ccnp switch final v6
DESCRIPTION
swith final v6 exam switchTRANSCRIPT
-
9000235254 P. NAGABABU [email protected] 9553.9553.07
This material is valid till 31st November 2011. New material is available on 1
st December 2011 1 | P a g e
CCNP CISCO CERTIFIED NETWORK PROFESSIONAL- SWITCH
9000235254
P. NAGABABU
9553.9553.07
CCNP-Cisco Certified Network Professional
Prepared by Nagababu Polisetti
C I S C O C E R T I F I E D N E T W O R K P R O F E S S I O N A L C C N P S W I T C H
-
9000235254 P. NAGABABU [email protected] 9553.9553.07
This material is valid till 31st November 2011. New material is available on 1
st December 2011 2 | P a g e
INDEX
Lesson Topic Page No
1 Switch Operation 3
2 Ethernet Port Configuration 9
3 VLANs and Trunks 14
4 VTP 21
5 Link Aggregation 26
6 Switch Functioning 31
7 Traditional STP 34
8 STP configuration 42
9 Protect STP 48
10 Advanced STP 53
11 MLS 61
12 Campus Network Design 68
13 L3 Availability- Load balancing 74
14 Supervisor Power Redundancy 89
15 IP Telephony 98
16 Secure Switch Access 105
17 Secure VLANs 113
18 WLANs 118
-
9000235254 P. NAGABABU
This material is valid till 31st Nov
LESSON 1 : SWITCH OPERATION
It gets the data from one port
It reads source MAC and destination MAC from L2 Header
Looks into CAM table finds the outgoing port information
Then unicasts the data to outgoing port
If there is no outgoing port information then do unknown unicast flooding
It enters source MAC, incoming port information in MAT
If CAM table already has that entry refreshe
Switch can work at full duplex or half duplex
Switch has dedicated circuits between ports (Micro segmentation)
(Every port has dedicated bandwidth)
Switch has specialized hardware called ASICS, provides faster switching
L2Switch can read L2 header. It cant read
L2 Header contains source MAC, destination MAC information
L3 Header contains source IP, destination IP information
L4 Header contains source Port, destination Port information
P. NAGABABU [email protected]
November 2011. New material is available on 1st
Decem
LESSON 1 : SWITCH OPERATION
L2 Switch Operation
It reads source MAC and destination MAC from L2 Header
table finds the outgoing port information
Then unicasts the data to outgoing port
If there is no outgoing port information then do unknown unicast flooding
It enters source MAC, incoming port information in MAT
If CAM table already has that entry refreshes it
Switch can work at full duplex or half duplex
Switch has dedicated circuits between ports (Micro segmentation)
(Every port has dedicated bandwidth)
Switch has specialized hardware called ASICS, provides faster switching
t cant read L3 header, L4 Header
L2 Header contains source MAC, destination MAC information
L3 Header contains source IP, destination IP information
L4 Header contains source Port, destination Port information
9553.9553.07
ecember 2011 3 | P a g e
LESSON 1 : SWITCH OPERATION
-
9000235254 P. NAGABABU [email protected] 9553.9553.07
This material is valid till 31st November 2011. New material is available on 1
st December 2011 4 | P a g e
When a frame arrives at switch port, it is placed into one of the ports ingress queues
Queues have different priority levels to process important frames first
Switch hardware decides where to and how to forward the frame by making three fundamental decisions
All decisions are made simultaneously by independent portions of switching hardware, provides faster
switching
L2 forwarding table
The frames destination MAC address is used as index
If the address is found, the egress switch port and appropriate vlan-id are read from the table
If there is no destination MAC, unicast flooding happens at egress ports
Security ACL
TCAM contains ACL in compiled form in a single table lookup
It takes decision to permit or deny the frame
Qos ACL
TCAM contains Qos ACL in compiled form in a single table lookup
It takes the decisions to prioritize the traffic and to mark Qos parameters in outbound frames
MultiLayer Switch Operation
L2 switches forward frames based on L2 header
MLS forwards the frames based on L2, L3, L4 headers
So named as Multi Layer switch or MLS
Two types of MLS (Multi layer switch)
o Route Caching
o Topology based
MLS- Route Caching
The first generation of MLS requires Route processor (RP) and Switch Engine (SE)
RP process a traffic flows first packet to determine the destination
SE listens to the first packet to the resulting destination and sets up a shortcut entry in its MLS cache
SE forwards subsequent packets in the same traffic flow based on cache entries
Net flow LAN switching, flow-based, demand-based switching
Also called as route once, switch many
MLS- Topology Based
The second generation of MLS utilizes a specialized hardware
FIB forward information base (area of hardware)
L3 routing information builds and populates into FIB database
This database has efficient table lookups
so packets can be forwarded at high speed
If a network topology changes, the new routing information is updated in FIB database dynamically without
performance effect
Topology based MLS is also known as CEF (Cisco Express forwarding)
-
9000235254 P. NAGABABU
This material is valid till 31st Nov
When a frame arrives at switch port, it is placed into one of the ports ingress queues
Each packet is pulled off an ingress queue and inspected for both L2 and L3 destination addresses
Decision of where to forward the packet is based on two address tables
Decision of how to forward the packet is based on ACL and QoS
All these actions are performed simultaneously in hardware
L2 forwarding table
The destination MAC is used as an index to the CAM table
If the frame contains packet to be forwarded, destinatio
In this case CAM table results are used
L3 forwarding table
The destination IP is used as an index in FIB table
The longest match is found and next
FIB also has each next-hop L2 address and egress switch po
So single table lookups are enough
Security ACLs
ACLs are compiled into TCAM entries to filter packets in a single table lookup
Qos ACLs
Packet classification, policing and marking all can be performed as single table lookups in Qos TCAM
L3 rewrite
The packet is put into L3 rewrite
The TTL (time to live) decremented by 1 and L3 checksums are recalculated
L2 header source MAC, destination MAC are rewritten
New Source MAC is MLS interface L2 address
New Destination MAC is next hop L2 address
L2 checksums are recalculated
CEF can directly forward most IP packets between hosts
are known.
