AAA Network Configuration

- Verifies a user identify Authorization - Specifies the permitted tasks for the user - Provides billing, auditing, and monitoring 2004, Cisco Systems, Inc. All rights re AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner. AAA provides a modular way of performing these services Authentication Provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending...

Active and Secondary Router Interaction

The active router broadcasts periodic hello messages. 2004, Cisco Systems, Inc. All rights re Each HSRP group contains the following The function of the active router is to forward packets sent to the virtual router. The active router assumes and maintains its active role through the transmission of hello messages. Another router in the group is elected as the standby router. The function of the standby router is to monitor the operational status of the HSRP group and quickly assume...

Active and Secondary Router Interaction Cont

All rights re When the active router fails, the other HSRP routers stop receiving hello messages, and the standby router assumes the role of the active router. This occurs when the hold time expires. Therefore, the length of time it takes to fail over is dependent on the hold time. Because the new active router assumes both the IP and MAC addresses of the virtual router, the end stations see no disruption in service. The end-user stations continue to send packets to...

Applying Ether Channel

* Logical aggregation of similar links 2004, Cisco Systems, Inc. All rights re EtherChannel bundles individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps (Fast EtherChannel full duplex) or 16 Gbps (Gigabit EtherChannel) between two Catalyst switches. All interfaces in each EtherChannel must be the same speed and must all be configured as either Layer 2 or Layer 3 interfaces. If a segment within an EtherChannel fails, traffic previously carried over the...

Applying Protection Features to the Enterprise Composite Network Model

This topic identifies the appropriate protection features used in the Enterprise Composite Network model. 2004, Cisco Systems, Inc. All rights re PortFast is used primarily in the Building Access submodule. UplinkFast is used when you move from switched to routed technology (Building Access to Building Distribution submodules). Loop guard and root guard are used to protect against misconfigurations in an STP environment. 2004, Cisco Systems, Inc. All rights re

Applying RSTP in the Enterprise Composite Network Model

The benefits of applying RSTP in the Enterprise Composite Network model include the following RSTP provides an improved mode of bridge operation while still retaining the plug-and-play benefits of 802.1D STP. RSTP discards the significant time taken for 802.1D STP to restore service after a link failure. RSTP improves the operation of STP while maintaining backward compatibility with the following Cisco-proprietary Multi-Instance STP (MISTP) RSTP natively includes most of Cisco proprietary...

ARP Throttling

All rights re Only the first few packets for a connected destination reach the Layer 3 engine so that the Layer 3 engine can use ARP to locate the host. Throttling adjacency is installed so that subsequent packets to that host are dropped in hardware until an ARP response is received. The throttling adjacency is removed when an ARP reply is received (and a complete rewrite adjacency is installed for the host). The switch removes throttling adjacency if no ARP reply is...

Assign routing protocol characteristics by enabling IP routing

All rights reserved. BCMSN v2.1 5-43 A routed port is a physical port that acts like a port on a router a routed port does not have to be connected to a router. A routed port is not associated with a particular VLAN, as is an access port. A routed port behaves like a regular router interface, except that it does not support VLAN subinterfaces. Routed ports can be configured with a Layer 3 routing protocol. Configure routed ports by putting the interface into Layer 3...

Assigning Access Ports to a VLAN

Switch(config) interface gigabitethernet 1 1 Enters interface configuration mode Switch(config-if) switchport mode access Configures the interface as an access port Switch(config-if) switchport access vlan 3 Assigns the access port to a VLAN 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 2-15 After a VLAN has been defined, switch ports need to be assigned to it. To assign an access switch port to a previously created VLAN, follow these steps From global configuration mode, enter...

Auxiliary VLAN Implementation Guidelines

Follow these guidelines when implementing auxiliary VLANs The IP phone and a device attached to the phone are in the same VLAN and must be in the same IP subnet if the following is true They use the same frame type The phone uses 802.1p frames and the device uses untagged frames The phone uses untagged frames and the device uses 802.1p frames The phone uses 802.1Q frames and the auxiliary VLAN equals the native VLAN The IP phone and a device attached to the phone cannot communicate if they are...

Bandwidth Provisioning

* Consider voice, video, and data. * Do not exceed 75 percent of the total available bandwidth for each link. * Provision for voice bearer traffic - Voice bearer traffic (bps) (packet payload + all headers in bits) * (packet rate per second) Properly provisioning the network bandwidth is a major component of designing a successful IP telephony network. You can calculate the required bandwidth by adding the bandwidth requirements for each major application, including voice, video, and data. This...

BPDUs travel from the root switch to prevent STP loops Each enterprise would normally have one STP root STP could be

BPQUh urn r+n iiii+nJ flu prevent STP Iocps lj II'I pilny A Sfie 1 VLUtt zs lo IK lj II'I pilny A Sfie 1 VLUtt zs lo IK fcath coMpBUy wAutd its own sel BPCUs fcath coMpBUy wAutd its own sel BPCUs 2004, Cisco Systems, Inc. All rights re Configuration BPDUs are sent from every port on the root bridge and subsequently flow to all leaf switches to maintain the state of the spanning tree. In steady state, BPDU flow is unidirectional root ports and blocking ports only receive configuration BPDUs,...

Bridge Protocol Data Unit

* A BPDU provides a switch with information about a neighboring switch. 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 3-9 The information provided in a BPDU includes the following The BID of the transmitting switch The switch priority (located in the BID) The MAC address of the transmitting switch The transmitting switch port ID The path cost from the transmitting switch to the calculated root switch The STP timer parameter values The switch compares the BPDUs and evaluates the...

