And Active Topology

In this scenario, the network has converged into two branches with all traffic flowing through the Root Bridge. However, notice how suboptimal the flows are Doom traffic between Host-A and Host-B must now flow through all seven bridges In the event that I haven't convinced you to avoid a randomly chosen Root Bridge, let me point out that the deck is stacked against you. Assume that Cat-1 is a vintage Cisco MGS or AGS router doing software bridging (Layer 2 forwarding capacity equals about...

Answers to Chapter 6 Review Questions

1 Summarize the three-step process that STP uses to initially converge on an active topology. A The three-step process is as follows Elect a single Root Bridge for the entire bridged network. Elect one Root Port for every non-Root Bridge. Elect one Designated Port for every segment. 2 How many of the following items does the network shown in Figure 6-24 contain Root Bridges, Root Ports, Designated Ports Assume all devices are operational. A The network in Figure 6-24 contains the following One...

ATM Core

The advantage of this approach is that it uses cost-effective Ethernet technology in the potentially large number of IDF closets. This design is often deployed using the campus-wide VLAN model to extend the speed of ATM through the Ethernet links. The downside is that it creates a large number of Layer 2 loops where redundant MDF-to-IDF links are used. Unfortunately, these links have been shown to create Spanning Tree loops that can disable the entire campus network. Furthermore, it is harder...

ATM Network

Ffpe Protein

Other VLAN types use combinations of Layer 2, Layer 3, or even Layer 4 to create shortcuts in a system. Layer 4 switching creates shortcuts based upon the Layer 3 addresses and upon the Layer 4 port values. This is sometimes called application switching and provides a higher level of granularity for switching. Chapter 11 provides a more thorough discussion on this subject in the context of MLS. Table 5-1 summarizes the various switch types found in the industry. Table 5-1 summarizes the various...

Attach to Three ELANs

You need the router shown in Figure 8-13 if workstations in one VLAN desire to communicate with workstations in another VLAN. The router can reside on the LAN side of the Catalysts, but this example illustrates the router on the ATM side. When a station in VLAN 1 attempts to communicate with a station in VLAN 2, the Catalyst bridges the frame out LEC 1 to the router. The router, which also has three clients, routes the frame out the LEC which is a member of ELAN 2 to the destination Catalyst....

B after a Link Failure

Therefore, the Spanning Tree Max Age and Forward Delay parameters can be safely reduced to 12 and 9 seconds, respectively (assuming the default Hello Time of 2 seconds). The safest and simplest way to accomplish this is to use the set spantree root macro to automatically modify the appropriate Spanning Tree parameters. As a result, convergence time can be reduced from a default of 30-50 seconds to 18-30 seconds. To further speed Spanning Tree convergence, UplinkFast, BackboneFast, and PortFast...

Backbone Fast

BackboneFast is a complementary (and patented) technology to UplinkFast. Whereas UplinkFast is designed to quickly respond to failures on links directly connected to leaf-node switches, it does not help in the case of indirect failures in the core of the backbone. This is where BackboneFast comes in. Don't expect BackboneFast to provide the two to three second rollover performance of UplinkFast. As a Max Age optimization, BackboneFast can reduce the indirect failover performance from 50 to 30...

Bottom line Controlling VTP in Large Networks

In large networks, these issues multiply and can develop into situations making you want to disable trunking, VTP, or other aspects of VLANs. Clearly, trunking remains as a necessary element of networking life. It is not practical to deploy a large network without trunks because of the number of resources that you consume with multiple access links. Therefore, trunks remain. However, as previously mentioned, we have methods of minimizing some of the negative side effects of trunking. VTP is...

Bridge Priority Load Balancing

How can Bridge Priority be used to accomplish load balancing in the two-building campus illustrated in Figure 7-17 As discussed in the previous section, the IDF switch (Cat-2C) found multiple equal cost paths to the Root Bridge. This caused the third decision criterion, Bridge ID, to be evaluated. Because Cat-2A and Cat-2B were using the default Bridge ID values, Cat-2A had the lower BID for all VLANs (32,768.AA-AA-AA-AA-AA-AA versus 32,768.BB-BB-BB-BB-BB-BB). This is precisely what ruined the...

Bundling Ports

When bundling ports for EtherChannel using early EtherChannel-capable line modules, you must follow a couple of rules Use contiguous ports for a bundle. All ports must belong to the same VLAN. If the ports are used for trunks, all ports must be set as a trunk. If you set the ports to trunk, make sure that all ports pass the same VLANs. Ensure that all ports at both ends have the same speed and duplex settings. You cannot arbitrarily select ports to bundle. See the following descriptions for...

Catalyst VLAN Configuration

Some VLAN components assign stations to VLANs based upon MAC addresses. The Catalyst, on the other hand, associates ports to a VLAN. Any device attached to the port belongs to the VLAN describing the switch interface. Even if a shared hub attaches to the port, all stations on the hub belong to the same VLAN. This is called a port-centric approach to VLANs. To configure VLANs in a Catalyst, you must first plan the VLAN membership and then assign ports to the correct VLAN. Planning VLAN...

Changing Traffic Patterns

Any effective campus design must take traffic patterns into account. Otherwise, switching and link bandwidth are almost certainly wasted. The good news is that most modern campus networks follow several trends that create unmistakable flows. This section discusses the traditional campus traffic patterns and shows how popular new technologies have drastically changed this. The earliest seeds of today's campus networks began with departmental servers. In the mid-1980s, the growth of inexpensive...

Understanding Spanning Tree

The authors would like to thank Radia Perlman for graciously contributing her time to review the material in this chapter. This chapter covers the following key topics What Is Spanning Tree and Why Use Spanning Tree Briefly explains the purpose of the Spanning-Tree Protocol (STP). Explains why some form of loop-prevention protocol is required to prevent broadcast storms and bridge table corruption. Four-Step STP Decision Sequence Describes the process that the Spanning-Tree Protocol uses for...

Console Configuration

The Catalyst 5000 series Supervisor module has one physical console connection. For a Supervisor I or a Supervisor II, the connection is an EIA-232 25-pin connection. For a Supervisor III module, the connection is an RJ-45 connector. Make sure that you know which kind of Supervisor module you are working with to ensure that you can attach to the console. The console has an interesting feature in that it can operate in one of two modes either as a console or slip interface. When used as a...

