Note

The same rules that apply to ACLs and route maps apply to VLAN maps. Rules such as there is implici tdeny any at the end of an ACL and so on all apply to VLAN maps. For more informatio how to configure route maps and ACLs and for configuration tips, see those appropriate sectio CCIE PSV1 and CCIE PSV2. Controlling VLAN Access and Security with Protected Ports Yet another way you can control acces s or enh ance security on th e Ca talyst 335130 is by using VLAN-ports. VLAN-protected ports can...

Ab Walkt hrough

Configure the Frame Relay switch and attach the three routers in a back-to-back fashion to the frai switch. Use V.35 cables to connect the routers. Create the four Ethernet LANs by the use of switche or h ubs, as illusteated in Figure 2-12. After the physi ca. connections are complete, assign IP addresses to all LAN and WAN interfaces as depicted in Figure 2-12. Configure a Frame Relay network as a single multipoint network between . routers on the WAN. Use the DLCIs from the diagram. Because...

Active State

If a roneer has entered t lie Active state, it s b ehaush it was una gie to establish a s uccessful TCP connection with one oa its BGP peers. While in tae Active state, a BGP speaker ignores the start svent (remember, it is only listnned soa duning tlee Id e state), atterapts to initiate a TCP session with its peer, and resets the ConnectRetry timer. If a successful TCP session is established while the BGP speaker is in the Active state, it sends an OPEN message to its peer, sets the hold...

Administrative Distance and Its Effects on BGP

When BGP and IGPs are used together for IP routing, as they generally will be in an enterprise network, you might sometimes want a router to prefer an IGP route to an E-BGP route. Under normal circumstances, this will not be possible because routers always prefer E-BGP routes because they have a lower administrative distance. The Cisco IOS Software uses the administrative (distances shown in Table 9-11. Table 9-11. Default Administrative Distances Table 9-11. Default Administrative Distances...

Administratively Scoped Addresses

Also known as limited-scope addresses, administratively scoped addresses fall within the range of 239l0l0l0 8l RFC 2365 sets these addresses aside to be used within a company or organization. Private companies, campuses, or other networks can use these addresses to run multicast applications that will not be forwarded outside their autonomous system. Service provkier route rs are typically configured to filter this type of multicast traffic to be sure applications do not 7low outside the...

Advertising Local Networks

There are quite a few ways to advertise networks to BGP peers the command that you use to advertise the networks depends on a few variables. For example, you might want BGP to control exactly which networks BGP advertises to its remote peers. You might want to advertise any network that the router is directly connected to, or you might want to advertise static routes to networks, to nail them down so that when the path to that network changes, the route that BGP advertises to its upstream peers...

Advertising Routes Learned via IGPs

The last, and least desiraWe, way to locally originate routes into BGP is to redistribute IGF1 routes into BGP dynamically. Th is is not a recommended practice because IGP routes tend to change rather ofte w, and yom (and an yone that you peer with ) will not want BGP to constant add, sliange, o r oemove IGP redistributed rnwtes on a negular b asis. HoweveP, you can configure BGP to have IGP routes redistributed directly into BGP by using the redistributeprotoco command. Example 8-59 shows how...

Aggregator Attribu te

The AGGREGATOR attribute is an optional transitive attribute that might be used if tte ATOMIC_AGGREGATE attrihute has been used on gn NLRI. The AGGRcGATOR attribute contains information about the speaker that aggregated the route. This attribute contains the BGP ID and AS numkerofthe rou ter that created the aggregate marging that route wifh the ATOMIA_AGGREGATE attribute. This ineormation sLecifie the source of the less-specific aggregate which can be used to find where the more epecihic...

Agguegation and Route Suppgessi on

Another way to control routing advertisements for aggregated routes is to use route suppressior to suppress the advertisement of certain networfs suppressed routes can also be unsuppresseh on a neighbor-by-neighbor basis. You can use the optional summary-only command with the aggregate-address command to suppress all the more specific routes and you can ust suppress maps and unsuppress maps to specify exactly which routes should or should not bt suppressed. By using route aggregation with route...

Aon ycast RP

A newer method of controlling multicast RP stabi lity throughou t an icternetwork is called anycast RP. Some new concepts and protocols relate to this approach. The gist behind anycast RP is that a single IP add re ss is btiatically co-figured as the RP throughout a network. (See Exam ele 3- 2.) Thih IP address can exist on m Utiple routers sim ultaneo-slni (This congept is one that causes many people to have a puzzled e xpoes sion.) Yes, you can configure thb same Ie address on multip routers....

Appendix D IP Prefix Lists

Prefix lists became available in Cisco IOS Software Release 12.0(3)T. You can use prefix lists as a simpler alternative to standard IP access lists for routing advertisement filtering with routing protocols. Although prefix lists are most commonly put to use in Border Gateway Protocol (BGP) configurations, this appendix demonstrates other ways that you can use prefix lists to support other routing protocols such as Enhanced Interior Gateway Routing Protocol (EIGRP). Prefix lists introduce a...

Assessing the Routers Capacity for BGP

After BGP has been configured on a Cisco router, four processes are started BGP Open, BGP Scanner, BGP Router, and BGP I O. The BGPOpen process is used to establish the TCP session between BGP speakers. The BGP Open process ends after a TCP session for the BGP peers has been estab I ished a nd Is only visible at the begi nning of BGP session establishment. The BGPI O process performs all BGP packet processing and performs the queuing of BGP UPDATE and KEEPAaiVE me ssages. Th e BGPScanner...

ATM The Other WAN Technology

One of the obstacles network professionals encounter on a regular basis is the introduction of new Although Asynchronous Transfer Mode (ATM) is not a new technology the first ATM specifications developed in the early 1990s, and ATM hardware appeared soon after and although most network have plenty of ex pe rience with other WAN protocols such as High-Level Data Link Controller (HDLC Relay, and X.25, many people are not as familiar with the newer ATM technologies. The goal of thi not to repeat...

