Campus Network Design - Networking - Forum - Networking - Dell Community

Campus Network Design

Networking

Networking
Learn how to modernize & transform the network with the latest solutions from Dell Data Center, Campus and Wireless networking solutions.

Campus Network Design

This question is not answered

hi Daniel,

hope everything is well.

i have the attached design, and i wonder if i can use the two Core N3024 switches as VRRP for the vlans of edge switches and in the same time to make them MLAG domain.

means in the attached design i want to make MLAG between the edge and core to expand bandwidth and for high availability of the hosts configure the same tow  core as VRRP for vlans.

because in some dell docs they apply the VRRP feature on core switch and MLAG on Distribution switch so that confused for applying both features on same core switches as in my case

thank you.Drawing1.pdf

All Replies
  • any update please

  • This can absolutely be done. The MLAG deployment guide has an example on page 31 that details the use of VRRP with MLAG. The example also includes the configuration that is used on each switch.

    http://dell.to/1IpFYpV

    Daniel Covey
    Dell EMC | Enterprise Support Services
    Get support on Twitter: @DellCaresPRO

    Download our QRL app: iOSAndroidWindows

  • yes thank you daniel.

    another question if i have the above scenario and each edge switch is placed in different building,

    5 buildings.

    and each switch has uplink to core. as in the previous attached PDF.

    what is the best case scnario to make the security. in this way

    each building talk to core but buildings cannot talk to each other but can talk to core ( Data Center)

    each building has its own vlan.

    1. ACL

    2. trunk allowed 

    ??

  • The implementation of ACLs will be a good way of controlling which VLANs can communicate with each other.

    Example:

    # ip access-list test123

    # deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255

    # deny ip 10.10.1.0 0.0.0.255 10.10.3.0 0.0.0.255

    # deny ip 10.10.1.0 0.0.0.255 10.10.4.0 0.0.0.255

    # deny ip 10.10.1.0 0.0.0.255 10.10.5.0 0.0.0.255

    # permit ip any any

    # interface port-channel 1
    # ip access-group test123 in

    This example denies ingress traffic from accessing the specific subnets, while at the end permitting access to everything else.

    Daniel Covey
    Dell EMC | Enterprise Support Services
    Get support on Twitter: @DellCaresPRO

    Download our QRL app: iOSAndroidWindows