And Active Topology

In this scenario, the network has converged into two branches with all traffic flowing through the Root Bridge. However, notice how suboptimal the flows are Doom traffic between Host-A and Host-B must now flow through all seven bridges In the event that I haven't convinced you to avoid a randomly chosen Root Bridge, let me point out that the deck is stacked against you. Assume that Cat-1 is a vintage Cisco MGS or AGS router doing software bridging (Layer 2 forwarding capacity equals about...

Answers to Chapter 6 Review Questions

1 Summarize the three-step process that STP uses to initially converge on an active topology. A The three-step process is as follows Elect a single Root Bridge for the entire bridged network. Elect one Root Port for every non-Root Bridge. Elect one Designated Port for every segment. 2 How many of the following items does the network shown in Figure 6-24 contain Root Bridges, Root Ports, Designated Ports Assume all devices are operational. A The network in Figure 6-24 contains the following One...

ATM Core

The advantage of this approach is that it uses cost-effective Ethernet technology in the potentially large number of IDF closets. This design is often deployed using the campus-wide VLAN model to extend the speed of ATM through the Ethernet links. The downside is that it creates a large number of Layer 2 loops where redundant MDF-to-IDF links are used. Unfortunately, these links have been shown to create Spanning Tree loops that can disable the entire campus network. Furthermore, it is harder...

ATM Network

Ffpe Protein

Other VLAN types use combinations of Layer 2, Layer 3, or even Layer 4 to create shortcuts in a system. Layer 4 switching creates shortcuts based upon the Layer 3 addresses and upon the Layer 4 port values. This is sometimes called application switching and provides a higher level of granularity for switching. Chapter 11 provides a more thorough discussion on this subject in the context of MLS. Table 5-1 summarizes the various switch types found in the industry. Table 5-1 summarizes the various...

Attach to Three ELANs

You need the router shown in Figure 8-13 if workstations in one VLAN desire to communicate with workstations in another VLAN. The router can reside on the LAN side of the Catalysts, but this example illustrates the router on the ATM side. When a station in VLAN 1 attempts to communicate with a station in VLAN 2, the Catalyst bridges the frame out LEC 1 to the router. The router, which also has three clients, routes the frame out the LEC which is a member of ELAN 2 to the destination Catalyst....

B after a Link Failure

Therefore, the Spanning Tree Max Age and Forward Delay parameters can be safely reduced to 12 and 9 seconds, respectively (assuming the default Hello Time of 2 seconds). The safest and simplest way to accomplish this is to use the set spantree root macro to automatically modify the appropriate Spanning Tree parameters. As a result, convergence time can be reduced from a default of 30-50 seconds to 18-30 seconds. To further speed Spanning Tree convergence, UplinkFast, BackboneFast, and PortFast...

Backbone Fast

BackboneFast is a complementary (and patented) technology to UplinkFast. Whereas UplinkFast is designed to quickly respond to failures on links directly connected to leaf-node switches, it does not help in the case of indirect failures in the core of the backbone. This is where BackboneFast comes in. Don't expect BackboneFast to provide the two to three second rollover performance of UplinkFast. As a Max Age optimization, BackboneFast can reduce the indirect failover performance from 50 to 30...

Bottom line Controlling VTP in Large Networks

In large networks, these issues multiply and can develop into situations making you want to disable trunking, VTP, or other aspects of VLANs. Clearly, trunking remains as a necessary element of networking life. It is not practical to deploy a large network without trunks because of the number of resources that you consume with multiple access links. Therefore, trunks remain. However, as previously mentioned, we have methods of minimizing some of the negative side effects of trunking. VTP is...

Bridge Priority Load Balancing

How can Bridge Priority be used to accomplish load balancing in the two-building campus illustrated in Figure 7-17 As discussed in the previous section, the IDF switch (Cat-2C) found multiple equal cost paths to the Root Bridge. This caused the third decision criterion, Bridge ID, to be evaluated. Because Cat-2A and Cat-2B were using the default Bridge ID values, Cat-2A had the lower BID for all VLANs (32,768.AA-AA-AA-AA-AA-AA versus 32,768.BB-BB-BB-BB-BB-BB). This is precisely what ruined the...

Bundling Ports

When bundling ports for EtherChannel using early EtherChannel-capable line modules, you must follow a couple of rules Use contiguous ports for a bundle. All ports must belong to the same VLAN. If the ports are used for trunks, all ports must be set as a trunk. If you set the ports to trunk, make sure that all ports pass the same VLANs. Ensure that all ports at both ends have the same speed and duplex settings. You cannot arbitrarily select ports to bundle. See the following descriptions for...

Catalyst VLAN Configuration

Some VLAN components assign stations to VLANs based upon MAC addresses. The Catalyst, on the other hand, associates ports to a VLAN. Any device attached to the port belongs to the VLAN describing the switch interface. Even if a shared hub attaches to the port, all stations on the hub belong to the same VLAN. This is called a port-centric approach to VLANs. To configure VLANs in a Catalyst, you must first plan the VLAN membership and then assign ports to the correct VLAN. Planning VLAN...

Changing Traffic Patterns

Any effective campus design must take traffic patterns into account. Otherwise, switching and link bandwidth are almost certainly wasted. The good news is that most modern campus networks follow several trends that create unmistakable flows. This section discusses the traditional campus traffic patterns and shows how popular new technologies have drastically changed this. The earliest seeds of today's campus networks began with departmental servers. In the mid-1980s, the growth of inexpensive...

Understanding Spanning Tree

The authors would like to thank Radia Perlman for graciously contributing her time to review the material in this chapter. This chapter covers the following key topics What Is Spanning Tree and Why Use Spanning Tree Briefly explains the purpose of the Spanning-Tree Protocol (STP). Explains why some form of loop-prevention protocol is required to prevent broadcast storms and bridge table corruption. Four-Step STP Decision Sequence Describes the process that the Spanning-Tree Protocol uses for...