Creation Process

Host-B receives the IP ARP request. Recognizing its IP address in the ARP packet, it builds an IP ARP reply packet. Figure 9-19 illustrates the reply. In this case, the ARP message contains the MAC address in question. Also notice that ARP unicasts the reply back to the source node it is not sent to all nodes via the broadcast address. The LEC-B Catalyst receives the IP ARP reply. Having just added a bridging table entry for AAAA.AAAA.AAAA in Step 5, the frame is forwarded to the LANE...

Dont Forget PLANs

When creating a new design or when your first one or two attempts at solving a particular problem fail, redraw your VLAN design using physical LANs (PLANs). In other words, take the logical topology created through the use of virtual LANs and redraw it using PLANs. PLAN is a somewhat tongue-in-cheek term the author coined to describe a very serious issue. For some reason, the human brain is almost guaranteed to forget all knowledge of IP subnetting when faced with virtual LANs. People spend...

Duplicate Ring Protocol DRiP

In a Token Ring environment, each ring has a unique ring number identifying it for source-route bridging. Similarly, in a switched Token Ring, except for the default and backup TrCRFs mentioned earlier, each TrCRF has a unique ring number. If an administrator accidentally misconfigures another TrCRF with the same ring number, shown in Figure 3-11, the Token Ring switching process gets confused. Figure 3-11 Do not attempt this. Duplicate ring numbers are not allowed on multiple switches. Figure...

Endto End Distance

Another limitation on extending networks with repeaters focuses on distance. An Ethernet link can extend only so far before the media slotTime specified by Ethernet standards is violated. As described in Chapter 1, the slotTime is a function of the network data rate. A 10 Mbps network such as 10BaseT has a slotTime of 51.2 microseconds. A 100 Mbps network slotTime is one tenth that of 10BaseT. The calculated network extent takes into account the slotTime size, latency through various media such...

Ether Channel Development

EtherChannel defines a bundling technique for standards-based segments such as Fast Ethernet and Gigabit Ethernet. It does not cause the links to operate at clock rates different than they were without bundling. This makes the segments non Fast Ethernet- or Gigabit Ethernet-compliant. EtherChannel enables devices to distribute a traffic load over more than one segment while providing a level of resiliency that does not involve Spanning Tree or other failover mechanisms. The IEEE is examining a...

Example 1118 HSRP Configuration for RouterA

Interface EthernetO description Link to wiring closet Catalysts ip address 10.1.1.2 255.255.255.0 standby 1 priority 110 standby 1 preempt standby 1 ip 10.1.1.1 standby 1 track Ethernet1 15 interface Ethernet1 description Link to backbone ip address 10.1.2.2 255.255.255.0 The real IP address is assigned with the usual ip address command. HSRP parameters are then configured using various standby commands. The shared IP address is added with standby group_number ip ip_address command. This...

Example 1124 Using Bridge Groups to Bridge between VLANs

Interface FastEthernet0 0 0 no ip address interface FastEthernet0 0 0.1 encapsulation isl 1 ip address 10.1.1.1 255.255.255.0 interface FastEthernet0 0 0.2 encapsulation isl 2 ip address 10.1.2.1 255.255.255.0 ipx network 2 bridge-group 1 interface FastEthernet0 0 0.3 encapsulation isl 3 ip address 10.1.3.1 255.255.255.0 ipx network 3 bridge-group 1 interface FastEthernet0 0 0.4 encapsulation isl 4 ip address 10.1.4.1 255.255.255.0 ipx network 4 bridge 1 protocol ieee The configuration in...

Example 124 show vtp domain Output

Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode ---------wally 1 2 server - Vlan-count Max-vlan-storage Config Revision 5 1023 0 disabled Last Updater V2 Mode Pruning PruneEligible on ----------------------- 0.0.0.0 disabled disabled 2-1000 Console> (enable) For example, in the highlighted portion of Example 12-4, the Catalyst's display indicates that it belongs to the domain wally. If the Domain Name field is blank, the domain is NULL. VTP domain names are...

Example 125 Clearing a VLAN in a Management Domain

Console> (enable) clear vlan 10 This command will deactivate all ports on vlan 10 in the entire management domain Do you want to continue(y n) n y Vlan 10 deleted Console> (enable) Clearing a VLAN does not cause the ports in the management domain to reassign themselves to the default VLAN 1. Rather, the Catalysts keep the ports assigned to the previous VLAN, but in an inactive state. You need to reassign ports to an active VLAN before the attached devices can communicate again.

Example 1710 SNMP Trap Configuration

Cat-B2-1A> (enable) set snmp trap 10.100.100.21 trapped SNMP trap receiver added. Cat-B2-1A> (enable) set snmp trap enable module SNMP module traps enabled. Cat-B2-1A> (enable) set snmp trap enable chassis SNMP chassis alarm traps enabled. Cat-B2-1A> (enable) set snmp trap enable bridge SNMP bridge traps enabled. Cat-B2-1A> (enable) set snmp trap enable auth SNMP authentication traps enabled. Cat-B2-1A> (enable) set snmp trap enable stpx SNMP STPX traps enabled. Cat-B2-1A>...

Example 1714 Spanning Tree Configuration

Cat-B2-0B> (enable) set spantree root 20 dia 3 hello 2 VLAN 20 bridge priority set to 8192. VLAN 20 bridge max aging time set to 12. VLAN 20 bridge hello time set to 2. VLAN 20 bridge forward delay set to 9. Cat-B2-0B> (enable) Cat-B2-0B> (enable) set spantree root secondary 21 dia 3 hello 2 VLAN 21 bridge priority set to 16384. VLAN 21 bridge max aging time set to 12. VLAN 21 bridge hello time set to 2. VLAN 21 bridge forward delay set to 9. Cat-B2-0B> (enable) Cat-B2-0B> (enable)...