P. NAGABABU [email protected]
November 2011. New material is available on 1st
Decem
arrives at switch port, it is placed into one of the ports ingress queues
Each packet is pulled off an ingress queue and inspected for both L2 and L3 destination addresses
Decision of where to forward the packet is based on two address tables FIB and CAM
Decision of how to forward the packet is based on ACL and QoS
All these actions are performed simultaneously in hardware
The destination MAC is used as an index to the CAM table
If the frame contains packet to be forwarded, destination MAC is L3 ports MAC
In this case CAM table results are used
The destination IP is used as an index in FIB table
The longest match is found and next-hop L3 address is obtained
hop L2 address and egress switch port, vlan-id
So single table lookups are enough
ACLs are compiled into TCAM entries to filter packets in a single table lookup
Packet classification, policing and marking all can be performed as single table lookups in Qos TCAM
The packet is put into L3 rewrite
The TTL (time to live) decremented by 1 and L3 checksums are recalculated
L2 header source MAC, destination MAC are rewritten
New Source MAC is MLS interface L2 address
New Destination MAC is next hop L2 address
CEF can directly forward most IP packets between hosts. This occurs when both source-destination L2, L3 addresses
9553.9553.07
ecember 2011 5 | P a g e
arrives at switch port, it is placed into one of the ports ingress queues
Each packet is pulled off an ingress queue and inspected for both L2 and L3 destination addresses
FIB and CAM
Packet classification, policing and marking all can be performed as single table lookups in Qos TCAM
destination L2, L3 addresses
-
9000235254 P. NAGABABU
This material is valid till 31st Nov
CEF can not directly forward some IP packets
needed. These packets are flagged for further processing
The packets require further process are
ARP requests and replies
IP packets require router response (TTL expired, MTU exceeded, fragmentation)
IP broadcasts relayed as unicast (DHCP reque
Routing protocol updates
Cisco Discovery protocol updates
IPX routing protocol and service updates
Packets needs encryption
Packets triggering NAT
Non-IP and Non
Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding
Its not possible to maintain every possible host MAC address in large networks
CAM table entry expires after 300 seconds by default if no frames are seen
To make static entry in CAM table
Switch purges CAM table entry if the port is down or if the same MAC is learned on a different switchport
If the switch notices that a MAC is being learned on alternating switch ports, it generates an error message
flapping between interfaces
TCAM ternary CAM
TCAMs have compiled information
TCAM evaluates a packet against an entire ACL in a
Switches can have multiple TCAMs to process the packet against
security ACLs and Qos ACL in parallel with L2
IOS has two components that are part of the TCAM
1. Feature Manager (FM)
o if the ACL is created FM
2. Switching Database Manager (SDM)
o SDM software configures or tunes the TCAM partitions to perform different functions, if needed
o TCAMs are fixed in 4500, 6500 platforms, cant be repartitioned
Three (Ternary) input values are used in TCAM
0 1 are binary values used to define a key
P. NAGABABU [email protected]
November 2011. New material is available on 1st
Decem
CEF can not directly forward some IP packets, if they are special packet types or if there is any spec
These packets are flagged for further processing
The packets require further process are
ARP requests and replies
IP packets require router response (TTL expired, MTU exceeded, fragmentation)
IP broadcasts relayed as unicast (DHCP requests, IP helper-address functions)
Routing protocol updates
Cisco Discovery protocol updates
IPX routing protocol and service updates
Packets needs encryption
Packets triggering NAT
IP and Non-IPX protocol packets (appletalk, decnet etc)
CAM TABLES Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding
Its not possible to maintain every possible host MAC address in large networks
CAM table entry expires after 300 seconds by default if no frames are seen on that port
To change CAM entry aging time
To make static entry in CAM table, Before IOS version 12.1(11)EA1, mac-address-table command works
Switch purges CAM table entry if the port is down or if the same MAC is learned on a different switchport
If the switch notices that a MAC is being learned on alternating switch ports, it generates an error message
TCAM TABLES
TCAMs have compiled information
TCAM evaluates a packet against an entire ACL in a single table lookup
Switches can have multiple TCAMs to process the packet against
security ACLs and Qos ACL in parallel with L2-L3 forwarding decisions
IOS has two components that are part of the TCAM
if the ACL is created FM software compiles and merges the ACL entries (ACE) in the TCAM
Switching Database Manager (SDM)
SDM software configures or tunes the TCAM partitions to perform different functions, if needed
TCAMs are fixed in 4500, 6500 platforms, cant be repartitioned
Three (Ternary) input values are used in TCAM. They are 0 1 X
0 1 are binary values used to define a key
9553.9553.07
ecember 2011 6 | P a g e
if they are special packet types or if there is any special process
IP packets require router response (TTL expired, MTU exceeded, fragmentation)
address functions)
Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding
on that port
table command works
Switch purges CAM table entry if the port is down or if the same MAC is learned on a different switchport
If the switch notices that a MAC is being learned on alternating switch ports, it generates an error message
software compiles and merges the ACL entries (ACE) in the TCAM
SDM software configures or tunes the TCAM partitions to perform different functions, if needed
-
9000235254 P. NAGABABU
This material is valid till 31st Nov
X (dont care) is a mask value to define which bits of the key are relevant
TCAM entries are composed of Value, Mask, Result (VMR) combinations
Fields from frame or packet are fed into the TCAM
They are matched against value and mask pairs to yield a result
Values
Values are 134 bit quantities, consisting of source and destination addresses and other relevant protocol
information all patterns to be matched
Values in the TCAM come directly from any address, port, or other protocol information given in an ACE
Masks
Masks are 134 bit quantities, in exactly the same format, or bit order, as the values
Masks define which value bits should be considered and which should be neglected
The masks from ACE are compiled and fed into TCAMs
Results
Results are numeric values, that represent what action should be taken after TCAM lookup
TCAM offers a number of possible results or actions
The result can be permit or deny decision or an index to a QoS policer or a pointer to a next
table, and so on
The TCAM always is organized by masks, where each unique mask has 8 value patterns associated with it
If a mask is filled up with 8 value patterns, the next pattern is placed as new mask
6500 platforms have multiple TCAMs (security ACLs and QoS ACL) can hold upto 4096 masks and 32768
value patterns
Each of the mask value pairs is evaluated simultaneously, re
table lookup
P. NAGABABU [email protected]
November 2011. New material is available on 1st
Decem
X (dont care) is a mask value to define which bits of the key are relevant
TCAM entries are composed of Value, Mask, Result (VMR) combinations
Fields from frame or packet are fed into the TCAM
They are matched against value and mask pairs to yield a result
Values are 134 bit quantities, consisting of source and destination addresses and other relevant protocol
Values in the TCAM come directly from any address, port, or other protocol information given in an ACE
Masks are 134 bit quantities, in exactly the same format, or bit order, as the values
Masks define which value bits should be considered and which should be neglected