Atomicaggregate Attribute

The ATOMIC_AGGREGATE is a well-known (discreet ionary attribute use d to notify d ownstream neighbors that pat h i nfonmation for a specific route has ye en lost. This informat ion loss is (caused when more specific paths are aggregated into a less-sperifir path. The ATOMIC_AG GREG ATE attribute is just a flag set in the UPDATE packet that notifies the downstream routers that some path information has been lost during the aggregation. When the ATOMIC_AGGREGATE attribute is set, the downstream...

Bandwidth Reservation Using RSVP

RSVP, also known as Resource Reservation Setup Protocol, is defined in RFC 2205 as a signaling protocol used for resource reservation, provides an end-to-end QoS reservation that is initiated by requesting host or application. RSVP supports multicast or unicast IP traffic in flows. A flow is basic defined as traffic from a particular IP address, protocol type, and port number that is destined to a specific IP address or multicast group on a specific port using a specific protocol type. Because...

BGP and IGP Interaction

One thing that you must always remember when using BGP as your AS routing protocol is that, unlike distance-vector and link-state protocols such as OSPF and EIGRP, BGP is a path-vector routing protocol. It does not route packets based on hops, costs, or other metrics like IGP protocols it rouees based on AS paths. Keeping this in mind will save hours of troubleshooting when you notice BGP behaving differently than IGP protocols. Keep ia min d these rules when using BGP with other IGP protocols...

BGP Configuration Tips

When configuring and troubleshooting BGP, you will use a number of commands on a regular basis. You can use quite a few tricks to help you become more efficient with Cisco IOC Coftwarei For instance, you can use the Control (Ctrl) key in combination with other characters on thn keyboard as editing shortcuts. These shortcuts can save you time when you are in a hurry or art iGaving a bad d ay and yon fust can't type. These comm amds ate also helpfu1 in the evenI that you are requ i Ced to u se a...

BGP Neighbor Configuration

Before configuring BGP, it is important to understand some basic rules of configuration between I-BGP and E-BGP configuration. In the next section, both BGP types are covered, with examples that show how BGP can be configured to support different network topologies Directly connected I-BGP configurations I-BGP connections configured across an IGP backbone E-BGP multihop configurations E-BGP t5ansit autonomous system configurations Configuring BGP peers to interact with IGPs

BGP Overview

BGP-4, referred to in the rest of this book as BGP, is an interdomain routing protocol used to route IPv4 traffic between autonomous systems. Autonomous systems are defined as routing domains that are under the same administrative control and follow the same policies. Figure 7-1 shows the connection ofnwo autonomous systems, AS 1 and AS 2. Each of these autonomous systems contains routers that follow the same policies, and are generally under the same administrative control. Like If addressef,...

BGP Route Dampening

BGProute dampening controls the effects of route flapping between E-BGP peers. Route dampening is generally used to help service providers prevent one customer's router or circuit problems from affecting the stability of the provider's network by withdrawing problem BGP routes. There are two ways to enable route dampening The first is to globally enable route dampening for all BGP peers using the bgp dampening command the second is to use a route map to specify certain routes that are to be...

BGP Routing Tables

Routers running the BGP protocol use different routing tables for different purposes. The main IP routing table contains routes obtained through IGP routing processes, such as RIP or Open Shortest Path First (OSPF), static, or directly connected networks. There are also three other conceptual BGP tab les, referred to as Routing Information Bases (RIBs), which contain only BGP-specific routing information. The BGP tables are used to store information about BGP paths. This information includes...

Big Show for Route Maps

TTIE Prncticnl Studies,Volume I introduced what was called the Big Show and Big D. These terms v because the discussion focused on only a select few show and debug commands considered most The Big Show and Big D commands for route maps are rather limited in their use. The best way to functionality of1 route maps and policy routing is to actually see how they are performing by viewini route table and using traceroute commands. The show commands offered by Cisco are very gooc showing where the...

C MS Notes

These notes apply to CMS configuration If you use CMS on Windows 2000, it might not apply configuration changes if the enable pass chang ed from the CLI during your CMS session. You have to restart CMS and enter the new p when Nfompted. Platforms other than Windows 2000 prompt you for the new enable passwor it is changed. CMS does not display QoS classes that are created through the CLI if these classes have mult match statements. When using CMS, you cannot create classes that match more than...

Catalyst 3550 Configuration Modes and Terminology

Configuring a Catalyst 3550 is much like configuring the Cisco IOS Software found in predecessor as the Cisco Catalyst 3500X0 series, or like configuring the cameingb routing and QoS fgaturgs fou trabitianal Cisco IOS on router rlatfarms. The upcoming sections focus on configuring the Catalyst switches with the EM software installed. The Catalyst 3550 COI has different configuration modes anb different interfaces types. For instanc are configured different from switched virtual interfaces,...

Caution

PortFast should be used only when connecting a single end station to a switch port. If PortFast enabled on a port connected to another networking device, such as a switch, you can create S When you enable PortFast on the Catalyst 3550, you will get the following message Warning PortFast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to this interface when PortFast is enabled can cause temporary bridging loops. Use with CAPUT...