Example 1716 Configuring Passwords Banner System Information Dns Ip Permit List IGMP Snooping SNMP and Syslog

Cat-B2-0B> (enable) Cat-B2-0B> (enable) set password Enter old password Enter new password Retype new password Password changed. Cat-B2-0B> (enable) Cat-B2-0B> (enable) set enablepass Enter old password Enter new password Retype new password Password changed. Cat-B2-0B> (enable) Cat-B2-0B> (enable) Cat-B2-0B> (enable) set banner motd PRIVATE NETWORK -- HACKERS WILL BE SHOT MOTD banner set Cat-B2-0B> (enable) set system location Building 2 MDF System location set. Cat-B2-0B>...

Example 1717 Full Catalyst Configuration for CatB20B

Begin set password 1 FMFQ HfZR5DUszVHIRhrz4h6V70 set enablepass 1 FMFQ HfZR5DUszVHIRhrz4h6V70 set prompt Cat-B2-0B> set length 24 default set logout 20 set banner motd CPRIVATE NETWORK -- HACKERS WILL BE SHOTM C system set system baud 9600 set system modem disable set system name Cat-B2-0B set system location Building 2 MDF set system contact Joe x111 snmp set snmp community read-only lesspublic set snmp community read-write moreprivate set snmp community read-write-all mostprivate set snmp...

Example 1718 Full RSM Configuration for CatB20B

service timestamps log datetime localtime service password-encryption hostname Cat-B2-0B-RSM enable secret 5 1 JiA8 oFVSrScIZX2BnqDV W9m11 ip domainname happy.com ip name-server 10.100.100.42 ip name-server 10.100.100.68 ipx routing 00e0.4fb3.68a0 mls rp ip clock timezone EST -5 clock summer-time EDT recurring interface Vlan20 ip address 10.2.20.3 255.255.255.0 ip helper-address 10.100.100.33 ip helper-address 10.100.100.81 no ip redirects mls rp vtp-domain Happy-B2 mls rp management-interface...

Example 1719 Full LANE Module Configuration for CatB20B

hostname Cat-B2-0B-LANE interface ATM0 atm preferred phy B atm pvc 1 0 5 qsaal atm pvc 2 0 16 ilmi interface ATM0.250 multipoint lane server-bus ethernet Backbone lane client ethernet 250 Backbone line con 0 line vty 0 4 no login end Only five lines differ from the default configuration The LANE module has been named with the hostname command. A multipoint subinterface was created for the Backbone ELAN. The LAN Emulation Server (LES) and Broadcast and Unknown Server (BUS) are created with the...

Example 1724 Spanning Tree Configuration

Cat-B2-1A> (enable) set spantree root 1 dia 2 hello 2 VLAN 1 bridge priority set to 8192. VLAN 1 bridge max aging time set to 10. VLAN 1 bridge hello time set to 2. VLAN 1 bridge forward delay set to 7. Switch is now the root switch for active VLAN 1. Cat-B2- 1A> (enable) Cat-B2-1A> (enable) set spantree root 2 dia 2 hello 2 VLAN 2 bridge priority set to 8192. VLAN 2 bridge max aging time set to 10. VLAN 2 bridge hello time set to 2. VLAN 2 bridge forward delay set to 7. Switch is now the...

Example 174 Spanning Tree Configuration

Cat-B2- 1A> (enable) set spantree portfast 3 1-24,4 1-24,5 1-24,6 124,7 1-24 enable Warning Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary Spanning Tree loops. Use with caution. Spantree ports 3 1-24,4 1-24,5 1-24,6 1-24,7 1-24 fast start enabled. Cat-B2-1A> (enable) Cat-B2-1A> (enable) set spantree backbonefast enable Backbonefast enabled for all VLANs...

Example 46 Annotated Supervisor Configuration File

Console> (enable) show config begin set password 1 FMFQ HfZR5DUszVHIRhrz4h6V70 set enablepass 1 FMFQ HfZR5DUszVHIRhrz4h6V70 set prompt Console> set length 24 default set logout 20 set banner motd C C system set system baud 9600 set system modem disable set system name set system location set system contact snmp set snmp community read-only public set snmp community read-write private set snmp community read-write-all secret Other SNMP commands deleted IP This sets up the console or slip...

Example 51 Router on a Stick Configuration File

Interface fastethernet 2 0.1 ip address 172.16.10.1 255.255.255.0 ipx network 100 encapsulation isl 100 interface fastethernet 2 0.2 ip address 172.16.20.1 255.255.255.0 ipx network 200 encapsulation isl 200 interface fastethernet 2 0.3 ip address 172.16.30.1 255.255.255.0 encapsulation isl 300 Example 5-1 sets up a trunk between a device and the router. Trunks and InterSwitch Link (ISL) encapsulation are discussed in more detail in Chapter 8. Trunks allow traffic from more than one VLAN to...

Example 55 VLAN Database Example

PART 1 GLOBAL SETTINGS vmps domain < domain-name> The VMPS domain must be defined. vmps mode open secure The default mode is open. vmps fallback < vlan-name> vmps no-domain-req allow deny The default value is allow. The VMPS domain name MUST MATCH the VTP domain name. vmps domain testvtp vmps mode open vmps fallback default vmps no-domain-req deny PART 2 MAC ADDRESS DATABASE MAC Addresses vmps-mac-addrs address < addr> vlan-name < vlan_name> address 0060.0893.dbc1 vlan-name...

Example 64 Locating the Root Bridge with show spantree on Cat4 for VLAN

Cat-4 (enable) show spantree VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00-e0-f9-16-28-00 Designated Root Priority 100 Designated Root Cost 19 Designated Root Port 2 1 Root Max Age 10 sec Hello Time 1 sec Forward Delay 10 sec Bridge ID MAC ADDR 00-e0-f9-52-ba-00 Bridge ID Priority 32768 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Port Vlan PortState Cost Priority Fast-Start -------------------- 1 1 1 forwarding 19 32 disabled 1 2 1 forwarding 100 32...

Example 65 Locating the Root Bridge with show spantree on Cat3 for VLAN

Cat-3 (enable) show spantree VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00-e0-f9-16-28-00 Designated Root Priority 100 Designated Root Cost 0 Designated Root Port 1 0 Root Max Age 10 sec Hello Time 1 sec Forward Delay 10 sec Bridge ID MAC ADDR 00-e0-f9-16-28-00 Bridge ID Priority 100 Root Max Age 10 sec Hello Time 1 sec Forward Delay 10 sec Port Vlan Port-State Cost Priority Fast-Start --------- 1 1 1 forwarding 100 32 disabled 1 2 1 forwarding 19 32 disabled Several...