The masks from ACE are compiled and fed into TCAMs
Results are numeric values, that represent what action should be taken after TCAM lookup
ssible results or actions
The result can be permit or deny decision or an index to a QoS policer or a pointer to a next
The TCAM always is organized by masks, where each unique mask has 8 value patterns associated with it
a mask is filled up with 8 value patterns, the next pattern is placed as new mask
6500 platforms have multiple TCAMs (security ACLs and QoS ACL) can hold upto 4096 masks and 32768
Each of the mask value pairs is evaluated simultaneously, revealing the best or longest match in a single
9553.9553.07
ecember 2011 7 | P a g e
Values are 134 bit quantities, consisting of source and destination addresses and other relevant protocol
Values in the TCAM come directly from any address, port, or other protocol information given in an ACE
Masks are 134 bit quantities, in exactly the same format, or bit order, as the values
Masks define which value bits should be considered and which should be neglected
Results are numeric values, that represent what action should be taken after TCAM lookup
The result can be permit or deny decision or an index to a QoS policer or a pointer to a next-hop routing
The TCAM always is organized by masks, where each unique mask has 8 value patterns associated with it
6500 platforms have multiple TCAMs (security ACLs and QoS ACL) can hold upto 4096 masks and 32768
vealing the best or longest match in a single
-
9000235254 P. NAGABABU
This material is valid till 31st Nov
The access-list is compiled and merged into TCAM
First all possible unique masks are identified for each ACE and fed into TCAM MASKS starting from mask1,
mask2, mask3 and so on
These mask bits must be set for matching
For each unique mask, all possible value pattern are identified and fed into
Actions are fed into RESULTS (permit or deny)
IOS Feature Manager checks all ACEs for L4 operations and places them in LOU
register pairs
After the LOUs are loaded, they are referenced in the TCAM entries that need them
When a frame/packet arrives at ingress port,
and appropriate action will be taken
P. NAGABABU [email protected]
November 2011. New material is available on 1st
Decem
list is compiled and merged into TCAM
First all possible unique masks are identified for each ACE and fed into TCAM MASKS starting from mask1,
ts must be set for matching
For each unique mask, all possible value pattern are identified and fed into TCAM VALUE PATTERN
(permit or deny)
IOS Feature Manager checks all ACEs for L4 operations and places them in LOU
After the LOUs are loaded, they are referenced in the TCAM entries that need them
When a frame/packet arrives at ingress port, the header is checked against the TCAM entries very quickly
and appropriate action will be taken
9553.9553.07
ecember 2011 8 | P a g e
First all possible unique masks are identified for each ACE and fed into TCAM MASKS starting from mask1,
TCAM VALUE PATTERN
IOS Feature Manager checks all ACEs for L4 operations and places them in LOU (logical operation unit)
After the LOUs are loaded, they are referenced in the TCAM entries that need them
TCAM entries very quickly
-
9000235254 P. NAGABABU
This material is valid till 31st Nov
LESSON 2 : ETHERNET PORT CONFIGURATION
LAN media technologies
Ethernet
FDDI Fiber distribution data interface
CDDI Copper distribution data interface
ATM Asynchronous transfer mode
Token ring
Ethernet is the most popular choice because of its low cost, market availability, and scalability to higher bandwidths
Ethernet 10Mbps
LAN technology based on IEEE 802.3 standard
Offers speed at 10Mbps
Ethernet is a shared medium that becomes both a collision and a
Ethernet is based on CSMA/CD technology
Half duplex communication with hubs
Half/full duplex communication with switches
10BASE-T ethernet cabling (UTP) is restricted to an end
10BASE2, 10BASE5, 10BASE-F etc are other ethernet applications use different cabling
Fast Ethernet 100Mbps
LAN technology based on IEEE 802.3u standard
Offers speed at 100Mbps
Full duplex/ half duplex communication
200Mbps total throughput at full duplex
100 Mbps fast ethernet also supports 10Mbps to be compatible with legacy ethernet
With auto negotiation feature the ports can be set to maximum available bandwidth as a common
understanding
P. NAGABABU [email protected]
November 2011. New material is available on 1st
Decem
LESSON 2 : ETHERNET PORT CONFIGURATION
Fiber distribution data interface
Copper distribution data interface
Asynchronous transfer mode
e most popular choice because of its low cost, market availability, and scalability to higher bandwidths
LAN technology based on IEEE 802.3 standard
Ethernet is a shared medium that becomes both a collision and a broadcast domain
Ethernet is based on CSMA/CD technology
Half duplex communication with hubs
Half/full duplex communication with switches
T ethernet cabling (UTP) is restricted to an end-to-end distance of 100mts (328 feet)
F etc are other ethernet applications use different cabling
LAN technology based on IEEE 802.3u standard
Full duplex/ half duplex communication
200Mbps total throughput at full duplex
ethernet also supports 10Mbps to be compatible with legacy ethernet
With auto negotiation feature the ports can be set to maximum available bandwidth as a common
9553.9553.07
ecember 2011 9 | P a g e
LESSON 2 : ETHERNET PORT CONFIGURATION
e most popular choice because of its low cost, market availability, and scalability to higher bandwidths
broadcast domain
end distance of 100mts (328 feet)
F etc are other ethernet applications use different cabling
ethernet also supports 10Mbps to be compatible with legacy ethernet
With auto negotiation feature the ports can be set to maximum available bandwidth as a common
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Gigabit Ethernet 1000 Mbps / 1Gbps
LAN technology based on IEEE 802.3z
Offers speed at 1000Mbps (1Gbps)
Supports only full duplex communication
Gigabit ethernet supports several cabling types referred to as 1000BASE
Gigabit over copper (1000BASE
Gigabit ethernet supports backward
These ports are called as 10/100/1000 ports which denotes triple speed
In Cisco switches gigabit ethernet (1000Mbps) is supported only at full duplex
Duplex auto negotiation is not possible
But speed auto negotiation is possible
10 Gigabit Ethernet 10Gbps
LAN technology based on IEEE 802.3ae
10Gigabit ethernet is also known as 10GbE
Offers speed at 10Gbps
It operates only at full duplex
This standard defines several different transceivers that can be
interfaces
These are classified as
o LAN PHY
Interconnects switches in a campus network (at core layer)
o WAN PHY
SONET (synchronous optical network), SDH (synchronous Digital hierarchy) networks in
Metropolitan area ne
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
/ 1Gbps
LAN technology based on IEEE 802.3z
ers speed at 1000Mbps (1Gbps)
Supports only full duplex communication
Gigabit ethernet supports several cabling types referred to as 1000BASE-X
Gigabit over copper (1000BASE-T) is based on IEEE 802.3ab standard
Gigabit ethernet supports backward compatibility for fast ethernet and legacy ethernet
These ports are called as 10/100/1000 ports which denotes triple speed
In Cisco switches gigabit ethernet (1000Mbps) is supported only at full duplex
Duplex auto negotiation is not possible
to negotiation is possible
LAN technology based on IEEE 802.3ae
10Gigabit ethernet is also known as 10GbE
This standard defines several different transceivers that can be used as PMD (physical media dependent)
Interconnects switches in a campus network (at core layer)
SONET (synchronous optical network), SDH (synchronous Digital hierarchy) networks in
Metropolitan area networks
9553.9553.07
cember 2011 10 | P a g e
compatibility for fast ethernet and legacy ethernet
used as PMD (physical media dependent)
SONET (synchronous optical network), SDH (synchronous Digital hierarchy) networks in
