In this topology we will sink our hands into:
- STP (802.1d)
- HSRP
- OSPF
- OSPF route summarization
- VTP
- Different layers/modules of Enterprise Campus Design
Check out the topology below and let's get started.
Relevant configurations are posted below.
Few notes about the Core Layer:
Few notes about the Core Layer:
- Super Fast Transport
- Use L3 Triangular Equal Cost Design
- Limited QOS - Try and avoid CPU intensive process (QOS, security, etc)
- Low latency
- Fault tolerance / high reliability / redundant
- Port density
- Should be able to handle all of Distribution layer traffic
Core Layer - R3 |
! hostname R3 ! ip cef ! interface Loopback0 ip address 192.168.10.3 255.255.255.255 ! interface FastEthernet0/0 description Connected to R1 ip address 192.168.1.1 255.255.255.252 speed 100 full-duplex ! interface FastEthernet0/1 description Connected to R4 ip address 192.168.1.17 255.255.255.252 speed 100 full-duplex ! interface FastEthernet1/0 description Connected to R2 no switchport ip address 192.168.1.9 255.255.255.252 duplex full speed 100 ! interface Vlan1 no ip address ! router ospf 1 router-id 192.168.10.3 log-adjacency-changes redistribute connected subnets network 192.168.1.0 0.0.0.255 area 0 ! end |
Core Layer - R4 |
! hostname R4 ! ip cef ! interface Loopback0 ip address 192.168.10.4 255.255.255.255 ! interface FastEthernet0/0 description Connected to R2 ip address 192.168.1.13 255.255.255.252 ip ospf cost 1 speed 100 full-duplex ! interface FastEthernet0/1 description Connected to R1 ip address 192.168.1.5 255.255.255.252 speed 100 full-duplex ! interface FastEthernet1/0 description Connected to R3 no switchport ip address 192.168.1.18 255.255.255.252 duplex full speed 100 ! interface Vlan1 no ip address ! router ospf 1 router-id 192.168.10.4 log-adjacency-changes redistribute connected subnets network 192.168.1.0 0.0.0.255 area 0 ! end |
Few notes about the Distribution Layer:
- QOS
- Security - (Deploy IPS/IDS/ACLs etc)
- Load balancing (HSRP/GLBP/VRRP etc)
- Use L3 Triangular Equal Cost Design
- PBR (Policy based routing)
- InterVLAN routing
- Aggregate all access layer traffic
- Redistribution of routing domains
- Summarize routes towards the Core
Distribution Layer - R1 |
! hostname R1 ! ip cef ! spanning-tree vlan 10 priority 8192 !-- STP load balancing. R1 will be ROOT for VLAN 10 spanning-tree vlan 20 priority 16384 !-- STP load balancing. R1 will be secondary for VLAN 20 ! interface Loopback0 ip address 192.168.10.1 255.255.255.255 ! interface FastEthernet0/0 description Connected to R3 ip address 192.168.1.2 255.255.255.252 speed 100 full-duplex ! interface FastEthernet0/1 description Connected to R4 ip address 192.168.1.6 255.255.255.252 speed 100 full-duplex ! interface FastEthernet1/0 description Connected to R2 switchport mode trunk !-- Reason the link between the distribution switches is not L3 (which is recommended) is because I wanted VLANs to span between the access layer switches. Avoid L2 looped topology if possible because L3 links will give you a better performing network in terms of convergence, scalability, reliability, and manageability. ! interface FastEthernet1/1 switchport mode trunk ! interface FastEthernet1/2 switchport mode trunk ! interface FastEthernet1/3 interface Vlan1 no ip address ! interface Vlan10 ip address 192.168.2.2 255.255.255.224 standby 1 ip 192.168.2.1 standby 1 priority 110 standby 1 preempt !-- HSRP ip address for VLAN 10 with a higher priority so R1 can be active for VLAN 10 ! interface Vlan20 ip address 192.168.2.34 255.255.255.224 standby 1 ip 192.168.2.33 !-- HSRP ip address for VLAN 20 with a default priority of 100 so R1 can be standby for VLAN 20 ! router ospf 1 router-id 192.168.10.1 log-adjacency-changes area 1 range 192.168.2.0 255.255.255.0 !-- Summarize routes towards the core redistribute connected subnets passive-interface Vlan10 passive-interface Vlan20 !-- Only establish peer or routing neighbor on transit links. network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 1 !-- Multi-area OSPF configuration for a hierarchical network design ! end |