Console Configuration

The Catalyst 5000 series Supervisor module has one physical console connection. For a Supervisor I or a Supervisor II, the connection is an EIA-232 25-pin connection. For a Supervisor III module, the connection is an RJ-45 connector. Make sure that you know which kind of Supervisor module you are working with to ensure that you can attach to the console. The console has an interesting feature in that it can operate in one of two modes either as a console or slip interface. When used as a...

Creation Process

Host-B receives the IP ARP request. Recognizing its IP address in the ARP packet, it builds an IP ARP reply packet. Figure 9-19 illustrates the reply. In this case, the ARP message contains the MAC address in question. Also notice that ARP unicasts the reply back to the source node it is not sent to all nodes via the broadcast address. The LEC-B Catalyst receives the IP ARP reply. Having just added a bridging table entry for AAAA.AAAA.AAAA in Step 5, the frame is forwarded to the LANE...

Disabling STP

It might be necessary to disable Spanning Tree in some situations. For example, some network administrators disable STP in frustration after not being able to resolve STP bugs and design issues. Other people disable STP because they have loop-free topologies. Some shops resort to disabling STP because they are not aware of the PortFast feature (not to mention its interaction with PAgP as discussed earlier). If you do need to disable STP, Catalysts offer the set spantree disable command. On most...

Dont Forget PLANs

When creating a new design or when your first one or two attempts at solving a particular problem fail, redraw your VLAN design using physical LANs (PLANs). In other words, take the logical topology created through the use of virtual LANs and redraw it using PLANs. PLAN is a somewhat tongue-in-cheek term the author coined to describe a very serious issue. For some reason, the human brain is almost guaranteed to forget all knowledge of IP subnetting when faced with virtual LANs. People spend...

Duplicate Ring Protocol DRiP

In a Token Ring environment, each ring has a unique ring number identifying it for source-route bridging. Similarly, in a switched Token Ring, except for the default and backup TrCRFs mentioned earlier, each TrCRF has a unique ring number. If an administrator accidentally misconfigures another TrCRF with the same ring number, shown in Figure 3-11, the Token Ring switching process gets confused. Figure 3-11 Do not attempt this. Duplicate ring numbers are not allowed on multiple switches. Figure...

Endto End Distance

Another limitation on extending networks with repeaters focuses on distance. An Ethernet link can extend only so far before the media slotTime specified by Ethernet standards is violated. As described in Chapter 1, the slotTime is a function of the network data rate. A 10 Mbps network such as 10BaseT has a slotTime of 51.2 microseconds. A 100 Mbps network slotTime is one tenth that of 10BaseT. The calculated network extent takes into account the slotTime size, latency through various media such...

Ether Channel Development

EtherChannel defines a bundling technique for standards-based segments such as Fast Ethernet and Gigabit Ethernet. It does not cause the links to operate at clock rates different than they were without bundling. This makes the segments non Fast Ethernet- or Gigabit Ethernet-compliant. EtherChannel enables devices to distribute a traffic load over more than one segment while providing a level of resiliency that does not involve Spanning Tree or other failover mechanisms. The IEEE is examining a...

Ethernet Resiliency

Ethernet options (both Fast Ethernet and Gigabit Ethernet) rely upon Spanning Tree for resiliency. Spanning Tree, discussed in Chapter 6, Understanding Spanning Tree, operates at Layer 2, the data link layer. Components detect failures when they fail to receive BPDUs from the Root Bridge. Spanning Tree recovery can take as much as 50 seconds depending upon at what values you set the timers. EtherChannel, both Fast and Gigabit, provide local resiliency. Figure 8-19 shows two Catalysts...

Example 1118 HSRP Configuration for RouterA

Interface EthernetO description Link to wiring closet Catalysts ip address 10.1.1.2 255.255.255.0 standby 1 priority 110 standby 1 preempt standby 1 ip 10.1.1.1 standby 1 track Ethernet1 15 interface Ethernet1 description Link to backbone ip address 10.1.2.2 255.255.255.0 The real IP address is assigned with the usual ip address command. HSRP parameters are then configured using various standby commands. The shared IP address is added with standby group_number ip ip_address command. This...

Example 1124 Using Bridge Groups to Bridge between VLANs

Interface FastEthernet0 0 0 no ip address interface FastEthernet0 0 0.1 encapsulation isl 1 ip address 10.1.1.1 255.255.255.0 interface FastEthernet0 0 0.2 encapsulation isl 2 ip address 10.1.2.1 255.255.255.0 ipx network 2 bridge-group 1 interface FastEthernet0 0 0.3 encapsulation isl 3 ip address 10.1.3.1 255.255.255.0 ipx network 3 bridge-group 1 interface FastEthernet0 0 0.4 encapsulation isl 4 ip address 10.1.4.1 255.255.255.0 ipx network 4 bridge 1 protocol ieee The configuration in...

Example 114 Using the RSM for Extended pings

RSM ping Protocol ip Target IP address 10.1.1.55 Repeat count 5 100000 Datagram size 100 1024 Timeout in seconds 2 Extended commands n y Source address or interface Type of service 0 Set DF bit in IP header no y Validate reply data no y Data pattern 0xABCD 0000 Loose, Strict, Record, Timestamp, Verbose none Sweep range of sizes n Type escape sequence to abort. Sending 100000, 1024-byte ICMP Echos to 10.1.6.100, timeout is 2 seconds Packet has data pattern 0x0000 Example 11-4 illustrates the use...

Example 124 show vtp domain Output

Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode ---------wally 1 2 server - Vlan-count Max-vlan-storage Config Revision 5 1023 0 disabled Last Updater V2 Mode Pruning PruneEligible on ----------------------- 0.0.0.0 disabled disabled 2-1000 Console> (enable) For example, in the highlighted portion of Example 12-4, the Catalyst's display indicates that it belongs to the domain wally. If the Domain Name field is blank, the domain is NULL. VTP domain names are...

Example 125 Clearing a VLAN in a Management Domain

Console> (enable) clear vlan 10 This command will deactivate all ports on vlan 10 in the entire management domain Do you want to continue(y n) n y Vlan 10 deleted Console> (enable) Clearing a VLAN does not cause the ports in the management domain to reassign themselves to the default VLAN 1. Rather, the Catalysts keep the ports assigned to the previous VLAN, but in an inactive state. You need to reassign ports to an active VLAN before the attached devices can communicate again.