Catalyst 6500 with distributed forwarding card

All rights re With distributed forwarding, the switching decision is made at the port or module level. Forwarding tables must be synchronized to account for topology changes. The primary forwarding engine manages the distributed tables. System performance is equal to the aggregate of all forwarding engines. Distributed forwarding enables switches to achieve rates over 100 Mpps.

CEFBased MLS

CEF-based MLS is a forwarding model implemented on the latest generation of Cisco multilayer switches. CEF-based MLS is topology-based. The control plane information is forwarded to the data plane at the port or line card in hardware. All packets are then switched in hardware with ASICs. This topic explains the features and operation of CEF-based MLS. 2004, Cisco Systems, Inc. All rights re 2004, Cisco Systems, Inc. All rights re CEF separates the control plane hardware from the data plane...

CEFBased MLS Lookups

Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. 1. Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. CEF-based MLS consists of these features The FIB lookup is based on the Layer 3 destination address prefix (longest match). The FIB is derived from the IP...

CEFBased MLS Operation

All rights re The figure provides an example of CEF-based MLS operation. These actions occur Step 1 The Layer 3 engine queries the switch for a physical MAC address. Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine. This MAC address is assigned by the Layer 3 engine as its burned-in address for all VLANs and is used by the switch to initiate Layer 3 packet lookups. Step 3 The switch installs wildcard CEF entries,...

Cisco Metro Ethernet Switching Products

Customer premises equipment High-density metro access (up to 240 10 100 ports) High-end metro access (up to 576 10 100 ports) 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 10-8 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 10-8 The table describes the Cisco Metro Ethernet products. Metro access (12 ports or stackable to 96 ports) Access control lists (ACLs) (Layer 2 and 3) Unidirectional Link Detection (UDLD) Protocol UplinkFast and BackboneFast EtherChannel Jumbo...

Cisco Metro Networking Solutions

IP VPNs L2 Ethsmot VPH GE PL Storaqe Irtfiri'tl Astebt Virtual Colecation DS-niOC-n Wa I englli s IP VPNs L2 Ethsmot VPH GE PL Storaqe Irtfiri'tl Astebt Virtual Colecation DS-niOC-n Wa I englli s Cieuo Citwo- Cetii Cilulv t OMS -SH 1 nnri 1070D t ixj i uilpi't fiiHwi iS sfig 155-10 rjfi ism i im 2004, Cisco Systems, Inc. All rights re Service providers require networks that are integrated with their legacy infrastructures and are flexible to respond to changing market conditions and diverse...

Class Based Weighted Fair Queuing

All rights re CBWFQ extends the standard WFQ functionality to provide support for user-defined traffic classes. They allow you to specify the exact amount of bandwidth to be allocated for a specific class of traffic. Taking into account available bandwidth on the interface, you can configure up to 64 classes and control distribution among them. 2004, Cisco Systems, Inc. All rights re WRR scheduling is used on Layer 3 switches on egress ports to manage the queuing and...

Classification and Marking

IP precedentE, NBAFt. and so on) interface lLogical SumntEfface intcrlaoe Qlcuc Queue luicj interface lLogical SumntEfface intcrlaoe Qlcuc Queue luicj 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-17 Packet classification features provide the capability to partition network traffic into multiple priority levels or classes of service. For example, by using the three precedence bits in the ToS field of the IP packet header (two of the values are...

Classification Tools Trust Boundaries

EmlpoinM ACCCW Distribution Con EntCrpn - Edgc EmlpoinM ACCCW Distribution Con EntCrpn - Edgc * A device is trusted if it correctly classifies packets. * For scalability, classification should be done as close to the edge as possible. * The outermost trusted devices represent the trust boundary. j) and (2) are optimal (3) is acceptable (if the access switch cannot perform classification). 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-16 The first task of a QoS policy is to...

Communication Types

All rights 2004, Cisco Systems, Inc. All rights There are three types of communication in a large network Unknown unicasts and multicasts are types of Layer 2 broadcasts. Unicasts are communications from a source to one specific destination. Examples of broadcasts are IP Address Resolution Protocol (ARP) requests, NetBIOS name requests, or Internetwork Packet Exchange (IPX) Get Nearest Server (GNS) requests. These types of broadcasts typically flood the entire subnet,...

Comparing Loop Guard and UDLD

I I I I I I I I I I I I I Yes, with error-disable timeout feature Protection against STP failures caused by unidirectional links Yes, when enabled on all root and alternate ports in redundant topology Yes, when enabled on all links in redundant topology Protection against STP failures caused by problem in software, resulting in designated switch not sending BPDU 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 4-61 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 4-61 The...

Comparing Port and Link Aggregation Protocols

This topic discusses the features the Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP). A Cisco proprietary protocol Expedites the automatic creation of EtherChannels by exchanging packets between Ethernet interfaces Link Aggregation Control Protocol (LACP) Configures the maximum number of compatible ports in a channel, up to the maximum allowed by the hardware (eight ports) 2004, Cisco Systems, Inc. All rights re PAgP and LACP are two different protocols that allow...

