Re: Connect c7000 + 2x Cisco 3120G + BL460c G6 to LAN

Igor V Abzalov · ‎01-17-2010

Hello. Help me please to understand right configuration for connecting to LAN my c7000 + BL460c G6 + 2x Cisco 3120.
We have 8 BL460c G6 servers. They divide in two server's groups (SGroup1 and SGroup2). On each server in each group i want to use HP Network team on NIC1 and NIC2 interfaces. SGroup1 servers are all in one vlan. SGroup1 servers are all in another vlan. We want to use Cisco 3120G as L2 switches (if it is possible) because our core switches are 2x Alcatel OmniSwitch 7800 and all rounting is on them. All vlan's are defined on Alcatel OmniSwitches. For high availability of servers - do we have to stack two 3120G or use them like 2 switches ? How do you connect BL460c and c7000 to LAN ?

Lmm_1 · ‎01-19-2010

Igor, I'd recommend stacking the switches, this way the servers will be connected to a single switch regardless of the port mapping architecture, having said that you will be able to configure the Teaming on SLB or LACP mode(2Gb Tx/Rx). Regarding the uplink connection with the Alcatel switch, you can create a single LACP Channel on the Cisco side using ports from both 3120s, the channel must be configure as a trunk in order to pass both VLANs.

Igor V Abzalov · ‎01-19-2010

Thank you.
Can i manage Cisco 3120G through "external" port, where trunk connection with Alcatel will be? And how to config 3120G STP such way, that it will never be the root switch in STP tree? I need to setup Cisco 3120G such way, that only Alcatel will be the root.

And what about internal backplane connection between 2 Cisco ? Shall i use it or disable it ?

Cisco Fa0 conenction with Onboard administrator - shall it be in VLAN 1, or i can use any VLAN ID which i want ?

Lmm_1 · ‎01-19-2010

#1. Yes, you can manage the switch using an inbound management interface, SVI. It can be on any VLAN, of course it must be one of the VLANs passing across the Trunk, ie:

#int vlan x
#ip address x.x.x.x x.x.x.x
#no shut

#2. With the suggested config there is no need of STP at the 3120, you can disabled on VLAN basis with this command:

#no spanning-tree vlan x

If you want to enable it anyways, you can increase the priority value to make sure the 3120 will not become the root (higher than default which is 32768, maybe 40960), it can be done on VLAN basis with the following command:

#spanning-tree vlan x priority x

#3. With the suggested config, using stacking links, the Cross-connect will be disabled automatically.

#4. Fa0 is an L3 interface, it doesnt belong to any VLAN, if you are going to use and inbound management interface (question 1), I'd recommend to disable Fa0 and use the SVI only.

Igor V Abzalov · ‎01-19-2010

Thank you for detailed explanation.
How do you recommend to divide access for this Cisco in our situation? We have two gorups of admins (Servers and Network). We want that Servers group have "read-only" access to both Cisco through Fa0 interface in OA network (for http,snmp interface to 3120G) . Network group - full access through external port connection. Are there any roles in Device Manager or it is assume full access to Cisco 3120 ?

Lmm_1 · ‎01-19-2010

Igor,
I would recommend using only one management interface, HTTP access requires a level 15 login which means full access. If you are going to use only one account per group, I'd recommend using the local database for login, you can limit privileges with the different levels provided by cisco, you can use something similar to this:

# user server privilege 3 secret {password}
# privilege exec level 3 show startup-config
# user server privilege 15 secret {password}

#line con 0
#login local
#line vty 0 15
#login local
#ip http authentication local

If you want to use more accounts, like one per person maybe, I'd recommend usin AAA with an external authentication server (RADIUS or TACACS), it will give you control to privileges for each user.

>lmm

Lmm_1 · ‎01-19-2010

Fixed example:

# user server privilege 3 secret {password}
# privilege exec level 3 show startup-config
# user network privilege 15 secret {password}

#line con 0
#login local
#line vty 0 15
#login local
#ip http authentication local

Igor V Abzalov · ‎01-19-2010

Well. Let's look at Onboard Administrator. Could i make read-only acccount on it for Network group and full-access acount for Servers group ?

Lmm_1 · ‎01-20-2010

Under Users/Authentication you can choose privelege levels or permission by specific server bays and interconnect bays.

Igor V Abzalov · ‎01-20-2010

#2. With the suggested config there is no need of STP at the 3120, you can disabled on VLAN basis with this command:
#no spanning-tree vlan x

What is the best connection scheme for us ? We think to make 4 logical connections from 2 Cisco 3120G to 2 Alcatel 7800 (2 1000BASE-T cables per connection).Each of two 3120G we connect to each of two Alcatel 7800. As i understand we HAVE TO use STP because we have several links between Cisco and Alcatel and so we need prevent loops in LAN ?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Connect c7000 + 2x Cisco 3120G + BL460c G6 to LAN

Connect c7000 + 2x Cisco 3120G + BL460c G6 to LAN