A switch and a router

A switch and a trunk-capable network interface card (NIC) in a node such as a server If a single physical link carries traffic for multiple VLANs, each frame must be marked with a VID so it is differentiated from frames coming from other VLANs. This marking or frame identification is accomplished through the implementation of a trunking protocol. Frame identification uniquely assigns an ID, referred to as a VID, to each frame. Each receiving switch examines this VID to determine the...

About Ether Channel Configuration Commands

interface port-channel channel-group-number channel-group 1 mode mode show interfaces fastethernet 0 1 etherchannel show etherchannel 1 port-channel show etherchannel 1 summary These commands are used to configure and verify EtherChannel. EtherChannel Configuration Commands interface port-channel port-channel-number Creates a port-channel interface and moves to port-channel configuration mode, allowing the configuration of port-channel interface configuration parameters Switch(config-if)...

Adding New Switches to an Existing VTP Domain

This topic describes the procedure to add a new switch to an existing VTP domain. Adding a Switch to an Existing VTP Domain The configuration revision number is used when determining if a switch should keep its existing VLAN database or overwrite it with the VTP update sent by another switch in the same domain with the same password. Therefore, when a switch is added to a network, it is important that it does not inject spurious information into the domain. Caution This overwrite occurs whether...

Associate Switch Ports with the VLAN

Switch ports that are to function at Layer 2 and carry traffic for a single VLAN are configured as access switch ports and are assigned an access VLAN. To configure a Layer 2 switch port as an access port Switch(config-if) switchport mode access This table describes the parameters for the switchport mode access command. Required Configures the interface to function as a Layer 2 port only. On many switches, this is the default. No switchport would reverse this process and, on some switch...

Associate the access switch port with a VLAN

Before assigning a switch port to a specific VLAN, the VLAN may need to be created. The example that follows shows the syntax for creating a VLAN using the Cisco IOS interface. To create a VLAN or enter VLAN configuration mode, use the vlan command Required Any valid VLAN number from 1-4094 if accepted by the switch platform, 1-1024 if not. If VLAN does not presently exist, a VLAN with this vlan_id will be created, and prompt will change to VLAN config mode. If the VLAN already exists, prompt...

Building Distribution submodule also known as Building Distribution layer

Provides aggregation of building access devices, often using Layer 3 switching. The Building Distribution submodule performs routing, QoS, and access control. Traffic generally flows through the building distribution switches and onto the campus core or backbone. This submodule provides fast failure recovery because each building distribution switch maintains two equal-cost paths in the routing table for every Layer 3 network number. Each building distribution switch has connections to...

Campus Backbone submodule also known as Building Core layer Provides

Redundant and fast-converging connectivity between buildings and the Server Farm and Edge Distribution modules. The purpose of the Campus Backbone submodule is to switch traffic as fast as possible between Campus Infrastructure submodules and destination resources. Forwarding decisions should be made at the ASIC level whenever possible. Routing, ACLs, and processor-based forwarding decisions should be avoided at the core and implemented at building distribution devices whenever possible....

Campus Infrastructure Module

The Campus Infrastructure module connects users within a campus to the Server Farm and Edge Distribution modules. The Campus Infrastructure module comprises Building Access and Building Distribution switches connected through the Campus Backbone to campus resources. A Campus Infrastructure module includes these submodules Building Access submodule (also known as Building Access layer) Contains end-user workstations, IP phones, and Layer 2 access switches that connect devices to the Building...

CEFBased MLS Lookups

Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. 1. Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. CEF-based tables are initially populated and used as follows The FIB is derived from the IP routing table and is arranged for maximum lookup throughput....

CEFBased MLS Operation

DA SA SIP DIP Data DA SA SIP DIP Data DA SA SIP DIP Data DA SA SIP DIP Data These are the steps that would occur when you use CEF to forward frames between host A and Step 1 Host A sends a packet to host B. The switch recognizes the frame as a Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3 engine MAC. Step 2 The switch performs a CEF lookup based on the destination IP address (IP-B). The packet hits the CEF entry for the connected (VLAN20) network and is redirected to...

CEFBased Multilayer Switches

CEF caches routing information in the FIB table and Layer 2 next-hop addresses in the adjacency table. Control Plane Builds FIB and adjacency tables in software Data Plane Forwards IP unicast traffic in hardware Control Plane Builds FIB and adjacency tables in software Data Plane Forwards IP unicast traffic in hardware Cisco Systems Layer 3 devices can use a variety of methods to switch packets from one port to another. The most basic method of switching packets between interfaces is called...

Cisco IOS Interface

On most Catalyst switches, Cisco IOS interface is standard for Layer 3 configuration on multilayer switch Cisco Catalyst switch platforms have had a number of different operating systems and user interfaces. Over the years, Cisco has made great strides in converting the interface on nearly every Cisco Catalyst platform to the Cisco IOS interface familiar to Cisco users on routing platforms. Unlike the Cisco Catalyst software, various modes are navigated to execute specific commands. Here is an...

Cisco IOS software is standard for most other switches and for Layer 3 configuration on the modular switches

In the era of the early high-end Cisco Catalyst switches, the Cisco Catalyst operating system (CatOS) and the command interface were significantly different from the Cisco IOS mode navigation interfaces available on all newer Cisco Catalyst platforms. The two interfaces have different features and a different prompt and CLI syntax. Note Desktop Express-based switches use a Cisco Network Assist (GUI interface) not a CLI. 2006 Cisco Systems, Inc. Network Requirements 1-25 This subtopic describes...