Example 715 Showing Forwarding and Backup Ports with Uplink Fast

Cat-D> (enable) show spantree uplinkfast Station update rate set to 15 packets 100ms uplinkfast all-protocols field set to off VLAN port list------------------ ----------------------------1 1 1(fwd),1 2 Port 1 1 is shown as the primary port (it is in the Forwarding state) and Port 1 2 is the backup. If three uplink ports exist, all three appear in the output. It is important to recognize that UplinkFast is a Root Port optimization. It allows wiring closet switches to quickly bring up another...

Example 716 set spantree uplinkfast Command Output

Cat-D> (enable) set spantree uplinkfast enable VLANs 1-1005 bridge priority set to 49152 The port cost and portvlancost of all ports set to above 3000 Station update rate set to 15 packets 100ms. uplinkfast all-protocols field set to off uplinkfast enabled for bridge First, the Bridge Priority is modified to an unusually high value of 49,152. This causes the current switch to effectively take itself out of the election to become the Root Bridge. Second, it adds 3000 to the cost of all links....

Example 719 Online Help Listing of show spantree Options

Cat-D> (enable) show spantree Usage show spantree vlan active show spantree < mod_num port_num> show spantree backbonefast show spantree blockedports vlan show spantree portstate < trcrf> show spantree portvlancost < mod_num port_num> show spantree statistics < mod_num port_num> vlan show spantree statistics < trcrf> < trbrf> show spantree summary show spantree uplinkfast The primary options are displayed in the following syntax listing show spantree vlan mod num port...

Example 722 Output of show spantree summary

Cat-D> (enable) show spantree summary Summary of connected Spanning Tree ports by vlan Uplinkfast disabled for bridge. Vlan Blocking Listening Learning Forwarding STP 1 1 0 0 2 3 2 0 0 0 2 2 3 0 0 0 2 2 4 0 0 0 2 2 5 0 0 0 2 2 6 0 0 0 2 2 7 0 0 0 2 2 8 0 0 0 2 2 1003 1 0 0 1 2 1005 1 0 0 1 2 Blocking Listening Learning Forwarding STP Active--------- 3 0 0 20 23

Example 86 Sample Router Configuration for 8021Q

Specify the interface to configure interface fastether 2 0.1 ip address 172.16.10.1 255.255.255.0 ipx network 100 encapsulation dot1q 200 The number at the end of the encapsulation statement specifies the VLAN number. The 802.1Q specification allows VLAN values between 0 and 4095 (with reserved VLAN values as discussed previously). However, a Catalyst supports VLAN values up to 1005. Generally, do not use values greater than 1005 when specifying the 802.1Q VLAN number to remain consistent with...

Existing Infrastructure

Your trunk choice might be limited to whatever technology you currently deploy in your network. If your Catalyst interfaces are Ethernet and Fast Ethernet, and your cabling is oriented around that, you probably elect to use some form of Ethernet for your trunk lines. The question becomes one, then, of how much bandwidth do you need to support your users. If your backbone infrastructure currently runs FDDI, you might not be able to do much with other trunk technologies without deploying some...

Figure 101 A MultiELAN Network Data Flow

Load Balancing Data Flow

Each hop through a router introduces additional latency and consumes routing resources within each router. Some of the latency stems from the segmentation reassembly process. Another latency factor includes the route processing time to determine the next hop. This element can be less significant in routers that do hardware routing (as opposed to legacy software-based routers). The hop-by-hop approach was necessary when networks interconnected with shared media systems such as Ethernet. Physical...

Figure 102 MPOA Model

Note also the presence of LANE components. MPOA depends upon LANE for intraELAN communications. Communication between a Multiprotocol Client (MPC) and a Multiprotocol Server (MPS) occurs over an ELAN. Communication between adjacent Next Hop Servers (NHSs), another MPOA component discussed later in the section on Next Hop Resolution Protocol (NHRP), also occurs over ELANs. Finally, MPSs also communicate over ELANs. Additionally, if frames are sent between MPCs before a shortcut is established,...

Figure 104 MPS Anatomy

The MPS has a set of interfaces attached to the ATM cloud and at least one interface for internal services. The external connections pointing to the ATM cloud consist of LANE client(s) and an MPS interface. The LANE clients support the MPOA device discovery protocol described later, and the actual flow of data before the shortcuts are established. The MPS also uses the LEC to forward resolution requests to the next NHS in the system. The service interface interacts with internal processes such...

Figure 105 MPOA Host Device Anatomy

Like the MPS, the MPC host device has internal and external interfaces. The external interfaces include the LEC and the MPC. The MPC communicates to the LES through the LEC to detect MPOA neighbors. Also, traffic transmissions that are initiated before a shortcut is established will pass through the LEC. The MPC interface, on the other hand, is used for shortcuts. When the MPC detects a flow, it issues a resolution request through its MPC interface. The MPC receives the resolution reply through...

Figure 107 MPOA Data Flow Summary

(1)Before the ingress MPC requests a shortcut, the MPC forwards frames through the LEC interface to the ATM cloud to the MPS. The MPS receives the flow on its LEC interface, performs routing and (2) forwards the frame to the next MPS. This continues until the frame reaches the egress MPS where the frame is forwarded (3) over the ELAN to the egress MPC. Until the ingress MPC establishes a shortcut, all frames pass through LECs at each device. When the ingress MPC detects a flow that exceeds the...

Figure 111 Routerona Stick Design

In this approach, traditional routers are connected via one or more links to a switched network. Figure 11-1 shows a single link, the stick, connecting the router to the rest of the campus network. Inter-VLAN traffic must cross the Layer 2 backbone to reach the router where it can move between VLANs. It then travels back to the desired end station using normal Layer 2 forwarding. This out to the router and back flow is characteristic of all router-on-a stick designs. Figure 11-1 portrays the...