Comparing STP and Per VLAN Spanning Tree

All rights reserved. BCMSN 2.1-3-40 PVST+ maintains a separate spanning tree instance for each VLAN. PVST+ is fully compatible with the 802.1Q trunking protocol and with ISL. PVST+ runs the same STA that 802.1D does and provides the same functionality, to prevent Layer 2 loops. The difference is that PVST+ is still a Cisco proprietary protocol and runs a separate instance of the STA for each VLAN. This means that for every VLAN created, a separate root switch, a...

Configuring Accounting

Switch(config) aaa accounting system network exec connection commands level default list-name startstop stop-only none methodl method2 Creates an accounting method list and enables accounting Switch(config) interface interface-type interface-number Enters interface configuration mode Switch(config-if) ppp accounting default list-name Applies the named accounting method list to the interface 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 9-25 AAA supports six different accounting...

Configuring an 8021Q Trunk

This topic identifies the commands used to configure an 802.1Q trunk. Switch(config) interface fastethernet 5 8 Switch(config-if) switchport trunk encapsulation dotlq Switch(config-if) switchport trunk allowed vlan 1,5,11,1002-1005 Switch(config-if) switchport mode trunk Switch(config-if) switchport nonegotiate 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1- To configure a switch port as an 802.1Q trunking port, follow these steps Switch(config) interface fastethernet gigabitethernet...

Configuring an HSRP Standby Interface

Enabling HSRP on a Cisco router interface automatically disables ICMP redirects. 2004, Cisco Systems, Inc. All rights re To configure a router as a member of an HSRP standby group, enter this command in interface configuration mode Switch(config-if) standby group-number ip ip-address Switch(config-if) standby group-number ip ip-address (Optional) Indicates the HSRP group to which this interface belongs. Specifying a unique group number in the standby commands enables the creation of multiple...

Configuring an Ip Dscp Value

Switch(config) policy-map policy-name Switch(config-pmap) class class-name Switch(config-pmap-c) set ipdscp ip-dscp-value Specifies the IP DSCP value of packets within a traffic class 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-52 To mark a packet by setting the IP DSCP value, use these commands in this table, beginning in global configuration mode. Create a traffic policy by associating the traffic class with one or more QoS features. Switch(config) policy-map policy-name...

Configuring an ISL Trunk

This topic identifies the commands used to configure an ISL trunk. Switch(config) interface fastethernet 2 1 Switch(config-if) shutdown Switch(config-if) switchport trunk encapsulation isl Switch(config-if) switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if) switchport mode trunk Switch(config-if) no shutdown 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1- To configure a switch port as an ISL trunking port, follow these steps Switch(config) interface fastethernet...

Configuring AutoRP

Switch(config) ip pirn send-rp-announce type number scope ttl group-list access-list-number Advertises the IP address of an interface as the RP for a multicast group Switch(config) ip pirn send-rp-discovery scope ttl Assigns the role of RP mapping agent within the specified scope 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 7-29 Auto-RP is a feature that automates the distribution of group-to-RP mappings in a PIM network. This feature has these benefits It is easy to use multiple...

Configuring Class Based Marking

Switch(config) policy-map policy-name Switch(config-pmap) class class-name Switch(config-pmap-c) set ip precedence ip_precedence_value Specifies the IP precedence of packets within a traffic class 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-51 To mark a packet by setting the IP precedence bits in the ToS byte, use the commands in this table, beginning in global configuration mode. Create a traffic policy by associating the traffic class with one or more QoS features....

Configuring Classification and Marking

Classification is the process of identifying packets that belong to flows for which reservations have been made so that they can receive the appropriate QoS. The classification in a DiffServ network may be done using just a few bits in the IP header, while IntServ classification may examine up to five fields in the packet the source address, destination address, protocol number, source port, and destination port. This topic explains how to configure classification and marking. Mark packets by...

Configuring Congestion Avoidance

The Cisco WRED combines the capabilities of RED with IP precedence. This combination provides for preferential traffic handling for higher-priority packets. WRED can selectively discard lower-priority traffic when the interface begins to get congested, and provide differentiated performance characteristics for different classes of service. WRED differs from other congestion management techniques, such as queuing, because it attempts to anticipate and avoid congestion rather than controlling...

Configuring Ether Channel

This topic identifies the commands used to configure EtherChannel. Switch(config) interface port-channel port-cbannel-number Creates a port-channel interface Switch(config-if) ip address address mask Assigns an IP address and subnet mask to the EtherChannel Switch(config) interface interface slot port Specifies an interface to configure Switch(config-if) channel-group number mode auto desirable on Configures the interface in a port channel and specifies the PAgPmode 2004, Cisco Systems, Inc....

Configuring HSRP Standby Preempt

Ml I I I I I I I I I I I I f-ul - rikftfihrkti iir-iinrilry vLan 1(5 1 n'hrirr.iri' VLnrjLCi ip adIdzoflQ 1TB.1 . IV. 9 EB5.aE5.SM i ii& vp ftKti root1* tandhv 7 priority L5Q atiLTdt-y 47 pi a-amp t. nfULnrthy ip 173 . IE . 10 .11 D Preempt enables a router to resume the forwarding router role. 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-44 The standby router automatically assumes the active router role when the active router fails or is removed from service. This new active...

Configuring HSRP Standby Priority

The router in an HSRP group with the highest priority becomes the forwarding router. The default priority is 100. The router in an HSRP group with the highest priority becomes the forwarding router. The default priority is 100. 2004, Cisco Systems, Inc. All rights re Each standby group has its own active and standby routers. The network administrator can assign a priority value to each router in a standby group, allowing the administrator to control the order in which active routers for that...