Client

Cannot create, change, or delete VLANs Synchronizes VLAN configurations Creates, modifies, and deletes local VLANs Does not synchronize VLAN configurations Saves configuration in NVRAM Creates, modifies, and deletes local VLANs Does not synchronize VLAN configurations Saves configuration in NVRAM On each switch, VTP can be configured to operate in one of three modes server, client, or transparent. The default VTP mode is server. The mode will determine if VLANs can be created on the switch and...

Comparing ISL and 8021Q

Depending on the trunking protocol, data frames sent across a trunk link are either encapsulated or tagged. The purpose of encapsulating or tagging frames is to provide the receiving switch with a VID to identify the VLAN from which the frame originated. The trunking protocol ISL, a Cisco Systems proprietary protocol, encapsulates frames, whereas IEEE 802.1Q inserts a tag into the original Layer 2 data frame. 802.1Q is not proprietary and can be deployed in any Ethernet standards-based Layer 2...

Configuration Revision Number

One of the most critical components of VTP is the configuration revision number. When initially configured, the VTP configuration revision number is set to 0. Each time a VTP server modifies its VLAN information, it increments the VTP configuration revision number by one. It then sends out a VTP advertisement referencing the new configuration revision number. If the configuration revision number being advertised is higher than the number stored on other switches in the VTP domain, they will...

Configure Ether Channel

The table shows the steps for configuring and verifying a Layer 3 EtherChannel interface. Configure a Layer 3 EtherChannel Bundle Switch(config) interface port-channel 1 Creates a virtual Layer 2 interface. Changes interface to Layer 3 to enable the use of the IP address command. Assign an IP address to the port-channel interface because this will be a Layer 3 interface. Switch(config-if) ip address 172.32.52.10 255.255.255.0 Assigns an IP address to the port-channel interface. Navigate to the...

Configured by issuing the spanningtree portfast command

An RSTP edge port is a switch port that is never intended to be connected to another switch device. It immediately transitions to the forwarding state when enabled. The edge port concept is well known to Cisco spanning tree users because it corresponds to the PortFast feature. All ports that are directly connected to end stations anticipate that no switch device will be connected to them, and so they immediately transition to the STP forwarding state, thereby skipping the time-consuming...

Configures Ether Channel load balancing

Switch show etherchannel load-balance Source XOR Destination IP address EtherChannel balances traffic load across the links in a channel. The default and the load balancing method varies among the Cisco Catalyst models. Load balancing is applied globally for all EtherChannel bundles in the switch. To configure EtherChannel load balancing, use the port-channel load-balance command. Load balancing can be based on these variables. The load-balancing keywords are as follows src-mac Source MAC...

Configuring a Port for ISL Trunking with No DTP

When configuring the Layer 2 trunk to not use DTP, this syntax is used so that the trunk mode is set to on, and no DTP messages are sent on the interface. First, enter the shutdown command in the interface mode. Enter the switchport trunk encapsulation command. Enter the switchport mode trunk command. Enter the switchport nonegotiate command. Finally, enter the no shutdown command. 2006 Cisco Systems, Inc. Defining VLANs 2-63

Configuring a Routed Port

Step 3 Assign an IP address to the routed port. Switch(config-if) ip address ip-address mask Step 4 Configure the IP routing protocol if needed. Switch(config) router ip_routing_protocol < options> To configure a routed port, perform these steps. Steps for Inter-VLAN Routing Configuration Create the SVI interface or navigate to configuration mode for the interface. Switch(config-if) ip address n.n.n.n subnet-mask Assign an IP address to the SVI for the VLAN. (Optional) Specify an IP routing...

Configuring a VTP Management Domain

Configure each switch in the following order to avoid dynamic learning of the domain name VTP domain name (case sensitive) VTP mode (server mode is the default) Default VTP configuration values depend on the switch model and the software version. The default values for the Cisco Catalyst 2900, 4000, and 6000 Series switches are as follows VTP trap Disabled (Simple Network Management Protocol SNMP traps communicating VTP status) The VTP domain name can be specified or learned from VTP updates...

Configuring InterVLAN Routing Through an SVI

Switch(config) interface vlan vlan-id Step 3 Assign an IP address to the SVI. Switch(config-if) ip address ip-address mask Step 4 Configure the IP routing protocol if needed. Switch(config) router ip_routing_protocol < options> To configure inter-VLAN routing on a Cisco Catalyst SVI, perform these steps. Steps for Inter-VLAN Routing Configuration The table describes the steps needed to configure inter-VLAN routing. The table describes the steps needed to configure inter-VLAN routing....

Configuring Layer 2 Ether Channel

Switch(config) interface range interface slot port - port Specifies the interfaces to configure in the bundle pagp lacp Specifies the channel protocol either PAgP or LACP number mode active on auto desirable passive Creates the port-channel interface and places the interfaces as members Configure a Layer 2 EtherChannel Bundle This table shows the steps for configuring and verifying an EtherChannel interface. This table shows the steps for configuring and verifying an EtherChannel interface....

