About Ether Channel Configuration Commands

interface port-channel channel-group-number channel-group 1 mode mode show interfaces fastethernet 0 1 etherchannel show etherchannel 1 port-channel show etherchannel 1 summary These commands are used to configure and verify EtherChannel. EtherChannel Configuration Commands interface port-channel port-channel-number Creates a port-channel interface and moves to port-channel configuration mode, allowing the configuration of port-channel interface configuration parameters Switch(config-if)...

Adding New Switches to an Existing VTP Domain

This topic describes the procedure to add a new switch to an existing VTP domain. Adding a Switch to an Existing VTP Domain The configuration revision number is used when determining if a switch should keep its existing VLAN database or overwrite it with the VTP update sent by another switch in the same domain with the same password. Therefore, when a switch is added to a network, it is important that it does not inject spurious information into the domain. Caution This overwrite occurs whether...

Associate Switch Ports with the VLAN

Switch ports that are to function at Layer 2 and carry traffic for a single VLAN are configured as access switch ports and are assigned an access VLAN. To configure a Layer 2 switch port as an access port Switch(config-if) switchport mode access This table describes the parameters for the switchport mode access command. Required Configures the interface to function as a Layer 2 port only. On many switches, this is the default. No switchport would reverse this process and, on some switch...

Campus Infrastructure Module

The Campus Infrastructure module connects users within a campus to the Server Farm and Edge Distribution modules. The Campus Infrastructure module comprises Building Access and Building Distribution switches connected through the Campus Backbone to campus resources. A Campus Infrastructure module includes these submodules Building Access submodule (also known as Building Access layer) Contains end-user workstations, IP phones, and Layer 2 access switches that connect devices to the Building...

CEFBased MLS Lookups

Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. 1. Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. CEF-based tables are initially populated and used as follows The FIB is derived from the IP routing table and is arranged for maximum lookup throughput....

CEFBased Multilayer Switches

CEF caches routing information in the FIB table and Layer 2 next-hop addresses in the adjacency table. Control Plane Builds FIB and adjacency tables in software Data Plane Forwards IP unicast traffic in hardware Control Plane Builds FIB and adjacency tables in software Data Plane Forwards IP unicast traffic in hardware Cisco Systems Layer 3 devices can use a variety of methods to switch packets from one port to another. The most basic method of switching packets between interfaces is called...

Cisco IOS Interface

On most Catalyst switches, Cisco IOS interface is standard for Layer 3 configuration on multilayer switch Cisco Catalyst switch platforms have had a number of different operating systems and user interfaces. Over the years, Cisco has made great strides in converting the interface on nearly every Cisco Catalyst platform to the Cisco IOS interface familiar to Cisco users on routing platforms. Unlike the Cisco Catalyst software, various modes are navigated to execute specific commands. Here is an...

Configuration Revision Number

One of the most critical components of VTP is the configuration revision number. When initially configured, the VTP configuration revision number is set to 0. Each time a VTP server modifies its VLAN information, it increments the VTP configuration revision number by one. It then sends out a VTP advertisement referencing the new configuration revision number. If the configuration revision number being advertised is higher than the number stored on other switches in the VTP domain, they will...

Configure Ether Channel

The table shows the steps for configuring and verifying a Layer 3 EtherChannel interface. Configure a Layer 3 EtherChannel Bundle Switch(config) interface port-channel 1 Creates a virtual Layer 2 interface. Changes interface to Layer 3 to enable the use of the IP address command. Assign an IP address to the port-channel interface because this will be a Layer 3 interface. Switch(config-if) ip address 172.32.52.10 255.255.255.0 Assigns an IP address to the port-channel interface. Navigate to the...

Configuring a Port for ISL Trunking with No DTP

When configuring the Layer 2 trunk to not use DTP, this syntax is used so that the trunk mode is set to on, and no DTP messages are sent on the interface. First, enter the shutdown command in the interface mode. Enter the switchport trunk encapsulation command. Enter the switchport mode trunk command. Enter the switchport nonegotiate command. Finally, enter the no shutdown command. 2006 Cisco Systems, Inc. Defining VLANs 2-63

Configuring a Routed Port

Step 3 Assign an IP address to the routed port. Switch(config-if) ip address ip-address mask Step 4 Configure the IP routing protocol if needed. Switch(config) router ip_routing_protocol < options> To configure a routed port, perform these steps. Steps for Inter-VLAN Routing Configuration Create the SVI interface or navigate to configuration mode for the interface. Switch(config-if) ip address n.n.n.n subnet-mask Assign an IP address to the SVI for the VLAN. (Optional) Specify an IP routing...

Configuring InterVLAN Routing Through an SVI

Switch(config) interface vlan vlan-id Step 3 Assign an IP address to the SVI. Switch(config-if) ip address ip-address mask Step 4 Configure the IP routing protocol if needed. Switch(config) router ip_routing_protocol < options> To configure inter-VLAN routing on a Cisco Catalyst SVI, perform these steps. Steps for Inter-VLAN Routing Configuration The table describes the steps needed to configure inter-VLAN routing. The table describes the steps needed to configure inter-VLAN routing....

Configuring Layer 2 Ether Channel

Switch(config) interface range interface slot port - port Specifies the interfaces to configure in the bundle pagp lacp Specifies the channel protocol either PAgP or LACP number mode active on auto desirable passive Creates the port-channel interface and places the interfaces as members Configure a Layer 2 EtherChannel Bundle This table shows the steps for configuring and verifying an EtherChannel interface. This table shows the steps for configuring and verifying an EtherChannel interface....

