Complete LANE Network

Figure 9-26 pulls together many of the concepts and commands discussed earlier in previous sections. This section also shows the configuration for an ATM-attached router. The network consists of two Catalysts that contain Ethernet and LANE modules. Each Catalyst has been configured with two VLANs that use ATM as a trunk media. VLAN 1 is transparently bridged to ELAN1, creating a single broadcast domain. VLAN 2 uses ELAN2. Both Catalysts have two LANE Clients, one for each ELAN. Cat-A is acting...

A flow mask

The first mechanism handles the case where a packet is forwarded to the router and never returned to any Catalyst because it failed an access list. As a result, MLS can be a safe and effective technique. The MLSP flush mechanism provides important integration between the router and the NFFC. If the router is configured with an access list, the MLSP protocol can be used to cause all cache entries to be flushed (forcing new entries to be processed by the access list). The flush mechanism is also...

Acknowledgments

Kennedy Clark An avid reader of all things nerdy, I have always taken acknowledgements and dedications fairly lightly. Having now been through the book-writing process myself, I can assure you that this will never be the case again. Writing a book (especially one on technology that is as fast-moving as switching) is an incredibly demanding process that warrants a huge number of thank yous. In the brief space I have here, I would like to express appreciation to a small number of the people...

Addressing in Ethernet

How do stations identify each other In a meeting, you identify the intended recipient by name. You can choose to address the entire group, a set of individuals, or a specific person. Speaking to the group equates to a broadcast a set of individuals is a multicast and addressing one person by name is a unicast. Most traffic in a network is unicast in nature, characterized as traffic from a specific station to another specific device. Some applications generate multicast traffic. Examples include...

Advantages of Campus Wide VLANs

As the paragraphs that follow attest, there are some alluring aspects to the flat earth approach. First, the campus-wide VLANs model allows network designers to create a direct Layer 2 path from end stations to the most commonly used servers. By deploying Layer 2 switching in all three layers of the access distribution core model, campuswide VLANs should dramatically increase available bandwidth. The second advantage of the campus-wide VLANs model is that VLANs can be used to provide logical...

Advantages of Routing

One of the key themes that is developed throughout this chapter is the idea that routing is critical to scalable network design. Hopefully, this is not news to you. However, given the recent popularity and focus on extremely flat, avoid-the-router designs, a fair amount of attention is devoted to this subject. Many people are convinced that the key objective in campus network design is to eliminate as many routers as possible. On the contrary, my experience suggests that this is exactly the...

Advertisement Requests

A Catalyst issuing the third VTP message type, an advertisement request, solicits summary and subset advertisements from a server in the management domain. Catalysts transmit an advertisement request whenever you reset the Catalyst, whenever you change its VTP domain membership, or whenever it hears a VTP summary advertisement with a higher configuration revision number than it currently has. This can happen if a Catalyst is temporarily partitioned from the network and a change occurs in the...

Always specify the VLAN parameter with Spanning Tree commands to avoid accidental changes to VLAN 1 Many of the

Commands allow you to omit the VLAN parameter. When doing so, you are implying VLAN 1. To avoid confusion and unintentional modifications to VLAN 1, it is best to get in the habit of always specifying this parameter. The original implementations of Fast EtherChannel in 2.2 and 2.3 NMP images did not support STP over EtherChannel. Spanning Tree still viewed the link as two or four separate ports and would block all but one (obviously defeating the purpose of EtherChannel). The limitation was...

Always Specify Your Root Bridges

Chapter 6 discussed the problems that can arise when you do not manually specify Root Bridge locations in your network. It is highly possible (even probable if using older Cisco equipment) that a suboptimal bridge or switch wins the Root War election. Rather than leaving it to chance, always specify both a primary and a secondary Root Bridge for every VLAN (in a large and very flat network, it might be beneficial to also specify a tertiary Root Bridge). By manually setting the Root Bridges, it...

And Active Topology

The setup in Figure 6-21 clearly illustrates the basic objective of the Spanning-Tree Protocol make one bridge the center of the universe and then have all other bridges locate the shortest path to that location (all roads lead to Rome). This results in an active topology consisting of spoke-like branches that radiate out from the Root Bridge. Notice that the Root Bridge is acting as the central switching station for all traffic between the four branches and must be capable of carrying this...

And MAC Addresses

Although both routers are assigned unique IP addresses as normal (10.1.1.2 and 10.1.1.3), HSRP provides a third address that both routers share. The two routers exchange periodic hello messages (every three seconds by default) to monitor the status of each other. One router is elected the active HSRP peer and handles all router responsibilities for the shared address. The other node then acts as the standby HSRP peer. If the standby peer misses three HSRP hellos, it then assumes that the active...

Answers to Chapter 4 Review Questions

1 What happens if you replace the active Supervisor module A If you replace the active module, the standby becomes the active Supervisor module. If the configuration files differ between the two, the now active Supervisor updates the configuration on the replacement module. Likewise, if any software images differ, the now active module updates the replacement unit. 2 If your redundant Supervisor engines are running software version 4.1, the uplink ports on the standby engine are disabled until...

Answers to Chapter 5 Review Questions

1 Early in this chapter, it was mentioned that you can determine the extent of a broadcast domain in a switched network without configuration files. How do you do it A You can use a brute force approach where you systematically attach a traffic source on a port on a switch configured to generate broadcasts. With a network analyzer, you then check every port in the system to observe where the broadcast appeared. Every port where the broadcast is seen is a member of the same VLAN as the source....