Figure 1114 Each Catalyst Contains Only a Single VLAN

The results in Figure 11-14 are very similar to those in Figure 11-13. Cat-A sees the candidate packet, but only Cat-B sees the enable packet. Shortcut switching is not possible. MLS requires that the same NFFC or MSFC PFC must see the flow traveling to and from the router. This can require careful planning and design work in certain situations. However, simply placing both VLANs on both switches does not necessarily solve the problem. In Figure 11-15, both Cat-A and Cat-B contain the Red and...

Figure 1119 HostA Communicating with HostB via MLS

First, look at the case of Host-A sending traffic to Host-B. The traffic from Host-A to the router travels up the ISL links connecting the Catalysts and the router to each other. As the first packet hits the NFFC in each Catalyst, it is recognized as a candidate packet and three partial shortcut entries are created (one per Catalyst). As the packet travels back down from the router to reach Host-B, all three NFFC cards see the enable packet and complete the shortcut entries. However, as...

Figure 112 One LinkperVLAN

In this case, the switched network carries three VLANs Red, Blue, and Green. InterSwitch Link (ISL) trunks are used to connect the three switches together, allowing a single link to carry all three VLANs. However, connections to the router use a separate link for every VLAN. Figure 11-2 illustrates the use of 10 Mbps router ports however, Fast Ethernet, Gigabit Ethernet, or even other media such as Asynchronous Transfer Mode (ATM) or Fiber Distributed Data Interface (FDDI) can be used. There...

Figure 114 Sample MLS Network

This network consists of two VLANs, VLAN 1 (Red) and VLAN 2 (Blue). Two end stations have been shown. Host-A has been assigned to the Red VLAN, and Host-B has been assigned to the Blue VLAN. An ISL-attached router has also been included. Its single Fast Ethernet interface (Fast Ethernet1 0) has been logically partitioned into two subinterfaces, one per VLAN. The IP and MAC addresses for all devices and subinterfaces are shown. Figure 11-4 portrays the router as an ISL-attached external device...

Figure 117 Candidate Packet Fields

Poadcr Elhemel Hinder IF Heiidw Pflfiko Poadcr Elhemel Hinder IF Heiidw Pflfiko The ISL header contains a VLAN ID of 1. The Ethernet header contains a source MAC address equal to Host-A and a destination MAC address equal to 00-00-0C-11-11-11, the MAC address of subinterface 1 0.1 on the router. The source and destination IP addresses belong to Host-A and Host-B, respectively. The switch uses the destination MAC address to perform two actions It forwards the packet out Port 1 1 toward the...

Figure 1214 Flooding in a Multiple Domain Network

AW 1.3,3 A iivsVUANc 1,9,6 Actvo VI. AW 1.3,3 There are methods of controlling the distribution of flooded traffic throughout the network. These methods include the features of VTP pruning to control flooding, and modifications to the multicast behavior through Cisco Group Management Protocol (CGMP). VTP pruning is discussed in the section in this chapter, VTP Pruning Advanced Traffic Management. Details on controlling multicast with CGMP is described in Chapter 13,...

Figure 1311 CGMP Operation Example

In Figure 13-11, a Cisco router receives IGMP membership reports from PC-1 and PC-2. The router sends a CGMP configuration message to the Catalyst telling it about the source MAC address of the host and the multicast group from which it wants to receive traffic. For example, PC-1 asks to join 224.1.10.10. The router tells the Catalyst to send multicast traffic with the destination MAC address of 01-00-5E-01-0A-0A to the host with the source MAC address 00-60-08-93-DB-C1. The Catalyst searches...

Figure 137 An IGMP Version 2 Leave Demonstrated

The router currently forwards frames for both groups on the segment. The host currently subscribed to 224.2.20.20 decides that it no longer wants to receive the multicast stream for this group, so it transmits a leave message. The router receives this message and checks its multicast table to see if there are any other hosts on the segment that want the stream. In this example, there are no other hosts in the group. The router sends a group specific query message to the group 224.2.20.20 to...

Figure 1413 A Loop Free Core

In Figure 14-13, the four Layer 2 switches forming the core have been kept loop free at Layer 2. Although a redundant path does exist through each distribution (MDF) switch, the pure routing behavior of these nodes prevents any Layer 2 loops from forming. If Spanning Tree is required within the core, blocked ports should be closely analyzed. Because STP load balancing can be very tricky to implement in the network core, compromises might be necessary. In addition to Spanning Tree, there are...

Figure 15 Networking with Class I Repeaters

Class II repeaters demand homogenous cabling to be attached to them. If you use 100BaseT4, all ports must be 100BaseT4. The only mix permitted uses 100BaseTX and 100BaseFX. Figure 1-6 illustrates a network with only one Class II repeater. Figure 1-6 Networking with one Class II Repeater Figure 1-6 Networking with one Class II Repeater Unlike Class I repeaters, two Class II repeaters are permitted as in Figure 1-7. The connection between the repeaters must be less than or equal to five meters....

Figure 1514 The Overlay Approach to Campus Migrations

To maintain connectivity between the old and the new network, a pair of redundant routers is used. This provides a single line where the two networks meet. Issues such as route redistribution and access lists can be easily handled here. Also notice that this causes the old network to resemble just another distribution block connected to the core of the new network (another benefit of the modularity created by the multilayer model).

Figure 162 Testing Cross VLAN Connectivity

In Figure 16-2, PC-1 desires, but fails, to communicate with PC-2 in the figure. Assume that it is an IP environment. From one PC or the other, attempt to communicate (maybe with ping) to the first hop router. For example, you might first initiate a ping from PC-1 to the Router 1 interface (point 1 in the figure). Do this byping ing the IP address of the ingress port of Router 1 which belongs to the same subnet as PC-1. Then, try the outbound interface on Router 1 (point 2 in the figure)....

Figure 163 A Lan Congestion Situation

In Figure 16-3, the aggregate traffic from the sources exceeds the bandwidth available. The upper devices connect at 100 Mbps, but attempt to access a device running at 10 Mbps. If all of the stations transmit at the same time, they quickly overwhelm the 10 Mbps link. This forces the Catalyst to internally buffer the frames until bandwidth becomes available. Like any LAN device, however, the Catalyst does not hold onto the frame indefinitely. If it cannot transmit the frame in a fairly short...