Example 1710 SNMP Trap Configuration

Cat-B2-1A> (enable) set snmp trap 10.100.100.21 trapped SNMP trap receiver added. Cat-B2-1A> (enable) set snmp trap enable module SNMP module traps enabled. Cat-B2-1A> (enable) set snmp trap enable chassis SNMP chassis alarm traps enabled. Cat-B2-1A> (enable) set snmp trap enable bridge SNMP bridge traps enabled. Cat-B2-1A> (enable) set snmp trap enable auth SNMP authentication traps enabled. Cat-B2-1A> (enable) set snmp trap enable stpx SNMP STPX traps enabled. Cat-B2-1A>...

Example 1714 Spanning Tree Configuration

Cat-B2-0B> (enable) set spantree root 20 dia 3 hello 2 VLAN 20 bridge priority set to 8192. VLAN 20 bridge max aging time set to 12. VLAN 20 bridge hello time set to 2. VLAN 20 bridge forward delay set to 9. Cat-B2-0B> (enable) Cat-B2-0B> (enable) set spantree root secondary 21 dia 3 hello 2 VLAN 21 bridge priority set to 16384. VLAN 21 bridge max aging time set to 12. VLAN 21 bridge hello time set to 2. VLAN 21 bridge forward delay set to 9. Cat-B2-0B> (enable) Cat-B2-0B> (enable)...

Example 1716 Configuring Passwords Banner System Information Dns Ip Permit List IGMP Snooping SNMP and Syslog

Cat-B2-0B> (enable) Cat-B2-0B> (enable) set password Enter old password Enter new password Retype new password Password changed. Cat-B2-0B> (enable) Cat-B2-0B> (enable) set enablepass Enter old password Enter new password Retype new password Password changed. Cat-B2-0B> (enable) Cat-B2-0B> (enable) Cat-B2-0B> (enable) set banner motd PRIVATE NETWORK -- HACKERS WILL BE SHOT MOTD banner set Cat-B2-0B> (enable) set system location Building 2 MDF System location set. Cat-B2-0B>...

Example 1717 Full Catalyst Configuration for CatB20B

Begin set password 1 FMFQ HfZR5DUszVHIRhrz4h6V70 set enablepass 1 FMFQ HfZR5DUszVHIRhrz4h6V70 set prompt Cat-B2-0B> set length 24 default set logout 20 set banner motd CPRIVATE NETWORK -- HACKERS WILL BE SHOTM C system set system baud 9600 set system modem disable set system name Cat-B2-0B set system location Building 2 MDF set system contact Joe x111 snmp set snmp community read-only lesspublic set snmp community read-write moreprivate set snmp community read-write-all mostprivate set snmp...

Example 1718 Full RSM Configuration for CatB20B

service timestamps log datetime localtime service password-encryption hostname Cat-B2-0B-RSM enable secret 5 1 JiA8 oFVSrScIZX2BnqDV W9m11 ip domainname happy.com ip name-server 10.100.100.42 ip name-server 10.100.100.68 ipx routing 00e0.4fb3.68a0 mls rp ip clock timezone EST -5 clock summer-time EDT recurring interface Vlan20 ip address 10.2.20.3 255.255.255.0 ip helper-address 10.100.100.33 ip helper-address 10.100.100.81 no ip redirects mls rp vtp-domain Happy-B2 mls rp management-interface...

Example 1724 Spanning Tree Configuration

Cat-B2-1A> (enable) set spantree root 1 dia 2 hello 2 VLAN 1 bridge priority set to 8192. VLAN 1 bridge max aging time set to 10. VLAN 1 bridge hello time set to 2. VLAN 1 bridge forward delay set to 7. Switch is now the root switch for active VLAN 1. Cat-B2- 1A> (enable) Cat-B2-1A> (enable) set spantree root 2 dia 2 hello 2 VLAN 2 bridge priority set to 8192. VLAN 2 bridge max aging time set to 10. VLAN 2 bridge hello time set to 2. VLAN 2 bridge forward delay set to 7. Switch is now the...

Example 174 Spanning Tree Configuration

Cat-B2- 1A> (enable) set spantree portfast 3 1-24,4 1-24,5 1-24,6 124,7 1-24 enable Warning Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary Spanning Tree loops. Use with caution. Spantree ports 3 1-24,4 1-24,5 1-24,6 1-24,7 1-24 fast start enabled. Cat-B2-1A> (enable) Cat-B2-1A> (enable) set spantree backbonefast enable Backbonefast enabled for all VLANs...

Example 51 Router on a Stick Configuration File

Interface fastethernet 2 0.1 ip address 172.16.10.1 255.255.255.0 ipx network 100 encapsulation isl 100 interface fastethernet 2 0.2 ip address 172.16.20.1 255.255.255.0 ipx network 200 encapsulation isl 200 interface fastethernet 2 0.3 ip address 172.16.30.1 255.255.255.0 encapsulation isl 300 Example 5-1 sets up a trunk between a device and the router. Trunks and InterSwitch Link (ISL) encapsulation are discussed in more detail in Chapter 8. Trunks allow traffic from more than one VLAN to...

Example 55 VLAN Database Example

PART 1 GLOBAL SETTINGS vmps domain < domain-name> The VMPS domain must be defined. vmps mode open secure The default mode is open. vmps fallback < vlan-name> vmps no-domain-req allow deny The default value is allow. The VMPS domain name MUST MATCH the VTP domain name. vmps domain testvtp vmps mode open vmps fallback default vmps no-domain-req deny PART 2 MAC ADDRESS DATABASE MAC Addresses vmps-mac-addrs address < addr> vlan-name < vlan_name> address 0060.0893.dbc1 vlan-name...

Example 64 Locating the Root Bridge with show spantree on Cat4 for VLAN

Cat-4 (enable) show spantree VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00-e0-f9-16-28-00 Designated Root Priority 100 Designated Root Cost 19 Designated Root Port 2 1 Root Max Age 10 sec Hello Time 1 sec Forward Delay 10 sec Bridge ID MAC ADDR 00-e0-f9-52-ba-00 Bridge ID Priority 32768 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Port Vlan PortState Cost Priority Fast-Start -------------------- 1 1 1 forwarding 19 32 disabled 1 2 1 forwarding 100 32...

Example 65 Locating the Root Bridge with show spantree on Cat3 for VLAN

Cat-3 (enable) show spantree VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00-e0-f9-16-28-00 Designated Root Priority 100 Designated Root Cost 0 Designated Root Port 1 0 Root Max Age 10 sec Hello Time 1 sec Forward Delay 10 sec Bridge ID MAC ADDR 00-e0-f9-16-28-00 Bridge ID Priority 100 Root Max Age 10 sec Hello Time 1 sec Forward Delay 10 sec Port Vlan Port-State Cost Priority Fast-Start --------- 1 1 1 forwarding 100 32 disabled 1 2 1 forwarding 19 32 disabled Several...

Example 86 Sample Router Configuration for 8021Q

Specify the interface to configure interface fastether 2 0.1 ip address 172.16.10.1 255.255.255.0 ipx network 100 encapsulation dot1q 200 The number at the end of the encapsulation statement specifies the VLAN number. The 802.1Q specification allows VLAN values between 0 and 4095 (with reserved VLAN values as discussed previously). However, a Catalyst supports VLAN values up to 1005. Generally, do not use values greater than 1005 when specifying the 802.1Q VLAN number to remain consistent with...

Existing Infrastructure

Your trunk choice might be limited to whatever technology you currently deploy in your network. If your Catalyst interfaces are Ethernet and Fast Ethernet, and your cabling is oriented around that, you probably elect to use some form of Ethernet for your trunk lines. The question becomes one, then, of how much bandwidth do you need to support your users. If your backbone infrastructure currently runs FDDI, you might not be able to do much with other trunk technologies without deploying some...

Figure 101 A MultiELAN Network Data Flow

Load Balancing Data Flow

Each hop through a router introduces additional latency and consumes routing resources within each router. Some of the latency stems from the segmentation reassembly process. Another latency factor includes the route processing time to determine the next hop. This element can be less significant in routers that do hardware routing (as opposed to legacy software-based routers). The hop-by-hop approach was necessary when networks interconnected with shared media systems such as Ethernet. Physical...

Figure 102 MPOA Model

Note also the presence of LANE components. MPOA depends upon LANE for intraELAN communications. Communication between a Multiprotocol Client (MPC) and a Multiprotocol Server (MPS) occurs over an ELAN. Communication between adjacent Next Hop Servers (NHSs), another MPOA component discussed later in the section on Next Hop Resolution Protocol (NHRP), also occurs over ELANs. Finally, MPSs also communicate over ELANs. Additionally, if frames are sent between MPCs before a shortcut is established,...

Figure 104 MPS Anatomy

The MPS has a set of interfaces attached to the ATM cloud and at least one interface for internal services. The external connections pointing to the ATM cloud consist of LANE client(s) and an MPS interface. The LANE clients support the MPOA device discovery protocol described later, and the actual flow of data before the shortcuts are established. The MPS also uses the LEC to forward resolution requests to the next NHS in the system. The service interface interacts with internal processes such...

Figure 105 MPOA Host Device Anatomy

Like the MPS, the MPC host device has internal and external interfaces. The external interfaces include the LEC and the MPC. The MPC communicates to the LES through the LEC to detect MPOA neighbors. Also, traffic transmissions that are initiated before a shortcut is established will pass through the LEC. The MPC interface, on the other hand, is used for shortcuts. When the MPC detects a flow, it issues a resolution request through its MPC interface. The MPC receives the resolution reply through...

Figure 107 MPOA Data Flow Summary

(1)Before the ingress MPC requests a shortcut, the MPC forwards frames through the LEC interface to the ATM cloud to the MPS. The MPS receives the flow on its LEC interface, performs routing and (2) forwards the frame to the next MPS. This continues until the frame reaches the egress MPS where the frame is forwarded (3) over the ELAN to the egress MPC. Until the ingress MPC establishes a shortcut, all frames pass through LECs at each device. When the ingress MPC detects a flow that exceeds the...

Figure 111 Routerona Stick Design

In this approach, traditional routers are connected via one or more links to a switched network. Figure 11-1 shows a single link, the stick, connecting the router to the rest of the campus network. Inter-VLAN traffic must cross the Layer 2 backbone to reach the router where it can move between VLANs. It then travels back to the desired end station using normal Layer 2 forwarding. This out to the router and back flow is characteristic of all router-on-a stick designs. Figure 11-1 portrays the...

Figure 1114 Each Catalyst Contains Only a Single VLAN

The results in Figure 11-14 are very similar to those in Figure 11-13. Cat-A sees the candidate packet, but only Cat-B sees the enable packet. Shortcut switching is not possible. MLS requires that the same NFFC or MSFC PFC must see the flow traveling to and from the router. This can require careful planning and design work in certain situations. However, simply placing both VLANs on both switches does not necessarily solve the problem. In Figure 11-15, both Cat-A and Cat-B contain the Red and...

Figure 1119 HostA Communicating with HostB via MLS

First, look at the case of Host-A sending traffic to Host-B. The traffic from Host-A to the router travels up the ISL links connecting the Catalysts and the router to each other. As the first packet hits the NFFC in each Catalyst, it is recognized as a candidate packet and three partial shortcut entries are created (one per Catalyst). As the packet travels back down from the router to reach Host-B, all three NFFC cards see the enable packet and complete the shortcut entries. However, as...

Figure 112 One LinkperVLAN

In this case, the switched network carries three VLANs Red, Blue, and Green. InterSwitch Link (ISL) trunks are used to connect the three switches together, allowing a single link to carry all three VLANs. However, connections to the router use a separate link for every VLAN. Figure 11-2 illustrates the use of 10 Mbps router ports however, Fast Ethernet, Gigabit Ethernet, or even other media such as Asynchronous Transfer Mode (ATM) or Fiber Distributed Data Interface (FDDI) can be used. There...

Figure 114 Sample MLS Network

This network consists of two VLANs, VLAN 1 (Red) and VLAN 2 (Blue). Two end stations have been shown. Host-A has been assigned to the Red VLAN, and Host-B has been assigned to the Blue VLAN. An ISL-attached router has also been included. Its single Fast Ethernet interface (Fast Ethernet1 0) has been logically partitioned into two subinterfaces, one per VLAN. The IP and MAC addresses for all devices and subinterfaces are shown. Figure 11-4 portrays the router as an ISL-attached external device...

Figure 117 Candidate Packet Fields

Poadcr Elhemel Hinder IF Heiidw Pflfiko Poadcr Elhemel Hinder IF Heiidw Pflfiko The ISL header contains a VLAN ID of 1. The Ethernet header contains a source MAC address equal to Host-A and a destination MAC address equal to 00-00-0C-11-11-11, the MAC address of subinterface 1 0.1 on the router. The source and destination IP addresses belong to Host-A and Host-B, respectively. The switch uses the destination MAC address to perform two actions It forwards the packet out Port 1 1 toward the...

Figure 1214 Flooding in a Multiple Domain Network

AW 1.3,3 A iivsVUANc 1,9,6 Actvo VI. AW 1.3,3 There are methods of controlling the distribution of flooded traffic throughout the network. These methods include the features of VTP pruning to control flooding, and modifications to the multicast behavior through Cisco Group Management Protocol (CGMP). VTP pruning is discussed in the section in this chapter, VTP Pruning Advanced Traffic Management. Details on controlling multicast with CGMP is described in Chapter 13,...

Figure 1311 CGMP Operation Example

In Figure 13-11, a Cisco router receives IGMP membership reports from PC-1 and PC-2. The router sends a CGMP configuration message to the Catalyst telling it about the source MAC address of the host and the multicast group from which it wants to receive traffic. For example, PC-1 asks to join 224.1.10.10. The router tells the Catalyst to send multicast traffic with the destination MAC address of 01-00-5E-01-0A-0A to the host with the source MAC address 00-60-08-93-DB-C1. The Catalyst searches...

Figure 137 An IGMP Version 2 Leave Demonstrated

The router currently forwards frames for both groups on the segment. The host currently subscribed to 224.2.20.20 decides that it no longer wants to receive the multicast stream for this group, so it transmits a leave message. The router receives this message and checks its multicast table to see if there are any other hosts on the segment that want the stream. In this example, there are no other hosts in the group. The router sends a group specific query message to the group 224.2.20.20 to...

Figure 1412 A Layer 2 Core

This creates a L2 L3 L2 profile throughout the network. The network's intelligence is contained in the distribution-layer MDF switches. Both the access (IDF) and core switches utilize Layer 2 switching to maintain a high price performance ratio. To provide redundancy, a pair of switches form the core. Because the core uses Layer 2 processing, this approach is most suitable for small to medium campus backbones. When building a Layer 2 core, Spanning Tree failover performance should be closely...

Figure 1413 A Loop Free Core

In Figure 14-13, the four Layer 2 switches forming the core have been kept loop free at Layer 2. Although a redundant path does exist through each distribution (MDF) switch, the pure routing behavior of these nodes prevents any Layer 2 loops from forming. If Spanning Tree is required within the core, blocked ports should be closely analyzed. Because STP load balancing can be very tricky to implement in the network core, compromises might be necessary. In addition to Spanning Tree, there are...

Figure 15 Networking with Class I Repeaters

Class II repeaters demand homogenous cabling to be attached to them. If you use 100BaseT4, all ports must be 100BaseT4. The only mix permitted uses 100BaseTX and 100BaseFX. Figure 1-6 illustrates a network with only one Class II repeater. Figure 1-6 Networking with one Class II Repeater Figure 1-6 Networking with one Class II Repeater Unlike Class I repeaters, two Class II repeaters are permitted as in Figure 1-7. The connection between the repeaters must be less than or equal to five meters....

Figure 1514 The Overlay Approach to Campus Migrations

To maintain connectivity between the old and the new network, a pair of redundant routers is used. This provides a single line where the two networks meet. Issues such as route redistribution and access lists can be easily handled here. Also notice that this causes the old network to resemble just another distribution block connected to the core of the new network (another benefit of the modularity created by the multilayer model).

Figure 162 Testing Cross VLAN Connectivity

In Figure 16-2, PC-1 desires, but fails, to communicate with PC-2 in the figure. Assume that it is an IP environment. From one PC or the other, attempt to communicate (maybe with ping) to the first hop router. For example, you might first initiate a ping from PC-1 to the Router 1 interface (point 1 in the figure). Do this byping ing the IP address of the ingress port of Router 1 which belongs to the same subnet as PC-1. Then, try the outbound interface on Router 1 (point 2 in the figure)....

Figure 163 A Lan Congestion Situation

In Figure 16-3, the aggregate traffic from the sources exceeds the bandwidth available. The upper devices connect at 100 Mbps, but attempt to access a device running at 10 Mbps. If all of the stations transmit at the same time, they quickly overwhelm the 10 Mbps link. This forces the Catalyst to internally buffer the frames until bandwidth becomes available. Like any LAN device, however, the Catalyst does not hold onto the frame indefinitely. If it cannot transmit the frame in a fairly short...

Figure 31 Transparent Bridge Flow Chart

Learn so urce address or retresh aging tinner broadcast, mu If cast, or unknown uni cast Are the source and destination on the When a frame enters the transparent bridge, the bridge adds the source Ethernet MAC address (SA) and source port to its bridging table. If the source address already exists in the table, the bridge updates the aging timer. The bridge examines the destination MAC address (DA). If the DA is a broadcast, multicast, or unknown unicast, the bridge floods the frame out all...

Figure 34 A Source Route Bridged Network

Tipos Dispositivos Entrada

When Station A wants to communicate with Station B, Station A first sends a test frame to determine whether the destination is on the same ring as the source. If Station B responds to the test frame, the source knows that they are both on the same ring. The two stations communicate without involving any Token Ring bridges. If, however, the source receives no response to the test frame, the source attempts to reach the destination on other rings. But the frame must now traverse a bridge. In...

Figure 514 Layer 3 Design in a Switched Network

Cctv San Storage

Part V of this book describes VLAN design philosophies. One approach, the Layer 3 distribution design, minimizes the Spanning Tree extent and topology because the Spanning Tree is constrained to the pockets of access devices. Access pockets can be placed on floors as in Figure 5-15. Each floor has its own access network. Users on the floor share the access network regardless of their community of interest. Engineering and accounting might share the VLAN. If necessary, the access network can be...

Figure 520 Dynamic VLAN Architecture

Architecture Vlan

MfVC 1 VLAN t MAO 2 VLAM t MAC 3 VLAN 20 Cat-B and Cat-C are each configured as VMPS clients and get port-to-VLAN authorizations from the VMPS server. Therefore, they need to be able to communicate with the VMPS server. The following list outlines the steps for configuring dynamic VLANs Step 1. Build the VLAN database and load into a TFTP server. Step 2. Configure the VMPS server IP address. Step 3. On the VMPS server, enter the IP address of the TFTP server. Step 4. Configure VMPS clients with...

Figure 54 Traditional Frame Flow in a Routed Network

When the frame enters Router 2, the router not only determines the next hop to move the frame toward the destination, but it also performs a new Layer 2 encapsulation with a new destination source MAC address pair, performs some Layer 3 activities such as decrementing the TTL value in an IP header, and calculates a new frame check sequence (FCS) value. Router 3 performs a similar set of actions before sending the frame to Station B. This is often called packet-by-packet switching. The same...

Figure 611 Possible Port States and Transitions

(1) Port enabled or initialized, (3) Port selected as a Root or Designated Port. (4) Port ceases to be a Root or Designated Port. Figure 6-12 shows the sample network with the port classifications and states listed. Notice that all ports are forwarding except Cat-C Port-1 2. Figure 6-12 shows the sample network with the port classifications and states listed. Notice that all ports are forwarding except Cat-C Port-1 2.

Figure 616 Topology Change Notification BPDU Decode

I j-g Address j h )SS F Address 0x42, CR bit 0 (Command) j -5 DS P Address Ok42, IG bit 0 individual address) Type 0h8D (Topology Change Notification) The TCN BPDU is much simpler than the Configuration BPDU illustrated in Figure 615 and consists of only three fields. TCN BPDUs are identical to the first three fields of a Configuration BPDU with the exception of a single bit in the Type field. After all, at least one bit is needed to say this is a TCN BPDU, not a Configuration BPDU. Therefore,...

Figure 722 A Typical Campus Network Using Uplink Fast

Cat-D is an IDF switch that is connected to two MDF switches (Cat-B and Cat-C). Although set spantree uplinkfast is a global command that applies to all VLANs, this section only analyzes a single VLAN VLAN 2. Cat-A, the server farm switch, is the Root Bridge for VLAN 2. Cat-D has two uplink ports that are potential Root Port candidates. Utilizing the load balancing techniques discussed earlier, the cost on Port 1 2 has been increased to 1000 to force VLAN 2's traffic across the 1 1 link. Notice...

Figure 818 Catalyst ATM Resiliency

To account for this, the Catalyst LANE module provides two physical interfaces, PHY A and PHY B. In Figure 8-18, a Catalyst attaches to two ATM switches. PHY A attaches to ATM Switch 1 and PHY B attaches to ATM Switch 2. The Catalyst activates only one of the interfaces at a time. The other simply provides a backup path. If the active link fails, the Catalyst activates the backup port. The Catalyst must rejoin the ELAN and then reattach to the other...

Figure 820 Bandwidth Options for Ethernet Based Trunks

Part A of Figure 8-20 shows an interconnection where each link is dedicated to a VLAN. No trunk encapsulation is used and frames are transported in their native format. Only one link per VLAN between the Catalysts can be active at any time. Spanning Tree disables any additional links. Therefore, bandwidth options are only 10 100 1000 Mbps. By enabling ISL trunking, you can share the link bandwidth with multiple VLANs. A single Fast Ethernet or Gigabit Ethernet link as in Part B of Figure 8-20...

Figure 88 Using Token Ring Isl Trisl to Transport Token Ring Over an Ethernet Trunk

Unfortunately, Token Ring attributes differ significantly from Ethernet. Differences between Token Ring and Ethernet include the following Frame sizes Token Ring supports frames both smaller and extremely larger than Ethernet. Routing Information Field Token Ring frames can include an RIF which is meaningless in an Ethernet system. Explorer frames Token Ring stations can transmit an explorer frame to discover the relative location of a destination device. This frame type includes a bit...

Figure 91 A Typical Channelized Network

Figure 9-1 illustrates a small corporate network with three sites headquarters is located in New York City with two remote sites in Washington, DC and Los Angeles. The NY site has a single T1 to the carrier's nearest Central Office (CO). This T1 has been channelized into two sections one channel to DC and another to LA. Figure 9-1 illustrates a small corporate network with three sites headquarters is located in New York City with two remote sites in Washington, DC and Los Angeles. The NY site...

Figure 929 HandsOn Lab Diagram

Table 9-6 shows the LANE components that should be configured on each device. Table 9-6. LANE Components to Be Configured Table 9-6. LANE Components to Be Configured Configure IP addresses on the SC0 interfaces of both Catalysts, the router subinterfaces, and the LS1010 subinterfaces (use interface atm 2 0 0 or 13 0 0 for the LS1010). Configure HSRP between the ATM router and an RSM located in LEC-A. Table 9-7 provides IP addresses that can be used. Table 9-7. IP Addresses for Hands-On Lab...

Figure 93 Three Layer ATM Stack

First, ATM must obviously chop up large IP packets before transmission. The technical term for this function is the ATM Adaptation Layer (AAL) however, I use the more intuitive term Slice & Dice Layer. The purpose of the Slice & Dice Layer is to act like a virtual Cuisinart xa8 that chops up large data into small, fixed size pieces. This is frequently referred to as SAR, a term that stands for Segmentation And Reassembly, and accurately portrays this Slice & Dice function (it is also...

Figure 94 Pointto Point and Pointto Multipoint

Point-to-point virtual circuits behave exactly as the name suggests one device can be located at each end of the circuit. This type of virtual circuit is also very common in technologies such as Frame Relay. These circuits support bi-directional communication that is, both end points are free to transmit cells. Point-to-multipoint virtual circuits allow a single root node to send cells to multiple leaf nodes. Point-to-multipoint circuits are very efficient for this sort of one-to-many...

Figure 95 Vpivci Usage in an ATM Network

The NY router uses a single physical link connected to Port 0 on the NY ATM switch carrying both virtual circuits. How, then, does the ATM switch know where to send each cell It simply makes decisions based on VPI VCI values placed in ATM cell headers by the router. If the NY router (the ATM edge device) places the VPI VCI value 0 50 in the cell header, the ATM switch uses a preprogrammed table indicating that the cell should be forwarded out Port 2, sending it to LA. Also, note that this table...

Figure A1 Uplink Strategies for Failover

3 Table 4-4 shows how to recall and edit a command from the history buffer. How would you recall and edit the following command so that you move the ports from VLAN 3 to VLAN 4 A You cannot simply use the edit 3 4 because this changes not just the VLAN, but the port list too. Ports 3 12-21 become 4 12-21. Rather, you could use the command vlan 3 -vlan 4 and be more specific about the string you are modifying. This changes only the VLAN assignment without modifying the port values. 4 What...

Figure A5 Solution to Question

SerifrT'FiimvCsM BID - SaTfiS. -60-SS-tl-11-11 SerifrT'FiimvCsM BID - SaTfiS. -60-SS-tl-11-11 Svr_Farm -Cat-1 becomes the Root Bridge because it has the lowest BID. MDF-Cat-2 and MDF-Cat-3 elect Root Ports based on the lowest Root Cost Path (19 versus 38). IDF-Cat-4 and IDF-Cat-5 have two equal-cost paths (38) to the Root Bridge. Therefore, to elect a Root Port, they have to use Sender BID as a tie breaker. Because MDF-Cat-2 has a lower Sender BID than MDF-Cat-3, both IDF Cats select the link...

Figure A8 Primary Topology for Even VLANs Backup Topology for Odd VLANs

Cat-1A is the backup Root Bridge for the even VLANs and Cat-2B is the backup Root Bridge for the odd VLANs. Therefore, the backup topology for the odd VLANs is the same as Figure A-7c, whereas the backup topology for the even VLANs is the same as Figure A-7b. Answers to Chapter 8 Review Questions 1 What happens in a traffic loading situation for EtherChannel when two servers pass files between each other A All of the traffic between the servers crosses the same segment. This happens because the...

General Principles of Spanning Tree Load Balancing

Spanning Tree load balancing requires that two characteristics be built into the network Multiple paths that form loops If the network doesn't contain loops, there cannot be multiple paths over which the load can be distributed. By way of illustration, if two switches only have one Fast Ethernet link between them, it is fairly difficult to do any load balancing. This concept is obviously tightly coupled with the desire to have redundancy in campus networks. For example, most networks employ at...

How to Handle Non Routable Protocols

Chapter 11 discussed various approaches to integrating Layer 3 routing with Layer 2 bridging, including options such as bridging between VLANs, Concurrent Routing and Bridging (CRB), and Integrated Routing and Bridging (IRB). Most organizations utilize one of these techniques because of the need to have users in two different VLANs communicate via a non-routable protocol such as NetBEUI or LAT. Although the techniques discussed in Chapter 11 can provide relief in limited situations, it is...

In Figure 1129

Load Balencer Cisco

Unfortunately, this can create a very subtle problem. Consider what happens if Host-A tries to send IP data to Host-B. Host-A recognizes that Host-B is in a different subnet and forwards the traffic to Router-A, its default gateway. Router-A does the normal IP routing thing and forwards the traffic out its interface E1. However, the traffic cannot be delivered to Host-B because the Layer 2 switches have blocked the path (remember that Spanning Tree blocks all traffic on a Catalyst, not just...

Infrastructure Resiliency Needs

By definition, a lot of users depend upon trunk availability. A trunk carries traffic from more than one VLAN and can, in fact, carry traffic from all VLANs. If a trunk fails between critical points in the network, services become unreachable, causing your pager and or phone to go off. This is not a desirable event. You might, therefore, need to consider how each of the trunk methods operate in the presence of failures. The good news is that each of the trunk technologies have resiliency...

Inter Subnet Communications

As discussed earlier, occasions arise where hosts in different VLANs need to communicate with each other over ATM. VLANs have similarities to ELANs on the ATM network. VLANs describe broadcast domains in a LAN environment, whereas ELANs describe broadcast domains in an ATM environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. If the inter-VLAN routing occurs on Ethernet, Multilayer Switching (MLS) is an appropriate...

IP Addressing

Each VLAN utilizes a single IP subnet. Happy Homes will use network 10.0.0.0 with Network Address Translation (NAT) to reach the Internet. The design document calls for the following IP address scheme The subnet mask will be 24 (or 255.255.255.0) for all links. For example, the thirtieth address on the Sales VLAN in Building 1 would be 10.1.11.30. Because HSRP will be in use, three node addresses are reserved for routers on each subnet. The .1 node address is reserved for the shared HSRP...

IP and IPX Addresses

Because Design 2 is less flat than Design 1, it requires more IP subnets (and IPX networks). For example, every link through the core is a separate subnet. Furthermore, every IDF uses a separate subnet as a management VLAN (remember, all VLAN terminate at the MDF switches). To avoid using an excessive number of address space, variable length subnet masking (VLSM) has been specified in Design 2. Although in reality this is not a concern for most organizations using the Class A network such as...

Is Lost

Load Balencer Cisco

Cat-D changes MAC address 00-AA-00-12-34-56 (Host-A) to Port 1 2 so that it has a correct view of the network. However, notice that Cat-A, Cat-B, and Cat-C are still trying to send traffic for 00-00-1D-2B-DE-AD (Host-B) to the broken link This is where the real ingenuity of UplinkFast comes in Cat-D sends out a dummy multicast frame for the addresses in its local Bridging Table. One frame is sent for each MAC address that is not associated with one of the uplink ports. These packets are sent to...

Keep and Maintain Network Documentation

One element for any troubleshooting philosophy to work is frequently absent documentation. Many administrators neglect to document their network, or if they do, they do not keep the documentation up to date. Documentation provides the framework to answer fundamental questions such as, What changed or What connects to device X or What Layer 2 paths exist from point A to point B Reconstructing the network topology documentation during a crisis does not lend itself to an efficient or structured...

Key Requirements of Campus Designs

The ideal campus network should strive to achieve certain objectives. Some of these aspects have already been mentioned, but several new and important issues are introduced here (the new points are mentioned first) Load balancing Given redundant paths, load balancing allows you to utilize all of the bandwidth you paid for. As is discussed in more detail in Chapter 15, flexibility, intelligence, and ease of configuration can be critical factors when utilizing this important feature....

LANE Theory of Operation

Now that the chapter has built a common foundation of ATM knowledge, the following sections dive into the specifics of LAN Emulation. Before beginning, let me reiterate that the goal is not to clobber you with every subtle nuance of LANE (although it will probably feel like that in ten pages). For example, the LANE specifications contain many optional features rather than trying to highlight every option, the material focuses on the real-world applications and common practices of LANE. Many...

Links

32,769 A A-A A-A A- AA-A A-A A 100 B B- B B- B B-BB- B B- B B Cat-B becomes the Root Bridge because it has the lower BID. Cat-A therefore needs to select a single Root Port. In the previous examples of back-to-back switches, the links did not cross and Port 1 1 became the Root Port because of In this case, the crossed links force you to think about the fact that it is the received Port ID that influences the Cat-A, not Cat-A's local Port ID values. Although Cat-A Port-1 2 has the higher local...

Load Balancing with MHSRP

Using Spanning Tree and multiple VLANs can be effective if Layer 2 loops and multiple VLANs exist on Cat-C, the wiring closet switch. However, this is not always the case. Many network designers want to deploy networks similar to the one illustrated in Figure 11-27. Figure 11-27 A Network Using a Single VLAN in the Wiring Figure 11-27 A Network Using a Single VLAN in the Wiring The design in Figure 11-27 has the wiring closet switch directly connected to a pair of switching routers such as the...

Manipulating Spanning Tree Parameters

By tuning a variety of Spanning Tree parameters, the blocked port can be moved to one of the ports on the router. By doing so, the router can have full access to the network for routable protocols but also prevent Layer 2 loops within the non-routable protocols. In short, this allows the router to create a protocol-specific Blocking port. For routable protocols, the Spanning Tree Blocking port is ignored. However, for protocols the router does not route, the Blocking port is enforced. In...

Network Diameter Designing with Repeaters in a 100BaseX Network

In a legacy Ethernet system, repeaters extend cable distances, allowing networks to reach further than the segment length. For example, a 10Base2 segment only reaches 185 meters in length. If an administrator desires to attach devices beyond this reach, the administrator can use repeaters to connect a second section of 10Base2 cable to the first. In a 10BaseT network, hubs perform the repeater functions allowing two 100 meter segments to connect together. Legacy repeaters are discussed in more...

Note

Topologie Spanning Tree Ale

The current documentation claims that set spantree root sets the value to 100 less than the current value if 8,192 is not low enough to win the Root War. However, I have always observed it to reduce the value only by 1. To make another Catalyst function as a backup Root Bridge, Telnet to that device and enter the following This lowers the current Catalyst's Bridge Priority to 16,384. Because this value is higher than the value used by the primary, but lower than the default of 32,867, it is a...

OSI Logistics for Moving Network Users

During the early 1990s, a movement was afoot to eliminate routers from the networks and create one large, flat-bridged network. These were known as end-to-end VLANs. The motivations for this type of design are considered in this section. However, as a preamble, it is important to note that experience with the end-to-end VLANs demonstrated that they do not scale well in networks and forced users to reinstate routers in the network. One of the scaling issues was with Spanning Tree. Today's design...

Planning VLANs

Before you enable new VLANs, make sure that you know what you really want to do and how your actions can affect other VLANs or stations already present in your system. The planning at this stage can primarily focus around Layer 3 issues. What networks need to be supported in the VLAN Is there more than one protocol that you want in the VLAN Because each VLAN corresponds to a broadcast domain, you can support multiple protocols in the VLAN. However, you should only have one network for each...

Port Fast

PortFast is a feature that is primarily designed to optimize switch ports that are connected to end-station devices. By using PortFast, these devices can be granted instant access to the Layer 2 network. Think for a moment about what happens when you boot your PC every morning. You flip the big red switch, the monitor flickers, it beeps and buzzes. Somewhere during that process your network interface card (NIC) asserts Ethernet link, causing a Catalyst port to jump from not connected to the STP...

Problem 1 Network Security

The first issue is the shared media nature of legacy networks. Whenever a station transmits in a shared network such as a legacy half-duplex 10BaseT system, all stations attached to the segment receive a copy of the frame, even if they are not the intended recipient. This does not prevent the network from functioning, but software packages to monitor network traffic are readily available and run on a number of workstation platforms. Anyone with such a package can capture passwords, sensitive...

Q ISL and Spanning Tree

When Cisco introduced switched LAN solutions, it recognized the possibility of a complex Catalyst topology. Consequently, Cisco supports multiple instances of Spanning Tree. You can create a different Spanning Tree topology for every VLAN in your network where each VLAN can have a different Catalyst for a Root Bridge. This allows you to optimize the bridged network topology for each VLAN. The selection of a Root Bridge for VLAN 10 might not be the best choice for VLAN 11, or any VLAN other than...

Q VLANs and Vendor Interoperability

Switch Router Configuration

Because vendors took individual approaches to create VLANs, network administrators were impaired whenever multiple vendor solutions were introduced into their system. A multi-vendor VLAN must be carefully handled to deal with interoperability shortcomings. Recognizing this deficiency in the industry, IEEE commissioned the 802.1Q committee to develop a vendor-independent method to create interoperable virtual bridged local area networks. IEEE 802.1Q describes concepts called the shared VLAN...