Configuring Layer 3 Ether Channel

Switch(config) interface port-channel port-channel-number Creates a port-channel interface Switch(config-if) no switchport Switch(config-if) ip address address mask Specifies L3 and assigns an IP address and subnet mask to the EtherChannel Switch(config) interface interface slot port Specifies an interface to configure Switch(config-if) channel-group number mode auto desirable on Configures the interface as L3 and specifies the port channel and the PAgP mode

Configuring Port Fast

spanning-tree portfast (interface command) or spanning-tree portfast default (global command) - enables PortFast on all nontrunking ports show running-config interface fastethernet 1 1 The table lists the commands used to implement and verify PortFast on an interface. The table lists the commands used to implement and verify PortFast on an interface. Switch(config-if) spanning-tree portfast Enables PortFast on a Layer 2 access port and forces it to enter the forwarding state immediately....

Configuring the Root Bridge

Switch(config) spanning-tree vlan 1 root primary This command forces this switch to be the root. Switch(config) spanning-tree vlan 1 root secondary This command configures this switch to be the secondary root. Or Switch(config) spanning-tree vlan 1 priority priority This command statically configures the priority (in increments of 4096). The switch with the lowest BID becomes the root bridge for a VLAN. Specific configuration commands are used to determine which switch will become the root...

Configuring VTP on a Switch

This subtopic lists the steps used to configure VTP. Displays a list of current VLANs Switch(config) vtp password password_string Switch(config) vtp domain domain_name Sets the VTP mode to server, client, or transparent Displays the current settings for VTP The steps for configuring VTP will vary per design and switch mode, but the general steps for configuring a switch are as follows Step 1 Establish a design specifying what switches will be server, client, or transparent, and what the...

Course Flow

Minimizing Service Loss and Data Theft in a Campus Network The schedule reflects the recommended structure for this course. This structure allows enough time for the instructor to present the course information and for you to work through the lab activities. The exact timing of the subject materials and labs depends on the pace of your specific class. 2006 Cisco Systems, Inc. Course Introduction 3

Course Goal and Objectives

This topic describes the course goal and objectives. In this course, learners will find out how to create an efficient and expandable enterprise network by installing, configuring, monitoring, and troubleshooting network infrastructure equipment according to the Campus Infrastructure module in the Enterprise Composite Network Model. Building Cisco Multilayer Switched Networks Upon completing this course, you will be able to meet these objectives Describe the Campus Infrastructure module of the...

Describing 8021Q Trunking

This topic describes 802.1Q trunking. Adds a 4-byte tag to the original frame Additional tag includes a priority field Does not tag frames that belong to the native VLAN Like ISL, 802.1Q is a protocol that allows a single physical link to carry traffic for multiple VLANs. It is the IEEE standard VLAN trunking protocol. Rather than encapsulating the original Layer 2 frame in its entirety, 802.1Q inserts a tag into the original Ethernet header, then recalculates and updates the FCS in the...

Describing CEF Configuration Commands

This topic describes the commands used to configure CEF on Cisco Catalyst multilayer switches. Use these commands to configure CEF when possible and verify its operation. CEF Configuration Commands The table describes CEF configuration commands. The table describes CEF configuration commands. On a Cisco Catalyst 4000 Series switch, enables CEF if it has been previously disabled. CEF is on by default. Disables CEF on a Cisco Catalyst 4000 Series switch. Switch(config-if) ip route-cache cef On a...

Describing InterVLAN Routing Using External Router Configuration Commands

This topic describes the commands used to configure inter-VLAN routing on an external router. Inter-VLAN routing can be configured using an external router over either ISL or 802.1Q trunks. The commands for configuring the trunk interface on the router are shown in the table. 4-6 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc. Commands for Inter-VLAN Routing on an External Router The table provides a description of the commands used to perform inter-VLAN...

Describing Issues with 8021Q Native VLANs

This topic describes the security issues with 802.1Q native VLANs. Native VLAN frames are carried over the trunk link untagged. A native VLAN mismatch will merge traffic between VLANs. This is a frequent configuration error. The native VLAN that is configured on each end of an 802.1Q trunk must be the same. Remember that a switch receiving an untagged frame will assign it to the native VLAN of the trunk. If one end is configured for native VLAN1 and the other for native VLAN2, a frame sent in...

Describing Local VLANs

Local VLANs are generally confined to a wiring closet. Local VLANs are generally confined to a wiring closet. In the past, network designers attempted to implement the 80 20 rule when designing networks. The rule was based on the observation that, in general, 80 percent of the traffic on a network segment was passed between local devices, and only 20 percent of the traffic was destined for remote network segments. Therefore, end-to-end VLANs were typically used. Designers now consolidate...

Describing Port Fast

This subtopic identifies the features of PortFast. (J) Configure PortFast. Do not configure PortFast. Spanning tree PortFast causes an interface configured as a Layer 2 access port to transition from blocking to forwarding state immediately, bypassing the listening and learning states. You can use PortFast on Layer 2 access ports that are connected to a single workstation or to a server to allow those devices to connect to the network immediately rather than waiting for spanning tree to...

Describing Pvrst Implementation Commands

This topic describes the commands used to implement Per VLAN Rapid Spanning Tree (PVRST). The table describes the commands that enable PVRST. Switch(config) spanning-tree mode rapid-pvst show spanning-tree vlan vlan-number detail Shows commands that are VLAN-based rather than instance-based 2006 Cisco Systems, Inc. Implementing Spanning Tree 3-47

Describing RSTP Port States

This topic describes the three RSTP port states. This topic describes the three RSTP port states. RSTP provides rapid convergence following the failure or re-establishment of a switch, switch port, or link. An RSTP TC will cause a transition in the appropriate switch ports to the forwarding state through either explicit handshakes or a proposal and agreement process and synchronization. With RSTP, the role of a port is separated from the state of a port. For example, a designated port could be...

