point to point t1 links working correctly for now, allow VTP to continue functioning and pass information across the bridged point to point t1 until these links are replaced with the final fiber links between sites (eta 6-10months), and prevent the user from mangling the nice pretty vlan configuration before it's a single mesh network.  Also allowing me to create multiple bridge to vlan subinterface networks to handle the multiple physical point to point circuits flowing on this single router.

Thoughts?

Thanks in advance!

Blake

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
The contents of this message may contain confidential and/or privileged
subject matter. If this message has been received in error, please contact
the sender and delete all copies. Like other forms of communication,
e-mail communications may be vulnerable to interception by unauthorized
parties. If you do not wish us to communicate with you by e-mail, please
notify us at your earliest convenience. In the absence of such
notification, your consent is assumed. Should you choose to allow us to
communicate by e-mail, we will not take any additional security measures
(such as encryption) unless specifically requested.




More information about the cisco-nsp mailing list