Answers to Chapter 6 Review Questions

1 Summarize the three-step process that STP uses to initially converge on an active topology. A The three-step process is as follows Elect a single Root Bridge for the entire bridged network. Elect one Root Port for every non-Root Bridge. Elect one Designated Port for every segment. 2 How many of the following items does the network shown in Figure 6-24 contain Root Bridges, Root Ports, Designated Ports Assume all devices are operational. A The network in Figure 6-24 contains the following One...

As a last resort to achieve network stability under the campuswide VLANs design model However because this also

When using Catalyst 8500-style switching routers in the MDF distribution layer closets Because switching routers result in loopfree Layer 2 V's (as shown in Part B of Figure 15-7), Spanning Tree is no longer required at least for the intended topology. However, loops can be formed unintentionally through configuration and cabling mistakes on the part of network administrators or because end users installed devices such as hubs or switches. Therefore, an element of risk remains with this...

ATM Core

The advantage of this approach is that it uses cost-effective Ethernet technology in the potentially large number of IDF closets. This design is often deployed using the campus-wide VLAN model to extend the speed of ATM through the Ethernet links. The downside is that it creates a large number of Layer 2 loops where redundant MDF-to-IDF links are used. Unfortunately, these links have been shown to create Spanning Tree loops that can disable the entire campus network. Furthermore, it is harder...

ATM Is Connection Oriented

Before any data can be exchanged, the network must negotiate a connection between two endpoints. ATM supports two types of connections Permanent virtual circuits (PVCs) Switched virtual circuits (SVCs) PVCs act like virtual leased lines in that the circuits are always active. PVCs are manually built based on human intervention (either via a command-line interface CLI or some action at a management console). SVCs are dialup ATM connections. Think of them as ATM...

ATM Network

Ffpe Protein

Other VLAN types use combinations of Layer 2, Layer 3, or even Layer 4 to create shortcuts in a system. Layer 4 switching creates shortcuts based upon the Layer 3 addresses and upon the Layer 4 port values. This is sometimes called application switching and provides a higher level of granularity for switching. Chapter 11 provides a more thorough discussion on this subject in the context of MLS. Table 5-1 summarizes the various switch types found in the industry. Table 5-1 summarizes the various...

ATM Overhead Protocols

Although ATM theory can be extremely complex, the good news is that it can be amazingly easily to implement in most networks. This plug-and-play nature is due in large part to two automation protocols Integrated Local Management Interface (ILMI) and Private Network-Network Interface (PNNI). Integrated Local Management Interface (ILMI) is a protocol created by the ATM Forum to handle various automation responsibilities. Initially called the Interim Local Management Interface, ILMI utilizes SNMP...

ATM Resiliency

ATM also provides physical layer recovery. However, the failover time is longer than for FDDI. In an ATM network, a cable or interface failure can occur at the Catalyst or between ATM switches. If the failure occurs between ATM switches, the Catalyst requests the ATM network to re-establish a connection to the destination client(s). The ATM network attempts to find an alternate path to complete the connection request. This happens automatically. Figure 8-18 shows a Catalyst attached to two ATM...

ATM Switches

Cisco's campus switches include the LightStream LS1010 and 8500 MSR platforms (Cisco also sells several carrier-class switches developed as a result of their Stratacom acquisition). ATM switches are the devices that contain the ATM switching tables referenced earlier. They also contain advanced software features (such as PNNI) to allow calls to be established and highspeed switching fabrics to shuttle cells between ports. Except for certain overhead circuits,...

Attach to Three ELANs

You need the router shown in Figure 8-13 if workstations in one VLAN desire to communicate with workstations in another VLAN. The router can reside on the LAN side of the Catalysts, but this example illustrates the router on the ATM side. When a station in VLAN 1 attempts to communicate with a station in VLAN 2, the Catalyst bridges the frame out LEC 1 to the router. The router, which also has three clients, routes the frame out the LEC which is a member of ELAN 2 to the destination Catalyst....

Autonegotiation

With the multiple combinations of network modes available, configuring devices gets confusing. You need to determine if the device needs to operate at 10 or 100 Mbps, whether it needs to run in half- or full-duplex mode, and what media type to use. The device configuration must match the hub configuration to which it attaches. Autonegotiation attempts to simplify manual configuration requirements by enabling the device and hub to automatically agree upon the highest common operational level....

B after a Link Failure

Therefore, the Spanning Tree Max Age and Forward Delay parameters can be safely reduced to 12 and 9 seconds, respectively (assuming the default Hello Time of 2 seconds). The safest and simplest way to accomplish this is to use the set spantree root macro to automatically modify the appropriate Spanning Tree parameters. As a result, convergence time can be reduced from a default of 30-50 seconds to 18-30 seconds. To further speed Spanning Tree convergence, UplinkFast, BackboneFast, and PortFast...

Backbone Fast

BackboneFast is a complementary (and patented) technology to UplinkFast. Whereas UplinkFast is designed to quickly respond to failures on links directly connected to leaf-node switches, it does not help in the case of indirect failures in the core of the backbone. This is where BackboneFast comes in. Don't expect BackboneFast to provide the two to three second rollover performance of UplinkFast. As a Max Age optimization, BackboneFast can reduce the indirect failover performance from 50 to 30...

BaseFX

802.3u specifies a variant for single-mode and multimode fiber optic cables. 100BaseFX uses two strands (one pair) of fiber optic cables one for transmitting and one for receiving. Like 100BaseTx, 100BaseFX uses a 4B 5B encoding signaling at 125 MHz on the optical fiber. When should you use the fiber optic version One clear situation arises when you need to support distances greater than 100 meters. Multimode supports up to 2,000 meters in full-duplex mode, 412 meters in half-duplex mode....