Configuring HSRP Tracking

Switch(config-if) standby group-number track type number interface-priority 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-48 To configure HSRP tracking, enter this command in interface configuration mode Switch(config-if) standby group-number track type number interface-priority Switch(config-if) standby group-number track type number interface-priority (Optional) Indicates the group number on the interface to which the tracking applies. The default number is 0. Indicates the...

Configuring NBAR Cont

Switch(config) policy-map policy-name Creates a traffic policy Switch(config-pmap) class class-name Specifies a predefined class Switch(config-if) service-policy input output policy-name Attaches the traffic policy to the interface 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-55 Complete these steps in this table to configure NBAR. Specify the user-defined name of the class map. Switch(config) class-map matchall match-any class-name The match-all option specifies that all match...

Configuring PAgP and LACP

This topic identifies the commands used to configure PAgP and LACP. Switch(config-if) channel-protocol lacp pagp Restricts the channel-group command to the specified EtherChannel protocol for this port Switch(config-if) lacp port-priority priority_value Configures the LACP port priority Switch(config) lacp system-priority priority_value Configures the LACP system priority 2004, Cisco Systems, Inc. All rights reserved. BCMSN 2.1-3-41 To configure LACP or PAgP (configured by default), complete...

Configuring PIM Version

Switch(config-if) ip pim version 1 2 Configures PIM version 2 for an interface Switch(config) ip pim bsr-candidate interface hash-mask-length priority Configures an interface as a bootstrap router (BSR) candidate Switch(config) ip pim rp-candidate type number ttl group-list access-list-number Configures an interface as an RP candidate for the access control list 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 7-30 PIM version 2 includes these improvements over PIM version 1 A single,...

Configuring Private VLANs

Switch(config-vlan) private-vlan primary isolated community Configures a VLAN as a private VLAN Switch(config-vlan) private-vlan association secondary_vlan_list add svl remove svl Associates secondary VLANs with the primary VLAN Verifies private VLAN configuration 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 9-38 To configure a PVLAN, follow these steps Step 1 Set VTP mode to transparent. Step 2 Create the secondary VLANs. Note Isolated and community VLANs are secondary VLANs. Step...

Configuring Redundant Power Supplies

Switch(config) power redundancy-mode combined redundant Configures power as combined or redundant Displays information about power supplies 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-19 From global configuration mode, enter the power redundancy-mode combined redundant command to disable or enable redundancy (redundancy is enabled by default). You can change the configuration of the power supplies to redundant or combined at any time. Specifying the combined keyword disables...

Configuring SRM

Enables redundancy and enters redundancy configuration mode Switch(config-r) high-availability Enables high availability Enables SRM 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-59 Note Before going from Dual Router Mode (DRM) to SRM redundancy, Cisco recommends that you use the copy running-config command on the MSFCs to save the non-SRM configuration to boot flash memory. When going to SRM redundancy, the alternative configuration (the configuration following the alt keyword)...

Configuring the Root Bridge

This topic identifies the commands to configure a switch as the root bridge. This topic identifies the commands to configure a switch as the root bridge. Switch(config) spanning-tree vlan 200 priority 4096 This command lowers the spanning tree priority, forcing this switch to be the root bridge. Switch(config) spanning-tree vlan 200 priority 8192 This command sets the spanning tree priority, enabling this switch to be the secondary root bridge. 2004, Cisco Systems, Inc. All rights reserved....

Configuring the SLB Server Farm

Switch(config) ip slb serverfarm serverfarm-name Creates a server farm definition and enters server farm configuration mode Switch(config-slb-sfarm) real ip-addreaa Specifies the IP address of a real server in the server farm 2004, Cisco Systems, Inc. All lights reserved. BCMSN v2.1 6-63 Configuring IOS SLB involves identifying server farms, configuring groups of real servers in server farms, and configuring the virtual servers that represent the real servers to the clients. The table lists the...

Configuring the SLB Virtual Server

Switch(config) ip slb vserver virtual_server_name Identifies a virtual server and initiates virtual server configuration mode Switch(config-slb-vserver) virtual address mask Specifies the virtual server IP address and optional subnet mask farm_name Associates a real server farm with a virtual server, or configures a backup server farm 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-64

Configuring the SLB Virtual Server Cont

Enables the virtual server for use by IOS SLB Switch(config-slb-vserver) client address mask Specifies which clients are allowed to use the virtual server 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-65 The table lists the steps to configure a virtual server. Enter virtual server configuration mode. Switch(config) ip slb vserver virtual server-name Identifies a virtual server and initiates virtual server configuration mode. Specify the IP address of the virtual server....

Configuring Traffic Classes and Traffic Policies

Switch(config) class-map match-any match-all class-name Switch(config) policy-map policy-name Creates a traffic policy Switch(config-if) service-policy input output policy-name Attaches the traffic policy to an interface 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-46 Configuring Traffic Classes and Traffic Policies (Cont.) Switch(config-if) mls gos trust cos dscp ip_precedence Configures the policy-map class trust state, which selects the value that QoS uses as the source of the...

Configuring VACLs

Switch(config) vlan access-map map_name seq Switch(con ig-access-map) match ip address 1-199 1300-2699 acl_name ipx address 800-999 acl_name mac address acl_name Configures the match clause in a VLAN access map sequence Switch(config-access-map) action drop log forward capture redirect type slot port port-channel channel_id Configures the action clause in a VLAN access map sequence Switch(config) vlan filter map_name vlanlist list Applies the VLAN access map to the specified VLANs 2004, Cisco...

