Campus Network Design Help

Discussion in 'Cisco' started by myhrer@stjosephs-marshfield.org, Feb 9, 2005.

  1. Guest

    Hello,

    I am previewing a network run at a hospital and I could use a
    suggestion or two on its design.

    Keep in mind that since it is a hospital, it is imperative that it
    operate in full redundant mode, which it MOSTLY does.

    There are 16 closets maintaining one or two access layer switches.
    Each of these switches are connected via redundant VLAN trunks to two
    distribution switches (6509).

    The 6509s are L3 switching to the core as well as to their medical
    partner. The issue is at this time there is only one connection to the
    partner through the first switch. At one point they maintained a trunk
    connection between the first and second distros, but now maintain a L3
    GigEtherChannel. EIGRP is using four different vlans to route traffic
    to the partner. If data is coming in to the second switch, the data
    flow is then being passed to one or more access layer switches and then
    back up to the first distro switch and finally out to the partner.

    The problem is that the hospital maintains at least 100 different
    VLANs throughout the access/distro layers. Some of these vlans have
    access-lists associated with them. If EIGRP decides to choose one of
    these VLANs to forward data, time-sensitive applications break.

    So, the questions:

    1) How should the distro switches really be connected, VLAN Trunk or
    L3?
    2) Should passive-interface be installed on every single VLAN to
    prevent choosing paths through closet switches?
    3) What about upping the bandwidth between the distros to 10 Gig to
    choose that link over the trunk links?

    Thanks

    Robert
     
    , Feb 9, 2005
    #1
    1. Advertising

  2. Hello, !
    You wrote on 9 Feb 2005 10:18:34 -0800:

    m> So, the questions:

    m> 1) How should the distro switches really be connected, VLAN Trunk
    m> or L3?

    It depends. Do you span more than one access switch with any given VLAN? If yes,
    than trunk is your only option. If no than you can use V topology. Clark's Cisco
    LAN Switching book has an excelent capter on campus design.

    m> 2) Should passive-interface be installed on every single VLAN to
    m> prevent choosing paths through closet switches?

    Yes, yes and yes. You don't want to have peering through any available VLAN.
    Depends on topology one or two would be more than enough.

    m> 3) What about upping the bandwidth between the distros to 10 Gig
    m> to choose that link over the trunk links?

    Without network diagram it's very hard to tell what would and wouldn't help. So
    far I have an impression that you don't have a clean design out there. It might
    help to think about Layer 2 and Layer 3 connectivity separately. I normally
    treat any Layer 3 switch as essentially two boxes - normal layer 2 switch and
    router on a stick. SVI interfaces would be carried on a link between router and
    L2 box, routed interface would belong to router itself. You can further decouple
    it to VLAN level.

    With best regards,
    Andrey.
     
    Andrey Tarasov, Feb 9, 2005
    #2
    1. Advertising

  3. Guest

    Thank Andey,

    I needed to go to lunch because I no more got out the door and it
    occured to me that they have to have a trunk because they are spanning
    VLANs across multiple switches. Because of this, the only VLANs that
    should need to be passive-interface are those that have actual
    access-lists on them.

    I suppose I could passive interface all but the specific VLANs that
    should be used to do any routing to the partner site.
     
    , Feb 9, 2005
    #3
  4. In article <>
    wrote:
    >
    >Thank Andey,
    >
    >I needed to go to lunch because I no more got out the door and it
    >occured to me that they have to have a trunk because they are spanning
    >VLANs across multiple switches. Because of this, the only VLANs that
    >should need to be passive-interface are those that have actual
    >access-lists on them.


    Drop it egghead, and she should nb the word lie in the definition.

    >I suppose I could passive interface all but the specific VLANs that
    >should be used to do any routing to the partner site.


    They say opposites attract. I hope you meet someone who is
    good-looking, intelligent, and cultured.

    --
    Lady Chatterly

    "Hi Lady C, I think you fit in well here on Usenet. I recently asked
    someone in our group if he was a multiple identity of another poster
    and he started swearing at me. I guess he thought that made him more
    real. See you around." -- stevejdufour
     
    Lady Chatterly, Feb 9, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. zll9527
    Replies:
    1
    Views:
    1,120
    Clark_Harris
    Feb 26, 2004
  2. Ned
    Replies:
    1
    Views:
    541
    jonathan
    Feb 20, 2005
  3. Silverstrand

    On Campus Wireless Network Secuirty Guide

    Silverstrand, Sep 15, 2006, in forum: Front Page News
    Replies:
    0
    Views:
    645
    Silverstrand
    Sep 15, 2006
  4. tontonZ
    Replies:
    1
    Views:
    465
  5. Replies:
    2
    Views:
    1,020
Loading...

Share This Page