Configuring Layer 3 Ether Channel

Switch(config) interface port-channel port-channel-number Creates a port-channel interface Switch(config-if) no switchport Switch(config-if) ip address address mask Specifies L3 and assigns an IP address and subnet mask to the EtherChannel Switch(config) interface interface slot port Specifies an interface to configure Switch(config-if) channel-group number mode auto desirable on Configures the interface as L3 and specifies the port channel and the PAgP mode

Course Goal and Objectives

This topic describes the course goal and objectives. In this course, learners will find out how to create an efficient and expandable enterprise network by installing, configuring, monitoring, and troubleshooting network infrastructure equipment according to the Campus Infrastructure module in the Enterprise Composite Network Model. Building Cisco Multilayer Switched Networks Upon completing this course, you will be able to meet these objectives Describe the Campus Infrastructure module of the...

Describing CEF Configuration Commands

This topic describes the commands used to configure CEF on Cisco Catalyst multilayer switches. Use these commands to configure CEF when possible and verify its operation. CEF Configuration Commands The table describes CEF configuration commands. The table describes CEF configuration commands. On a Cisco Catalyst 4000 Series switch, enables CEF if it has been previously disabled. CEF is on by default. Disables CEF on a Cisco Catalyst 4000 Series switch. Switch(config-if) ip route-cache cef On a...

Describing InterVLAN Routing Using External Router Configuration Commands

This topic describes the commands used to configure inter-VLAN routing on an external router. Inter-VLAN routing can be configured using an external router over either ISL or 802.1Q trunks. The commands for configuring the trunk interface on the router are shown in the table. 4-6 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc. Commands for Inter-VLAN Routing on an External Router The table provides a description of the commands used to perform inter-VLAN...

Describing Issues with 8021Q Native VLANs

This topic describes the security issues with 802.1Q native VLANs. Native VLAN frames are carried over the trunk link untagged. A native VLAN mismatch will merge traffic between VLANs. This is a frequent configuration error. The native VLAN that is configured on each end of an 802.1Q trunk must be the same. Remember that a switch receiving an untagged frame will assign it to the native VLAN of the trunk. If one end is configured for native VLAN1 and the other for native VLAN2, a frame sent in...

Describing Local VLANs

Local VLANs are generally confined to a wiring closet. Local VLANs are generally confined to a wiring closet. In the past, network designers attempted to implement the 80 20 rule when designing networks. The rule was based on the observation that, in general, 80 percent of the traffic on a network segment was passed between local devices, and only 20 percent of the traffic was destined for remote network segments. Therefore, end-to-end VLANs were typically used. Designers now consolidate...

Describing Port Fast

This subtopic identifies the features of PortFast. (J) Configure PortFast. Do not configure PortFast. Spanning tree PortFast causes an interface configured as a Layer 2 access port to transition from blocking to forwarding state immediately, bypassing the listening and learning states. You can use PortFast on Layer 2 access ports that are connected to a single workstation or to a server to allow those devices to connect to the network immediately rather than waiting for spanning tree to...

Describing Pvrst Implementation Commands

This topic describes the commands used to implement Per VLAN Rapid Spanning Tree (PVRST). The table describes the commands that enable PVRST. Switch(config) spanning-tree mode rapid-pvst show spanning-tree vlan vlan-number detail Shows commands that are VLAN-based rather than instance-based 2006 Cisco Systems, Inc. Implementing Spanning Tree 3-47

Describing RSTP Port States

This topic describes the three RSTP port states. This topic describes the three RSTP port states. RSTP provides rapid convergence following the failure or re-establishment of a switch, switch port, or link. An RSTP TC will cause a transition in the appropriate switch ports to the forwarding state through either explicit handshakes or a proposal and agreement process and synchronization. With RSTP, the role of a port is separated from the state of a port. For example, a designated port could be...

Describing VTP Operation

This topic describes how VTP distributes and synchronizes VLAN information. VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change. Switches within a VTP management domain synchronize their VLAN databases by sending and receiving VTP advertisements over trunk links. VTP advertisements are flooded throughout a management domain by switches that are running in...

Determining Equipment and Cabling Needs

Each link provides adequate bandwidth for traffic aggregating over that link. There are four objectives in the design of any high-performance network security, availability, scalability, and manageability. The ECNM, when implemented properly, provides the framework to meet these objectives. In the migration from a current network infrastructure to the ECNM, a number of infrastructure changes may be needed, including the replacement of current equipment and the existing cable plant. This list...

Display spanning tree mode is set to PVRST

A variety of show commands can be used to display configuration and operation information about spanning tree. The show spanning-tree command takes several arguments to display a variety of information about the STP configuration. Without any arguments, it will display general information about all STP configurations. The complete syntax is as follows Switch show spanning-tree bridge-group active backbonefast bridge id detail inconsistentports interface interface interface-number root summary...

Displays interface information

Switch show run interface gig 0 9 Building configuration interface GigabitEthernet 0 9 switchport mode dynamic desirable channel-group 2 mode desirable channel-protocol pagp end Switch show run interface gig 0 9 Building configuration interface GigabitEthernet 0 9 switchport mode dynamic desirable channel-group 2 mode desirable channel-protocol pagp end Use the show interfaces interface num etherchannel command to display information about the port channel and the specific EtherChannel...