Figure 175 Detailed View of ATM Links

LES MAC 0010.2507.5031 Primacy LES BUS LES MAC 0010.2507.5031 Primacy LES BUS Recall from Chapter 9 that careful planning of the order of LECS database can avoid unnecessary backtracking. Because Cat-B1-0A is the primary LES BUS and is configured with PHY A as its preferred port, the combination of LS1010-A's prefix and Cat-B1-0A's ESI is listed first in the database. If this port fails, it takes 10 or more seconds for Cat-B1-0A's PHY B to become active, making it a poor choice for the...

Figure 31 Transparent Bridge Flow Chart

Learn so urce address or retresh aging tinner broadcast, mu If cast, or unknown uni cast Are the source and destination on the When a frame enters the transparent bridge, the bridge adds the source Ethernet MAC address (SA) and source port to its bridging table. If the source address already exists in the table, the bridge updates the aging timer. The bridge examines the destination MAC address (DA). If the DA is a broadcast, multicast, or unknown unicast, the bridge floods the frame out all...

Figure 34 A Source Route Bridged Network

Tipos Dispositivos Entrada

When Station A wants to communicate with Station B, Station A first sends a test frame to determine whether the destination is on the same ring as the source. If Station B responds to the test frame, the source knows that they are both on the same ring. The two stations communicate without involving any Token Ring bridges. If, however, the source receives no response to the test frame, the source attempts to reach the destination on other rings. But the frame must now traverse a bridge. In...

Figure 514 Layer 3 Design in a Switched Network

Cctv San Storage

Part V of this book describes VLAN design philosophies. One approach, the Layer 3 distribution design, minimizes the Spanning Tree extent and topology because the Spanning Tree is constrained to the pockets of access devices. Access pockets can be placed on floors as in Figure 5-15. Each floor has its own access network. Users on the floor share the access network regardless of their community of interest. Engineering and accounting might share the VLAN. If necessary, the access network can be...

Figure 520 Dynamic VLAN Architecture

Architecture Vlan

MfVC 1 VLAN t MAO 2 VLAM t MAC 3 VLAN 20 Cat-B and Cat-C are each configured as VMPS clients and get port-to-VLAN authorizations from the VMPS server. Therefore, they need to be able to communicate with the VMPS server. The following list outlines the steps for configuring dynamic VLANs Step 1. Build the VLAN database and load into a TFTP server. Step 2. Configure the VMPS server IP address. Step 3. On the VMPS server, enter the IP address of the TFTP server. Step 4. Configure VMPS clients with...

Figure 54 Traditional Frame Flow in a Routed Network

When the frame enters Router 2, the router not only determines the next hop to move the frame toward the destination, but it also performs a new Layer 2 encapsulation with a new destination source MAC address pair, performs some Layer 3 activities such as decrementing the TTL value in an IP header, and calculates a new frame check sequence (FCS) value. Router 3 performs a similar set of actions before sending the frame to Station B. This is often called packet-by-packet switching. The same...

Figure 611 Possible Port States and Transitions

(1) Port enabled or initialized, (3) Port selected as a Root or Designated Port. (4) Port ceases to be a Root or Designated Port. Figure 6-12 shows the sample network with the port classifications and states listed. Notice that all ports are forwarding except Cat-C Port-1 2. Figure 6-12 shows the sample network with the port classifications and states listed. Notice that all ports are forwarding except Cat-C Port-1 2.

Figure 616 Topology Change Notification BPDU Decode

I j-g Address j h )SS F Address 0x42, CR bit 0 (Command) j -5 DS P Address Ok42, IG bit 0 individual address) Type 0h8D (Topology Change Notification) The TCN BPDU is much simpler than the Configuration BPDU illustrated in Figure 615 and consists of only three fields. TCN BPDUs are identical to the first three fields of a Configuration BPDU with the exception of a single bit in the Type field. After all, at least one bit is needed to say this is a TCN BPDU, not a Configuration BPDU. Therefore,...

Figure 722 A Typical Campus Network Using Uplink Fast

Cat-D is an IDF switch that is connected to two MDF switches (Cat-B and Cat-C). Although set spantree uplinkfast is a global command that applies to all VLANs, this section only analyzes a single VLAN VLAN 2. Cat-A, the server farm switch, is the Root Bridge for VLAN 2. Cat-D has two uplink ports that are potential Root Port candidates. Utilizing the load balancing techniques discussed earlier, the cost on Port 1 2 has been increased to 1000 to force VLAN 2's traffic across the 1 1 link. Notice...

Figure 818 Catalyst ATM Resiliency

To account for this, the Catalyst LANE module provides two physical interfaces, PHY A and PHY B. In Figure 8-18, a Catalyst attaches to two ATM switches. PHY A attaches to ATM Switch 1 and PHY B attaches to ATM Switch 2. The Catalyst activates only one of the interfaces at a time. The other simply provides a backup path. If the active link fails, the Catalyst activates the backup port. The Catalyst must rejoin the ELAN and then reattach to the other...

Figure 820 Bandwidth Options for Ethernet Based Trunks

Part A of Figure 8-20 shows an interconnection where each link is dedicated to a VLAN. No trunk encapsulation is used and frames are transported in their native format. Only one link per VLAN between the Catalysts can be active at any time. Spanning Tree disables any additional links. Therefore, bandwidth options are only 10 100 1000 Mbps. By enabling ISL trunking, you can share the link bandwidth with multiple VLANs. A single Fast Ethernet or Gigabit Ethernet link as in Part B of Figure 8-20...

Figure 88 Using Token Ring Isl Trisl to Transport Token Ring Over an Ethernet Trunk

Unfortunately, Token Ring attributes differ significantly from Ethernet. Differences between Token Ring and Ethernet include the following Frame sizes Token Ring supports frames both smaller and extremely larger than Ethernet. Routing Information Field Token Ring frames can include an RIF which is meaningless in an Ethernet system. Explorer frames Token Ring stations can transmit an explorer frame to discover the relative location of a destination device. This frame type includes a bit...

