From: WorkerBee (ciscobee@gmail.com)
Date: Sat Dec 02 2006 - 23:37:28 ART
Your access switches need to enforce Layer 2 features like:
- bpduguard
- root guard
- port-security max mac address set to 1 can stop loops
- storm-control
- shutdown unused ports
For routing edge design, you can run Layer 3 at the edge and thus
no more Layer 2 or HSRP extenstion to the Distribution/Core switches.
Your design can be classified as Collapsed Backbone design.
For Core switches, try to implement pure Layer 3 with point-to-point
interfaces for fast routing and no ACL nor Firewall rules. Keep it
simple.
Yeah, sometimes a $10 hub can brought down a million dollar setup
but it can be prevented but need to turn on more features and strategy
to overcome them...
I prefer 3-3-3 (Core-Distr-Aaccess) if you have the spare cash ;)
If you design 2-3-2, the L3 (Distri) switch will treat the Core as a transparent
Layer 2 to reach the WAN router to your MPLS cloud. Is not fun if the Core
is Layer 2. :(
On 12/3/06, John Matus <jmatus@pacbell.net> wrote:
> hey guys,
> trying to deal w/ a real world scenario.
> just the background. someone in my company plugged both ends of a cat5 into
> a linksys switch that attached to our access layer switches which brought
> down our whole network. it toasted 2 3500 plus our core router. ICK.
> luckily not under my juristiction........
>
> but, after analyzing the topology there does not seem to be an
> access-distribution-core design in place that would stop broadcast storms or
> things of this nature from occuring...
>
> we have a NY site connnecting to an LA site via MPLS. so on each end there
> is a router>>pix>> core-switch>> access layer switches. this does not seem to
> jive to me. shouldn't there be a layer 2-3-2 type of setup here?
>
> i would think that all nodes should attache to access switches. the access
> switches connect to either a router or a MLS......but then i'm a bit fuzzy how
> the router would attach to the core and how this site's 2-3-2 architecture
> would connect to the east-coast's 2-3-2 architecture. if the core is just
> supposed to switch traffic as fast as possible then that, i would think, would
> only be located on each site, and not connected between sites thru MPLS....
>
> i guess my main question is, do we implement a core (#1) and #2, do the remote
> sites connect through the distribution layer?
>
> TIA
>
> <i don't design networks.....i just do labs :-)
>
>
> John D. Matus
> MCSE, CCNP
> Home (818) 782-2061
> Work (626) 568-7716
> Cell (818) 430-8372
> jmatus@pacbell.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART