8610+6500 L2 or L3?

[alexey537]

Hello Everyone!
I spent some time on this forum and in Google trying to answer the question: What type of communication between two core I have to choose...
Here is situation:
In my company we have old network on Nortels(150 devises) in core we use two Passports 8610 they are interoperate by IST link. Now I have a goal to create a new Core on two Cisco Catalysts 6500 and connect them to my old network(directly to Passports). I Can't found any information about connecting 6500 to Passports on L3(IP level). Everybody usualy connected this switchs by EthernetChanels and SMLT links(on L2 level). So main question is why? This way of connection is faster? or may be there is some more reasons?
sorry for my english
Thanks in advance,
Alex.

[Flintstone]

Hi alexey537,

Check out details on interconnecting Cisco 6500 and Nortel/Avaya below with example configurations:

http://forums.networkinfrastructure.info/nortel-ethernet-switching/how-to-smlt-cisco-6500%27s-across-two-ers5650-stacks/msg3007/#msg3007

I use L2 (Ethererchannel/MLT) to interconnect between Cisco and Nortel/Avaya.  I also use L3 on the Cisco 6500 I.e. GLBP.

CheerZ and good luck

[alexey537]

I use L2 (Ethererchannel/MLT) to interconnect between Cisco and Nortel/Avaya.  I also use L3 on the Cisco 6500 I.e. GLBP.

thank you for link, but what do you do with STP? On SMLT STG protocols is off. So if loop is appears what will happen with network? I am asking because we already had a problems with PVSTP and STG.  And I had to switch Cisco 3650 to MSTP mode for operation properly...

[Flintstone]

Hi alexey537,

I only have Cisco's PVRSTP running on the core for loop protection. 

Logically, I do not have any loops to/from the edge switches (ERS 4500s).  The edge stacks/switches have two uplinks, one to Cisco core 1 and the other to Cisco core 2.  GLBP runs on Core1/2 and load balances traffic over both uplinks.  I also use 802.1X/MAC address port authentication at the edge with MAC addresses limited to 2 per port, so STP is not required and no rogue switches should be able to connect anyway?

CheerZ

[alexey537]

Hi alexey537,

I only have Cisco's PVRSTP running on the core for loop protection. 

Logically, I do not have any loops to/from the edge switches (ERS 4500s).  The edge stacks/switches have two uplinks, one to Cisco core 1 and the other to Cisco core 2.  GLBP runs on Core1/2 and load balances traffic over both uplinks.  I also use 802.1X/MAC address port authentication at the edge with MAC addresses limited to 2 per port, so STP is not required and no rogue switches should be able to connect anyway?

CheerZ

One more question, if you do not mind, what of supervisor do you use in 6500, IOS version and do you use VSS?

[Flintstone]

Hi alexey537,

We are using WS-SUP720-3B supervisors, IOS 12.2(18)SXF4 and no we do not use VSS.

CheerZ

[Dominik]

Hi alexey537,

I would also recommand to use the design that Flinstone is using in his network.
You can achieve with VSS also an active/active network design like it is with an Avaya Switchcluster triangle design.
In my expierence VSS has worked not very stable, maybe it will be better with the new SUP2T...

Good Luck

[alexey537]

Good morning(day/night)!
I would like to say thanks to everyone for help.
I had interconnected two 6500 with Passports by SMLT But still have some thoughts about loop detection:
I have Passport 8610 with software ver 4.0.6.0 as far as i understood SLPP supports only on 4.1 and above... Does it means that in my configuration there is no loop detection mechanism?

Please find Network diagram attached.
On Cisco I configured Rapid-PVST, ethernetChannel between Catalysts, HSRP+ STP root for balancing and reliability...

[Flintstone]

Hi alexey537,

I'm not sure about SLPP on the Passports but it sounds like you also have loop protection configured on the two 6500s?

CheerZ

[alexey537]

Hi alexey537,

I'm not sure about SLPP on the Passports but it sounds like you also have loop protection configured on the two 6500s?

CheerZ

Hi Flintstone

On 6500 for loop protection I use Rapid-PVST, but it is does not work with IST Passports, because it thinks that it is 2 different switchs...