Figure 91 A Typical Channelized Network

Figure 9-1 illustrates a small corporate network with three sites headquarters is located in New York City with two remote sites in Washington, DC and Los Angeles. The NY site has a single T1 to the carrier's nearest Central Office (CO). This T1 has been channelized into two sections one channel to DC and another to LA. Figure 9-1 illustrates a small corporate network with three sites headquarters is located in New York City with two remote sites in Washington, DC and Los Angeles. The NY site...

Figure 929 HandsOn Lab Diagram

Table 9-6 shows the LANE components that should be configured on each device. Table 9-6. LANE Components to Be Configured Table 9-6. LANE Components to Be Configured Configure IP addresses on the SC0 interfaces of both Catalysts, the router subinterfaces, and the LS1010 subinterfaces (use interface atm 2 0 0 or 13 0 0 for the LS1010). Configure HSRP between the ATM router and an RSM located in LEC-A. Table 9-7 provides IP addresses that can be used. Table 9-7. IP Addresses for Hands-On Lab...

Figure 93 Three Layer ATM Stack

First, ATM must obviously chop up large IP packets before transmission. The technical term for this function is the ATM Adaptation Layer (AAL) however, I use the more intuitive term Slice & Dice Layer. The purpose of the Slice & Dice Layer is to act like a virtual Cuisinart xa8 that chops up large data into small, fixed size pieces. This is frequently referred to as SAR, a term that stands for Segmentation And Reassembly, and accurately portrays this Slice & Dice function (it is also...

Figure 94 Pointto Point and Pointto Multipoint

Point-to-point virtual circuits behave exactly as the name suggests one device can be located at each end of the circuit. This type of virtual circuit is also very common in technologies such as Frame Relay. These circuits support bi-directional communication that is, both end points are free to transmit cells. Point-to-multipoint virtual circuits allow a single root node to send cells to multiple leaf nodes. Point-to-multipoint circuits are very efficient for this sort of one-to-many...

Figure 95 Vpivci Usage in an ATM Network

The NY router uses a single physical link connected to Port 0 on the NY ATM switch carrying both virtual circuits. How, then, does the ATM switch know where to send each cell It simply makes decisions based on VPI VCI values placed in ATM cell headers by the router. If the NY router (the ATM edge device) places the VPI VCI value 0 50 in the cell header, the ATM switch uses a preprogrammed table indicating that the cell should be forwarded out Port 2, sending it to LA. Also, note that this table...

Figure A1 Uplink Strategies for Failover

3 Table 4-4 shows how to recall and edit a command from the history buffer. How would you recall and edit the following command so that you move the ports from VLAN 3 to VLAN 4 A You cannot simply use the edit 3 4 because this changes not just the VLAN, but the port list too. Ports 3 12-21 become 4 12-21. Rather, you could use the command vlan 3 -vlan 4 and be more specific about the string you are modifying. This changes only the VLAN assignment without modifying the port values. 4 What...

Figure A5 Solution to Question

SerifrT'FiimvCsM BID - SaTfiS. -60-SS-tl-11-11 SerifrT'FiimvCsM BID - SaTfiS. -60-SS-tl-11-11 Svr_Farm -Cat-1 becomes the Root Bridge because it has the lowest BID. MDF-Cat-2 and MDF-Cat-3 elect Root Ports based on the lowest Root Cost Path (19 versus 38). IDF-Cat-4 and IDF-Cat-5 have two equal-cost paths (38) to the Root Bridge. Therefore, to elect a Root Port, they have to use Sender BID as a tie breaker. Because MDF-Cat-2 has a lower Sender BID than MDF-Cat-3, both IDF Cats select the link...

Figure A8 Primary Topology for Even VLANs Backup Topology for Odd VLANs

Cat-1A is the backup Root Bridge for the even VLANs and Cat-2B is the backup Root Bridge for the odd VLANs. Therefore, the backup topology for the odd VLANs is the same as Figure A-7c, whereas the backup topology for the even VLANs is the same as Figure A-7b. Answers to Chapter 8 Review Questions 1 What happens in a traffic loading situation for EtherChannel when two servers pass files between each other A All of the traffic between the servers crosses the same segment. This happens because the...

General Principles of Spanning Tree Load Balancing

Spanning Tree load balancing requires that two characteristics be built into the network Multiple paths that form loops If the network doesn't contain loops, there cannot be multiple paths over which the load can be distributed. By way of illustration, if two switches only have one Fast Ethernet link between them, it is fairly difficult to do any load balancing. This concept is obviously tightly coupled with the desire to have redundancy in campus networks. For example, most networks employ at...

How to Handle Non Routable Protocols

Chapter 11 discussed various approaches to integrating Layer 3 routing with Layer 2 bridging, including options such as bridging between VLANs, Concurrent Routing and Bridging (CRB), and Integrated Routing and Bridging (IRB). Most organizations utilize one of these techniques because of the need to have users in two different VLANs communicate via a non-routable protocol such as NetBEUI or LAT. Although the techniques discussed in Chapter 11 can provide relief in limited situations, it is...

In Figure 1129

Load Balencer Cisco

Unfortunately, this can create a very subtle problem. Consider what happens if Host-A tries to send IP data to Host-B. Host-A recognizes that Host-B is in a different subnet and forwards the traffic to Router-A, its default gateway. Router-A does the normal IP routing thing and forwards the traffic out its interface E1. However, the traffic cannot be delivered to Host-B because the Layer 2 switches have blocked the path (remember that Spanning Tree blocks all traffic on a Catalyst, not just...

Infrastructure Resiliency Needs

By definition, a lot of users depend upon trunk availability. A trunk carries traffic from more than one VLAN and can, in fact, carry traffic from all VLANs. If a trunk fails between critical points in the network, services become unreachable, causing your pager and or phone to go off. This is not a desirable event. You might, therefore, need to consider how each of the trunk methods operate in the presence of failures. The good news is that each of the trunk technologies have resiliency...

Inter Subnet Communications

As discussed earlier, occasions arise where hosts in different VLANs need to communicate with each other over ATM. VLANs have similarities to ELANs on the ATM network. VLANs describe broadcast domains in a LAN environment, whereas ELANs describe broadcast domains in an ATM environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. If the inter-VLAN routing occurs on Ethernet, Multilayer Switching (MLS) is an appropriate...