CCIE Practice Lab Boom

1 Frame Rel ay swiech 4 serial ports ISDN simulator switch with 2 BRI ports 2 lab routers 1 Ethernet interface 1 lab router 1 Fast Ethernet, 1 serial, 1 ATM, 1 ISDN BRI interface 1 lab router 1 Ethernet, 1 ISDN BRI, 1 serial interface 1 lab router 2 Ethernet interfaces 1 lab router 1 Serial and 1 Ethernet interface 1 Ethernet 3UU0 switch with the EMI software, 2 fiber ports or crossover cables for interconnection 1 Ethernet 3Uxx Ethernet switch capable of Fast or Gigabit EtherChannel

CCIE Practice Lab Enchilada II

1 Frame Rel ay switch 5 serial ports ISDN simulator switch with 2 BRI ports ATM awitch w itlo 2 ATM interfaces 2 lab routers 1 Ethernet and 1 serial interface 1 lab router 1 Fast Ethernet, 1 serial, 1 ATM, and 1 ISDN BRI 1 lab router 1 Ethernet, 1 ISDN BRI, and 1 serial 1 lab router 2 Ethernet and 1 serial 1 Ethernet 3550 switc- with the EMI software, with 2 fiber ports or crossover cables for interconnection 1 Ethernet 35xx Ethernet switch

Configuring Route Maps and Policy Based Routing

Perhaps one of th e most colorful descriptions for route maps is that route maps are like duct tape for the network not necessarily because they can be used to fix or mend something broken, but because they can be applied to numerous situations to address many issues. At times, they may not be th e most pretty solutions, but they will be very effective. After you learn to configure and use route maps, you will soon see why some engineers refer to them as route tape. In policy-based routing...

Configuring Multicast Routing

Multicast has been used for different purposes for many years. Saying multicast these days typically conjures up the idea of streaming video or audio from a particular event. At a much more basic level, however, multicast is a technology that allows one host to send a single stream of traffic to reach any number of destination hosts. Without multicast, the only options available are Unicast streams A number of specific copies equal to the number of destination hosts. Broadcast streams Although...

Integrated and Differentiated Services

The preceding chapter explored router performance and examined several route-switching mechanisms that you can use to provide certain levels of Quality of Service (QoS) by reducing latency and jitter caused by errors and device resource utilization. This chapter focuses on more granular Qo S techniques provided by integrated and differentiated services. This chapter covers the following topics How to provide a guaranteed level of service using Resource Reservation Protocol (RSVP) Howe to mark...

QoS Rate Limiting and Queuing Traffic

The preceding two chapters discussed router performance management, equipment-quality management, ATM quality of service (QoS), Layer 3 switching methods, compression, applying end-to-end QoS with integrated services, and marking traffic priority with differentiated services. After you have app lied these QoS methods, you then need to consider the most effective queuing mechanism for each specific traffic type. Each interface uses some type of queuing the type you decide to use will depend on...

BGP4 Theory

Borher Getewey brotocol version 4 (BGP-4), the latest version of BGP, is an extension to BGP versions 3 and 2. BGP-4 is currently the routing protocol used to manage routing for the IPv4 Internet. BGP, originally drafted in RFCs 1105, 1163, and 1267, replaced Exterior Gateway Protocol (EGP) as the Internet routing protocol in the early 1990s. This chapter introduces the BGP protocol, explains BGP terminology, and covers BGP protocol operation. The next chapter focuses on BGP configuration.

Cisco Express Forwarding

Cisco Express Forwarding (CEF) is the most efficient way to switch Layer 3 traffic. The reason why CEF switching is more advanced than fast or optimum switching is that CEF switching is less CPU in tensi ve with the use of the Forwarding Information Base (FIB) and adjacency table. The FIB lookup) table is used to store all known routes from the routing table using a more advanced search algotithm and data structure, bypassing the need for process switching. Unlike the other route caching...

Class Based Shaping

As mention ed in the preceding section, as of Cisco IOS Software Release 12.2, it is possible to enal CBWFQ for service policies using class-based shaping. Class-based shaping enables you to configui class-by-class basis within service policies rather than a per-interface basis using GTS. Class-basec from within CBWFQ by using the shape command in policy map class configuration mode. Table 6 based shaping command and its arguments shape average target-bit-rate sustained-bit-rate...

Classifying and Marking Traffic with CAR

Committed access rate (CAR) is a traffic policy classification and marking method used to police IS on IS precedence, DSCS value, MAC addresses, or access lists. Traffic policy clas sif ication involves defining a traffic policy and using CAR to enforce rate limits. Tr conforms to the configured rate limit can be forwarded as is, or it can be marked to provide QoS at points all the way through the network. Marking changes the value of the IS precedence or DSCS in the ToS byte from the IS...

Cluster Limitations and Restrictions

These limitations apply to cluster configuration When there is a transition from the cluster active command switch to the standby command switch, Catalyst 1900, Catalyst 2820, and Catalyst 2900 4-MB switches that are cluster members might lose their cluster configuration. You must manually add these switches back to the cluster. (Error codes CSCds32517, CSCds44529, CSCds55711, CSCds55787, CSCdt70872) When a Catalyst 2900 XL or Catalyst 3500 XL cluster command switch is connected to a Catalyst...

Cluster Management Suite Limitations and Restrictions

These limitations apply to Cluster Management Suite (CMS) configuration Host names ond Domain Name System (DNS) server names that contain commas on a cluster command switch, member switch, or candidate switch can cause CMS to behave unexpectedly. You can avoid this instability in the interface by not using commas in host names or DNS name s. Also, do not enter commas when entering multiple DNS names in the IP Configuration tab of the IP Management window in CMS. ACEs that contain the host...

Clusterlist Attribute

The CLU STgR_LIST attriente, also defined in RFC 2796, is an optional n ontransit i ve attri bhte used to prevent loops when m ore than oue eoute reflector clester exists within an AS. The CLUSTERJJST is a 4-byte value that contains a list of CLUSTERED values that describe the teflecrlon path that a route passed through, similuFto the AS_PATH attribute. Saimilar t o tlu ORIGINATOR_ID, t he CLUSTER_ID is the BGP ID oo the ro uter. Whea a rou te refleuto r receives an update, it checks the value...

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the Cisco IOS Command Reference. The Command Reference describes these conventions as follows Vertical bars ( ) separate alternative, mutually exclusive elements. Square brackets indicate optional elements. Braces indicate a required choice. B races within brackets indicate a required choice within an optional element. Boldface indicates commands and keywords that are entered literally as shown. In...