Dynamic Access Port Association

Switch ports can be dynamically associated with a given VLAN based upon the MAC address of the device connecting on that port. This requires that the switch query a VLAN Membership Policy Server (VMPS) to determine what VLAN to associate with a switch port, when a specific source MAC address is seen on the switch port. This might be beneficial with a set of workstations that rove throughout the enterprise. Regardless of what switch or switch port the workstation connected to, that switch port...

Dynamic Trunk Negotiation Protocols

Navy Broadside Cartoons

The PAgP aids in the automatic creation of Fast EtherChannel links. PAgP packets are sent between Fast EtherChannel-capable ports to negotiate the forming of a channel. When PAgP identifies matched Ethernet links, it groups the links into an EtherChannel. The EtherChannel is then added to the spanning tree as a single bridge port. The management of the EtherChannel is done by PAgP. PAgP packets are sent every 30 seconds, using multicast group MAC address 01-00-0C-CC-CC-CC with protocol value...

ECNM Functional Areas

The ECNM introduces modularity by dividing the network into functional areas that ease design, implementation, and troubleshooting tasks. An enterprise campus is defined as one or more buildings, with multiple virtual and physical networks, connected across a highperformance, multilayer-switched backbone. The ECNM contains these three major functional areas Enterprise Campus The Enterprise Campus functional area contains the modules required to build a hierarchical, highly robust campus network...

Establishes primary and secondary roots for MST instance

Given the following steps, all switches would be configured with the spanning tree MSTP and extend system-id syntax, and only the distribution switches that terminate the VLANs would have their priority changed. Switch(config) spanning-tree mst configuration You can use the no keyword to clear the MSTP configuration. Display the current MSTP configuration. Set the MSTP configuration revision number. Switch(config-mst) revision revision number The revision number can be any unassigned 16-bit...

Ether Channel

Logical aggregation of similar links Logical aggregation of similar links Companies require greater and cheaper bandwidth to run their networks. Users are becoming more impatient with any sort of latency that occurs in the network. The insatiable appetite of customers for faster networks and higher availability of the networks has made the competition intense between vendors. Some years ago, Cisco Systems came up with a method to not only provide substantially higher bandwidth but to provide it...

Ether Channel Guidelines

Switch show run interface FastEthernet0 9 description DSW121 0 9-10 - DSW122 0 9-10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,21-28 switchport mode trunk switchport nonegotiate duplex full speed 100 interface FastEthernet0 10 description DSW121 0 9-10 - DSW122 0 9-10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,21-28 switchport mode trunk switchport nonegotiate duplex full speed 100 This example shows how to configure an EtherChannel following...

Example Displaying Detailed MSTP Information

This example displays detailed MSTP information for a specific instance. Switch show spanning-tree mst 1 detail MST01 vlans mapped 1-10 Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1) FastEthernet4 4 of MST01 is backup blocking Port info port id 240.196 priority 240 cost 1000 Designated root address 00d0.00b8.1400 priority 32769 cost 0 Designated bridge address 00d0.00b8.1400 priority 32769 port id 128.197 Timers message expires in 5 sec, forward delay 0, forward transitions 0...

Example Displaying General MSTP Information

This example shows how to display general MSTP information. Notice that the output is grouped by MSTP instances, starting with the IST. MST00 vlans mapped 11-4094 Bridge address 00d0.00b8.1400 priority 32768 (32768 sysid 0) Root address 00d0.004a.3c1c priority 32768 (32768 sysid 0) Operational hello time 2, forward delay 15, max age 20, max hops 20 Configured hello time 2, forward delay 15, max age 20, max hops 20 Back BLK 1000 Desg FWD 200000 Root FWD 200000 MST01 vlans mapped 1-10 Bridge...

Example Displaying MSTP Information for a Specific Instance

This example displays MSTP information for a specific instance. MST01 vlans mapped 1-10 Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1) Interface Role Sts Cost Prio.Nbr Status 3-64 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Example Displaying MSTP Information for a Specific Instance and Interface

This example displays MSTP information for a specific interface and a specific MSTP instance. Switch show spanning-tree mst 1 interface fastethernet 4 4 FastEthernet4 4 of MST01 is backup blocking Edge port no (default) port guard none (default) Link type point-to-point (auto) bpdu filter disable (default) Boundary internal bpdu guard disable (default) Bpdus (MRecords) sent 2, received 3 64 Instance Role Sts Cost Prio.Nbr Vlans mapped 1 Back BLK 1000 240.196 1-10 2006 Cisco Systems, Inc....

Example Displaying Routing Table Information

Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0 24 is subnetted, 2 subnets C...

Example Layer 2 Topology Negotiation

Here is a scenario with switches running STP and exchanging information as shown in the figure. From this information, exchange will yield these final results The election of a root bridge as a Layer 2 topology point of reference The determination of the best path to the root bridge from each switch The election of a designated switch and corresponding designated port for every switched segment The removal of loops in the switched network by transitioning some switch links to a blocked state...