IP Addressing

Each VLAN utilizes a single IP subnet. Happy Homes will use network 10.0.0.0 with Network Address Translation (NAT) to reach the Internet. The design document calls for the following IP address scheme The subnet mask will be 24 (or 255.255.255.0) for all links. For example, the thirtieth address on the Sales VLAN in Building 1 would be 10.1.11.30. Because HSRP will be in use, three node addresses are reserved for routers on each subnet. The .1 node address is reserved for the shared HSRP...

IP and IPX Addresses

Because Design 2 is less flat than Design 1, it requires more IP subnets (and IPX networks). For example, every link through the core is a separate subnet. Furthermore, every IDF uses a separate subnet as a management VLAN (remember, all VLAN terminate at the MDF switches). To avoid using an excessive number of address space, variable length subnet masking (VLSM) has been specified in Design 2. Although in reality this is not a concern for most organizations using the Class A network such as...

Is Lost

Load Balencer Cisco

Cat-D changes MAC address 00-AA-00-12-34-56 (Host-A) to Port 1 2 so that it has a correct view of the network. However, notice that Cat-A, Cat-B, and Cat-C are still trying to send traffic for 00-00-1D-2B-DE-AD (Host-B) to the broken link This is where the real ingenuity of UplinkFast comes in Cat-D sends out a dummy multicast frame for the addresses in its local Bridging Table. One frame is sent for each MAC address that is not associated with one of the uplink ports. These packets are sent to...

Keep and Maintain Network Documentation

One element for any troubleshooting philosophy to work is frequently absent documentation. Many administrators neglect to document their network, or if they do, they do not keep the documentation up to date. Documentation provides the framework to answer fundamental questions such as, What changed or What connects to device X or What Layer 2 paths exist from point A to point B Reconstructing the network topology documentation during a crisis does not lend itself to an efficient or structured...

Key Requirements of Campus Designs

The ideal campus network should strive to achieve certain objectives. Some of these aspects have already been mentioned, but several new and important issues are introduced here (the new points are mentioned first) Load balancing Given redundant paths, load balancing allows you to utilize all of the bandwidth you paid for. As is discussed in more detail in Chapter 15, flexibility, intelligence, and ease of configuration can be critical factors when utilizing this important feature....

LANE Theory of Operation

Now that the chapter has built a common foundation of ATM knowledge, the following sections dive into the specifics of LAN Emulation. Before beginning, let me reiterate that the goal is not to clobber you with every subtle nuance of LANE (although it will probably feel like that in ten pages). For example, the LANE specifications contain many optional features rather than trying to highlight every option, the material focuses on the real-world applications and common practices of LANE. Many...

Layer 3 Core

Figure 14-14 redraws Figure 14-12 with a Layer 3 core. Although Figure 14-12 and Figure 14-14 look very similar, the use of Layer 3 switching within the core makes several important changes to the network. First, the path determination is no longer contained only within the distribution layer switches. With a Layer 3 core, the path determination is spread throughout the distribution and core layer switches. This more decentralized approach can provide many benefits Higher aggregate forwarding...

Load Balancing with MHSRP

Using Spanning Tree and multiple VLANs can be effective if Layer 2 loops and multiple VLANs exist on Cat-C, the wiring closet switch. However, this is not always the case. Many network designers want to deploy networks similar to the one illustrated in Figure 11-27. Figure 11-27 A Network Using a Single VLAN in the Wiring Figure 11-27 A Network Using a Single VLAN in the Wiring The design in Figure 11-27 has the wiring closet switch directly connected to a pair of switching routers such as the...

Manipulating Spanning Tree Parameters

By tuning a variety of Spanning Tree parameters, the blocked port can be moved to one of the ports on the router. By doing so, the router can have full access to the network for routable protocols but also prevent Layer 2 loops within the non-routable protocols. In short, this allows the router to create a protocol-specific Blocking port. For routable protocols, the Spanning Tree Blocking port is ignored. However, for protocols the router does not route, the Blocking port is enforced. In...

Network Diameter Designing with Repeaters in a 100BaseX Network

In a legacy Ethernet system, repeaters extend cable distances, allowing networks to reach further than the segment length. For example, a 10Base2 segment only reaches 185 meters in length. If an administrator desires to attach devices beyond this reach, the administrator can use repeaters to connect a second section of 10Base2 cable to the first. In a 10BaseT network, hubs perform the repeater functions allowing two 100 meter segments to connect together. Legacy repeaters are discussed in more...

Note

Topologie Spanning Tree Ale

The current documentation claims that set spantree root sets the value to 100 less than the current value if 8,192 is not low enough to win the Root War. However, I have always observed it to reduce the value only by 1. To make another Catalyst function as a backup Root Bridge, Telnet to that device and enter the following This lowers the current Catalyst's Bridge Priority to 16,384. Because this value is higher than the value used by the primary, but lower than the default of 32,867, it is a...

OSI Logistics for Moving Network Users

During the early 1990s, a movement was afoot to eliminate routers from the networks and create one large, flat-bridged network. These were known as end-to-end VLANs. The motivations for this type of design are considered in this section. However, as a preamble, it is important to note that experience with the end-to-end VLANs demonstrated that they do not scale well in networks and forced users to reinstate routers in the network. One of the scaling issues was with Spanning Tree. Today's design...

Planning VLANs

Before you enable new VLANs, make sure that you know what you really want to do and how your actions can affect other VLANs or stations already present in your system. The planning at this stage can primarily focus around Layer 3 issues. What networks need to be supported in the VLAN Is there more than one protocol that you want in the VLAN Because each VLAN corresponds to a broadcast domain, you can support multiple protocols in the VLAN. However, you should only have one network for each...

Port Fast

PortFast is a feature that is primarily designed to optimize switch ports that are connected to end-station devices. By using PortFast, these devices can be granted instant access to the Layer 2 network. Think for a moment about what happens when you boot your PC every morning. You flip the big red switch, the monitor flickers, it beeps and buzzes. Somewhere during that process your network interface card (NIC) asserts Ethernet link, causing a Catalyst port to jump from not connected to the STP...