Describing the Extended System ID

This topic describes changes to the Bridge Priority field to accommodate the MSTP instance number. Extended System ID in Bridge ID Field MST Instance Number Carried in Extended System ID Area As with PVST, the 12-bit Extended System ID field is used in MSTP. In MSTP, this field carries the MSTP instance number. The 802.1D protocol states that each bridge must have a unique bridge identifier. In PVST, each VLAN is considered to be a different logical bridge. Therefore, each VLAN needs a unique...

Describing VTP Operation

This topic describes how VTP distributes and synchronizes VLAN information. VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change. Switches within a VTP management domain synchronize their VLAN databases by sending and receiving VTP advertisements over trunk links. VTP advertisements are flooded throughout a management domain by switches that are running in...

Determining Equipment and Cabling Needs

Each link provides adequate bandwidth for traffic aggregating over that link. There are four objectives in the design of any high-performance network security, availability, scalability, and manageability. The ECNM, when implemented properly, provides the framework to meet these objectives. In the migration from a current network infrastructure to the ECNM, a number of infrastructure changes may be needed, including the replacement of current equipment and the existing cable plant. This list...

Display spanning tree mode is set to PVRST

A variety of show commands can be used to display configuration and operation information about spanning tree. The show spanning-tree command takes several arguments to display a variety of information about the STP configuration. Without any arguments, it will display general information about all STP configurations. The complete syntax is as follows Switch show spanning-tree bridge-group active backbonefast bridge id detail inconsistentports interface interface interface-number root summary...

Displaying Hardware Layer 3 Switching Statistics

Switch show interfaces type mod port number include switched Switch show interfaces gigabitethernet 9 5 include switched L2 Switched ucast 8199 pkt, 1362060 bytes - mcast 6980 pkt, 371952 bytes L3 in Switched ucast 3045 pkt, 742761 bytes - mcast 0 pkt, 0 bytes mcast L3 out Switched ucast 2975 pkt, 693411 bytes - mcast 0 pkt, 0 bytes Use the show interfaces command with the include switch argument to show switching statistics at each layer for the interface. Verify that Layer 3 packets are being...

Displays interface information

Switch show run interface gig 0 9 Building configuration interface GigabitEthernet 0 9 switchport mode dynamic desirable channel-group 2 mode desirable channel-protocol pagp end Switch show run interface gig 0 9 Building configuration interface GigabitEthernet 0 9 switchport mode dynamic desirable channel-group 2 mode desirable channel-protocol pagp end Use the show interfaces interface num etherchannel command to display information about the port channel and the specific EtherChannel...

Distributed Hardware Forwarding

Layer 3 switching software employs a distributed architecture in which the control path and data path are relatively independent. The control path code, such as routing protocols, runs on the route processor, whereas most of the data packets are forwarded by the Ethernet interface module and the switching fabric. Each interface module includes a microcoded processor that handles all packet forwarding. These are the main functions of the control layer between the routing protocol and the...

Does not modify the original frame

ISL is a Cisco proprietary protocol option for configuring Layer 2 trunk links. It is the original standard for trunking between switches and predates IEEE trunking standards. ISL takes original Layer 2 frames and encapsulates them with a new ISL header and trailer, cyclic redundancy check (CRC), before placing them on the trunk link. Because an entirely new header is appended to the original frame, the header offers some features not found in 802.1Q, an alternative trunking protocol. These are...

Dynamic Access Port Association

Switch ports can be dynamically associated with a given VLAN based upon the MAC address of the device connecting on that port. This requires that the switch query a VLAN Membership Policy Server (VMPS) to determine what VLAN to associate with a switch port, when a specific source MAC address is seen on the switch port. This might be beneficial with a set of workstations that rove throughout the enterprise. Regardless of what switch or switch port the workstation connected to, that switch port...

Dynamic Trunk Negotiation Protocols

The PAgP aids in the automatic creation of Fast EtherChannel links. PAgP packets are sent between Fast EtherChannel-capable ports to negotiate the forming of a channel. When PAgP identifies matched Ethernet links, it groups the links into an EtherChannel. The EtherChannel is then added to the spanning tree as a single bridge port. The management of the EtherChannel is done by PAgP. PAgP packets are sent every 30 seconds, using multicast group MAC address 01-00-0C-CC-CC-CC with protocol value...

ECNM Functional Areas

The ECNM introduces modularity by dividing the network into functional areas that ease design, implementation, and troubleshooting tasks. An enterprise campus is defined as one or more buildings, with multiple virtual and physical networks, connected across a highperformance, multilayer-switched backbone. The ECNM contains these three major functional areas Enterprise Campus The Enterprise Campus functional area contains the modules required to build a hierarchical, highly robust campus network...

Establishes primary and secondary roots for MST instance

Given the following steps, all switches would be configured with the spanning tree MSTP and extend system-id syntax, and only the distribution switches that terminate the VLANs would have their priority changed. Switch(config) spanning-tree mst configuration You can use the no keyword to clear the MSTP configuration. Display the current MSTP configuration. Set the MSTP configuration revision number. Switch(config-mst) revision revision number The revision number can be any unassigned 16-bit...