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
10BASE-LX4 is only a LAN PHY
Ethernet Port cables- connectors
Catalyst switches support a variety of network connections, including all forms of ethernet
They support several types of cabling, including UTP and optical fiber
Fast ethernet (100BASE-FX) ports use two
All catalyst switch families support 10/100 autosensing for fast ethernet and 10/100/1000 autosensing for
Gigabit ethernet
These ports use RJ-45 connectors on Category 5 UTP cabling (4 pairs)
Gigabit Ethernet Port cables- connectors
Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept gigabit
interface converter (GBIC) or small form factor pluggable (SFP) modules
The GBIC and SFP modules provide the media personality for the port so that various cable media can
connect
GBIC modules can use SC fiber optic and RJ
SFP modules can use LC and MT
GBIC and SFP modules are available for the Gigabit
1000BASE-SX
SC fiber connectors and MMF for distances up to 550m
1000BASE-LX/LH
SC fiber connectors and either MMF or SMF for distances up to 10km
1000BASE-ZX
SC fiber connectors and SMF for distances up to 70km to 100km
GIGASTACK
Provides a GBIC to GBIC connection between stacking Catalyst switches or between any two
gigabit switch ports over a short distance
1000BASE-T
Supports an RJ-45 connector f
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
LX4 is only a LAN PHY. The remaining PMDs can be used as LAN PHY or a WAN PHY
Catalyst switches support a variety of network connections, including all forms of ethernet
cabling, including UTP and optical fiber
FX) ports use two-strand MMF with MT-RJ or SC connectors to provide connectivity
All catalyst switch families support 10/100 autosensing for fast ethernet and 10/100/1000 autosensing for
45 connectors on Category 5 UTP cabling (4 pairs)
connectors
Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept gigabit
GBIC) or small form factor pluggable (SFP) modules
The GBIC and SFP modules provide the media personality for the port so that various cable media can
GBIC modules can use SC fiber optic and RJ-45 UTP connectors
SFP modules can use LC and MT-RJ fiber-optic and RJ-45 UTP connectors
GBIC and SFP modules are available for the Gigabit Ethernet media
SC fiber connectors and MMF for distances up to 550m
SC fiber connectors and either MMF or SMF for distances up to 10km
SC fiber connectors and SMF for distances up to 70km to 100km
Provides a GBIC to GBIC connection between stacking Catalyst switches or between any two
gigabit switch ports over a short distance
45 connector for four-pair UTP cabling for distances up to 100m
9553.9553.07
cember 2011 11 | P a g e
The remaining PMDs can be used as LAN PHY or a WAN PHY
Catalyst switches support a variety of network connections, including all forms of ethernet
SC connectors to provide connectivity
All catalyst switch families support 10/100 autosensing for fast ethernet and 10/100/1000 autosensing for
Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept gigabit
The GBIC and SFP modules provide the media personality for the port so that various cable media can
SC fiber connectors and either MMF or SMF for distances up to 10km
Provides a GBIC to GBIC connection between stacking Catalyst switches or between any two
pair UTP cabling for distances up to 100m
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
The fiber base modules always have receive fiber on left connector and transmit fiber on right connector
while facing the connector
These modules produce invisible laser radiation from the transmit
direct look at connectors
SwitchPort Error conditions
Catalyst switch detects an error condition on every switchport for every possible cause
If an error condition is detected, the switchport is put into errdisable state and is disabled
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
The fiber base modules always have receive fiber on left connector and transmit fiber on right connector
These modules produce invisible laser radiation from the transmit connector. Its very dangerous to have a
Catalyst switch detects an error condition on every switchport for every possible cause
If an error condition is detected, the switchport is put into errdisable state and is disabled
9553.9553.07
cember 2011 12 | P a g e
The fiber base modules always have receive fiber on left connector and transmit fiber on right connector
Its very dangerous to have a
Catalyst switch detects an error condition on every switchport for every possible cause
If an error condition is detected, the switchport is put into errdisable state and is disabled
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
9553.9553.07
cember 2011 13 | P a g e
-
9000235254 P. NAGABABU [email protected] 9553.9553.07
This material is valid till 31st November 2011. New material is available on 1
st December 2011 14 | P a g e
LESSON 3 : VLANs AND TRUNKs
Flat Network
A full Layer 2 only switched network is called as flat network topology
A flat network is a single broadcast domain
Every device can see every broadcast packet
To overcome problems with flat network topology, network is subdivided into logical areas, called vlans
Vlan is a single broadcast domain
Vlan consists of hosts defined as members, communicating as logical network segment
Devices in a vlan can see broadcast packets sent by same vlan members
Inter vlan communication is not possible in L2 networks
VLAN- Virtual LAN
VLANs are identified with numbers called VLAN id
Vlan id range is 1-1005
Vlan 1 is default vlan
By default all the ports assigned to vlan 1
Vlans 1002-1005 are reserved for legacy functions related to token ring, FDDI
Catalyst switches also support extended range of vlans range from 1 - 4094 for compatibility with IEEE
802.1q standard
The extended range is enabled only when the switch is configured for VTP transparent
VTP versions 1 and 2 do not replicate extended vlans
VTP version 3 can replicate extended vlans
Switches maintain VLAN definitions and VTP configuration information in a separate file called vlan.dat in
flash memory
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Vlan Membership
The ports can gain membership into a vlan in two ways
Static vlan configuration
o Manual configuration of ports into vlans
o Port based vlan membership
o End user devices become vlan
o Each port receives Port vlan
o End user device is not aware of vlan membership
o Static vlan membership is handled in hardware with ASIC
Dynamic vlan configuration
o Dynamic configuration of ports into vlans
o End user mac based vlan membership
o VMPS vlan membership policy server needed to handle mac database
o When a system connected to switchport, it queries vmps about vlan membership
o Finally end device gets the vlan membership
o VMPS can be configured with cisco works application
Deploying VLANs
Cisco recommends one to one correspondence between vlans and IP subnets
As per Cisco, the no of devices in a broadcast domains should be less than 254 (/24)
Limiting the devices in a broadcast domain increases network performance
Vlans should not be allowed to extend beyond the L2 domain of the distribution switch
Means vlans should not reach networks core layer
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
The ports can gain membership into a vlan in two ways
Manual configuration of ports into vlans
Port based vlan membership
End user devices become vlan members based on physical switchport
Each port receives Port vlan-id (PVID) that associated with vlan number
End user device is not aware of vlan membership
Static vlan membership is handled in hardware with ASIC
configuration of ports into vlans
End user mac based vlan membership
vlan membership policy server needed to handle mac database
When a system connected to switchport, it queries vmps about vlan membership
Finally end device gets the vlan membership
VMPS can be configured with cisco works application
Cisco recommends one to one correspondence between vlans and IP subnets
