The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This workflow describes how to configure the Ethernet interfaces that connect a switch or switch stack to distribution switches or routers. These interfaces are uplink interfaces. They are different from access interfaces that connect to non-networking end devices such as IP phones, personal computers, wireless access points, printers, and IP cameras.
The switch interface configuration recommendations are based on a switch stack deployed in the campus or branch of the access layer.
When stacking two or more physical switches into one logical switch, we recommend that the uplink interfaces are configured across the physical members to ensure that an active uplink interface always available for switch-stack members.
Ensure that the best-practice configurations are set, as described in the Global System Configuration workflow.
We recommend that you identify certain switch configuration values in advance so that you can proceed with this workflow without interruption. We recommend that you take a print out of Table 5, and, as you follow the configuration sequence, replace the values in column B with your values in column C.
Note Replace the blue italicized example values with your own values.
|
|
|
---|---|---|
Note Configuration examples begin in global configuration mode, unless noted otherwise.
The following illustration displays the LAN Access Switch Topology with Uplinks to a distribution switch or distribution router:
Figure 6 LAN Access Switch Topology with Uplinks to a Distribution Switch
Figure 7 Uplinks for a Distribution Router
When configuring your uplink interface, follow the below recommendations to guide you through the configuration from interface to upstream router or switch:
Note This configuration should be applied to the physical uplink interfaces before adding them to an EtherChannel.
Step 1 Apply the Trust Differentiated Services Code Point (DSCP) service policy on an interface in the ingress direction, and then apply the 2P6Q3T policy in order to ensure proper congestion management and egress bandwidth distribution on the interface in the egress direction.
Ethernet traffic that is received from the upstream switch or router contains trusted QoS markings and is classified to guarantee a type of service.
Additional service policies should be applied after traffic is transmitted in order to ease congestion. For more information see, Configure QoS on an Access Interface
Step 1 Choose one of the following configurations based on your network topology:
1. Ensure that the distribution Virtual Switch System (VSS) or Virtual Port Channel (VPC) switch connections are configured the same way and that the EtherChannel is configured in LACP active mode.
2. For additional resilience, ensure that the uplink interfaces are located on different switches in the switch stack.
Figure 6, shows the switch stack that has a single EtherChannel connection to a distribution VSS or VPC switch pair.
The VSS and VPC systems have an explicit configuration between the Cisco distribution switch pair. That allows them to act as a single logical switch when connected to the EtherChannel. The EtherChannel is configured as a trunk with VLANs 10, 11, 12, and 100, with the native VLAN set to 999.
Note Use this switch-stack uplink interface configuration only when connecting the switch stack to a VSS or VPC distribution switch pair, and not when the distribution switch pair is configured as two standalone switches.
Note Use this configuration when connecting the switch stack to two standalone distribution switches (not configured as a VSS or VPC pair). However, do not use the spanning-tree portfast trunk command for switch configuration.
Figure 7 shows a switch stack having a separate EtherChannel to each distribution router. Each EtherChannel is configured as a trunk with VLANs 10, 11, 12, 100, 200, and 999, with the native VLAN set to 999.
EtherChannel Connection to Router 1
EtherChannel Connection to Router 2
Step 2 Configure IPv4 and IPv6 security features on uplink EtherChannel interfaces.
The uplink EtherChannel interfaces to distribution routers and switches should be configured to trust router advertisements and IP response, because Layer 3 routing and server functionality resides on the distribution switches and routers. This step is different from the access interface-to-end device configuration, which should not be trusted, as specified in the “Access Interface Connectivity” workflow.
The policies that should be applied are defined in the “Global System Configuration” workflow.
In the following example, security is applied to the uplink interfaces connecting to VPC, VSS, or standalone switch.
In the following example, security is applied to the uplink interfaces connecting to routers:
Note Complete this configuration on the distribution switches and not on the switch. The recommendations listed below are not applicable when routers are used at the distribution layer.
Step 3 On uplink interfaces to distribution switches (Figure 6), ensure that the spanning-tree root for the switch-stack VLANs is configured on the distribution switch pair.
Follow the below recommendations when the standalone distribution switches are used instead of a VSS or VPC system:
For more information about spanning tree root configuration on the VSS, see the “Spanning Tree Configuration Best Practice with VSS” section of the VSS Enabled Campus Design Guide.
For more information about spanning-tree root on distribution switches, see the “Spanning VLANs across Access Layer Switches” section of the Campus Network for High Availability Design Guide.
For more information about spanning-tree root configuration and asymmetric routing, see the “Spanning VLANs Across Access Layer Switches” and “Asymmetric Routing and Unicast Flooding” sections of the Campus Network for High Availability Design Guide.
Use the following commands to verify if configurations in this workflow are correctly applied to your uplink interfaces:
Step 1 Enter the show running-configuration command to display uplink interface connectivity for the switch.