Configuring Weighted Round Robin Queuing

Switch(config-if) wrr-queue cos-map 1 2 1 2 coal cos2 priority-queue cos-map Q coal coa2 Assigns the CoS to queue threshold Switch(config-if) wrr-queue bandwith weightl weight Specifies the weight of the two WRR queues Switch(config-if) wrr-queue random-detect max-threshold queuelD threaholdl threahold2 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-61 To configure WRR scheduling, perform the tasks in this table. The first thing to do is to enable QoS. Remember that QoS is disabled...

Configuring WRED at the Class Level

Switch(config-pmap-c) random-detect dscp-based Configures WRED to use the DSCP value when calculating drop probability for traffic in this class Switch(config-pmap-c) random-detect dscp dscpvalue min-threshold max-threshold marfc-probability-denominator Configures the minimum and maximum thresholds 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 8-63 To configure WRED to use the DSCP value when it calculates the drop probability, use the following commands beginning in interface...

Congestion Avoidance

Use congestion avoidance only with TCP traffic. Identify traffic to drop at a given queue depth. Do not use congestion avoidance for voice or video. Use congestion avoidance only with TCP traffic. Identify traffic to drop at a given queue depth. Do not use congestion avoidance for voice or video. 2004, Cisco Systems, Inc. All rights re When an interface on a router cannot transmit a packet immediately, the packet is queued, either in an interface Tx ringer or the interface output hold queue,...

Connection Across a Trunk Link

com The Layer 2 interface mode configured on both ends of the link is valid. The trunk encapsulation type configured on both ends of the link is valid. The native VLAN is the same on both ends of the trunk (802.1Q trunks). 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 2-30 If a problem exists with a trunking link, make sure the interface modes, encapsulation types, and native VLANs are correct on both sides of the link. Problem A device cannot establish a connection across a trunk...

Creating a VTP Management Domain

This topic matches the configuration steps with the appropriate VTP mode. Switch(config) vtp domain domain-name Switch(config) vtp password password Enables VTP Pruning in the domain 2004, Cisco Systems, Inc. All rights reserved. Setting device to VTP SERVER mode. Svitch(con ig) vtp domain Lab Network Setting VTP domain name to Lab Network Switch(config) end To configure a VTP server, follow these steps from privileged EXEC mode Enter global configuration mode. Switch configure terminal...

Creating an Ethernet VLAN

This topic identifies the steps to create an Ethernet VLAN. * Create a VLAN in global and database modes Verify a VLAN port configuration 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 2-12 Here are the steps to create an Ethernet VLAN Create the VLAN Assign the ports Verify the VLAN configuration Verify the VLAN port configuration Delete a VLAN in global mode Delete a VLAN in database mode This topic identifies the steps and the commands needed to create a VLAN in both global and...

Customer traffic and protocol messages affect backbone

All rights reserved. BCMSN v2.1 10-33 With no encapsulation, user traffic will affect the operation of the core network. This type of networking is simple to build and low in cost. Its connectivity type is the equivalent of a TLS. It might be effective to support the network of a single enterprise. Service providers might use such a low-cost entry point to deliver Ethernet services by using an existing infrastructure, such as with SONET. Single failure domain, shared...

Customer VLAN Requirements

ISP customers require Internet access for multiple servers - Isolation from other customers - Communication between servers Traditional solution one VLAN and IP subnet per customer 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 9-35 Service provider customers usually want to connect multiple servers to the Internet, isolating their own traffic from other customer traffic while maintaining communication between their own servers. The traditional solution to this requirement is for...

Port Roles

. nt ign K o Pon ' fad Switch Cfsign tei) Psi 2004, Cisco Systems, Inc. All rights re When STP has determined a forwarding path, the switch ports will have assumed various roles that define their specific function and operation. There are four 802.1D port roles. Root port This port exists on nonroot or designated switches only and is the switch port with the least path cost to the root switch. Root ports are responsible for forwarding frames to and from an intermediate segment facing toward the...

Debugging HSRP

All lights reserved. BCMSN v2.1 6-50 The IOS implementation of HSRP supports the debug command. Enabling the debug facility displays the HSRP state changes and debugging information regarding transmission and receipt of HSRP packets. To enable HSRP debugging, enter this command in privileged EXEC mode Caution Because debugging output is assigned high priority in the CPU process, this command can render the system unusable.

Deleting VLANs in Global Mode

Svitch configure terminal Switch(config) no vlan 3 Switch(config) end 2004, Cisco Systems, Inc. All rights re To delete a VLAN in global configuration mode, follow these steps Enter global configuration mode. Switch configure terminal Delete the VLAN with a particular ID number. Switch(config) no vlan VLAN id Delete the VLAN with the specified ID number. Exit configuration mode. Switch(config) end After you have returned to privileged EXEC mode, the prompt will change back to Switch . Caution...

Designating an Active Router

The active router responds to ARP requests with the MAC address of the virtual router. Within the standby group, one router is elected to be the active router. The active router forwards the packets sent to the virtual router. The router with the highest standby priority in the group becomes the active router. The default priority for an HSRP router is 100 however, the end user can change this option. Note When preempt is not configured, the first router to come up is the active router. The...