As per Cisco, the no of devices in a broadcast domains should be less than 254 (/24)
broadcast domain increases network performance
Vlans should not be allowed to extend beyond the L2 domain of the distribution switch
Means vlans should not reach networks core layer
9553.9553.07
cember 2011 15 | P a g e
When a system connected to switchport, it queries vmps about vlan membership
As per Cisco, the no of devices in a broadcast domains should be less than 254 (/24)
Vlans should not be allowed to extend beyond the L2 domain of the distribution switch
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
VLANs can be scaled in the switch block by using two basic methods
End to End vlans
o Called as Campus wide Vlans, spans entire switch fabric of a network
o Supports maximum flexibility and end user moment
o This vlan is available at the access layer in every switch block in the campus
o Follows 80/20 rule (80% local, 20% remote
o Not recommended in ECNM, because broadcast traffic is carried over till far ends
o Difficult to maintain
Local vlans
o Local Vlans, do not span entire switch fabric of a network
o Vlans are local to a specific switch block
o Follows 20/80 rule (20% local,
o Recommended in ECNM
o Provides maximum manageability
Trunk Links
Vlan connectivity is possible by connecting access
Its not possible to connect access
Multiple access-links can be replaced with single trunk link
A trunk link can transport more than one VLAN through a single switchport
So Switchports are categorized into access ports and trunk ports
Access ports can be associated with a single vlan
Trunk ports can be associated with one, many or all active vlans
Cisco supports trunking on both fast ethernet, gigabit ethernet and aggregated links
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
VLANs can be scaled in the switch block by using two basic methods
Called as Campus wide Vlans, spans entire switch fabric of a network
Supports maximum flexibility and end user moment
This vlan is available at the access layer in every switch block in the campus
Follows 80/20 rule (80% local, 20% remote traffic)
Not recommended in ECNM, because broadcast traffic is carried over till far ends
Local Vlans, do not span entire switch fabric of a network
Vlans are local to a specific switch block
Follows 20/80 rule (20% local, 80% remote traffic)
Recommended in ECNM
Provides maximum manageability
Vlan connectivity is possible by connecting access-links between switches
Its not possible to connect access-links if more vlans exist in the network
links can be replaced with single trunk link
A trunk link can transport more than one VLAN through a single switchport
So Switchports are categorized into access ports and trunk ports
Access ports can be associated with a single vlan
be associated with one, many or all active vlans
Cisco supports trunking on both fast ethernet, gigabit ethernet and aggregated links
9553.9553.07
cember 2011 16 | P a g e
This vlan is available at the access layer in every switch block in the campus
Not recommended in ECNM, because broadcast traffic is carried over till far ends
Cisco supports trunking on both fast ethernet, gigabit ethernet and aggregated links
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Frame Tagging
As trunk links carry multiple vlans data, the switches must identify from which vlan the data is coming
The vlan-id should be attached to the frames while travelling through trunk links
Trunk port adds vlan-id to the normal ethernet frame before sending it through trunk link
This frame is called tagged ethernet frame
Trunk port removes vlan-id from the tagged
System can identify only the normal frame
Attaching vlan identifier to the normal ethernet frame is called
Frame tagging can be done in two methods
ISL
Dot1Q
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
As trunk links carry multiple vlans data, the switches must identify from which vlan the data is coming
id should be attached to the frames while travelling through trunk links
id to the normal ethernet frame before sending it through trunk link
This frame is called tagged ethernet frame
id from the tagged ethernet frame before sending it to the system
System can identify only the normal frame
Attaching vlan identifier to the normal ethernet frame is called frame-tagging or frame
Frame tagging can be done in two methods
9553.9553.07
cember 2011 17 | P a g e
As trunk links carry multiple vlans data, the switches must identify from which vlan the data is coming
id to the normal ethernet frame before sending it through trunk link
ethernet frame before sending it to the system
tagging or frame-encapsulation
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Dot1Q Frame tagging
The first two bytes are TPID and last two bytes are TCI (Tag control information)
TPID always has a value of 0x8100 to signify 802.1q tag
TCI contains 3 bit priority used to implement CoS (class of service)
1 bit of TCI is CFI(canonical format indicator), identifies whether MAC address is in ethernet or token ring
format
CFI is also called as little-endian or big
The last 12 bits are VLAN-ID to indicate source vlan for the frame
The vlan-id can have values from 0 t
Frame tagging Errors
Normal ethernet frame size is 1518 bytes
Frame-tagging methods increase frame size to 1522 bytes or 1548 bytes
Generally these frames exceed MTU size and reported as baby giant frames
Switches usually report these frames as ethernet errors or oversize frames
But Switches have to forward these frames anyway,
In case of ISL, Catalyst switches use proprietary hardware
In case of 802.1q, switches comply with IEEE 802.3ac standard, which can accept t
Native VLANs
Native vlan is the vlan from which the frames are not tagged
Native vlans are supported only with IEEE 802.1q trunking method
ISL do not support native vlans
Native vlans must match at both the ends on the trunk link
By default vlan 1 is native vlan
Native vlans are very useful if ethernet segments are connected between trunk links
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
The first two bytes are TPID and last two bytes are TCI (Tag control information)
TPID always has a value of 0x8100 to signify 802.1q tag
TCI contains 3 bit priority used to implement CoS (class of service)
ical format indicator), identifies whether MAC address is in ethernet or token ring
endian or big-endian format
ID to indicate source vlan for the frame
id can have values from 0 to 4095, but vlans 0,1,4095 are reserved
Normal ethernet frame size is 1518 bytes
tagging methods increase frame size to 1522 bytes or 1548 bytes
Generally these frames exceed MTU size and reported as baby giant frames
usually report these frames as ethernet errors or oversize frames
Switches have to forward these frames anyway,
In case of ISL, Catalyst switches use proprietary hardware
In case of 802.1q, switches comply with IEEE 802.3ac standard, which can accept the frames with 1522 bytes
Native vlan is the vlan from which the frames are not tagged
Native vlans are supported only with IEEE 802.1q trunking method
Native vlans must match at both the ends on the trunk link
Native vlans are very useful if ethernet segments are connected between trunk links
9553.9553.07
cember 2011 18 | P a g e
ical format indicator), identifies whether MAC address is in ethernet or token ring
he frames with 1522 bytes
Native vlans are very useful if ethernet segments are connected between trunk links
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
DTP
DTP Dynamic Trunking Protocol
DTP is Cisco proprietary point-to
Used to negotiate common trunking mode between
A trunk link can be negotiated between two switches, only if they belong to same
or anyone of the switch set to NULL domain
If two switches belong to different VTP management domains negotiation is not possible
Then trunk mode should be set to ON with manual intervention
By default DTP frames are sent out every 30 seconds to keep neighboring switchports informed of the link
mode