Now i have really interesting puzzle for solving:
After all tests in lab I moved my 6500 to an adjacent building(server farm) and conected it to Nortel 8610... after few seconds one of the interfaces on Passports turned to disable and i obtained this message on my Syslog server:
[12/21/11 14:41:56] SNMP INFO Smlt Link Up Trap(SmltId=9)
then
[12/21/11 14:42:26] SNMP INFO Loop detected on port 7/2.Port is disabled

So SMLT is working, but loop appears...

Could anybody give me advise, what I did wrong? This is config on my Catalysts:
Cisco Core 1

 spanning-tree mode rapid-pvst
!!!EthernetChannel between 6500-1 and 6500-2
interface Port-channel100
 description TO 6500 core
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 no ip address
!
interface GigabitEthernet1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 no ip address
 channel-group 100 mode active
!
interface GigabitEthernet1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 no ip address
 channel-group 100 mode active
!!!Link to Nortel
interface GigabitEthernet3/1
 description to Passport .3
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 26,100,109,110
 switchport mode trunk
 switchport nonegotiate
 no ip address
 speed nonegotiate
 no cdp enable

interface Vlan26
 description Test1
 ip address 172.30.230.11 255.255.255.0
 ip helper-address 172.30.2.160
 no ip redirects
 no ip unreachables
 no ip mroute-cache
 standby preempt
 standby 26 ip 172.30.230.10
 standby 26 timers msec 200 msec 750
 standby 26 priority 109
 standby 26 preempt delay minimum 180
 standby 26 track GigabitEthernet3/1

interface Vlan100
 description Test 2
 no ip address

interface Vlan109
 description Test3
 ip address 172.30.2.11 255.255.255.0
 ip helper-address 172.30.2.160
 no ip redirects
 no ip unreachables
 no ip mroute-cache
 standby preempt
 standby 109 ip 172.30.2.10
 standby 109 timers msec 200 msec 750
 standby 109 preempt delay minimum 180
 standby 109 track GigabitEthernet3/1

interface Vlan110
 description Test4
 ip address 172.30.1.11 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip mroute-cache
 standby preempt
 standby 110 ip 172.30.1.10
 standby 110 timers msec 200 msec 750
 standby 110 priority 109
 standby 110 preempt delay minimum 180
 standby 110 track GigabitEthernet3/1


Cisco Core 2

spanning-tree mode rapid-pvst
interface Port-channel100
 description TO 6500 core
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 no ip address
!
interface GigabitEthernet1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 no ip address
 channel-group 100 mode active
!
interface GigabitEthernet1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 no ip address
 channel-group 100 mode active
!
interface GigabitEthernet3/1
 description to Passport .2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 26,100,109,110
 switchport mode trunk
 switchport nonegotiate
 no ip address
 speed nonegotiate
 no cdp enable

interface Vlan26
 description Test1
 ip address 172.30.230.12 255.255.255.0
 ip helper-address 172.30.2.160
 no ip redirects
 no ip unreachables
 no ip mroute-cache
 standby preempt
 standby 26 ip 172.30.230.10
 standby 26 timers msec 200 msec 750
 standby 26 preempt delay minimum 180
 standby 26 track GigabitEthernet3/1
!
interface Vlan100
 description Test2
 no ip address

!
interface Vlan109
 description SRVR
 ip address 172.30.2.12 255.255.255.0
 ip helper-address 172.30.2.160
 no ip redirects
 no ip unreachables
 no ip mroute-cache
 standby preempt
 standby 109 ip 172.30.2.10
 standby 109 timers msec 200 msec 750
 standby 109 priority 109
 standby 109 preempt delay minimum 180
 standby 109 track GigabitEthernet3/1
!
interface Vlan110
 description Test3
 ip address 172.30.1.12 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip mroute-cache
 standby preempt
 standby 110 ip 172.30.1.10
 standby 110 timers msec 200 msec 750
 standby 110 preempt delay minimum 180
 standby 110 track GigabitEthernet3/1

on Nortel I have two interfaces configured with the same Vlans and SMLT is up.