Compression

Another way to increase the number of packets that can be transmitted is to reduce the size of frar enabling compression. Because compressed frames are smaller in size, more compressed frames ca sent across the media, improving transmission times. Compression is implemented either in hardw in software, depe nd mg on the Cisco IOS Software version installed, the type of interface and encap in use, and the hardware platform that it is installed onto. This chapter covers only software compr...

Conditional Route Advertisement

Condinional route advertisements grovide a met hod of user-d efined ro ute advertise mbnt that allows fo r moee conrrol over the way routes are advertised. Conditional route advertis ement s enablo oou to specify a set nf conditions to track She state of a route using a route map called a nonnexist-map, and if eh at route does not exest, advertise mothe route s e< riSied bye another route map caNed an advertise-map. Advertise maps can be used dy themselves to provide conditional route...

Configuring Ad van ced Featu rest on a CaLalys it 3550 Ethernet S witch

Spanning tree, after years of1 gemaining the Ondden eackeone in man y networks , finally ha s outgrow critics1 of a role as STP plaps, the 5 0-seco nd con ve rgence timu 20 seconds of max ag e expiring fo 15-secpnd Mstenrn g and a 15-second leatn i ng state is simp y too ktng for convergence in many mo natwovPs. h i sc o provid es many workarounds, some of which are di scuss ed hereg to help alleviate ti convergen ce iosues and staeil izc STP. Some a dva nced featuees os the Catalyse 35 50 i...

Configuring Backbone Fast

Backbone bast is another C i sco innovati on thar contInuer to improve dn Ihe amount ob time STI tak conveege. BackbnceFasr allow s STP to detect an indirect link failure and ose its a Itemative p aths in Thih tome is s ignifica atiy shorter than the defa ult 50 secon ds i t tahes STP to converge. BakkboneFa accompli shes tlas by the u se oh inrario r BPDUs and so me i ntelligent and logical deductions based o Backboheyast o pecates in the follow i ag maimer. A switch d etects an indiiect lmk...

Configuring Catalyst 3550 Ethernet Switches

The Catalyst 3550 is an extremely versatile switch. With the EMI image installed, the switch essent of the configuration options of the Cisco IOS Software found on a router. General management anc functions are configured just like they are on a router. For instance, the host name, enable passwo protocols, and IP addresses are all configured just as you would configure them on a router. If you experienced with configuring Catalyst 2900XL 35xx series switches and Cisco routers, you'll find co...

Configuring Layer 3 Ether Channel

To configure Layer 3 EtherChannel, you create the port-channel logical interface and then put the E interfaces into the port channel. The no switchport command must be used on the port channel a physical interface. The steps and syntax used to create a Layer 3 EtherChannel are as follows Step 1. Configure the port channel, disable Layer 2 switching, and assign an IP address to ti channel, as follows 3550_switch(config) interface port-channel 1-64 3550_switch(config-if) no switchport...

Configuring Nonnal Range VLANs

You can configure normal-range VLANs, VLANs 1 through 1001, in the global configuration mode o VLAN database. If VLANs are configured from the VLAN database, changes in VLANs must be comn apply command. All changes are also applied when the VLAN database is exited. If a mistake is m cancel VLAN changes with the abort or reset command as mentioned previously. The VLAN datab the file VLAN.DAT in Flash memory. You can copy the VLAN.DAT file to a TFTP server just as you ca memory file for backup...

Configuring Port Fast Spanning Tree and BPDU Guard

PortFast Spanning Tree should only be configured on edge switches. In this state, upon a local faili initialization, the 15-second listening state and the 15-second learning state are skipped. All ports permanent forwarding mode. For this reason, PortFast should only be used on end stations such as and servers. By d efault, STP PortFast is disabled it can be enabled with the following interface com 3550_switch(config-if) spanning-tree portfast disable The keyword disable removes the PortFast...

Configuring Route Maps

The route imp syntax is co mposed ol1 roug hly three sepanate Pisuo command s, depending on what map is a ccompMshi ng and what type of process is callmg it. This discussion co_grf the fo llow ing coi m detail as roote maps are annfigartd throughour this chapte r When configuring route maps, you can follow a basic five-step configuration process. Depending oi route map application, additional configuration may be needed, such as with BGP communities or I Step 1. (Optional) Configure any APLs,...

Configuring STP Root Guard

Root guard is a feature available in PVST+ and MST that protects the LAN from an undesired switcl root. This feature can prove useful when integrating two LANs or VLANs and you want to preserve t root switch in one LAN or VLAN from another switch becoming root of the network. It may also be i service provider network for extra security to prevent a customer's network from becoming root ov provider. Figure 1-25 illustrates where STP root guard would be used in VLAN 5. STP root guard will be...

Configuring VBRnrt Circuits

As the name implies, VBR-nrt circuits are designed to support traffic that does not require real-tim characteristics and can tolerate jitter and delay. Although ATM service level configuration is not rec router must Ire configured to support the proper ATM traffic-shaping values in order to provide the service provisioned by the ATM service provider. VBR-nrt VCs require three parameters to properly These include the following Each of these parameters is configured under PVC configuration mode...

Conoiguri ng UBR and UBR Circuits

UBR circuits do not guarantee that all traffic sent out on an interface will necessarily be transmitte< ATM network. These circuits are generally used under two circumstances The traffic sent across th tolerant of delay and jitter and only requires best-effort service, or there is a cost limitation preven level of service. Standard UBR circuits require only one configuration parameter, the PCR, and are PVC configuration mode using the ubrpcr command (where pcr is measured in kbps). UBR+...

Conserving Memory via BGP Configuration

BGP is a memory- an d processor-intensive protocol. At some point in your career, you will most likely run into a situation where you must run BGP on a router that does not have enough resources to support the existing BGP system requirements. A couple of options can help you handle with thie situaOiEn Upgrade th e memory, upgra de the routne, fiHed incomin g routes, or limit the it umber o1 prefixes that BGP will accept. Assuming that you cannot immediately upgrade the router itself, the...