The trunk encapsulation method is negotiated to select either ISL or IEEE 802.1q, whichev
the trunk support
If both ends support both types, ISL is preferred
DTP is enabled by default
Trunk Negotiation
Local switchport state
Access
Trunk
Desirable
Auto
Auto
Nonegotiate
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
Dynamic Trunking Protocol
to-point protocol
Used to negotiate common trunking mode between two switches
A trunk link can be negotiated between two switches, only if they belong to same
or anyone of the switch set to NULL domain
If two switches belong to different VTP management domains negotiation is not possible
trunk mode should be set to ON with manual intervention
By default DTP frames are sent out every 30 seconds to keep neighboring switchports informed of the link
The trunk encapsulation method is negotiated to select either ISL or IEEE 802.1q, whichev
If both ends support both types, ISL is preferred
Far end switchport state Trunk negotiation
Access, trunk, desirable, auto No Trunk
Trunk, desirable, auto Trunk
Trunk, auto, desirable Trunk
Trunk, desirable Trunk
Auto No Trunk
Access, trunk, desirable, auto No Trunk
9553.9553.07
cember 2011 19 | P a g e
VTP management domain
If two switches belong to different VTP management domains negotiation is not possible
By default DTP frames are sent out every 30 seconds to keep neighboring switchports informed of the link
The trunk encapsulation method is negotiated to select either ISL or IEEE 802.1q, whichever both ends of
Trunk negotiation
No Trunk
Trunk
Trunk
Trunk
No Trunk
No Trunk
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
9553.9553.07
cember 2011 20 | P a g e
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
VTP
Since campus network contains more
Cisco developed a method to manage vlans easily in campus networks
VTP Vlan Trunking Protocol
VTP carries vlan information from one switch to other switch automatically
VTP allows the switches to replicate vlan information dynamically
VTP uses L2 trunk frames to communicate VLAN information among a group of switches
VTP manages the addition, deletion and renaming of vlans across the network from a central point of
control
VTP, VLAN information is stored in vlan.dat file located at flash
VTP Domains
VTP is organized into management domains
Switches in same VTP domain share vlan information
Switches with different VTP domains cant share vlan information
By default domain name is NULL
the entire VTP operations are controlled by VTP advertisements
VLAN replication is bounded by VTP domain
VTP Modes
VTP works in three modes
Server mode
Client mode
Transparent mode
Server Mode
Vlan configuration is possible
Server is master
Vlan replication
VTP information is synchronized
Default mode
Network needs at least one server
Works like VTP relay
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
LESSON 4 : VTP
Since campus network contains more number of switches, management of vlans is not easy in general
Cisco developed a method to manage vlans easily in campus networks
VTP carries vlan information from one switch to other switch automatically
s to replicate vlan information dynamically
VTP uses L2 trunk frames to communicate VLAN information among a group of switches
VTP manages the addition, deletion and renaming of vlans across the network from a central point of
is stored in vlan.dat file located at flash
VLANs replication
VTP is organized into management domains
Switches in same VTP domain share vlan information
Switches with different VTP domains cant share vlan information
name is NULL
the entire VTP operations are controlled by VTP advertisements
VLAN replication is bounded by VTP domain
Client Mode Transparent Mode
Vlan configuration is not possible Vlan configuration is possible
Client follows server Transparent does not follow server
Vlan replication No vlan replication
VTP information is synchronized VTP information is not synchronized
Not a default mode Not a default mode
No of clients depends on
requirement
No of transparents depends on
requirement
Works like VTP relay Works like VTP relay in version 2
9553.9553.07
cember 2011 21 | P a g e
number of switches, management of vlans is not easy in general
VTP uses L2 trunk frames to communicate VLAN information among a group of switches
VTP manages the addition, deletion and renaming of vlans across the network from a central point of
Transparent Mode
Vlan configuration is possible
Transparent does not follow server
No vlan replication
VTP information is not synchronized
Not a default mode
No of transparents depends on
requirement
Works like VTP relay in version 2
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
VTP Advertisements
Entire VTP operations are maintained by VTP advertisements
VTP advertisements are sent as multicast frames
By default VTP advertisement are sent as non
If secure mode is enabled, VTP password must be same on every switch to share VTP advertisements
VTP switches use an index called VTP configuration revision number to keep a track of most recent
information
Every switch stores latest VTP c
VTP process always starts with 0 as VTP configuration revision number
If there is any change in server configuration revision number will be incremented by 1
If a new server switch is added to network with highest revision number,
it may collapse the network with VTP advertisements
Every switch thinks that new server is added, try to synchronize, may delete existing vlan information
This is called VTP synchronization problem
To avoid this, revision number must be set to 0
To reset revision number
o Change the switch VTP mode to transparent and then back to server
o Change switchs VTP domain to a bogus name and then change back to the original name
VTP advertisements can occur in three forms
Summary advertisements
o Sent by server for every 300 seconds or vlan database change occurs
o Includes summary information
Subset advertisements
o Sent by servers if vlan configuration change occurs
o They contain information about every vlan
Advertisement requests from clients
o Sent by client as a query if it needs any vlan information
o Subset advertisements are sent by server as reply
Summary Advertisements
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
Entire VTP operations are maintained by VTP advertisements
VTP advertisements are sent as multicast frames
By default VTP advertisement are sent as non-secure advertisements, without password
If secure mode is enabled, VTP password must be same on every switch to share VTP advertisements
VTP switches use an index called VTP configuration revision number to keep a track of most recent
Every switch stores latest VTP configuration revision number
VTP process always starts with 0 as VTP configuration revision number
If there is any change in server configuration revision number will be incremented by 1
If a new server switch is added to network with highest revision number,
it may collapse the network with VTP advertisements
Every switch thinks that new server is added, try to synchronize, may delete existing vlan information
synchronization problem
To avoid this, revision number must be set to 0
Change the switch VTP mode to transparent and then back to server (Or)
Change switchs VTP domain to a bogus name and then change back to the original name
VTP advertisements can occur in three forms
Sent by server for every 300 seconds or vlan database change occurs
Includes summary information
Sent by servers if vlan configuration change occurs
rmation about every vlan
Advertisement requests from clients
Sent by client as a query if it needs any vlan information
Subset advertisements are sent by server as reply
9553.9553.07
cember 2011 22 | P a g e
without password
If secure mode is enabled, VTP password must be same on every switch to share VTP advertisements
VTP switches use an index called VTP configuration revision number to keep a track of most recent
If there is any change in server configuration revision number will be incremented by 1