Explaining MSTP

Instance 1 maps to VLANs 1-500 Instance 2 maps to VLANs 501-1000 Instance 1 maps to VLANs 1-500 Instance 2 maps to VLANs 501-1000 The main purpose of MSTP is to reduce the total number of spanning tree instances to match the physical topology of the network and thus reduce the CPU loading of a switch. The instances of spanning tree are reduced to the number of links (that is, active paths) that are available. If the example in the diagram were implemented via Per VLAN Spanning Tree+ (PVST+),...

Explaining Multilayer Switching

Traditionally, a switch makes forwarding decisions by looking at the Layer 2 header, whereas a router makes forwarding decisions by looking at the Layer 3 header. A multilayer switch combines the functionality of a switch and a router into one device, thereby enabling the device to switch traffic when the source and destination are in the same VLAN and to route traffic when the source and destination are in different VLANs (that is, different subnets). In the figure, traffic between PC A and PC...

FIB Table Updates

The FIB table is updated when these events occur An ARP entry for the destination next hop changes, ages out, or is removed. The routing table entry for a prefix changes. The routing table entry for the next hop changes. These are the basic steps for initially populating the adjacency table Step 1 The Layer 3 engine queries the switch for a physical MAC address. Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine. This MAC address is assigned...

Forming an Association with the Root Bridge

This subtopic identifies methods by which switch ports determine their role in STP. What is the shortest path to the root bridge Nonroot bridges place various ports in their proper roles by listening to BPDUs as they come in on all ports. Receiving BPDUs on multiple ports indicates a redundant path to the root bridge. The switch looks at these components in the BPDU to determine which switch ports will forward data and which switch ports will block data The switch looks at the path cost first...

Guidelines for Configuring Ether Channel

All Ethernet interfaces must support EtherChannel with no contingencies. All interfaces in an EtherChannel must be configured at the same speed and duplex. EtherChannel will not form if one of the interfaces is a switched port analyzer destination port. IP addresses must be assigned to port-channel logical interfaces in Layer 3 EtherChannels. Interfaces must be assigned to the same VLAN or configured as trunks in Layer 2 EtherChannels. Follow these guidelines and restrictions when configuring...

Guidelines for Configuring Ether Channel Cont

All interfaces must support the same allowed range of VLANs. Interfaces in the same bundle can support varying port costs. Port-channel interface configuration changes Physical interface configuration changes Range of VLANs An EtherChannel supports the same allowed range of VLANs on all the interfaces in a trunking Layer 2 EtherChannel. If the allowed range of VLANs is not the same, the interfaces do not form an EtherChannel, even when set to auto or desirable mode. For Layer 2 EtherChannels,...

Identifying the Rstp Tcn Process

This topic describes the process that RSTP uses to notify all bridges in the network of a TC. In 802.1D, any port state change generates a TCN. When an 802.1D bridge detects TC, it sends TCNs toward the root bridge. The root bridge sets the TC flag on the outbound BPDUs that are relayed to switches down from the root. When a bridge receives a BPDU with the TC flag bit set, the bridge reduces its bridge-table aging time to forward delay seconds. This ensures a relatively quick flushing of the...

If users are moved within the campus their VLAN membership remains the same

The term end-to-end VLAN refers to a single VLAN that is associated with switch ports that are widely dispersed throughout an enterprise network. Traffic for this VLAN is carried throughout the switched network. If many VLANs in a network are end-to-end, special links (trunks) are required between switches to carry the traffic of all the different VLANs. An end-to-end VLAN has these characteristics The VLAN is geographically dispersed throughout the network. Users are grouped into the VLAN...

Implement VLAN and switch security

To create or configure a VLAN and associate switch ports, follow these steps Step 2 Verify the VLAN configuration. Step 3 Associate switch ports with the VLAN. Step 4 Verify the switch port configuration. Step 6 Implement switch and VLAN security measures. These steps are explained in greater detail in the remainder of this topic. 2-32 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Implementing Pvrst Commands

This topic explains the procedure to implement RSTP in a switched network. The table describes how to configure PVRST. If spanning tree is disabled, enable it for a VLAN. Switch(config) spanning-tree vlan vlan-range Set spanning tree mode to Rapid PVST+. Default is 802.1D (shows as ieee). Switch(config) spanning-tree mode rapid-pvst 3-48 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Improves flexibility and increases efficiency

With its vision of the IIN, Cisco is helping organizations to address new IT challenges, such as the deployment of service-oriented architectures, Web services, and virtualization. Cisco SONA is an architectural framework that guides the evolution of enterprise networks to an IIN. The Cisco SONA framework provides several advantages to enterprises, such as the following Outlines the path towards the IIN Illustrates how to build integrated systems across a fully converged IIN Improves...

Interacting Between MST Regions and 8021D

One issue that arises from MSTP design is interoperability with the CST implementation in 802.1D. According to the IEEE 802.1s specification, an MSTP switch must be able to handle at least one Internal Spanning Tree (IST). The MST region consists of one IST and an arbitrary number of MSTP instances. These are two functionally equivalent diagrams. Notice the location of the different blocked ports. In a typically bridged network, you expect to see a blocked port between Switch M and Switch B....

InterVLAN Routing on External Router 8021Q Trunk Link

A router interface providing inter-VLAN routing on a trunk link must be configured with a subinterface for each VLAN that will be serviced across the link. Each subinterface on the physical link must then be configured with the same trunk encapsulation protocol. That protocol, either 802.1Q or ISL, is typically determined by what was configured on the switch side of the link. Use the encapsulation dotlq subinterface configuration command to enable 802.1Q encapsulation on a router subinterface....