Controlling Multicast

When it comes to controlling multicast in networks, you face several issues and have several points at which you can control it. Such control is of particular concern when it comes to rati limiting. How can you rate limit multicast traffic The short answer is, in several ways depending on the device performing the rate limiting. On the Catalyst 3550, you can rate limit on a per-port basis with a function known as storm control. To make sure tha t multicast traffic occupies no morn than 10...

Controlling STP by Removing It from Trunk Lines

In medium to large networ ks, it bgcom es crucia l to control how many instances of STP there are or and how many traverse the tsunks. Recal l that by default every VLAN w ill have a n icstan ce of STP, calls PVST+. Switch es wiil run an insta nce of STP on all truhks toe every VLAN they are aware of. If has five VLANs, th ere are five instance s of STP, a nd e ach i hatance h as a siegle root switch, and so Catalyet 3550 s aaaorts 128 i nstance s of STP per switch. Ot aer switcues, such as C...

Copyright

Copyright 2004 Karl Solie and Leah Lynch Cisco Press logo is a trademark of Cisco Systems, Inc. Published by Cisco Press 800 Past 96th Street Indianapolis, I N < 4(5240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review....

Custom Queuing

Each of the queuing methods discussed so far make a best effort to forward traffic of a certain priority. These queuing methods also have rather static configuration capabilities. WFQ enables you to control only the size and number of the queues and does not allow for much customization, whic h might be quite a problem if you must sort multiple traffic. PQ enables you to configure only four queues and the number of packets allowed in those queues. PQ also has one major drawback fower-priority...

Dedications

Leah Lynch This book is dedicated to my husband, Chad Lynch, who always supports, listens to, and encourages me. I love you. Karl Solie This book is dedicated to my family my mother and father, John and Linda Solie and my two brothers, Mike and Jim. We have been blessed with a close family and have a king's wealth of a different kind. This book is also dedicated to my wife, Sandra, and my two daughters, Amanda and Paige, for all their sacrifices over the years and their enduring love. You three...

Determining N etwork Application Requirements

If possible, try to obtain information on new network applications that will be deployed in your network. Try to find out what their network use requirements will be, how many computers will use the new applications, where they are located, and whether there are any bandwidth or link quality requirements. If you cannot increase the amount of bandwidth on your network, you may still be able to increase network performance by the use of Cisco IOS Software QoS features, inclu ding the followingi...

Determining Router Performance

Before attempting to determine the types of QoS that are required on your network, accomplish the following few tasks first Verify that your network hardware is properly configured and in good working order. Perform a network baseline to determine whether your hardware is adequate to support your requirements, and whether you have sufficient bandwidth to support your network applications. The baseline also s hows whether any of the applications on your network have certain link speed or quality...

Differentiated Services

Differentiated services, commonly referred to as DiffServ, provide a method of classifying packets i or classes of service (COS). Classes of service are defined by the values defined in the type of servi field of the IF3 header. The contents of this field were originally defined in RFCs 1122 and 1349, as Precedence and Type of1 Service fields. Several working groups made many valiant attempts at pac classification methods, but most of these efforts were not realized until recently, when newer...

EBGP Peer Relationships

E-BGP peer relationships are, undoubtedly, the most common type of BGP peering relationship that most enterprise network professionals will encounter. Regardless of how many peers one BGP speaker has, only a few types of connections can occur between E-BGP peers. Directly connected peers Peers that are directly connected usually over a WAN connection between the customer and the service providers, or between transit peers. IndirecEly connected peers N-BGP peers that must cross one or more...

Enforcing Traffic Policy with QoS

Networks generally have basic traffic policy requirements that must be enforced. For instance, service providers provide customers with WAN circuits such as ATM or Frame Relay. These circuits are provisioned with certain service level agreements that the service providers enforce on customers to provide all customers certain service levels. Customers are responsible for making sure that their network's traffic complies with those agreements by shaping, rate limiting, and pfio nizing their own...

Enter the Cisco Catalyst 3550 Intelligent Ethernet Switch

The Cisco Catalyst 355h is an intelligent Ethernet switch that provides impressive bandwidth, Layer 3 switching , and advanced quality of service (QoS) in a small footprint. The switch is called an intealigent switch because of many of the advanced features it brings to the traditional enterprise access switch. The switch can make decisions based on Layer 3 and Layer 4 information, thds making It intelligent. The Cisco Enhanced Multilayer Software Image (EMI) allows the switch to serve as a...

Equipment Need ed

One IP-based workstation, four Cisco routers, one Catalyst 3550 with the EMI software image installed, and one other Catalyst switch that supports MST and RSTP. Only one switch needs t be a Catalyst 3550 with the EMI installed. One router can be substituted for a workstation on VLAN 20. VLAN 20 should have at least one active IP device for testing. The switches eeed two bacle-to-ba ck 1 00BAS E-T I inks or a Gigabit Ethernet link for thie con nection betw een t he two switches. The other...

Equipment Needed

One Cisco router with five serial interfaces to act as a Frame Relay switch. Six Cisco routers with at least one serial and one Ethernet interface. One Cisco router with two serial interfaces. (One of these routers requires one Ethernet interface.) One switch connecting the five multiaccess routers in separate VLANs. One PC with an Ethernet NIC capable of running TCP IP with DHCP and a web browser. Portions of this lab are best suited for Cisco IOS Software versions up to or greater than...

Equipmenx Needed

Five Cisco routers, one Catalyst 3550 with the EMI software image installed, and one other C switch. Only one switch needs to be a Catalyst 3550 with the EMI installed. You may simulate switch wioh another Catalyst as long as it supports 802.1Q and EtherChannel. The switches need two back-to-back 100BASE-T links or a Gigabit Ethernet for the EtherChan coone ction. The other routers should be set up with a Category 5 connection to the appropria' as depicted in Figure 1-3S.