Differentiated Services Diff Serv Architecture

Multiple-service model to satisfy differing requirements Implemented through six-bit DSCP field definitions DSCP field is in IP header in the ToS field 2004, Cisco Systems, Inc. All rights re The DiffServ model is a multiple service-level model that can satisfy differing QoS requirements. However, unlike in the IntServ model, an application using DiffServ does not explicitly signal the network devices before sending data. DiffServ is a QoS implementation technique that is tailored for modern...

Directed VLAN Service DVS

Switches see the service as a VLAN switch. Supports point-to-point and point-to-multipoint. 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 10-14 In a DVS, VLAN IDs are used to select destinations. The DVS can be point-to-point or point-to-multipoint. Typically, the VLANs of the enterprise will be isolated from the VLANs of the network using additional header information. The switch in the core sees the VLANs defined at the edge of the network and provides VLAN switching. The core...

Displaying the Standby Brief Status

I I I I I I I I I I I I I 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 6-49 To display the status of the HSRP router, enter one of these commands Switch show standby interface group active init Switch show standby delay type-number If the optional interface parameters are not indicated, the show standby command displays HSRP information for all interfaces.

Distinguishing Between Bridge IDs

This topic matches each BID with the correct description. This topic matches each BID with the correct description. Bridge ID Without the Extended System ID Bridge ID with the Extended System ID 2004, Cisco Systems, Inc. All rights re The BID was made up of only a bridge priority value (two bytes) and a bridge MAC address (six bytes). The BID was always unique by virtue of using a unique MAC address for each STP instance or VLAN. The MAC addresses were allocated from a pool of MAC addresses...

Distinguishing the Modules of the Enterprise Campus Functional Areas

This topic identifies the features of each functional area in the Enterprise Campus. IffTITITTITITl II III III II III II III II III III II III II III III II III II III III II III II Hi Cisco.com Enterprise Carnal EnM.f,rltii j asnjlrn IffTITITTITITl II III III II III II III II III III II III II III III II III II III III II III II Hi Cisco.com Enterprise Carnal EnM.f,rltii j asnjlrn The Enterprise Campus functional area includes the Campus Infrastructure, Network Management, Server Farm, and...

Egress LER Processing Label Popping and Forwarding

Pop tunnel label off if next-to-last hop has not done so. Infer from VC label how to process the original frame 2004, Cisco Systems, Inc. All rights re 2004, Cisco Systems, Inc. All rights re The egress LER pops the tunnel label off if the next-to-last-hop router has not done so already. The egress LER then reads the VC label to process and forward the original frame.

Enabling and Verifying Backbone Fast

Switch(config) spanning-tree backbonefast Switch show spanning-tree backbonefast Displays BackboneFast configuration information Switch show spanning-tree backbonefast BackboneFast is enabled Number of transition via backboneFast (all VLANs) 0 Number of inferior BPDUs received (all VLANs) 0 Number of RLQ request PDUs received (all VLANs) 0 Number of RLQ response PDUs received (all VLANs) 0 Number of RLQ request PDUs sent (all VLANs) 0 Number of RLQ response PDUs sent (all VLANs) 0 2004, Cisco...

Enabling and Verifying BPDU Guard

Switch(config) spanning-tree portfast bpduguard Switch show spanning-tree sugary totals Displays BPDU guard configuration information Switch show spanning-tree summary totals Etherchannel misconfiguration guard is enabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active 34 VLANs 0 0 0 36 36 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 4-48 Spanning tree BPDU guard shuts down PortFast-configured interfaces that receive BPDUs, rather than...

Enabling and Verifying Port Fast

Switch(config-if) spanning-tree portfast Enables PortFast on an interface Switch show running-config interface fastethernet gigabitethernet slot port port-channel pc_number Displays PortFast interface configuration information Svitch show running-config interface fastethernet 5 8 Building configuration Current configuration I interface FastEthernet5 8 no ip address switchport switchport access vlan 200 switchport mode access spanning-tree portfast end 2004, Cisco Systems, Inc. All rights...

Enabling BPDU Filtering

This topic identifies the command used to enable BPDU filtering. This topic identifies the command used to enable BPDU filtering. Enabling and Verifying BPDU Filtering r . , m Switch(config) spanning-tree portfast bpdufilter default Switch show spanning-tree summary totals Displays BPDU filtering configuration information Switch show spanning-tree summary totals Root bridge for VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default...

Enabling BPDU Skewing Detection

This topic identifies the possible causes of BPDU skewing. Is the difference between when the BPDUs are expected to be received and the time BPDUs are actually received - Expected BPDUs are not received - Spanning tree detects topology changes 2004, Cisco Systems, Inc. All nghts reserved. BCMSN v2.1 4-50 BPDU skewing is the difference between when the BPDUs are expected to be received and the time BPDUs are actually received. Skewing occurs when the following occurs Spanning tree detects...

Enabling Multiple Spanning Tree

1 I I I I I I I I I I I I Switch(config) spanning-tree mode mat 2004, Cisco Systems, Inc. All rights reserved. BCMSN 2.1-3-32 Because MST applies to multiple VLANs, it requires some additional configuration beyond that needed for PVST+ or Rapid PVST+. After you have enabled MST with the command spanning-tree mode mst, you must configure the regions and instances with additional configuration commands. Switch(config) spanning-tree mst configuration Enters MST configuration submode Sets the MST...

