From: George Spahl (georges@xxxxxxxxx)
Date: Wed Aug 30 2000 - 21:02:44 GMT-3
Derek,
I'm sure you're only too aware of this, but the Local Directors are, in
fact, bridges. You're not supposed to install them parallel to another
bridge (are the LDs in parallel?) which would seem to indicate that they
don't participate in spanning tree. (I guess it would kind of defeat its
purpose if it put one of its ports into blocking mode.) It kind of makes
sense that the "secure" command changes the behavior since it's blocking
all traffic through the LD except for traffic headed to the virtual server.
Think you might be accidentally bridging a couple of the VLANs? A well
placed sniffer would probably tell you a lot about what was happening. Any
diagrams?
Just my two cents!
George
At 12:45 PM 8/30/00 -0400, Derek Small wrote:
>This is actually a production question, but it is directly related to this
>question, and an interesting point so hopefully no one minds....
>
>I'm only confused on the issue of "a single instance of spanning tree"
>statement made by Ron. I seem to remember hearing the same thing when
>802.1q first came out, but don't understand the implication. Essentially we
>have 2 Cat5500s and 2 Cat6509s all fully interconnected with 802.1q 2
>channel GEC connections. There are four primary VLANs that we are working
>with. Each switch is the root bridge for one of the four VLANs (this has
>been confirmed, as well as the trunk/channel configs on the Gigabit
>connections between the switches. The two 5500's have ISL trunks also for
>transport of several Token Ring VLANs between each other and a couple of
>3900 Token Ring Switches. The 5500s have RSMs with VLAN interfaces defined
>for IP routing only on the two VLANs which have their root bridges set to
>the two Cat5500s.
>
>We are having some problems with a bridge loop forming when a couple of
>LocalDirectors are added to the 6509s (please, I don't want to discus the
>LocalDirectors in this forum, 1. They are not part of the CCIE program, 2.
>They are weird little monsters in their operation, and 3. We have tried them
>with port security enabled and disabled and still the problem though it
>looks a little different depending on the port security setting.) I am only
>interested in understanding the Spanning tree issues that may be involved
>and discussing those issues as they may help others understand the
>differences.
>
>Can anyone think of any issues when mixing ISL and 802.1q in such a scenario
>that you should be aware of?
>
>Thanks
>
>Derek Small
>CCIE # 5832, Nortel NCSE
>513-703-7059
>dwsmall@fatkid.com
>
>
>----- Original Message -----
>From: <Ron.Fuller@3x.com>
>To: Aaron DuShey <aaron.dushey@dushey-consulting.com>
>Cc: <ccielab@groupstudy.com>; <nobody@groupstudy.com>
>Sent: Wednesday, August 30, 2000 1:21 PM
>Subject: Re: vlans
>
>
>>
>> You can always use 802.1q for your VLAN trunking. Very similar to ISL,
>> with the exception that 802.1q has one instance of spanning tree for all
>> VLANs. This can be a real pain in the butt in some environments. I have
>> never tried IRB/CRB for this. I doubt it would work, but someone on the
>> list will probably prove me wrong! <g> I have not tried/worked with
>802.10
>> (SDE)
>>
>> HTH!
>>
>> Ron Fuller, CCIE #5851, CCDP, CCNP-ATM, CCNP-Security, MCNE
>> 3X Corporation
>> rfuller@3x.com
>>
>>
>>
>> "Aaron DuShey"
>> <aaron.dushey@dushey-consu To: "CCIE
>\(E-mail\)" <ccielab@groupstudy.com>
>> lting.com> cc:
>> Sent by: Subject: vlans
>> nobody@groupstudy.com
>>
>>
>> 08/30/00 11:42 AM
>> Please respond to "Aaron
>> DuShey"
>>
>
>>
>>
>>
>>
>>
>> question-
>> What other methods are there for routing between VLANs besides
>> subinterfaces
>> w/ISL?
>> Can you use IRB/CRB to do this?
>> This is on a 3640 FastE interface.
>> Does this mean that if you don't have a 100MB interface on a router you
>can
>> use IRB to route between the vlans instead?
>> Little confused here...any help is greatly appreciated,
>> The doc cd states-but I am still not completely clear
>> Our VLAN Routing implementation is designed to operate across all router
>> platforms. However, the Inter-Switch Link (ISL) VLAN trunking protocol
>> currently is defined on 100 BaseTX/FX Fast Ethernet interfaces only and
>> therefore is appropriate to the Cisco 7000 and higher-end platforms only.
>> The IEEE 802.10 protocol can run over any LAN or HDLC serial interface.
>> VLAN
>> traffic is fast switched. The actual format of these VLAN encapsulations
>> are
>> detailed in the IEEE Standard 802.10-1992 Secure Data Exchange and in the
>> Inter-Switch Link (ISL) Protocol Specification.
>> Our VLAN Routing implementation treats the ISL and 802.10 protocols as
>> encapsulation types. On a physical router interface that receives and
>> transmits VLAN packets, you can select an arbitrary subinterface and map
>it
>> to the particular VLAN "color" embedded within the VLAN header. This
>> mapping
>> allows you to selectively control how LAN traffic is routed or switched
>> outside of its own VLAN domain. In the VLAN routing paradigm, a switched
>> VLAN corresponds to a single routed subnet, and the network address is
>> assigned to the subinterface.
>>
>>
>> Aaron DuShey
>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:33 GMT-3