InterVLAN Routing on External Router ISL Trunk Link

Configuring an External Router Using ISL Encapsulation Use the encapsulation isl vlan id subinterface configuration command to enable ISL trunking on a router subinterface. The native keyword is not used on the encapsulation ISL subinterface command because ISL does not have the concept of a native VLAN. ISL Encapsulation Commands for External Routers The table describes the actions needed to perform ISL encapsulation on external routers. Enable ISL trunking on the switch port connecting to the...

ISL Trunk Configuration

Switch(config) interface fastethernet 2 1 Switch(config-if) shutdown Switch(config-if) switchport trunk encapsulation isl Switch(config-if) switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if) switchport mode trunk Switch(config-if) switchport nonegotiate Switch(config-if) no shutdown In the example, interface Fast Ethernet 2 1 has been configured as a trunk link for ISL that is permanently on. DTP negotiation is not allowed. The trunk link will carry VLAN traffic for VLANs 1-5 and...

Large amount of unknown MAC unicast traffic

A poorly designed network has increased support costs, reduced service availability, and limited support for new applications and solutions. Less than optimal performance will affect end users directly and will affect access to central resources. Here are some of the issues that stem from a poorly designed network. Failure domains One of the most important reasons to implement an effective design is to minimize the extent of a network problem when it occurs. When Layer 2 and Layer 3 boundaries...

Layer 2 Switch Forwarding Process

Layer 2 forwarding in hardware is based on the destination MAC address. The Layer 2 switch learns the address, based on the source MAC address. The MAC address table lists MAC and VLAN pairs with associated interfaces. How a Layer 2 Switch Forwards Packets The table describes how a Layer 2 switch forwards packets. The Layer 2 engine receives a frame. The Layer 2 engine performs the input ACL lookup. The Layer 2 lookup engine looks up the destination MAC address and determines if the frame is to...

Layer 3 SVI

An SVI is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch. It is virtual in that there is no physical interface for the VLAN, and yet it can accept configuration parameters applied to any Layer 3 router interface. The SVI for the VLAN provides Layer 3 processing for packets from all switch ports associated with that VLAN. Only one SVI can be associated with a VLAN. You configure an SVI for a VLAN for these reasons To provide a default gateway for...

Logical Packet Flow for a Multilayer Switch

Layer 3 forwarding is based on the destination IP address. Layer 3 forwarding occurs when a packet is routed from a source in one subnet to a destination in another subnet. When a multilayer switch sees its own MAC address in the Layer 2 header, it recognizes that the packet is either destined for itself or has been sent to the default gateway. If the packet is not destined for the multilayer switch, then the destination IP address is compared against the Layer 3 forwarding table for the...

Masks used to wildcard some content fields

Mask 1 Match All 32 bits of source IP address Mask 2 Match Most significant 24 bits of source IP address In specific high-end switch platforms, the TCAM is a portion of memory designed for rapid, hardware-based table lookups of Layer 3 and Layer 4 information. In the TCAM, a single lookup provides all Layer 2 and Layer 3 forwarding information for frames, including CAM and ACL information. The figure displays the ACL information stored in the TCAM table that would result in a packet being...

Network Traffic Types

This table lists different types of traffic that may exist on the network and that should be considered before device placement and VLAN configuration. The table describes the different traffic types. Many different types of network management traffic may be present on the network. Examples include bridge protocol data units (BPDUs), Cisco Discovery Protocol (CDP) updates, Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) traffic. Some designers will assign a separate VLAN...

Nonhierarchical Network Devices

Home Depot Leveling Feet

Large collision domain Large broadcast domain High latency Difficult to troubleshoot Large collision domain Large broadcast domain High latency Difficult to troubleshoot The simplest Ethernet network infrastructure is composed of a single collision and broadcast domain. This type of network is referred to as a flat network because any traffic that is transmitted within it is seen by all of the interconnected devices, even if they are not the intended destination of the transmission. The benefit...

Note Table assumes DTP is enabled at both ends show dtp interface to determine current setting

Trunk links should be configured statically whenever possible. However, Cisco Catalyst switch ports run DTP, which can automatically negotiate a trunk link. This Cisco proprietary protocol can determine an operational trunking mode and protocol on a switch port when it is connected to another device that is also capable of dynamic trunk negotiation. DTP mode can be configured to turn the protocol off or to instruct it to negotiate a trunk link under only certain conditions, as described in the...

Preventing Bridge Loops

Bridge loops can be prevented by disabling the redundant path. 2006 Cisco Systems, Inc. All rights reserved. A loop-free network is one in which no Layer 2 loops exist therefore, the network cannot create Layer 2 broadcast storms or flooded unicast storms. A loop-free network can be achieved manually by shutting down or disconnecting all redundant links between bridges. However, this leaves no redundancy in the network and requires manual intervention in the event of a link failure. STP...

Proposal or agreement takes place between A and B

P1 Root port P3 Designated port P5 New root for B P6 Edge ports After switch A and the root bridge are synchronized, the proposal and agreement process continues on switch A out of all of its downstream-designated, nonedge ports, as shown in the figure. 1. Switch B on P5 will see that switch A is discarding and will also transition to the designated discarding state. Switch A then sends its proposal BPDU down to B with the root ID of the root bridge. 2. Switch B sees a proposal with the...