Ether Channel

Logical aggregation of similar links Logical aggregation of similar links Companies require greater and cheaper bandwidth to run their networks. Users are becoming more impatient with any sort of latency that occurs in the network. The insatiable appetite of customers for faster networks and higher availability of the networks has made the competition intense between vendors. Some years ago, Cisco Systems came up with a method to not only provide substantially higher bandwidth but to provide it...

Ether Channel Guidelines

Switch show run interface FastEthernet0 9 description DSW121 0 9-10 - DSW122 0 9-10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,21-28 switchport mode trunk switchport nonegotiate duplex full speed 100 interface FastEthernet0 10 description DSW121 0 9-10 - DSW122 0 9-10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,21-28 switchport mode trunk switchport nonegotiate duplex full speed 100 This example shows how to configure an EtherChannel following...

Ether Channel Load Balancing Characteristics

EtherChannel balances the traffic load across the links in a channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel. EtherChannel load balancing can use either source-MAC or destination-MAC address forwarding. With source-MAC address forwarding, when packets are forwarded to an EtherChannel, they are distributed across the ports in the channel based on the source-MAC address of the incoming packet....

Example Displaying Detailed MSTP Information

This example displays detailed MSTP information for a specific instance. Switch show spanning-tree mst 1 detail MST01 vlans mapped 1-10 Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1) FastEthernet4 4 of MST01 is backup blocking Port info port id 240.196 priority 240 cost 1000 Designated root address 00d0.00b8.1400 priority 32769 cost 0 Designated bridge address 00d0.00b8.1400 priority 32769 port id 128.197 Timers message expires in 5 sec, forward delay 0, forward transitions 0...

Example Displaying General MSTP Information

This example shows how to display general MSTP information. Notice that the output is grouped by MSTP instances, starting with the IST. MST00 vlans mapped 11-4094 Bridge address 00d0.00b8.1400 priority 32768 (32768 sysid 0) Root address 00d0.004a.3c1c priority 32768 (32768 sysid 0) Operational hello time 2, forward delay 15, max age 20, max hops 20 Configured hello time 2, forward delay 15, max age 20, max hops 20 Back BLK 1000 Desg FWD 200000 Root FWD 200000 MST01 vlans mapped 1-10 Bridge...

Example Displaying InterVLAN Configuration Information

The following examples of the show commands displays first, a snapshot of inter-VLAN status, and second, the routing table in use Virtual LAN ID 10 (Inter Switch Link Encapsulation) vLAN Trunk Interface FastEthernet0 0.10 Protocols Configured Address Received Virtual LAN ID 20 (Inter Switch Link Encapsulation) vLAN Trunk Interface FastEthernet0 0.20 Protocols Configured 4-12 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Example Displaying MSTP Information for a Specific Instance

This example displays MSTP information for a specific instance. MST01 vlans mapped 1-10 Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1) Interface Role Sts Cost Prio.Nbr Status 3-64 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Example Displaying MSTP Information for a Specific Instance and Interface

This example displays MSTP information for a specific interface and a specific MSTP instance. Switch show spanning-tree mst 1 interface fastethernet 4 4 FastEthernet4 4 of MST01 is backup blocking Edge port no (default) port guard none (default) Link type point-to-point (auto) bpdu filter disable (default) Boundary internal bpdu guard disable (default) Bpdus (MRecords) sent 2, received 3 64 Instance Role Sts Cost Prio.Nbr Vlans mapped 1 Back BLK 1000 240.196 1-10 2006 Cisco Systems, Inc....

Example Displaying MSTP Information for a Specific Interface

This example displays MSTP information for a specific interface. Switch show spanning-tree mst interface fastethernet 4 4 FastEthernet4 4 of MST0 0 is backup blocking Edge port no (default) port guard none (default) Link type point-to-point (auto) bpdu filter disable (default) Boundary internal bpdu guard disable (default) Bpdus sent 2, received 368 Instance Role Sts Cost Prio.Nbr Vlans mapped 0 Back BLK 1000 240.196 11-4094 1 Back BLK 1000 240.196 1-10

Example Displaying Routing Table Information

Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0 24 is subnetted, 2 subnets C...

Example Endto End VLAN Implementation

In a military setting, one VLAN is designated to carry top-secret data. Users with access to that data are widely dispersed throughout the network. Because all devices on that VLAN have similar security requirements, security is handled by access lists at the Layer 3 devices that route traffic onto the segment (VLAN). Security can be applied VLAN-wide without addressing security at each switch in the network, which might have only a single user on the top-secret VLAN. 2006 Cisco Systems, Inc....

Example Layer 2 Topology Negotiation

Here is a scenario with switches running STP and exchanging information as shown in the figure. From this information, exchange will yield these final results The election of a root bridge as a Layer 2 topology point of reference The determination of the best path to the root bridge from each switch The election of a designated switch and corresponding designated port for every switched segment The removal of loops in the switched network by transitioning some switch links to a blocked state...

Explaining MSTP

Instance 1 maps to VLANs 1-500 Instance 2 maps to VLANs 501-1000 Instance 1 maps to VLANs 1-500 Instance 2 maps to VLANs 501-1000 The main purpose of MSTP is to reduce the total number of spanning tree instances to match the physical topology of the network and thus reduce the CPU loading of a switch. The instances of spanning tree are reduced to the number of links (that is, active paths) that are available. If the example in the diagram were implemented via Per VLAN Spanning Tree+ (PVST+),...