Every switch thinks that new server is added, try to synchronize, may delete existing vlan information
Change switchs VTP domain to a bogus name and then change back to the original name
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Summary Advertisements
Advertisements Request
VTP Modes
Version 1
Default version
Transparent mode does not work as
VTP relay
Supports only 1-1005 vlan id
Can coexist with version 2
No Consistency check on VTP to prevent
errors
Doesnt support token ring
Doesnt support unrecognized TLVs
(Type, length, value)
If a VTP version is set in server switch, automatically it populates to client switches, if they support that version
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
Version 2
Not default version Not default version
Transparent mode does not work as Transparent mode works as
VTP relay
Transparent mode works as
Supports only 1-1005 vlan id Supports 1
Can coexist with version 1
Future version
No Consistency check on VTP to prevent Consistency check on VTP
to prevent errors
Supports token ring
Doesnt support unrecognized TLVs Supports unrecognized TLVs
(Type, length, value)
If a VTP version is set in server switch, automatically it populates to client switches, if they support that version
9553.9553.07
cember 2011 23 | P a g e
Version 3
Not default version
Transparent mode works as
VTP relay
Supports 1-4095 vlan id
Future version
If a VTP version is set in server switch, automatically it populates to client switches, if they support that version
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
VTP Configuration
VTP Pruning
VTP pruning reduces unnecessary flooded traffic
It makes more efficient use of trunk bandwidth
With VTP pruning, broadcast and unknown unicast flooding are forwarded over a trunk link only if the
receiving switch has active ports in that vlan
VTP pruning improves network performance and consumes less processing cycles of switch
By default VTP is disabled on IOS
Vlan 1 carries management information and control information
Vlan 1, 1002-1005 are not eligible for pruning
Vlans 2-1001 are eligible for pruning
VTP pruning has no effect on transparent switches, manual configuration requires to prune vlans from trunk
links
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
VTP pruning reduces unnecessary flooded traffic
It makes more efficient use of trunk bandwidth
With VTP pruning, broadcast and unknown unicast flooding are forwarded over a trunk link only if the
receiving switch has active ports in that vlan
pruning improves network performance and consumes less processing cycles of switch
By default VTP is disabled on IOS-based switches
Vlan 1 carries management information and control information
1005 are not eligible for pruning
re eligible for pruning
VTP pruning has no effect on transparent switches, manual configuration requires to prune vlans from trunk
No VTP Pruning
9553.9553.07
cember 2011 24 | P a g e
With VTP pruning, broadcast and unknown unicast flooding are forwarded over a trunk link only if the
pruning improves network performance and consumes less processing cycles of switch
VTP pruning has no effect on transparent switches, manual configuration requires to prune vlans from trunk
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
VTP Pruning Configuration
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
VTP Pruning
9553.9553.07
cember 2011 25 | P a g e
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
LESSON 5 : LINK AGGREGATIONEtherchannel
Individual physical links are bundled together to aggregate the bandwidth
Individual physical links can be bundled together to aggregate the bandwidth between switches
This works like single logical channel between switches called ETHERCHANNEL
2 to 8 physical links can be bundled together in an Etherchannel
FEC : Fast Ether Channel
o 100 Mbps links are bundled together, supports 800Mbps speed (1600Mbps throughput)
GEC : Gigabit Ether Channel
o 1 Gbps links are bundled together, supports 8Gbps speed (16Gbps throughput)
10GEC : 10Gigabit Ether Channel
o 10 Gbps links are bundled together, supports 80Gbps speed (160Gbps throughput
Generally L2 loops will occur by connecting parallel links between switch
But Etherchannel will combine them to a single logical link
On Etherchannel, traffic load is
With load-balancing algorithm, Etherchannel selects one of the links to forward the traffic
The physical link with same speed and properties can be bundled
The Etherchannel can be access link or trunk link
Etherchannel supports redundancy
If one of the link is failed within the channel, the traffic will be moved to another adjacent link. Failover
occurs in less than few milliseconds
Etherchannel Traffic Distribution
In etherchannel traffic is not distributed equally on all links
The traffic distribution is based on a hashing algorithm
o Source IP
o Destination IP
o Source IP-Destination IP
o Source MAC
o Destination MAC
o Source MAC-Destination MAC
o Source Port
o Destination Port
o Source Port-Destination Port
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
LESSON 5 : LINK AGGREGATION
Individual physical links are bundled together to aggregate the bandwidth
Individual physical links can be bundled together to aggregate the bandwidth between switches
channel between switches called ETHERCHANNEL
2 to 8 physical links can be bundled together in an Etherchannel
100 Mbps links are bundled together, supports 800Mbps speed (1600Mbps throughput)
inks are bundled together, supports 8Gbps speed (16Gbps throughput)
10GEC : 10Gigabit Ether Channel
10 Gbps links are bundled together, supports 80Gbps speed (160Gbps throughput
Generally L2 loops will occur by connecting parallel links between switch
Etherchannel will combine them to a single logical link
On Etherchannel, traffic load is not distributed equally among the individual links
balancing algorithm, Etherchannel selects one of the links to forward the traffic
same speed and properties can be bundled
The Etherchannel can be access link or trunk link
Etherchannel supports redundancy
If one of the link is failed within the channel, the traffic will be moved to another adjacent link. Failover
w milliseconds
In etherchannel traffic is not distributed equally on all links
The traffic distribution is based on a hashing algorithm. This algorithm can use
Destination IP
Destination MAC
Destination Port
9553.9553.07
cember 2011 26 | P a g e
LESSON 5 : LINK AGGREGATION
Individual physical links can be bundled together to aggregate the bandwidth between switches
100 Mbps links are bundled together, supports 800Mbps speed (1600Mbps throughput)
inks are bundled together, supports 8Gbps speed (16Gbps throughput)
10 Gbps links are bundled together, supports 80Gbps speed (160Gbps throughput
balancing algorithm, Etherchannel selects one of the links to forward the traffic
If one of the link is failed within the channel, the traffic will be moved to another adjacent link. Failover
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
The hash algorithm computes a binary pattern that selects a link number in the bundle to carry each frame
If only one address or port number is us
If two addresses or port number are used, algorithm performs XOR (exclusive OR) operation on one or more
low-order-bits
Link selections - if only one address is used in distribution algorithm
Link selections if two addresses are used in distribution algorithm
A conversation between two devices always is sent through the same Etherchannel link because two
endpoint addresses stay the same
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
The hash algorithm computes a binary pattern that selects a link number in the bundle to carry each frame
If only one address or port number is used, algorithm takes one or more low-order
If two addresses or port number are used, algorithm performs XOR (exclusive OR) operation on one or more
if only one address is used in distribution algorithm
if two addresses are used in distribution algorithm
A conversation between two devices always is sent through the same Etherchannel link because two