Resolving Trunk Link Problems

This topic identifies best practices for resolving trunk link problems. When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. On links where trunking is not required, DTP should be turned off. Best practice is to configure trunk and nonegotiate where trunks are required. Trunk negotiation is managed by the DTP, which is a point-to-point protocol. When using DTP to configure trunks,...

Rewritten IP Unicast Packet

The figure shows how the frame and packet header would be altered when Cisco Express Forwarding (CEF) is used to forward frames. IP unicast packets are rewritten on the output interface as follows The source MAC address changes from the sender MAC address to the router MAC address. The destination MAC address changes from the router MAC address to the next-hop MAC address. The TTL is decremented by one and, as a result, the IP header checksum is recalculated. The frame checksum must be...

Root Bridge Selection

Which switch has the lowest bridge ID BPDUs are exchanged between switches, and the analysis of the BID and root ID information from those BPDUs determines which bridge is selected as the root bridge. In the example shown, both switches have the same priority for the same VLAN. The switch with the lowest MAC address will, therefore, be elected root bridge. In the example, switch X is the root bridge for VLAN1, with a BID of 0x8001 0c0011111111. These steps show how a root bridge election...

Routed Ports on a Multilayer Switch Cont

Svi Vlan Routed Port

A routed switch port is a physical switch port on a multilayer switch that is capable of Layer 3 packet processing. A routed port is not associated with a particular VLAN, as is an access port or SVI. A routed port behaves like a regular router interface, except that it does not support VLAN subinterfaces. Routed switch ports can be configured using most commands applied to a physical router interface, including the assignment of an IP address and the configuration of Layer 3 routing protocols....

RSTP Port Roles

The port role defines the ultimate purpose of a switch port and the way it handles data frames. Port roles and port states are able to transition independently of each other. RSTP uses these definitions for port roles. 3-36 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc. The root port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one root port on every switch. The root port assumes the forwarding state...

Selecting the Designated Port

This subtopic identifies the features that apply to designated switch ports. Switch X is the root bridge. All ports on the root bridge are designated ports because they have a path cost of 0. Because the Ethernet segment has a path cost of 100, switch Y will block on that port. Do all segments have a designated port STP selects one designated port per segment to forward traffic. Other switch ports on the segment typically become nondesignated ports and continue blocking, or the switch port...

Servers not centrally located

Administration, IT, and Human Resource Layer 2 switches can significantly improve performance in a carrier sense multiple access collision detect (CSMA CD) network when used in place of hubs. This is because each switch port represents a single collision domain, and the device connected to that port does not have to compete with other devices to access the media. Ideally, every host on a given network segment is connected to its own switch port, thus eliminating all media contention as the...

Single trunk link carries traffic for multiple VLANs to and from router

If a switch supports multiple VLANs but has no Layer 3 capability to route packets between those VLANs, the switch must be connected to a router external to the switch. This setup is most efficiently accomplished by providing a single trunk link between the switch and the router that can carry the traffic of multiple VLANs, which can in turn be routed by the router. This single physical link must be Fast Ethernet or greater to support Inter-Switch Link (ISL) encapsulation, but 802.1Q is...

Spanning Tree Communication

This subtopic identifies the information contained in a BPDU that is used to send spanning tree information between switches. STP sends configuration messages out every port of the bridge. These messages are called BPDUs. Here is some of the information provided in a BPDU Root ID The lowest bridge ID (BID) in the topology Cost of path Cost of all links from the transmitting switch to the root bridge BID BID of the transmitting switch Port ID Transmitting switch port ID STP timer values Max age,...

Spanning Tree Operation

On a nonroot bridge, as spanning tree receives BPDUs on various ports, it determines the roles that each port will fill in the topology. There are four 802.1D port roles. This port exists on nonroot bridges and is the switch port with the best path to the root bridge. Root ports forward traffic toward the root bridge, and the source MAC address of frames received on the root port is capable of populating the MAC table. Only one root port is allowed per bridge. This port exists on root and...

Spanning Tree Port States

Spanning tree transitions each port through several different states. Each Layer 2 port on a switch running STP exists in one of these five port states Blocking In this state, the Layer 2 port is a nondesignated port and does not participate in frame forwarding. The port receives BPDUs to determine the location and root ID of the root switch and which port roles (root, designated, or nondesignated) each switch port should assume in the final active STP topology. By default, the port spends 20...

Spanning Tree Protocol Root Port Selection

SW Y needs to elect a root port. Which port is the root port on SW Y Fast Ethernet total cost 0 + 19. Ethernet total cost 0 + 100. Switch Y receives a BPDU from the root bridge (switch X) on its switch port on the Fast Ethernet segment and another BPDU on its switch port on the Ethernet segment. The root path cost in both cases is zero. The local path cost on the Fast Ethernet switch port is 19, whereas the local path cost on the Ethernet switch port is 100. As a...

Student Guide

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel 408 526-4000 800 553-NETS (6387) Fax 408 526-4100 Cisco Systems International BV Haarlerb ergp ark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel 31 0 20 357 1000 Fax 31 0 20 357 1100 Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel 408 526-7660 Fax 408 527-0883 www.cisco.com Tel +65 6317 7777 Fax +65 6317 7799 Cisco Systems, Inc. 168...