Distribution Layer - R2 |
! hostname R2 ! ip cef ! spanning-tree vlan 10 priority 16384 !-- STP load balancing. R2 will be secondary for VLAN 10 spanning-tree vlan 20 priority 8192 !-- STP load balancing. R2 will be ROOT for VLAN 20 ! interface Loopback0 ip address 192.168.10.2 255.255.255.255 ! interface FastEthernet0/0 description Connected to R4 ip address 192.168.1.14 255.255.255.252 speed 100 full-duplex ! interface FastEthernet0/1 description Connected to R3 ip address 192.168.1.10 255.255.255.252 speed 100 full-duplex ! interface FastEthernet1/0 description Connected to R1 switchport mode trunk !-- Reason the link between the distribution switches is not L3 (which is recommended) is because I wanted VLANs to span between the access layer switches. Avoid L2 looped topology if possible because L3 links will give you a better performing network in terms of convergence, scalability, reliability, and manageability. ! interface FastEthernet1/1 switchport mode trunk ! interface FastEthernet1/2 switchport mode trunk ! interface Vlan1 no ip address ! interface Vlan10 ip address 192.168.2.4 255.255.255.224 standby 1 ip 192.168.2.1 !-- HSRP ip address for VLAN 10 with a default priority so R2 can be standby for VLAN 10 ! interface Vlan20 ip address 192.168.2.35 255.255.255.224 standby 1 ip 192.168.2.33 standby 1 priority 110 standby 1 preempt !-- HSRP ip address for VLAN 20 with a higher priority so R2 can be active for VLAN 20 ! router ospf 1 router-id 192.168.10.2 log-adjacency-changes area 1 range 192.168.2.0 255.255.255.0 !-- Summarize towards the core redistribute connected subnets passive-interface Vlan10 passive-interface Vlan20 !-- Only establish peer or routing neighbor on transit links. network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 1 !-- Multi-area OSPF configuration for a hierarchical network design ! end |
VTP configuration is as follows on R1 and R2
- vtp mode server
- vtp domain ithitman
- vtp password ithitman123
- vtp version 2
Few notes about the Access Layer:
- STP, RSTP (RSTP is recommended)
- Security (ARP inspection/DHCP snooping, ACL close to the source as possible)
- Policing and rate limiting
- Layer 2
- POE if needed
Let's take a look at the STP topology first.
R1 and R2 |
Let's take a look at the equal cost load balancing at the Core layer.
R3#show ip route | beg 192.168.2.0
O IA 192.168.2.0/24 [110/2] via 192.168.1.10, 00:01:19, FastEthernet1/0
[110/2] via 192.168.1.2, 00:01:19, FastEthernet0/0
R4#show ip route | beg 192.168.2.0
O IA 192.168.2.0/24 [110/2] via 192.168.1.14, 00:02:10, FastEthernet0/0
[110/2] via 192.168.1.6, 00:02:10, FastEthernet0/1
Notice that 192.168.2.0 is summarized towards the core from the distribution and Core layer will load balance using both L3 links to the distribution layer switches.
Part 2, 3, and 4 of this series will get more into Data Center (Core/Distribution/Access), Enterprise Edge, SP Edge, Remote modules such as Enterprise Branch etc.
Many more articles to come so stay tuned. "Join this site" on the right ------>
Amazing...I did this lab and felt really good.. the results were the same and also it helped for a better understanding. The only goof-up were the hostnames, but I created my own configs so it helped. Thanks mate.
ReplyDelete