Explaining Multilayer Switching

Traditionally, a switch makes forwarding decisions by looking at the Layer 2 header, whereas a router makes forwarding decisions by looking at the Layer 3 header. A multilayer switch combines the functionality of a switch and a router into one device, thereby enabling the device to switch traffic when the source and destination are in the same VLAN and to route traffic when the source and destination are in different VLANs (that is, different subnets). In the figure, traffic between PC A and PC...

Extended System ID in Bridge ID Field

Bridge ID Without the Extended System ID Bridge ID with the Extended System ID 2 bytes 6 bytes 4 Bridge ID - 8 Bytes Spanning tree operation requires that each switch have a unique BID. In the original 802.1D standard, the BID was composed of the Priority Field and the MAC address of the switch, and all VLANs were represented by a CST. Because PVST requires that a separate instance of spanning tree run for each VLAN, the BID field is required to carry VLAN ID (VID) information. This is...

FIB Table Updates

The FIB table is updated when these events occur An ARP entry for the destination next hop changes, ages out, or is removed. The routing table entry for a prefix changes. The routing table entry for the next hop changes. These are the basic steps for initially populating the adjacency table Step 1 The Layer 3 engine queries the switch for a physical MAC address. Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine. This MAC address is assigned...

Forming an Association with the Root Bridge

This subtopic identifies methods by which switch ports determine their role in STP. What is the shortest path to the root bridge Nonroot bridges place various ports in their proper roles by listening to BPDUs as they come in on all ports. Receiving BPDUs on multiple ports indicates a redundant path to the root bridge. The switch looks at these components in the BPDU to determine which switch ports will forward data and which switch ports will block data The switch looks at the path cost first...

Guidelines for Configuring Ether Channel

All Ethernet interfaces must support EtherChannel with no contingencies. All interfaces in an EtherChannel must be configured at the same speed and duplex. EtherChannel will not form if one of the interfaces is a switched port analyzer destination port. IP addresses must be assigned to port-channel logical interfaces in Layer 3 EtherChannels. Interfaces must be assigned to the same VLAN or configured as trunks in Layer 2 EtherChannels. Follow these guidelines and restrictions when configuring...

Guidelines for Configuring Ether Channel Cont

All interfaces must support the same allowed range of VLANs. Interfaces in the same bundle can support varying port costs. Port-channel interface configuration changes Physical interface configuration changes Range of VLANs An EtherChannel supports the same allowed range of VLANs on all the interfaces in a trunking Layer 2 EtherChannel. If the allowed range of VLANs is not the same, the interfaces do not form an EtherChannel, even when set to auto or desirable mode. For Layer 2 EtherChannels,...

High latency over Layer 2 switching

Executives and Administration, IT, Sales and Human Resource Executives and Administration, IT, Sales and Human Resource A major limitation of Layer 2 switches is that they cannot switch traffic between Layer 3 network segments (IP subnets for example). Traditionally, this was done using a router. Unlike switches, a router acts as a broadcast boundary and does not forward broadcasts between its interfaces. Additionally, a router provides for an optimal path determination process. The router...

Highspeed scalability

Multilayer switching is hardware-based switching and routing integrated into a single platform. In some cases, the frame and packet forwarding operation is handled by the same specialized hardware ASIC and other specialized circuitry. A multilayer switch does everything to a frame and packet that a traditional switch or router does, including the following Provides multiple simultaneous switching paths Segments broadcast and failure domains Provides destination-specific frame forwarding based...

Identifying the Rstp Tcn Process

This topic describes the process that RSTP uses to notify all bridges in the network of a TC. In 802.1D, any port state change generates a TCN. When an 802.1D bridge detects TC, it sends TCNs toward the root bridge. The root bridge sets the TC flag on the outbound BPDUs that are relayed to switches down from the root. When a bridge receives a BPDU with the TC flag bit set, the bridge reduces its bridge-table aging time to forward delay seconds. This ensures a relatively quick flushing of the...

IEEE Documents

IEEE 802.1 D - Media Access Control (MAC) bridges IEEE 802.1Q -Virtual Bridged Local Area Networks IEEE 802.1w - Rapid Reconfiguration (Supp. to 802.1D) IEEE 802.1s - Multiple Spanning Tree (Supp. to 802.1Q) IEEE 802.1t - Local and Metropolitan Area Network Common Specifications The documents listed are available on the IEEE Web site, http www.ieee.org. 2006 Cisco Systems, Inc. Implementing Spanning Tree 3-29

If users are moved within the campus their VLAN membership remains the same

The term end-to-end VLAN refers to a single VLAN that is associated with switch ports that are widely dispersed throughout an enterprise network. Traffic for this VLAN is carried throughout the switched network. If many VLANs in a network are end-to-end, special links (trunks) are required between switches to carry the traffic of all the different VLANs. An end-to-end VLAN has these characteristics The VLAN is geographically dispersed throughout the network. Users are grouped into the VLAN...

Implement Switch and VLAN Security Measures

When implementing VLANs, you should consider a few measures to secure the VLAN and the switch itself. The security policy of the organization will likely have more detailed recommendations, but these can provide a foundation. Create a parking-lot VLAN with a VLAN ID (VID) other than VLAN1, and place all unused switch ports in this VLAN. This VLAN may provide the user with some minimal network connectivity. (Check on the security policy of your organization before implementing.) Disable unused...