The 8021Q Tagging Process

To identify a frame with a given VLAN, the 802.1Q protocol adds a tag, or a field, to the standard Layer 2 Ethernet data frame. The components of this tag are shown in the figure. Because inserting the tag alters the original frame, the switch must recalculate and alter the FCS value for the original frame before sending it out the 802.1Q trunk port. In contrast, ISL does not modify the original frame at all. The new 802.1Q Tag field has these components EtherType Uses EtherType 0x8100 to...

The STP Root Bridge

Reference point One root per VLAN Maintains topology Propagates timers STP uses the concepts of root bridge, root ports, and designated ports to establish a loop-free path through the network. The first step in creating the loop-free spanning tree is to elect a root bridge. The root bridge is the reference point that all switches use to establish forwarding paths that will avoid loops in the Layer 2 network. The main information to be concerned with is the root ID (bridge that the transmitting...

The VTP Domain

In an enterprise network with many interconnected switches, maintaining a consistent list of VLANs across those switches can be administratively cumbersome and potentially error prone. The VTP is designed to automate this administrative task. Switches that share common VLAN information are organized into logical groups called VTP management domains. The VLAN information within a VTP domain is propagated through trunk links and is updated via the VTP, allowing all switches within a particular...

Topology Changes in STP

The other type of STP BPDU that needs to be discussed is TCN. The TCN BPDU is generated when a bridge discovers a change in topology, usually because of a link failure, bridge failure, or a port transitioning to forwarding state. The TCN BPDU is set to 0x80 in the Type field and is subsequently forwarded on the root port toward the root bridge. The upstream bridge responds with acknowledgment of the BPDU in the form of topology change acknowledgment (TCA). The least significant bit is for TCN,...

Trunking Configuration Commands

VLAN 2J VLAN3 VLAN3 * VLAN 2 VLAN 2J VLAN3 VLAN3 * VLAN 2 Trunks can be configured statically or via DTP. DTP provides the ability to negotiate the trunking method. Commands for configuring a trunk will vary, depending on the operating system version of your switch. The commands shown here are for a Cisco IOS software-based switch. The table describes commands for configuring a trunk on a switch that is running Cisco IOS software. Switch(config-if) switchport trunk allowed vlan range or list...

Verify the trunk configuration

Switch ports are configured for trunking using Cisco IOS commands. To configure a switch port as an 802.1Q or an ISL trunking port, follow these steps on each trunk interface. Step 1 Enter interface configuration mode. Step 2 Shut down the interface to prevent the possibility of premature autoconfiguration. Step 3 Select the trunking encapsulation. Note that some switches support only ISL or 802.1Q. Step 4 Configure the interface as a Layer 2 trunk. Step 5 Configure the trunking native VLAN...

Verifying a 8021Q Dynamic Trunk Link

Switch show running-config interface fastethernet Building configuration Current configuration interface FastEthernet5 8 switchport mode dynamic desirable switchport trunk encapsulation dotlq Switch show interfaces fastethernet 5 8 trunk Mode Encapsulation Status desirable 802.1q trunking Vlans allowed on trunk 1,5,11,1002-1005 Vlans allowed and active in management 1,5,1002-1005 Vlans in spanning tree forwarding state 1,5,1002-1005 The output in the figure shows that DTP has negotiated with...

Verifying InterVLAN Routing

The ping command tests connectivity to remote hosts. The ping command tests connectivity to remote hosts. After the router is properly configured and connected to the network, the router or the switch can communicate with other nodes on the network. To test connectivity to remote hosts, use the ping command from privileged mode Step 1 From the router, attempt to ping a host address on each VLAN to verify router connectivity. Step 2 From a host on a particular VLAN, attempt to ping a host on...

Verifying MSTP Cont

Switch show spanning-tree mst instance_number Displays configuration information for a specific MSTP instance Switch show spanning-tree mst instance_number Displays configuration information for a specific MSTP instance Switch clear spanning-tree detected-protocols interface interface-id Forces renegotiation with neighboring switches during migration process Switch clear spanning-tree detected-protocols interface interface-id Forces renegotiation with neighboring switches during migration...

Verifying the 8021Q Configuration

Switch show running-config interface fastethernet gigabitethernet slot port Switch show interfaces fastethernet gigabitethernet slot port switchport trunk Switch show interfaces fastEthernet 5 8 switchport Administrative Trunking Encapsulation dot1q Operational Trunking Encapsulation dot1q Negotiation of Trunking Off Access Mode VLAN 1 (default) Trunking Native Mode VLAN 99 (trunk_only) Trunking VLANs Enabled 1,5,11,1002-1005 Pruning VLANs Enabled 2-1001 Use show commands to display port...

VLAN association table

MSTP differs from the other spanning tree implementations in that it combines some, but not necessarily all, VLANs into logical spanning tree instances. This raises the problem of determining what VLAN is to be associated with what instance. More precisely, this means tagging BPDUs so that receiving devices can identify the instances and the VLANs to which they apply. The issue is irrelevant in the case of the 802.1D standard, in which all instances are mapped to a unique and common instance...

VLAN Configuration Modes

Switch configure terminal Switch(config) vlan 3 Switch(config-vlan) name Vlan3 Switch(config-vlan) exit Switch(config) end VLANs are created in either global configuration or VLAN database mode on most Cisco IOS software-based switches. Global configuration mode is the preferred way of creating and managing VLANs because the user interface is familiar. When a VLAN is created or deleted, the change occurs as soon as the user presses the Enter key on the VLAN configuration line. The commands in...