Enabling Spanning Tree

This topic identifies the commands that enable spanning tree on a per-VLAN basis. This topic identifies the commands that enable spanning tree on a per-VLAN basis. Switch(config) spanning-tree vlan 200 Enables spanning tree on a specific VLAN 2004, Cisco Systems, Inc. All rights reserved. You enable spanning tree on a per-VLAN basis. The switch maintains a separate instance of spanning tree for each VLAN (except on VLANs on which you have disabled a spanning tree). By default, spanning tree is...

Enabling Uplink Fast

Switch(config) spanning-tree uplinkfast max-update-rate max_update_rate 2004, Cisco Systems, Inc. All rights reserved. BCMSN 2.1-3-29 UplinkFast increases the bridge priority to 49,152 and adds a value of 3000 to the spanning tree port cost of all interfaces on the switch. In this case, it is unlikely that the switch will become the root switch. UplinkFast does not increase the bridge priority or increment the port cost for spanning tree with nondefault bridge priority value and nondefault port...

Endto End VLANs

Users are grouped into VLANs independent of physical location. As users move, VLAN membership remains the same. Users are grouped into VLANs independent of physical location. As users move, VLAN membership remains the same. 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 2-9 An end-to-end VLAN spans the entire switched network, while a local VLAN is restricted to a single switch. An end-to-end VLAN network comprises these characteristics Users are grouped into VLANs independent of...

Enhancing Network Performance

IffTITITTITITl II III III II III II III II III III II III II III III II III II III III II III II Hi Cisco.com Perform exception reporting for capacity issues Determine the network management overhead Analyze the capacity information Periodically review capacity information Have upgrade or tuning procedures set up 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 9-6 Critical performance management issues are the following User performance For most users, response time is the critical...

Enterprise A will affect network by switching on overlapped VLAN

Because VLAN identifiers may overlap from location to location, 802.1Q-in-Q tunneling provides a way to identify these VLANs as they relate to their respective sites. In the figure, enterprise A and enterprise B have overlapping VLAN identifiers. Without 802.1Q-in-Q tunneling, this overlap would present a conflict. With tag stacking, transparency is preserved and overlapping VLAN IDs are not a problem.

Enterprise Campus Functional Areas

Contains e-mail and corporate servers providing application and print services 2. performs system logging and authentication 3. connects users within a campus with the Server Farm and Edge Distribution modules 4. routes traffic into the Campus Backbone submodule Q4) Match the submodules with the correct location on the Campus Infrastructure module diagram, based on each submodule's function.

Enterprise Campus Infrastructure

The Campus Infrastructure module connects users within a campus with the Server Farm and Edge Distribution modules. This module is composed of one or more floors or buildings connected to the Campus Backbone submodule. Each building contains a Building Access and Building Distribution submodule. The Campus Infrastructure module includes these submodules Building Access submodule (also known as Building Access layer) Contains end-user workstations, IP Phones, and Layer 2 access switches that...

Enterprise Composite Network Model

All rights re 1. contains network elements required for independent operation within a single campus 2. enables communications with other networks using WAN technologies 3. aggregates connectivity from the various elements at the edge of the enterprise network Q3) Match the modules with the correct location on the Enterprise Campus infrastructure diagram, based on each area's function.

Enterprise Hub and Spoke Connectivity with DVS

VLAN identifies destination Preferred by service providers 2004, Cisco Systems, Inc. All rights re The figure shows an example of a DVS deployment. The headquarters office is maintaining connectivity with its remote locations by way of selected VLAN IDs. The VLAN identifier is used to direct the traffic to the appropriate remote locations. In the hub-and-spoke topology, VLAN10 spans the regional headquarters and remote office 1 and 3, while VLAN20 spans the regional headquarters and remote...

Enterprise Network Requirements for QoS

All rights 2004, Cisco Systems, Inc. All rights QoS is defined as the application of features and functionality to actively manage and satisfy networking requirements of applications sensitive to loss, delay, and delay variation (jitter). QoS also guarantees the availability of bandwidth for critical application flows. QoS tools enable manageability and predictable service for a variety of networked applications and traffic types in a complex network. The IOS QoS...

Ethernet Leased Line over DWDM

The advantages of WDM technology have long been recognized in the long-distance, ultrahigh-bandwidth transport market. In these environments, the laying of additional fibers is an extremely expensive and time-consuming process, leaving WDM-based solutions as the only real answer to the fast growth in bandwidth demand. In the figure, the DWDM Metro Ethernet network appears to the end user as a point-to-point Gigabit Ethernet link. The Metro Ethernet system has essentially created a long...

Ethernet Leased Line over Sonetsdh

In the figure, the SONET Metro Ethernet network appears to the end user as a point-to-point Gigabit Ethernet link. The Metro Ethernet system has essentially created a long extension cord for the Gigabit Ethernet transmission between enterprise campus A and enterprise campus B. SONET implementations are established and entrenched in service provider networks today. SONET is used to offer Metro Ethernet solutions that leverage the existing infrastructure including the high-availability features.

Example Applying Port Fast

In the example, a server and workstation are attached to an access switch through ports that have been configured with PortFast. PortFast interfaces do not transition through all STP states, but they transition directly to forwarding. If a link that is not attached to this port fails, the port does not transition directly to the forwarding state because it is already forwarding. This scenario does not affect the state of the PortFast port. The transition directly to the forwarding state occurs...