Implement VLAN and switch security

To create or configure a VLAN and associate switch ports, follow these steps Step 2 Verify the VLAN configuration. Step 3 Associate switch ports with the VLAN. Step 4 Verify the switch port configuration. Step 6 Implement switch and VLAN security measures. These steps are explained in greater detail in the remainder of this topic. 2-32 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Implementing InterVLAN Routing

Describing Routing Between VLANs_4-3 Inter-VLAN Routing Using an External Router 4-4 Describing Inter-VLAN Routing Using External Router Configuration Commands 4-6 Configuring Inter-VLAN Routing Using an External Router 4-8 Configuring an External Router Using ISL 4-10 Verifying the Inter-VLAN Routing Configuration Using ping 4-11 Verifying the Inter-VLAN Routing Configuration 4-12 Example Displaying Inter-VLAN Configuration Information 4-12 Example Displaying Routing Table Information 4-13...

Implementing Pvrst Commands

This topic explains the procedure to implement RSTP in a switched network. The table describes how to configure PVRST. If spanning tree is disabled, enable it for a VLAN. Switch(config) spanning-tree vlan vlan-range Set spanning tree mode to Rapid PVST+. Default is 802.1D (shows as ieee). Switch(config) spanning-tree mode rapid-pvst 3-48 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.

Implementing RSTP

Describing RSTP Port States 3-34 Describing RSTP Port Roles 3-36 Describing RSTP Link Types 3-39 Identifying the RSTP Proposal and Agreement Process 3-43 Downstream RSTP Proposal Process 3-44 Identifying the RSTP TCN Process 3-45 Describing PVRST Implementation Commands 3-47 Implementing PVRST Commands 3-48 Verifying the PVRST Configuration 3-49 Describing the Extended System ID 3-56 Interacting Between MST Regions and 802.1Q 3-57 Describing MSTP Implementation Commands 3-59 Configuring and...

Implementing VLANs

Describing End-to-End VLANs 2-20 Example End-to-End VLAN Implementation 2-21 Benefits of Local VLANs in an Enterprise Campus Network 2-24 Explaining VLAN Access Ports 2-28 Dynamic Access Port Association 2-29 Describing VLAN Implementation Commands 2-30 1. Create or Configure a VLAN 2-33 2. Verify VLAN Configuration 2-34 3. Associate Switch Ports with the VLAN 2-35 4. Verify Switch Port Configuration 2-35 5. Test VLAN Connectivity 2-36 6. Implement Switch and VLAN Security Measures 2-36 Summary...

Implementing VTP in the ECNM

Have only one or two VTP servers. Manually configure the VTP domain name on all devices. When setting up a new domain - Configure VTP client switches first so that they participate passively. When cleaning up an existing VTP domain - Configure passwords on servers first because clients may need to maintain current VLAN information until the server is verified as complete. Here is a list of general best practices with regard to configuring VTP in the Enterprise Plan...

Improves flexibility and increases efficiency

With its vision of the IIN, Cisco is helping organizations to address new IT challenges, such as the deployment of service-oriented architectures, Web services, and virtualization. Cisco SONA is an architectural framework that guides the evolution of enterprise networks to an IIN. The Cisco SONA framework provides several advantages to enterprises, such as the following Outlines the path towards the IIN Illustrates how to build integrated systems across a fully converged IIN Improves...

Integration of networked resources and information assets that have been largely

Unlinked The modern converged networks with integrated voice, video, and data require that Information Technology (IT) departments more closely link the IT infrastructure with the network. Intelligence across multiple products and infrastructure layers The intelligence built into each component of the network is extended network-wide and applies end-to-end. Active participation of the network in the delivery of services and applications With added intelligence, the IIN makes it possible for the...

Interacting Between MST Regions and 8021D

One issue that arises from MSTP design is interoperability with the CST implementation in 802.1D. According to the IEEE 802.1s specification, an MSTP switch must be able to handle at least one Internal Spanning Tree (IST). The MST region consists of one IST and an arbitrary number of MSTP instances. These are two functionally equivalent diagrams. Notice the location of the different blocked ports. In a typically bridged network, you expect to see a blocked port between Switch M and Switch B....

Interconnection Technologies

10-Gigabit High-speed I Ethernet switch linkS 2006 Cisco Systems, Inc. All rights reserved. A number of technologies are available to interconnect devices in the campus network. Some of the more common technologies are listed here. The interconnection technology selected will depend on the amount of traffic the link must carry. A mixture of copper and fiber-optic cabling will likely be used, based on distances, noise immunity requirements, security, and other business requirements. Fast...

Interface fa01

- ip address 10.3.3.1 255.255.255.0 Routed switch ports are typically configured by removing the Layer 2 switch port capability of the switch port. On most switches, the ports are Layer 2 ports by default. On some switches, the ports are Layer 3 ports by default. The layer at which the port functions determines the commands that can be configured on the port. Routed ports have these characteristics and functions The port is a physical switch port with Layer 3 capability. The port is not...

Interface Modes

Interfaces can be set in any of several modes to control EtherChannel formation. Comparison of Interface Modes The table shows the different settings for PAgP and LACP. The table shows the different settings for PAgP and LACP. Auto This PAgP mode places an interface in a passive negotiating state in which the interface responds to the PAgP packets that it receives but does not initiate PAgP negotiation (default). Passive This LACP mode places a port in a passive negotiating state. In this...

InterVLAN Routing on External Router 8021Q Trunk Link

A router interface providing inter-VLAN routing on a trunk link must be configured with a subinterface for each VLAN that will be serviced across the link. Each subinterface on the physical link must then be configured with the same trunk encapsulation protocol. That protocol, either 802.1Q or ISL, is typically determined by what was configured on the switch side of the link. Use the encapsulation dotlq subinterface configuration command to enable 802.1Q encapsulation on a router subinterface....