VTP Configuration Commands

The vtp configuration command is used to configure VTP characteristics for a switch. All switches in the same VTP domain will share the same VTP domain name and VTP password, if one is configured. It is a good idea to set the VTP mode to client if switches are being added to an existing switched network. The show VTP commands are used to verify the current VTP parameter values. VTP Commands The table describes the commands that are used to configure VTP. Sets the VTP domain name. Enter an ASCII...

BPDU Fields Associated with Root Bridge Selection

This subtopic describes the criteria used to determine which device will be elected as the root. The BID and root ID are both 8-byte fields carried in a BPDU. These values are used to complete the root bridge election process. A switch identifies the root bridge by evaluating the Root ID field in the BPDUs it receives. The unique BID of the root bridge will be carried in the Root ID field of the BPDUs that are sent by each switch in the tree. When a switch first boots and begins sending BPDUs,...

Enterprise Composite Network Model

To scale the hierarchical model, Cisco introduced the ECNM, which further divides the enterprise network into physical, logical, and functional areas. The ECNM contains functional areas, each of which has its own Building Access, Building Distribution, and Building Core (or Campus Backbone) layers. It is a deterministic network with clearly defined boundaries between modules. The model also has clear demarcation points, so that the designer knows exactly where traffic is located. It increases...

Common Problems with VTP Configuration

- VTP domain and password must match. - Configuration has been overwritten by another VTP device. - Consider making VTP domain smaller. Common Problems with VTP Configuration The table describes some unexpected results that can occur after VTP configuration. The table describes some unexpected results that can occur after VTP configuration. VTP domain name and password must match on a given switch to receive updates from a VTP server. The domain name is case sensitive. VTP version must be...

Allocate IP address spaces in contiguous blocks Allocate one IP subnet per VLAN

Hierarchical network addressing means that IP network numbers are applied to the network segments or VLANs in an orderly fashion that takes into consideration the network as a whole. Blocks of contiguous network addresses are reserved for, and configured on, devices in a specific area of the network. Here are some benefits of hierarchical addressing. Ease of management and troubleshooting Hierarchical addressing groups network addresses contiguously. Network management and troubleshooting are...

And Advance Your Career Cisco Certified Network Professional CCNP

Recommended Training Through Cisco Learning Partners Building Scalable Cisco Internetworks Building Cisco Multilayer Switched Networks Implementing Secure Converged Wide Area Networks You are encouraged to join the Cisco Certification Community, a discussion forum open to anyone holding a valid Cisco Career Certification (such as Cisco CCIE , CCNA , CCDA , CCNP , CCDP , CCIP , CCSP , or CCVP ). It provides a gathering place for Cisco-certified professionals to share questions, suggestions, and...

Describing Transparent Bridges

This topic describes transparent bridges. A switch has the same characteristics as a transparent bridge. Because switches have replaced bridges as the network device for implementing transparent bridging in modern networks, the basic functionality of a switch is identical to that of a transparent bridge on a per-VLAN basis. To understand STP, it is important first to look at the behavior of a transparent bridge without spanning tree. By definition, a transparent bridge has these characteristics...

Rstp Bpdu Flag Byte

Topology Change ACK Agreement Forwarding Learning f 00 Unknown _ 01 Alternative Backup 10 Root RSTP (802.1w) uses type 2, version 2 BPDUs, so an RSTP bridge can communicate with 802.1D on any shared link or with any switch running 802.1D. RSTP sends BPDUs and populates the flag byte in a slightly different manner than the manner used by 802.1D. An RSTP bridge sends a BPDU with its current information every hellotime period (2 seconds by default), even if it does not receive any BPDUs from the...

RSTP Link Types

Link type provides a categorization for each port participating in RSTP. The link type can predetermine the active role that the port plays as it stands by for immediate transition to a forwarding state, if certain parameters are met. These parameters are different for edge ports and nonedge ports. Nonedge ports are categorized into two link types. Link type is automatically determined but can be overwritten with an explicit port configuration. 2006 Cisco Systems, Inc. Implementing Spanning...

Explaining Trunk Link Problems

Trunks can be configured statically or autonegotiated with DTP. For trunking to be autonegotiated, the switches must be in the same VTP domain. Some trunk configuration combinations will successfully configure a trunk, some will not. Will any of the above combinations result in an operational trunk These elements determine whether or not an operational trunk link is formed and also determine the type of trunk the link becomes the trunking mode, the trunk encapsulation type, the VLAN Trunk...

Adjacency Information

Switch show adjacency gigabitethernet 9 5 detail Protocol Interface Address 06(11) 504 packets, 6110 bytes 00605C865B82 000164F83FA50800 ARP 03 49 31 Switch show adjacency type mod port port-channel number detail internal summary Each time an adjacency entry is created, a Layer 2 data link layer header for that adjacent node is precomputed and stored in the adjacency table. This information is subsequently used for encapsulation during CEF switching of packets. Output from the command show...

Are CEF tables complete and accurate

CEF is the fastest means of switching Layer 3 packets in hardware. The CEF tables stored in hardware are populated from information that is gathered by the route processor. Troubleshooting CEF operations therefore has two primary steps. Ensure that the normal Layer 3 operations on the route processor are functioning properly so that the switch tables will be populated with accurate and complete information. Verify that information from the route processor has properly populated the FIB and...