Example Applying Uplink Fast

The figure shows an example of a topology in which switch A is deployed in the Building Access submodule with uplink connections to the root switch over link 2 and the backup root switch over link 3. (Both switches are in the Building Distribution submodule.) Initially, the port on switch A connected to link 2 is in the forwarding state, and the port connected to link 3 is in the blocking state. When switch A detects a link failure on the currently active link 2 on the root port (a direct link...

Example Associating an Isolated VLAN with a Primary VLAN

This example shows how to associate isolated VLAN440 with primary VLAN202 and verify the configuration Switch(config-vlan) private-vlan association 440 Switch(config-vlan) end Switch show vlan private-vlan Primary Secondary Type Interfaces Switch(config-if) switchport mode private-vlan host promiscuous Configures an interface as a private VLAN port Switch(config-if) switchport private-vlan host-association primary vlan ID secondary vlan ID Associates an isolated or community port with a private...

Example Attaching a Traffic Policy to an Interface

The example shows how to attach an existing traffic policy to an interface. After you define a traffic policy with the policy-map command, you can attach it to one or more interfaces to specify the traffic policy for those interfaces by using the service-policy command in interface configuration mode. Although you can assign the same traffic policy to multiple interfaces, each interface can have only one traffic policy attached at the input and only one traffic policy attached at the output....

Example Backbone Fast Operation

BackboneFast is best illustrated by the failure of the link between the root and the backup root switch. The backup root switch does not assume that the root switch is still available. The backup switch will immediately block all previously forwarding ports and transmit configuration BPDUs claiming root responsibility. Since the root switch failure from the perspective of the backup switch is recent, the backup switch will set the designated and root port parameters to 1. When the access switch...

Example Broadcast Frames and Bridging Loops

Station A has two potential paths to station B by way of the two intermediate switches. What happens if station A sends to station B, while a Layer 2 loop exists without STP Station A transmits the frame destined for station B to segment A. Both bridges on segment A pick up the frame on their switch ports 1 1 and 2 1, respectively. Both switches populate their respective MAC tables indicating that station A resides on segment A on switch ports 1 1 and 2 1. Both switches forward the frame to...

Example Changing the Spanning Tree Port Cost

This example shows how to change the spanning tree port cost of a Fast Ethernet interface to 17, making it more likely to be chosen as a forwarding port than another Fast Ethernet interface configured with the default port cost (19 for Fast Ethernet) Switch(config) interface fastethernet 5 8 Switch(config-if) spanning-tree cost 17 This example shows how to configure the spanning tree VLAN port cost of a Fast Ethernet interface to 20, making it less likely to be chosen as a forwarding port than...

Example Comparing STP and PVST

It is possible to create different logical topologies using the VLANs and PVST+ on your network. In the example, there is a switched network that has implemented two different logical topologies by defining two different root switches on two different VLANs. The network administrator has adjusted the PVST+ parameters to manually set the root switch to be the switch closest to the destination resource. The only difference is that the STP parameters, such as bridge priority, have been configured...

Example Configuring a Server Farm

These commands configure the server farm named PUBLIC and associate the three real servers Enter configuration commands, one per line. End with CNTL Z. Switch(config) ip slb serverfarm PUBLIC Switch(config-slb-sfarm) real 10.1.1.1 Switch(config-slb-sfarm) real 10.1.1.2 Switch(config-slb-sfarm) real 10.1.1.3 Switch(config-slb-real) inservice Switch(config-slb-real) end These commands configure the server farm named RESTRICTED and associate the two real servers Enter configuration commands, one...

Example Configuring an Ip Dscp Value

In the example, a service policy called policy1 is created. This service policy is associated with a previously defined classification policy through the use of the class command. This example assumes that a classification policy called class1 was previously configured. In the example, the IP DSCP value in the ToS byte is set to 5 Switch(config) policy-map policyl Switch(config-pmap) class classl Switch(config-pmap-c) set ip dscp 5 Switch(config-pmap-c) class class2 Switch(config-pmap-c) set ip...

Example Configuring Backbone Fast

This example shows how to enable and verify BackboneFast on a switch Switch(config) spanning-tree backbonefast Switch(config) end Switch show spanning-tree backbonefast Number of transition via backboneFast (all VLANs) 0 Number of inferior BPDUs received (all VLANs) 0 Number of RLQ request PDUs received (all VLANs) 0 Number of RLQ response PDUs received (all VLANs) 0 Number of RLQ request PDUs sent (all VLANs) 0 Number of RLQ response PDUs sent (all VLANs) 0

Example Configuring Loop Guard

In the example, loop guard is disabled by default. This command is used to enable loop guard Switch(config) spantree guard loop mod port For example Switch(config) spantree guard loop 3 13 Enabling loop guard will disable root guard, if root guard is currently enabled on the ports. You can enable loop guard globally on all ports. Loop guard is enabled on all point-to-point links. The point-to-point link is detected by the duplex status of the link. If the link is full-duplex, then the link is...

Example Configuring maxreservedbandwidth

In this example, the max-reserved-bandwidth command changes the maximum bandwidth allocated between LLQ and IP RTP priority from the default (75 percent) to 80 percent. Switch(config) multilink virtual-template 1 Switch(config) interface virtual-template 1 Switch(config-if) ip address 172.16.1.1 255.255.255.0 Switch(config-if) no ip directed-broadcast Switch(config-if) ip rtp priority 16384 16383 25 Switch(config-if) service-policy output policy1 Switch(config-if) ppp multilink...