InterVLAN Routing on External Router ISL Trunk Link

Configuring an External Router Using ISL Encapsulation Use the encapsulation isl vlan id subinterface configuration command to enable ISL trunking on a router subinterface. The native keyword is not used on the encapsulation ISL subinterface command because ISL does not have the concept of a native VLAN. ISL Encapsulation Commands for External Routers The table describes the actions needed to perform ISL encapsulation on external routers. Enable ISL trunking on the switch port connecting to the...

ISL Encapsulation

When a switch port is configured as an ISL trunk port, the entire original Layer 2 frame, including header and frame check sequence (FCS) trailer, will be encapsulated before it traverses the trunk link. Encapsulation is the process of placing an additional header in the front and a trailer at the end of the original Layer 2 frame. The ISL header will contain the VID of the VLAN where the frame originated. At the receiving end, the VID is read, the header and trailer are removed, and the...

ISL Header

The ISL header contains various fields with values that define attributes of the original Layer 2 data within the encapsulated frame. This information is used for forwarding, media identification, and VLAN identification. The population of the fields within the ISL header varies, based on the type of VLAN and the media of the link. The ASIC on an Ethernet port encapsulates the frames with a 26-byte ISL header and a 4-byte FCS. This 30-byte ISL encapsulation overhead is consistent among the...

ISL Trailer

The trailer portion of the ISL encapsulation is an FCS that carries a CRC value calculated on the original frame plus the ISL header as the ISL frame was placed onto the trunk link. The receiving ISL port recalculates this value. If the CRC values do not match, the frame is discarded. If the values match, the switch discards the FCS as a part of removing the ISL encapsulation so that the original frame can be processed. The ISL trailer consists of these frame checks FCS Consists of 4 bytes....

ISL Trunk Configuration

Switch(config) interface fastethernet 2 1 Switch(config-if) shutdown Switch(config-if) switchport trunk encapsulation isl Switch(config-if) switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if) switchport mode trunk Switch(config-if) switchport nonegotiate Switch(config-if) no shutdown In the example, interface Fast Ethernet 2 1 has been configured as a trunk link for ISL that is permanently on. DTP negotiation is not allowed. The trunk link will carry VLAN traffic for VLANs 1-5 and...

Large amount of unknown MAC unicast traffic

A poorly designed network has increased support costs, reduced service availability, and limited support for new applications and solutions. Less than optimal performance will affect end users directly and will affect access to central resources. Here are some of the issues that stem from a poorly designed network. Failure domains One of the most important reasons to implement an effective design is to minimize the extent of a network problem when it occurs. When Layer 2 and Layer 3 boundaries...

Layer 2 Switch Forwarding Process

Layer 2 forwarding in hardware is based on the destination MAC address. The Layer 2 switch learns the address, based on the source MAC address. The MAC address table lists MAC and VLAN pairs with associated interfaces. How a Layer 2 Switch Forwards Packets The table describes how a Layer 2 switch forwards packets. The Layer 2 engine receives a frame. The Layer 2 engine performs the input ACL lookup. The Layer 2 lookup engine looks up the destination MAC address and determines if the frame is to...

Layer 3 SVI

An SVI is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch. It is virtual in that there is no physical interface for the VLAN, and yet it can accept configuration parameters applied to any Layer 3 router interface. The SVI for the VLAN provides Layer 3 processing for packets from all switch ports associated with that VLAN. Only one SVI can be associated with a VLAN. You configure an SVI for a VLAN for these reasons To provide a default gateway for...

Logical Packet Flow for a Multilayer Switch

Layer 3 forwarding is based on the destination IP address. Layer 3 forwarding occurs when a packet is routed from a source in one subnet to a destination in another subnet. When a multilayer switch sees its own MAC address in the Layer 2 header, it recognizes that the packet is either destined for itself or has been sent to the default gateway. If the packet is not destined for the multilayer switch, then the destination IP address is compared against the Layer 3 forwarding table for the...

Masks used to wildcard some content fields

Mask 1 Match All 32 bits of source IP address Mask 2 Match Most significant 24 bits of source IP address In specific high-end switch platforms, the TCAM is a portion of memory designed for rapid, hardware-based table lookups of Layer 3 and Layer 4 information. In the TCAM, a single lookup provides all Layer 2 and Layer 3 forwarding information for frames, including CAM and ACL information. The figure displays the ACL information stored in the TCAM table that would result in a packet being...

Module Objectives

Upon completing this module, you will be able to implement spanning tree operation in a hierarchical network. This ability includes being able to meet these objectives Explain the operation of STP to include enhancements to it, such as RSTP, PVST+, PVRST, and MSTP Describe RSTP and the procedure for implementing it in an existing network Describe MSTP and the procedure for implementing it in an existing network Configure link aggregation with EtherChannel 3-2 Building Cisco Multilayer Switched...

Module Self Check

Use the question here to review what you learned in this module. The correct answer is found in the Module Self-Check Answer Key. Q1) Which attribute does not apply to multilayer switches (Source Introducing Campus Networks) A) combine Layer 2, 3, and 4 switching C) combine Layer 1, Layer 2, and Layer 3 switching D) provide high-speed scalability 1-30 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc. 2006 Cisco Systems, Inc. Network Requirements 1-31 1-32...