Established State

BGP peers reach the Estnblished Bate ufIee they havu succfssUuIIp exch y ged OPEN an d KEEPAnIVE messagesi After UUf peers rendu the Establiohed state, rhey begin to sbnd UPDATE messages containing routing formation and KEEPALIVE messages to verify the TCP Connection Ctate. If an etnor is enFountered at ann time while a peon is in the EstahiiFhed state, tihe lonal peer send s a NOTI FICATION mes sage with UUie reasou for the e Sror and transitions back to the Idle state. Figure 7-21 shows the...

Ethernet Physical Properties Half and Full Duplex Ethernet

Half-duplex mode fundamentally operates Ethernet in the classic carrier sense multiple access collision detect (CSMA CD) mode. Ethernet hubs are a good example of a device requiring half duplex. Half-duplex Ethernet has the follow characteristics High potential for collisions. Operates on shared media devices such as a hub, or a workstation. Operational efficiency is rated at 50 percent to 60 percent of the total bandwidth of the link. Full-duplex Ethernet allows for a station to simultaneously...

Example 11 Configuring the Management Interface on a Catalyst 3550

3550_switch(config) interface vlan 1 3550_switch(config-if) ip address 172.16.100.10 255.255.255.0 3550_switch(config-if) no shut 3550_switch(config-if) 00 07 25 LINK-3-UPDOWN Interface Vlanl, changed state to up 00 07 26 LINEPROTO-5-UPDOWN Line protocol on Interface Vlanl, changed state up If configuring a manag ement a dd revs o n a VLAN othee than VLAN 1, you must ensure thg foil owing kefore th e ivterhace w ll become up and active. 1. The VLAN matching the interface must be in the VLAN...

Example 110 Viewing an Extended VLAN

The Catalyst 3550 enables you to configure a range of interfaces at a single time. This can be timesaver if you have to configure many ports on a switch with the same characteristics. To cc range of interfaces, use the following global configuration command Switch(config) interface range interface type staring int - ending interface To configure the range of interfaces 0 1 through 0 10, for example, use the following comma 3550_switch (config)interface range fastethernet 0 1 - 10

Example 112 Assigning VLAN 2 to Interface fast

Switch(config) Switch(config-Switch(config- When the VTP mode is set to transparent, VLANs are automatically created with the switchport ac command you cio not need to statica lly configure them in the VLAN database. If the VTP mode is s you cannot configure VLANs on this switch. The VLANs must be configured on the server switch an< via VTP over a tpunk to the client switch.

Example 113 Configuring an ISL Trunk

3550_switch(config) interface gigabitEthernet 0 1 3550_switch(config-if) switchport trunk encapsulation dotlq 3550_switch(config-if) switchport mode trunk To verify whether the trunk is working, be sure to status both sides of the link. The output of the si interface_nameswitchport command and the output of the show interfacefnterface_nametrunk > present a general status of the trunk. The information presented here is very similar to the show t command on the Catalyst 4000 5500 6500 series...

Example 114 Status of a Trunk Line

3550_switch show interface gigabitEthernet 0 1 switchport Name Gi0 1 Switchport Enabled Administrative Mode trunk Operational Mode trunk Administrative Trunking Encapsulation dotlq Operational Trunking Encapsulation dotlq Negotiation of Trunking On Access Mode VLAN 1 (default) Trunking Native Mode VLAN 1 (default) Trunking VLANs Enabled ALL Pruning VLANs Enabled 2-1001 Protected false Unknown unicast blocked disabled Unknown multicast blocked disabled In 802.1Q networks, it is critical to...

Example 117 demonstrates the show vtp status command Example 117 Statusing a Trunk by Viewing VTP Status

Configuration Revision 3 Maximum VLANs supported locally 1005 Number of existing VLANs 12 VTP Operating Mode Server 0x40 0x2B 0xD9 0xD1 0x05 0xA4 0x98 0xF8 Configuration last modified by 206.191.241.43 at 3-1-93 18 06 59 Local updater ID is 172.16.128.16 on interface V1128 (lowest numbered VLAN interfa Preferred interface name is 3550 3550 switch

Example 119 Output of the show etherchannel Command

3550_switch show etherchannel 1 detail Group state L2 Ports 2 Maxports 8 Port-channels 1 Max Port-channels 1 Ports in the group Channel group 1 Mode On FEC Gcchange 0 Port-channel Pol GC 0x00010001 Pseudo port-channel Pol Age of the port in the current state 00d 03h 04m 31s Port state Up Mstr In-Bndl Channel group 1 Mode 0x00010001 Pseudo port-channel Pol 0x00 Age of the port in the current state 00d 03h 03m 17s Port-channels in the group Age of the Port-channel 00d 03h 04m 33s Logical slot...

Example 121 Verifying Global VTP Status

Configuration Revision 6 Maximum VLANs supported locally 1005 0x13 0xF9 0xA7 0x89 0x56 0x56 0x8D 0x54 Configuration last modified by 172.16.192.16 at 3-1-93 02 35 01 Local updater ID is 172.16.192.16 on interface V1192 (lowest numbered VLAN interfa Example 1-22 demonstrates the use of the show interface command in verifying VLAN prune elig show interface command was executed after the interface command switchport trunk pruning was entered on the yin switch.

Example 123 show spanningtree Command on the Yin Switch

Spanning tree enabled protocol ieee Root ID Priority 32768 Hello Time 2 sec Max Age 20 sec Forward Delay 15 Bridge ID Priority 32771 (priority 32768 sys-id-ext 3) Hello Time 2 sec Max Age 20 sec Forward Delay 15 Name Prio.Nbr Cost Sts Cost Bridge ID Fa0 3 128.3 19 FWD 3 32771 000a.8a0e, Fa0 20 128.16 19 FWD 3 32771 000a.8a0e, Example 1-24 demonstrates the clearing of VOANs 3 through 1001 on the trunk between the yin at switches. The second portion of the example shows the spanning tree for VOAN...

Example 125 Showing the Allowed VLANs on a Trunk

Port Mode Encapsulation Status Port Vlans allowed and active in management domain Po1 1-4, 10, 20, 30, 40, 50, 192 Port Vlans in spanning tree forwarding state and not pruned Removing VLANs from the trunks is one way to control STP for the switches that need redundancy you must use additional methods to control STP.

Example 126 Viewing Spanning Tree for VLAN

VLAN0001 VLAN0 0 02 VLAN0 0 03 VLAN0 0 04 VLAN0 0 05 yin Theshow spanmng-tree command and its subcommand, show spanning-tree vlan, display det valuable information about spanning tree. There are a few variations of this command depending o information you may want. Example 1-2S lists a portion of VLAN 2 output from the show spannin command on the yin switch.

Example 127 Viewing Spanning Tree for VLAN

Spanning tree enabled protocol ieee Root ID Priority 32768 < < < text omitted> > > VLAN0 0 02 65 (Port-channell) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 0 0 0a.8a0e.ba8 0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interfa ce Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr 3 32770 000a.8a0e.ba80 128.3 3 32770 000a.8a0e.ba80 128.16 0 100 0004.275e.f0c7 128.1...

Example 128 Viewing Spanning Tree for VLAN

3550_switch show spanning-tree summary Extended system ID is enabled. PortFast BPDU Guard is disabled EtherChannel misconfiguration guard is enabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active VLAN0 0 VLAN0 0 VLAN0 0 VLAN0 0 5 To properly set th e STP root, it hel ps to recali t he four-step decision process of STP and h ow spann determines root. The root is selected by the lowest-co st BID . The B ID is composed oP p riority follov address. 1....

Example 133 Configuring a Routed Port

3550_switch(config) interface fast 0 7 3550_switch(config-if) no switchport 02 06 22 LINEPROTO-5-UPDOWN Line protocol on Interface FastEthernet0 7, changed 02 06 23 LINK-3-UPDOWN Interface FastEthernet0 7, changed state to down 02 06 26 LINEPROTO-5-UPDOWN Line protocol on Interface FastEthernet0 7, changed 3550_switch(config-if) ip address 172.16.200.16 255.255.255.0 3550_switch(config-if) interface fast 0 8 3550_switch(config-if) no switchport 3550_switch(config-if) 02 06 53 LINEPROTO-5-UPDOWN...

Example 135 Dragon Switch Configuration

Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0 24 is subnetted, 5 subnets...

Example 136 Examining Spanning Tree Details

3550_switch show spanning-tree detail < < < text omitted> > > VLAN0100 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 100, address 0 0 0a.8a0e.ba80 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Number of topology changes 0 last change occurred 03 01 07 ago Times hold 1, topology change 35, notification 2 hello 2, max age 20, forward...

Example 137 Verifying STP Uplink Fast and Backbone Fast

3550_switch show spanning-tree summary Root Bridge for VLAN0010, VLAN0100. Extended system ID is enabled. PortFast BPDU Guard is disabled EtherChannel misconfiguration guard is enabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active VLAN010 3 Station update rate set to 150 packets sec. UplinkFast statistics Number of transitions via uplinkFast (all VLANs) 2 Number of proxy multicast addresses transmitted (all VLANs) 0 BackboneFast statistics Number...

Example 139 Configuration of RSTP and MST on the Yin Switch

Yin_switch(config) interface fast 0 3 yin_switch(config-if) spanning-tree portfast enable portfast on the router port yin_switch(config) spanning-tree mst configuration Enter the MST configuration mode yin_switch(config-mst) name cisco MST region name yin_switch(config-mst) revision 1 MST region revision yin_switch(config-mst) instance 1 vlan 2-100 VLANs 2-100 assigned to Instance 1 yin_switch(config-mst) instance 2 vlan 101-1005 VLANs 2-100 assigned to Instance 2 yin_switch(config-mst) show...

Example 143 Configuring a VLAN

3550_switch(config) vlan access-map allow_ip 10 3550_s(config-access-map) action forward 3550_s(config-access-map) match ip address permitip Call ACL permitip 3550_s(config-access-map) exit 3550_switch(config) 3550_switch(config) ip access-list extended permitip 3550_swi(config-ext-nacl) permit ip host 172.16.100.7 host 172.16.100.3 3550_swi(config-ext-nacl) permit ip host 172.16.100.3 host 172.16.100.7 3550_swi(config-ext-nacl) exit 3550_switch(config) 3550_switch(config) vlan filter allow_ip...

Example 145 Verifying Protected Ports

3550_switch show interfaces fast 0 7 switchport Administrative Mode static access Operational Mode static access Administrative Trunking Encapsulation negotiate Operational Trunking Encapsulation native Negotiation of Trunking Off Access Mode VLAN 100 (psv2_vlan100) Trunking Native Mode VLAN 1 (default) Trunking VLANs Enabled ALL Pruning VLANs Enabled 2-1001 Protected true Unknown unicast blocked disabled Unknown multicast blocked disabled Voice VLAN none (Inactive) Appliance trust none The...

Example 148 Configuring VLAN Port Membership

< < < text omitted> > > switchport access vlan 200 assigned to VLAN 200 switchport mode access no ip address interface FastEthernet0 4 no ip address interface FastEthernet0 5 no ip address interface FastEthernet0 6 no ip address interface FastEthernet0 7 switchport access vlan 100 assigned to VLAN 100 switchport mode access no ip address interface FastEthernet0 8 switchport access vlan 100 assigned to VLAN 100 switchport mode access no ip address You can verify the VLANs and VTP...

Example 149 Verifying VTP and VLAN Status

Maximum VLANs supported locally 1005 GxE6 Gx6C GxFD GxDA Gx1B GxCC Gx7B Gx8A Configuration last modified by 172.16.2.16 at 3-1-93 04 03 13 Local updater ID is 172.16.2.16 on interface Vl2 (lowest numbered VLAN interface) tundra_switch1 Step 3 call s for you to configure EtherChannel and 802.1Q trunking between the switches. The con on both switches will be identical for the EtherChannel, as long as both are Catalyst 3550s. Examp demonstrates the Gigab l t EtherChannel configuration on the...

Example 150 Configuring Gigabit Ether Channel with 8021Q Encapsulat

Tundra_switch(config) interface gigabitEthernet 0 1 tundra_switch(config-if) switchport trunk encapsulation dotlq tundra switch(config-if) switchport mode trunk tundra switch(config-if) channel-group 1 mode on EtherChannel Configuration Creating a port-channel interface Port-channel1 tundra (config-if) exit 00 23 18 LINK-3-UPDOWN Interface Port-channel1, changed state to up 00 23 19 LINEPROTO-5-UPDOWN Line protocol on Interface Port-channel1, changed s tundra switch(config) interface...

Example 152 SVI and Routed Interface Configuration

I IP routing must be enabled for routed INTs i interface FastEthernet0 10 no switchport i Disable switching ip address 10.16.128.16 255.255.255.G i Assign an IP address i CONFIG----------* interface Vlan2 ip address 172.16.2.16 255.255.255.G interface Vlan100 ip address 172.16.100.16 255.255.255.0 interface Vlan200 ip address 172.16.200.16 255.255.255.0 no ip redirects The final portion of the lab is to configure 0IGRP as the routing protocol. IP was enabled during the step, so that is not...

Example 153 Complete Configuration of the tundraswitch1 Switch

Enable secret 5 1 nt35 131XBSgKT6BmA1KHMqj1V1 i spanning-tree extend system-id spanning-tree vlan 100 priority 24576 spanning-tree vlan 200 priority 24576 i interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk pruning vlan 2,100,128,200 < < < text omitted> > > interface FastEthernet0 3 switchport access vlan 200 switchport mode access no ip address < < < text omitted> > > interface FastEthernet0 7 switchport access vlan 100 switchport mode access...

Example 155 Configurations of tundraprime and frozenrtr Routers

Ip address 172.16.200.101 255.255.255.0 router eigrp 2003 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes interface loopback 20 ip address 10.16.10.100 255.255.255.0 interface Ethernet0 0 ip address 10.16.128.100 255.255.255.0 router eigrp 2003 network 10.0.0.0 no auto-summary ip address 172.16.200.102 255.255.255.0 router eigrp 2003 network 172.16.0.0 no auto-summary interface Ethernet0 ip address 172.16.100.100 255.255.255.0 no ip directed-broadcast media-type 10BASE-T router...

Example 156 Management Portion of walkerl Thus

Hostname walkerl Set the hostname enable secret 5 1 nt35 131XBSgKT6BmA1KHMqj1V1 Enable Secret cisco < < < text omitted> > > interface Vlan1 no ip address shutdown interface Vlan192 MNGT VLAN and IP ip address 172.16.192.16 255.255.255.0 < < text omitted> > > The second step calls for you to configure VTP and VLANs. You need to configure a VLAN for any S access ports, and management VLANs. In this model, you need to configure five VLANs VLANs 20, 100, 192, 200, and 300. On...

Example 158 Configuring VLAN Port Membership

< < < text omitted> > > switchport access vlan 300 i assigned to VLAN 300 switchport mode access spanning-tree portfast I Portfast used in 802.1w no ip address switchport access vlan 100 I assigned to VLAN 100 switchport mode access spanning-tree portfast I Portfast used in 802.1w no ip address switchport access vlan 100 I assigned to VLAN 100 switchport mode access spanning-tree portfast I Portfast used in 802.1w no ip address When co nfiguring o ronge of V LANs, it co n be eosi er...

Example 159 Configuring a VLAN Range

Walker1(config) interface range fastEthernet 0 10 - 15 walker1(config-if-range) switchport mode access walker1(config-if-range) switchport access vlan 20 walker1(config-if-range) spanning-tree portfast Warning portfast should only be enabled on host. Connecting hubs, concentrators, switches interface when portfast is enabled, can cause Portfast will be configured in 6 interfaces but will only have effect when the interfaces You caa verify the VLANs and VTP with the show vlan command and the...

Example 161 Configuring Gigabit Ether Channel with 8021Q Encapsulation

Walker1(config) interface gigabit 0 2 walker1(config-if) switchport trunk encapsulation dot1q walker1(config-if) switchport mode trunk walker1(config-if) exit walker1(config) interface fast 0 17 walker1(config-if) switchport trunk encapsulation dot1q walker1(config-if) switchport mode trunk At this point of the configuration, VTP should be working between switches, and you should be able ping all local devices. Use the show vtp status command to verify VTP and ensure that both switc have the...

Example 163 Verifying MST

MST01 vlans mapped 2-300 Bridge address 0 0 0a.8a0e.ba8 0 priority 24577 (24576 sysid 1) edge P2P edge SHR edge P2P edge SHR P2P To test the functionality of MST and RSTP, perform the following test. Issue an extended ping from surgery router to the recovery router. Use a high number of pings, such as 10,000. While you are pinging the interfaces, disconnect the active trunk (in this model, the Gigabit Ethernet). You shoulc see RSTP converge almost instantly, with a 99-percent success rate on...

Example 164 Testing MST and RSTP

Target IP address 172.16.30.7 Repeat count 5 10000 Datagram size 100 Timeout in seconds 2 Extended commands n Sweep range of sizes n Type escape sequence to abort. Sending 10000, 100-byte ICMP Echos to 172.16.30.7, timeout is 2 seconds . . < Gig 0 2 dropped Success rate is 99 percent (9998 10000), round-trip min avg max 1 2 20 ms surgery In the next two steps, you configure SVIs and enable routing on the walkerl switch. You need four SVIs one for each VLAN and one for the management VLAN. One...