switch block question

I have been working on my BCMSN exam and I had a question. Say that you have an access layer switch with multiple vlans on it and it has a trunked link to 2 switches. The 2 distribution switches are connected to 2 core switches. You use HSRP on the distribution switches for the access layer switch to use. I understand that the ports connect to the access layer switch is connected at layer 2 and the connection to the core switch is at layer three. Now my question comes. First, do you use a routing protocol on the distribution switches so that the core switches know which subnets the distribution contains? Another question. Say you are running STP on the access switches and the distribution switches are the primary root and the secondary root. Now if your two switches are advertising the same vlans (subnets) to the core switch but one of the vlans that the distribution switch contains is block by STP wouldn't it be inefficient for the core switch to be routing to that distribution switch that has that vlan blocked? Or am I just understanding all of this wrong? Or can I just disable STP since that the access layer switches are not interconnected and the distribution switches connections to the core are at layer three thereby greatly reducing the chance of a loop forming? Thanks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

sputnic68

You should never disable spanning tree. There still could be a loop even though the access switches are not interconnected at layer 2.

You would need to implement a routing protocol on the distribution switches unless you extended layer 2 all the way to the core, which is not recommended.

Spanning tree is only going to break the loop not block the whole vlan, hence the vlan is still routable.

-Nick

darkuser

you can disable spanning tree if you are NOT in a physically looped topology.
the reason is : a loop cannot happen in that case.

example :
3 switches connected by a single cable between each

if you have a physically looped topology you will meet a crushing end.
because you are disableing what spanning tree is designed to prevent
..... A LOOP !!!!

example :
3 switches fully connected full-mesh style

sputnic68

You need to be careful because I've had a user cause a loop on the access switch end by connecting two ports in the same vlan through a hub!

JASON123

I probably shouldn't have said turning off Spanning tree. I don't mean to be a pain in the butt, but I do have a couple more questions. When you have an access switch connected to two distribution switches and have STP turned on then one has to be the primary root. Of course the best choice (In this situation) would be to have the one distribution switch configured as the root primary and the other distribution switch configured as the secondary. My question still involves HSRP but if you have a vlan say subnet 192.168.1.0 255.255.255.0 and you want to load balance between HSRP I know that you can configure one switch as the active for a default gateway something like 192.168.1.1 and set the other as the primary for a default gateway of 192.168.1.2 and have half the end users stations configured for each default gateway. My question is if STP is activated the switch will choose the primary root bridge to send its traffic instead of the secondary. How can you get it to load balance between both the primary and secondary root bridge? I saw in a Cisco proposal to a company where it says that you can do this as long as the vlans on the access switch are unique to just that switch that way STP won't block any ports. Is that they only way to set it up? Also they said that you need to prune vlan 1 out of the trunk in order to avoid loops and of course have a different vlan as the management vlan. Also, as I found out the only switches that can prune the vlan1 is the 4000, 5000, and 6000 in Cisco CatOS Release 5.4(x). Anyways, thank you for all your help.

Yankee

I think everyone got quiet because your questions are confusing. I'll start with this. HSRP is not a load balancing technology.

Yankee

JASON123

Thats ok. I finally figured out the answer to my question. The reason why my question was confusing is because it was stated on a Cisco Network Proposal that I saw that led it to be confusing. I agree with you in that HSRP is inherently not a load balancing technology. It is a redundecy technology; nevertheless, you can in fact load balance with it, but I am sure you know that. Many companies do. You just have to configure multiple standby groups. I was just trying to get a feeling with how that would work into STP. Thank you for your concern though. If the information that I had didn't lend itself to be more confusing then I would have stated it in simpler terms. I'll keep your advice in mind next time.

Yankee

Many companies have poorly designed and overly complicated configurations that are unstable and a bear to troubleshoot. Your goal should be to avoid such situations no matter how good the solution looks on paper. You will forever be judged on network up time, not impressive designs.

Yankee

darkuser

word ....

yes, multiple hsrp groups will work
the layer two answer is you tune the spanning tree root primary to match the hsrp primary and the spanning tree secondary to the hsrp secondary. (lower priority)

JASON123

Ok, I came up with a better way to ask my question that leads to my confusion. I have been reading about GLBP and it had one access layer switch with a vlan that was trunked to three separate distribution switches. It had the data from that one vlan evenly distributed across all three distribution switches. My question is how does this work in with STP? If one switch is the primary root switch, and it is the distribution switch, then wouldn't all the traffic on the vlan route only to that one primary root switch instead of the other two? Or does GLBP manipulate STP in some strange way? The only way I can see this working is if the access switch is the primary root switch since all traffic to that vlan would be destined for that switch, assuming that, that vlan is unique only to that one access switch. Am I understanding this right or can someone enlighten me to how this works in.

darkuser

you should match your layer 2 root with your layer 3 interface.
that's just good design.
otherwise you're making making traffic take a circular route.

If you ask me you're mixing too many concepts without understanding them.

this might help

http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm

http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac253/cisco_packet_enterprise_solution0900aecd800e015a.html

rossonieri#1

JASON123 wrote:

Thats ok. I finally figured out the answer to my question. The reason why my question was confusing is because it was stated on a Cisco Network Proposal that I saw that led it to be confusing. I agree with you in that HSRP is inherently not a load balancing technology. It is a redundecy technology; nevertheless, you can in fact load balance with it, but I am sure you know that. Many companies do. You just have to configure multiple standby groups. I was just trying to get a feeling with how that would work into STP. Thank you for your concern though. If the information that I had didn't lend itself to be more confusing then I would have stated it in simpler terms. I'll keep your advice in mind next time.

hello,
if you are only using 1 access and 2 distro switches with this config :
distro <---> access <---> distro with a single cable on each trunk then you will have no loop (no need to disable STP).
but when your config use more than 1 cable - you will have to disable STP (there are loops).
depends on your config.
there are many purpose that need to disable STP such as multi link trunk, distributed multi link trunk.
in what term you define redundancy/HSRP? in case of HSRP (in nortel swicth term they call IST/inter switch trunk) you dont need to disable STP.