Be certain that you do not overload your CPU with Spanning Tree calculations Keep the total number of logical ports

Use the following formula to calculate the number of logical ports on your devices Use the following formula to calculate the number of logical ports on your devices Logical Port number VLANs on non-ATM trunks + (2 x number VLANs on ATM trunks) + number non-trunk ports In other words, you want to add up the total number of VLANs on every port in your box. ATM VLANs (these are called ELANs see Chapter 9, Trunking with LAN Emulation ) are more heavily weighed by counting them twice. For example,...

Block

Because of its simplicity, the triangle creates the ideal building block for a campus network. By having two vertical links (IDF uplink connections), it automatically provides redundancy. Because the redundancy is formed in a predictable, consistent, and uncomplicated fashion, it is much easier to provide uniformly fast failover performance. Use the concept of a distribution block to simplify the design and maintenance of your network. The multilayer model does not take a dogmatic stance on...

Bottom line Controlling VTP in Large Networks

In large networks, these issues multiply and can develop into situations making you want to disable trunking, VTP, or other aspects of VLANs. Clearly, trunking remains as a necessary element of networking life. It is not practical to deploy a large network without trunks because of the number of resources that you consume with multiple access links. Therefore, trunks remain. However, as previously mentioned, we have methods of minimizing some of the negative side effects of trunking. VTP is...

Bridge Priority Load Balancing

How can Bridge Priority be used to accomplish load balancing in the two-building campus illustrated in Figure 7-17 As discussed in the previous section, the IDF switch (Cat-2C) found multiple equal cost paths to the Root Bridge. This caused the third decision criterion, Bridge ID, to be evaluated. Because Cat-2A and Cat-2B were using the default Bridge ID values, Cat-2A had the lower BID for all VLANs (32,768.AA-AA-AA-AA-AA-AA versus 32,768.BB-BB-BB-BB-BB-BB). This is precisely what ruined the...

Bridge Table Corruption

Many switch bridge administrators are aware of the basic problem of broadcast storms as discussed in the previous section. However, fewer people are aware of the fact that even unicast frames can circulate forever in a network that contains loops. Figure 6-4 illustrates this point. Figure 6-4 Without STP, Even Unicast Frames Can Loop and Corrupt Bridging Tables Figure 6-4 Without STP, Even Unicast Frames Can Loop and Corrupt Bridging Tables For example, suppose that Host-A, possessing a prior...

Broadcast Flooding

Another issue involves trunks and VTP. Chapter 8 described trunks and the syntax to establish trunks. Whenever you enable a trunk, the trunk, by default, transports traffic for all VLANs. This includes all forwarded and flooded traffic. If you have a VLAN that generates a high volume of flooded traffic from broadcasts or multicasts, the frames flood throughout the entire network. They even cross VTP management domains. This can have a significant impact on your default management VLAN 1. Refer...

Broadcast Frames

Not all frames contain unicast destination addresses. Some have broadcast or multicast destination addresses. Stations treat broadcast and multicast frames differently than they do unicast frames. Stations view broadcast frames as public service announcements. When a station receives a broadcast, it means, Pay attention I might have an important message for you A broadcast frame has a destination MAC address of FF-FF-FF-FF-FF-FF (all binary 1s). Like unicast frames, all stations receive a frame...

Bucket 1 Cabling

The bucket of cable problems contains issues such as wrong cables, broken cables, and incorrectly connected cables. Too often, administrators overlook cables as a trouble source. This is especially true whenever the system was working. This causes troubleshooters to assume that because it was working, it must still be working. They then investigate other problem areas, only to return to cables after much frustration. Common cable mistakes during installation generally include using the wrong...

Bucket 2 Configuration

After confirming that cables are intact, you can start to suspect problems in your configuration. Usually, configuration problems occur during initial installations, upgrades, or modifications. For example, you might need to move a Catalyst from one location to another, but it doesn't work at the new location. Problems here can arise from not assigning ports to the correct VLAN, or forgetting to enable a trunk port. Additional configuration problems include Layer 3 subjects. Are routers enabled...

Bucket 3 Other

This bucket contains most other problem areas. The following list highlights typical problems Unrealistic user expectations PC application inadequacies Sometimes, a user attempts to do things with his application program that it was not designed to do. When the user fails to make the program do what he thinks it should do, he blames the network. Of course, this is not a valid user complaint, but is an all-too-often scenario. Ensure that the user need is valid before launching into a...

Building a Data Direct VC

This section details the sequence of events that allow two Clients to establish a Data Direct VC. The example uses the network illustrated in Figure 9-16. Figure 9-16 Two Ethernet Hosts Connected via Proxy Figure 9-16 Two Ethernet Hosts Connected via Proxy In the example, Host-A issues an IP ping to Host-B. Both devices are Ethernet-attached PCs connected to Catalysts that contain LANE uplink cards in slot 4. Host-A is using IP address 1.1.1.1 and MAC address AAAA.AAAA.AAAA. Host-B has IP...

Building the LECS Database

The LECS database is a table that lists all of the available ELANs and their corresponding LES NSAP addresses. It can also list optional information such as NSAP addresses for security verification and ELAN IDs. To create a basic LECS database, use the lane database command to enter the database configuration mode of the IOS CLI. The following is the syntax for the lane database command At this point, you can now enter one line per ELAN. Each line lists the name of the ELAN and the NSAP of the...

Building the VMPS Database for TFTP Download

The bulk of your configuration activity resides in building the VMPS database, a simple text file. The VMPS server downloads the text file database and uses it to determine whether devices are authorized to join a VLAN. Example 5-5 shows a representative database. The database divides into three portions. The first part modifies global parameters for the VMPS system. The second part defines the MAC address and the authorized VLAN for the address. The third part defines other policies to...

Bundling Ports

When bundling ports for EtherChannel using early EtherChannel-capable line modules, you must follow a couple of rules Use contiguous ports for a bundle. All ports must belong to the same VLAN. If the ports are used for trunks, all ports must be set as a trunk. If you set the ports to trunk, make sure that all ports pass the same VLANs. Ensure that all ports at both ends have the same speed and duplex settings. You cannot arbitrarily select ports to bundle. See the following descriptions for...

BUS Placement

Always try to place your LANE Broadcast and Unknown Server (BUS) on a Catalyst LANE module. Because the BUS must handle every broadcast and multicast packet in the ELAN (at least in current versions of the protocols), the potential traffic volume can be extremely high. The Catalyst 5000 OC-3 and Catalyst 5000 6000 OC-12 LANE modules offer approximately 130 kpps and 450 kpps of BUS performance respectively, considerably more than any other Cisco device currently offered. One decision faced by...

Calculating and Using Forward Delay

The entire pre-forwarding period can be calculated by combining these four parts end-to-end_bpdu_propagation_delay + message_age_overestimate + tx_halt_delay + max_frame_lifetime 14 + 6 + 1 + 8 29 seconds Because the pre-forwarding period is divided into two halves, this number can be divided by two to calculate Forward Delay As with Max Age, you can substitute the appropriate values for your network to potentially calculate a smaller Forward Delay value (only modify diameter and Hello Time)....

Calculating and Using Max

Max Age is simply the sum of these two previously calculated values Max Age end-to-end_bpdu_propagation_delay + message_age_overestimate 14 + 6 20 seconds Of the values assumed in this calculation, two are something you can consider tunable If your bridged network diameter is considerably smaller than seven hops or your Hello Time has been set to one second, you might want to recalculate a new Max Age value. The result can then be entered at your Root Bridges using the following command set...

Calculating Endto End BPDU Propagation Delay and Message Age Overestimate for Forward Delay

These components are used to calculate Forward Delay as follows ((lost msgs+ 1) x hello t) + (bpdu delayx (dia- 1)) (dia- 1) x overestimate per bridge These two calculations are the same two used to derive Max Age. With Forward Delay, just as in Max Age, they account for the time it takes to propagate BPDUs across the network and for the error present in the Message Age field of Configuration BPDUs.

Calculating Endto End BPDU Propagation Delay for Max

End-to-End BPDU Propagation Delay is the amount of time that it takes for a BPDU to travel from one edge of the network to the other edge of the network. The 802.1D specification assumes that up to three BPDUs can get lost along the way, the maximum distance between any two nodes in the network is seven bridge hops, and each bridge can take up to one second to propagate a BPDU after receiving it. Also, the default Hello Time interval of two seconds is assumed. Table 7-2 documents these...

Calculating Maximum Frame Lifetime

In addition to the delay that it takes for a bridge to close the door by blocking the port, the algorithm needs to account for frames that have already gone out the door and are running around the network looking for their final destination. This is done with the Maximum Frame Lifetime. Maximum Frame Lifetime can be calculated with the following formula (diax transit delay) + med access delay (7 x 1) + .5 8 seconds (rounded) The diax transit_de a part allows time for frames to die out, whereas...

Calculating Message Age Overestimate for Max

The other component of Max Age is something referred to as Message Age Overestimate. This is the amount of time that the Message Age field carried in BPDUs can be overstated. Recall from the earlier section STP Timers that Message Age is the amount of time that has passed since the Root Bridge first originated the information the current BPDU is based on. Although the 802.1D specification forbids a bridge from underestimating the Message Age field, it can become overstated because many bridges...

Campus Design Terminology

This section explains some of the terminology that is commonly used to describe network designs. The discussion begins with a review of the Intermediate Distribution Frame Main Distribution Frame (IDF MDF) terminology that has been borrowed from the telephone industry. It then looks at a three-level paradigm that can be very useful. For years, the telephone industry has used the terms Intermediate Distribution Frame (IDF) and Main Distribution Frame (MDF) to refer to various elements of...

Campus Wide VLANs Model

As people began to notice their router and hub networks struggling to keep up with traffic demands, they looked for alternate approaches. Many of these organizations decided to implement campus-wide VLANs, also known as the flat earth and end-to-end VLAN approach to network design. Campus-wide VLANs strive to eliminate the use of routers. Because routers had become a significant bottleneck in campus networks, people looked for ways to minimize their use. Because broadcast domains still needed...

Carrier Sense with Multiple Access with Collision Detection CSMACD

Carrier sense multiple access collision detect (CSMA CD) describes the Ethernet access method. CSMA CD follows rules similar to those in a meeting. In a meeting, all individuals have the right to speak. The unspoken rule that all follows, though, is Only one person can talk at a time. If you have something to say, you need to listen to see if someone is speaking. If someone is already speaking, you must wait until they are finished. When you start to speak, you need to continue to listen in...

Catalyst 5000 Configuration Methods

When you attempt to log in to the Catalyst, the Catalyst presents you with a password prompt. If you enter the correct password, you enter the Catalyst's NORMAL mode. Normal mode equates to a router's User EXEC mode allowing you to view most Catalyst parameters, but not authorizing any configuration changes. To make changes, you must enter the Catalyst's PRIVILEGED mode. The privileged mode functionally equates to the router's PRIVILEGED EXEC mode. In the privileged mode, you can view...

Catalyst 50006000 CLI Syntax Conventions

All well-documented equipment uses a standard representation for interpreting commands. The Catalyst is no exception. Cisco documents how to interpret the printed commands of its documentation. Table 4-1 summarizes the command syntax conventions used in the Catalyst documentation and in this book. Table 4-1. Catalyst Syntax Conventions Commands and keywords that are entered literally as shown are in boldface. Arguments for which you supply values are in italics. Elements in square brackets are...

Catalyst 6000 Layer 2 Characteristics

In many respects, Catalyst 6000s can be viewed as bigger versions of Catalyst 5000s. This is especially true when Catalyst 6000s are configured to run the traditional Catalyst XDI CatOS images. In this case, Catalyst 6000s use exactly the same user interface discussed in Chapter 4. Virtually every feature discussed throughout the book is supported using the same configuration steps on both products. In short, Layer 2 Catalyst 6000s look completely familiar to anyone who has configured a...

Catalyst Configuration File Management

For complete system recovery, make sure that you have a copy of each Catalyst's configuration file stored somewhere other than on the Catalyst itself. If anything happens to the Catalyst Supervisor module, you might not be able to recover the configuration file. It is a crime to have to rebuild the entire configuration file from scratch during a system outage when it is easy to create a backup on a network accessible machine. Through TFTP, you can store your configuration file on a TFTP server...

Catalyst Image File Management

As with routers, Catalysts need software to function. The software loads into the flash memory of the Supervisor module and is referred to as the Supervisor Engine Software. The software provides the Catalyst CLI, Spanning Tree functions, VLAN configurations, VTP, and many other processes associated with the Supervisor. The Catalyst 5000 Supervisor I and Supervisor II modules differ in how they transfer software images compared to the Supervisor III module. Therefore, they are treated...

Catalyst Password Protection

When you first receive a Catalyst from Cisco, it has no password set. In other words, the password is < ENTER> to enter both the EXEC and privilege modes. Your first task as a conscientious network administrator should be to change the passwords to the unit. This helps to prevent unauthorized children in adult form from modifying the Catalyst and disrupting your network. Example 4-11 shows a Catalyst session where the user changes the EXEC and enable passwords. The user starts by changing...

Catalyst Password Recovery

If at any time you forget the normal mode or enable passwords, you need to start a password recovery process. Password recovery on the Catalyst 5000 6000 series differs from the methods used on a Cisco router or on other Catalyst models. You must be at the Catalyst console to perform password recovery. Password recovery requires a power cycle of the system by toggling the power switch. After you power cycle the Catalyst, the Catalyst goes through its initialization routines and eventually...

Catalyst Troubleshooting Tools

Cisco built several mechanisms into the Catalyst to facilitate troubleshooting and diagnostics. Some standalone and others work in conjunction with external troubleshooting tools that you need to provide. These built-in tools help to troubleshoot Layer 1 and Layer 2. You usually need to do Layer 3 troubleshooting in your routers and workstations. Just make sure that Layer 1 or 2 isn't preventing Layer 3 from performing, as demonstrated in the previous section. The following sections examine key...

Catalyst VLAN Configuration

Some VLAN components assign stations to VLANs based upon MAC addresses. The Catalyst, on the other hand, associates ports to a VLAN. Any device attached to the port belongs to the VLAN describing the switch interface. Even if a shared hub attaches to the port, all stations on the hub belong to the same VLAN. This is called a port-centric approach to VLANs. To configure VLANs in a Catalyst, you must first plan the VLAN membership and then assign ports to the correct VLAN. Planning VLAN...

CatB

How can the load balancing be fixed in Figure 7-13 Given that Port ID is being used as decision criterion to determine which path to use, one strategy is to focus on influencing these Port ID values. On Catalysts using the XDI CatOS interface (such as the Catalyst 4000s, 5000s, and 6000s), this can be done by applying the set spantree portvlanpri command. The full syntax for this command is set spantree portvlanpri mod num port num priority vlans where mod_num is the slot number that a line...

Caution

Make certain that all of the LECS database are identical. The LECS redundancy mechanism is implemented by control connections between the LECSs. The LECS uses ILMI to acquire the complete list of LECSs servers from the ATM switch (just as an LEC does). Each LECS then builds an SVC to every LECS listed below itself on the list. The one LECS with no inbound connections is the primary LECS. However, if the primary fails, its connection to the second LECS closes, causing the second LECS to no...

Cgmp

The Cisco proprietary CGMP protocol interacts with IGMP to dynamically modify bridge tables. Because CGMP is Cisco proprietary, you must use Cisco routers and Catalyst switches for it to be effective. When a host sends IGMP membership reports to a CGMP-capable router, the router sends configuration information, via CGMP, to the Catalyst. The Catalyst modifies its local bridge table based upon the information contained in the CGMP message. Figure 13-11 shows a multicast system with two Catalysts...

Cgmpigmp Advanced Traffic Management

Multicast traffic originates at sources desiring to distribute the same information to multiple recipients. When a source creates multicast traffic, it uses special Layer 2 and Layer 3 addresses so that routers and bridges know how to disperse the frame. By default, routers do not forward multicast traffic unless they are multicast capable and have a multicast routing protocol such as DVMRP (distance vector multicast routing protocol) or PIM (protocol independent multicast) enabled. DVMRP and...

Changing Traffic Patterns

Any effective campus design must take traffic patterns into account. Otherwise, switching and link bandwidth are almost certainly wasted. The good news is that most modern campus networks follow several trends that create unmistakable flows. This section discusses the traditional campus traffic patterns and shows how popular new technologies have drastically changed this. The earliest seeds of today's campus networks began with departmental servers. In the mid-1980s, the growth of inexpensive...

Desktop Technologies

This chapter covers the following key topics Legacy Ethernet This section explains the operations and implementation rules of legacy 10 Mbps CSMA CD systems. LAN Frames This section presents various common formats for transporting packets over Ethernet. Fast Ethernet A now popular desktop Ethernet migration, this uses 100 Mbps technology. This section describes its characteristics and some of the common media options. Gigabit Ethernet As the highest speed Ethernet available today, this...

Trunking with Multiprotocol Over ATM

This chapter covers the following key topics Why Two ATM Modes Describes the relationship between LANE and MPOA, and discusses the choices of when to use one as opposed to the other. MPOA Components and Model Provides an overview of MPOA including the various components defined and utilized by MPOA, their relationship with each other, and how they interact to support MPOA. Various traffic flows for management and user data are also described. MPOA Configuration Details the commands to enable...

Layer 3 Switching

This chapter covers the following key topics Layer 3 Switching Terminology Examines the confusing subject of Layer 3 switching terminology and jargon. The Importance of Routing Discusses how routing, and therefore Layer 3 switching, is the key to building large-scale networks that are stable and easy to manage. Router-on-a-Stick This section explores the use of traditional router platforms for inter-VLAN routing. As the earliest form of Layer 3 switching, this approach can use either multiple...

VLAN Trunking Protocol

This chapter covers the following key topics Understanding VTP Explains what VTP is and why it is used. VTP Modes Compares and demonstrates VTP server, client and transparent modes. The Working Mechanics of VTP Describes the various VTP messages such as summary and subset advertisements, advertisement requests, and pruning messages. Configuring VTP Mode Provides various configuration examples that illustrate VTP operations and troubleshooting tools. VTP Pruning Advanced Traffic Management...

Multicast and Broadcast Services

This chapter covers the following key topics CGMP IGMP Advanced Traffic Management Covers the protocol operations, message formats, and options in addition to how CGMP and IGMP work in routed and switched environments. This section also provides details on the steps necessary to make these protocols active in your Catalysts and routers. IGMP Snooping Advanced Traffic Management Covers another method of controlling multicasts in a Catalyst network. Broadcast Suppression Advanced Traffic...

Campus Design Models

This chapter covers the following key topics Changing Traffic Patterns The rise of client server computing, server farms, and Internet-based technology has dramatically changed most campus traffic patterns. This chapter looks at some of the challenging issues that this has created for campus network designers. Campus Design Terminology Explains IDF MDF and access distribution core terminology, the two most common ways of explaining and discussing campus designs. Key Requirements of Campus...

Campus Design Implementation

This chapter covers the following key topics VLANs The chapter begins with a range of virtual LAN (VLAN)-related topics from using VLANs to create a scalable design to pruning VLANs from trunk links. Spanning Tree Covers important Spanning Tree issues that are essential to constructing a stable network. Load Balancing Discusses the five techniques available for increasing campus network bandwidth. Routing Layer 3 Switching Discusses issues such as MLS (routing switches) and switching routers....

Case Studies Implementing Switches

This chapter covers the following key topics Real-World Design Issues This chapter presents an opportunity to apply the skills learned in earlier chapters in two real-world designs. Campus-Wide VLANs Considers the real-world downsides of flat earth designs. MLS Design Discusses and analyzes the pros and cons of a campus design that uses Multilayer Switching (MLS) for Layer 3 switching. Hardware-Based Routing Design Analyzes the benefits and unique characteristics of a campus design based on the...

Layer 3 Switching and the Catalyst 60006500s

This chapter covers the following key topics Catalyst 6000 Layer 2 Characteristics Discusses the base Catalyst 6000 and 6500 configuration. MSM Layer 3 Switching The Multilayer Switch Module (MSM) is a router-on-a-stick configuration that provides ASIC-based routing for IP, IPX, and multicast traffic. This section discusses how to configure, use, and deploy these devices. MSFC Hybrid Mode Layer 3 Switching The Multilayer Switch Feature Card (MSFC) Hybrid Mode is an implementation of Multilayer...

Segmenting LANs

This chapter covers the following key topics Why Segment LANs Discusses motivations for segmenting LANs and the disadvantages of not segmenting. Segmenting LANS with Repeaters Discusses the purpose, benefits, and limitations of repeaters in LANs. Segmenting LANS with Bridges Discusses how bridges create collision domains and extend networks. As the foundational technology for LAN switches, this section describes the benefits and limitations of bridges. Segmenting LANS with Routers Discusses how...

Bridging Technologies

This chapter covers the following key topics Transparent Bridging This section explains the five main processes of transparent bridging. These include Forwarding, Flooding, Filtering, Learning and Aging. Switching Modes Various switching modes such as store-and-forward, cut through and others are compared and contrasted. Token Ring Bridging Different methods exist for bridging Token Ring. This section describes your options. Token Ring Switching Token Ring switching provides many of the...

Configuring the Catalyst

This chapter covers the following key topics Catalyst 5000 6000 CLI Syntax Conventions Provides the standard Cisco representation for interpreting commands administered on Catalyst switches. Catalyst 5000 Configuration Methods Provides information on how to operate under the Console, Telnet, and TFTP configuration modes for Catalyst configuration. Using the Catalyst 5000 6000 Command-Line Interface Describes command-line recall, editing, and help for the Catalyst 5000 series. Passwords Provides...

VLANs

This chapter covers the following key topics What is a VLAN Provides a practical and technical definition of virtual LANs. VLAN Types Describes how Layer 2, 3, and 4 switching operate under a VLAN. 802.1Q VLAN Interoperability Describes the IEEE 802.1Q committee's effort to develop a vendor-independent method to create virtual bridged local area networks via shared VLANS (SVLs). Justifying the Need for VLANs Describes how network security, broadcast distribution, bandwidth utilization, network...

Understanding Spanning Tree

The authors would like to thank Radia Perlman for graciously contributing her time to review the material in this chapter. This chapter covers the following key topics What Is Spanning Tree and Why Use Spanning Tree Briefly explains the purpose of the Spanning-Tree Protocol (STP). Explains why some form of loop-prevention protocol is required to prevent broadcast storms and bridge table corruption. Four-Step STP Decision Sequence Describes the process that the Spanning-Tree Protocol uses for...

Trunking Technologies and Applications

This chapter covers the following key topics Why Trunks Describes the advantages of trunks and compares various trunk connection methods for interconnecting Catalysts, routers, and servers. Ethernet Trunks Details the trunk options over Fast Ethernet and Gigabit Ethernet. EtherChannel technologies are also discussed. Also describes ISL and 802.1Q encapsulation over trunks. Automatic methods of establishing trunks through DISL and DTP are also considered. FDDI Trunks and 802.10 Encapsulation...

Trunking with LAN Emulation

This chapter covers the following key topics A Brief ATM Tutorial For engineers accustomed to working in frame-based technologies such as Ethernet, ATM can seem strange and mysterious. However, as this section discusses, it is based on many of the same fundamental concepts as technologies that are probably more familiar. LANE Theory of Operation Introduces the theory used by LAN Emulation (LANE) to simulate Ethernet and Token Ring networks over an ATM infrastructure. Explores the conceptual...

Command Line Recall

When you enter a command in the Catalyst, it retains the command in a buffer called the history buffer. The history buffer can store up to 20 commands for you to recall and edit. Various devices have methods of recalling commands. The Catalyst uses abbreviated key sequences to recall commands. These sequences resemble what a UNIX c-shell user might use. UNIX users often live with awkward methods of recalling and editing commands. Therefore, their comfort level with the legacy Catalyst editing...

Configuration Syntax

The good news is that, although the theory of LANE is very complex and cumbersome, Cisco has made the configuration very simple. In fact, LANE uses the same configuration syntax across almost the entire product line. In other words, learn how to configure LANE on a Catalyst and you already know how to configure it on a Cisco router or ATM switch. To configure a Catalyst LANE module, you must first use the session command to open a LANE command prompt. For example, if you currently have a Telnet...

Configuring 8021Q

Configuration tasks to enable 802.1Q trunks include the following 1. Specify the correct encapsulation mode (ISL or 802.1Q) for the trunk. 2. Enable the correct DTP trunking mode or manually ensure that both ends of the link support the same trunk mode. 3. Select the correct native VLAN-id on both ends of the 802.1Q trunk. The following syntax enables an 802.1Q trunk on a Catalyst set trunk mod num port num on desirable auto nonegotiate dot1q dot1q specifies the trunk encapsulation type....

Configuring IGMP on a Router

Basic IGMP router configuration requires you to enable a multicast routing protocol and then to configure optional IGMP features if desired. For example, you can select the IGMP version to use. The router enables IGMP version 2 by default. If you enable version 2, you can adjust various timers if the hosts on the segment support version 2. Example 13-1 shows a partial configuration. Other unrelated router command lines were deleted for brevity. However, it shows the significant IGMP and...

Configuring MLS with MSFC Hybrid Mode

As with the RSM and Catalyst 5000 Supervisor MLS configurations, the Layer 2 Catalyst Supervisor has MLS processing enabled by default (in fact, it currently cannot be disabled on a Catalyst 6000). Also similar to MLS on the 5000s, the MSFC RP is not configured to provide MLS service by default. To add MLS to an already functioning MSFC RP router configuration, complete the following four-step process Globally enable MLS on the RP with the mls rp ip command. (You can also use mls rp ipx for the...

Configuring Other Catalysts

As mentioned in the opening sections of this chapter, the other Catalysts (non-5000 6000 family) use other configuration methods. The three remaining types come from Grand Junction for the Catalyst 1900 2800 products, Kalpana for the Catalyst 3000 family, and Cisco IOS for the 2900XL and 8500. This section provides a quick overview of the configuration methods for the 1900 2800 and the 3000 because they use methods entirely different from the IOS methods of the 2900XL and 8500, and the CLI mode...

Configuring the LECS Database with elanid

In addition to the LECS configuration statements necessary to enable LANE, another database statement must be present to enable the MPOA servers and clients to identify their membership in a broadcast domain. Each broadcast domain (ELAN) in the ATM domain must be uniquely identified with a numerical ELAN identifier value. The elan-id value is a 4-octet value. Every LEC in an ELAN must have the same elan-id. Every ELAN serviced by the LECS must have a unique elan-id. Because the MPC and MPS must...

Configuring the MPS

Configuring the MPS requires three categories of configuration Global configurations to set MPS parameters Major interface configurations to enable the server Subinterface configurations to associate LECs with the MPS To create a functional MPOA system, you must have an MPS at the ingress and egress points in the network to resolve MPC to MPC values. MPSs must be created on routers to interact with NHSs and routing tables. In the Catalyst product line, you can enable an MPS on a route-switch...

Configuring the VMPS Client

The VMPS client configuration includes steps to inform the client of the IP address of the VMPS server and to set ports to dynamic mode. By default, ports are in static mode which means that you must manually configure the VLAN membership. Setting the port to dynamic means that the Catalyst automatically configures the port VLAN membership based upon the response of the VMPS server. Use the command set vmps server ip_addr primary to inform the client about the VMPS server IP address. You can...

Configuring the VMPS Server

You should complete the TFTP file configuration before you enable the VMPS server. You can have up to three VMPS servers, the active and two backups. When you enable the server, it attempts to download the database from the TFTP server. If it fails to download the database, the Catalyst does not enable the VMPS server function. Two commands configure the VMPS server set vmps tftpserver ip_addr filename and set vmps state enable. The first command points the VMPS server to the TFTP server and...

Configuring VTP Pruning

You can enable VTP pruning with the command set vtp pruning enable. By default, this enables the Catalyst to prune all VLANs. But you can elect to prune only a couple of VLANs. Then, you can modify the prune list by first clearing the list with the command clear vtp pruneeligible vlan_range. Next, you can specify which VLANs to prune with the related command, set vtp pruneeligible vlan_range. Example 12-9 shows a session where an administrator enables pruning, but then modifies the list of...

Connected

Figure 7-6 illustrates the conversation that ensues between Cat-C and Cat-B. Figure 7-6 Exception Processing of Configuration BPDUs Figure 7-6 Exception Processing of Configuration BPDUs As discussed in Chapter 6, Cat-C initially assumes it is the Root Bridge and immediately starts sending BPDUs to announce itself as such. Because the Root Bridge is currently down, Cat-B Port-1 2 has stopped sending Configuration BPDUs as a part of the normal processing. However, because Cat-B Port-1 2 is the...

Consider Distributed Server Farms

Although centralized server farms are becoming increasingly common because they simplify server management, they do create problems from a bandwidth management perspective because the aggregate data rate can be extremely high. Although high-speed Layer 2 and Layer 3 switches have mitigated this problem to a certain extent, network designers should look for opportunities to intelligently distribute servers throughout the organization. Although this point is obviously true with regards to...

Consider Using Loop Free Management VLANs

As discussed in the section Use Separate Management VLANs, exposing a Layer 2 Catalyst Supervisor to excessive broadcast traffic can lead to network-wide outages. This section recommended using a management VLAN to isolate the Catalyst SCG interface from end-user broadcast traffic. However, even when using a separate management VLAN, some risk remains. If a loop were to form in the management VLAN itself, the Supervisors could once again find themselves crushed by a wave of traffic.

Consider Using Switching Routers to Virtually Eliminate Spanning Tree

Because Catalyst 8500-style switching routers in the MDF distribution layer closets eliminates loops through the IDF switches, this results in Layer 2 V's. Therefore, Spanning Tree can be much simpler to design, maintain, and troubleshoot. The IDF switch automatically elects itself as the Root Bridge of a one-bridge network (the Layer 3 switches prevent the bridges from learning about each other and keep the Spanning Tree separate). Timer values can be fairly aggressively tuned without risk...

Console Configuration

The Catalyst 5000 series Supervisor module has one physical console connection. For a Supervisor I or a Supervisor II, the connection is an EIA-232 25-pin connection. For a Supervisor III module, the connection is an RJ-45 connector. Make sure that you know which kind of Supervisor module you are working with to ensure that you can attach to the console. The console has an interesting feature in that it can operate in one of two modes either as a console or slip interface. When used as a...

Core

Designing the core of a multilayer network is one of the areas where creativity and careful planning can come into play. Unlike the distribution blocks, there is no set design for a multilayer core. This section discusses some of the design factors that should be taken into consideration. One of the primary concerns when designing a campus core backbone should be fast failover and convergence behavior. Because of the reliance on Layer 3 processing in the MLS design, fast-converging routing...

Create VLANs

If you desire to create a VLAN, you must create it on a Catalyst configured in server or transparent mode. These are the only modes authorized to accept set vlan and clear vlan commands. The difference between them, though, is the behavior after you create the VLAN. In the case of the server mode, the Catalyst sends VTP advertisements out all trunk ports to neighbor Catalysts. Transparent mode Catalysts do not issue any type of VTP announcement when a VLAN is created. The new VLAN is only...

Creating VLANs

Creating a VLAN involves the following steps Step 1. Assign the Catalyst to a VTP domain Step 2. To facilitate creation, deletion, and management of VLANs in Catalysts, Cisco developed a protocol called VLAN Trunking Protocol (VTP). Chapter 12, VLAN Trunking Protocol, covers VTP in more detail. However, a brief introduction is necessary here. You can divide a large Catalyst network into VTP management domains to ease some configuration and management tasks. Management domains are loosely...

Creation Process

Host-B receives the IP ARP request. Recognizing its IP address in the ARP packet, it builds an IP ARP reply packet. Figure 9-19 illustrates the reply. In this case, the ARP message contains the MAC address in question. Also notice that ARP unicasts the reply back to the source node it is not sent to all nodes via the broadcast address. The LEC-B Catalyst receives the IP ARP reply. Having just added a bridging table entry for AAAA.AAAA.AAAA in Step 5, the frame is forwarded to the LANE...