endpoint addresses stay the same
9553.9553.07
cember 2011 27 | P a g e
The hash algorithm computes a binary pattern that selects a link number in the bundle to carry each frame
order-bits
If two addresses or port number are used, algorithm performs XOR (exclusive OR) operation on one or more
A conversation between two devices always is sent through the same Etherchannel link because two
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
If there is a high data conversation between two servers, they
of distribution algorithm. It may lead to load imbalance
To avoid this, Source-Destination ports can be used as load balancing method
When a device talks to multiple devices, the traffic can be distributed on
distribution algorithm
Etherchannel load balancing
method
Src-ip
Dst-ip
Src-dst-ip
Src-mac
Dst-mac
Src-dst-mac
Src-port
Dst-port
Src-dst-port
For L2 switching the default load balance method is src
For L3 switching the default load balance method is src
Etherchannel Protocols
Etherchannel negotiation protocols are used to provide dynamic link
Two protocols are available to negotiate bundled links in catalyst switches
o PAgP
Port Aggregation Protocol
Cisco Proprietary solution
o LACP
Link aggregation control protocol
Open standard solution
Negotiation Mode Negotiation packets sent
PAgP LACP
On On
Auto Passive
Desirable Active
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
If there is a high data conversation between two servers, they always use same Etherchannel link as a result
It may lead to load imbalance
Destination ports can be used as load balancing method
When a device talks to multiple devices, the traffic can be distributed on several etherchannel links based on
Hash input Hash Operation
Source ip Bits
Destination ip Bits
Source and destination ip XOR
Source mac Bits
Destination mac Bits
Source and destination mac XOR
Source port Bits
Destination port Bits
Source and destination port XOR
For L2 switching the default load balance method is src-mac
For L3 switching the default load balance method is src-dst-ip
Etherchannel negotiation protocols are used to provide dynamic link configuration
Two protocols are available to negotiate bundled links in catalyst switches
Port Aggregation Protocol
Cisco Proprietary solution
Link aggregation control protocol
Open standard solution
Negotiation packets sent Characteristics
No All ports channeling
Yes Waits to channel until asked
Yes Actively asks to form a channel
9553.9553.07
cember 2011 28 | P a g e
always use same Etherchannel link as a result
several etherchannel links based on
Switch model
All models
All models
All models
All models
All models
All models
6500,4500
6500,4500
6500,4500
configuration
Characteristics
All ports channeling
Waits to channel until asked
Actively asks to form a channel
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
PAgP
PAgP packets are exchange between switches over Etherchannel capable ports
PAgP forms an Etherchannel only on ports that are
PAgP dynamically modifies parameters of the Etherchannel if one of the bundled ports is modified (vlan
speed, duplex)
PAgP configured in desirable mode
PAgP configured in auto mode (default) waits to be asked by far
LACP
Defined in IEEE 802.3ad (Clause 43)
LACP packets are exchanged between switches over Etherchannel
The switch with lowest system priority (2B priority
actively are participating in the Etherchannel
Ports are selected and become active according to their
A set of up to 16 potential links can be defined for each etherchannel
8 ports with lowest priorities are grouped together, remaining are stand
LACP configured in active mode asks far
LACP configured in passive mode waits to be asked by far
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
PAgP packets are exchange between switches over Etherchannel capable ports
PAgP forms an Etherchannel only on ports that are configured for identical static VLANs or trunking
PAgP dynamically modifies parameters of the Etherchannel if one of the bundled ports is modified (vlan
PAgP configured in desirable mode asks a far-end switch to negotiate Etherchannel
PAgP configured in auto mode (default) waits to be asked by far-end switch to negotiate Etherchannel
Defined in IEEE 802.3ad (Clause 43)
LACP packets are exchanged between switches over Etherchannel capable ports
The switch with lowest system priority (2B priority-6B switch MAC) makes decisions about what ports
actively are participating in the Etherchannel
Ports are selected and become active according to their lowest port priority (2B priority
A set of up to 16 potential links can be defined for each etherchannel
8 ports with lowest priorities are grouped together, remaining are stand-by
LACP configured in active mode asks far-end switch to negotiate Etherchannel
ssive mode waits to be asked by far-end switch to negotiate Etherchannel
9553.9553.07
cember 2011 29 | P a g e
static VLANs or trunking
PAgP dynamically modifies parameters of the Etherchannel if one of the bundled ports is modified (vlan-id,
end switch to negotiate Etherchannel
end switch to negotiate Etherchannel
6B switch MAC) makes decisions about what ports
lowest port priority (2B priority-2B port number)
end switch to negotiate Etherchannel
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Etherchannel Status
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
9553.9553.07
cember 2011 30 | P a g e
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
LESSON 6 : SWITCH FUNCTIONING
Example 1:
Example 2:
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
LESSON 6 : SWITCH FUNCTIONING
9553.9553.07
cember 2011 31 | P a g e
LESSON 6 : SWITCH FUNCTIONING
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Loops
In L3 Networks multiple paths to destination offer redundancy or
In L2 Networks multiple paths to destination create loops
In switching Networks Loops occur if a switch has multiple paths to another switch
This is the situation where a single frame propagates between switches multiple times, in various p
Broadcast Storm
If a system broadcasts (or unknown uni cast flooding) t
the systems as multiple copies in various paths
It consumes switch processing cycles and memory
Finally Network performance comes down
This situation is called broadcast storm
Avoiding Loops
Ensure the switches have only one path to reach every other switch
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
In L3 Networks multiple paths to destination offer redundancy or load balancing
In L2 Networks multiple paths to destination create loops
In switching Networks Loops occur if a switch has multiple paths to another switch
This is the situation where a single frame propagates between switches multiple times, in various p
If a system broadcasts (or unknown uni cast flooding) the data in the loop network,
the systems as multiple copies in various paths
It consumes switch processing cycles and memory
comes down
This situation is called broadcast storm
Ensure the switches have only one path to reach every other switch
9553.9553.07
cember 2011 32 | P a g e
In switching Networks Loops occur if a switch has multiple paths to another switch
This is the situation where a single frame propagates between switches multiple times, in various paths
he data in the loop network, a single frame goes to all
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Loop Prevention
Redundancy is required between switches to avoid network outages
Backup paths are required to achieve 100% network uptime
At the same time loops must be avoided
This can be done spanning tree protocol (STP) dynamically
STP blocks some ports automatically which are causing loops
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
Redundancy is required between switches to avoid network outages
achieve 100% network uptime
At the same time loops must be avoided
This can be done spanning tree protocol (STP) dynamically
STP blocks some ports automatically which are causing loops
9553.9553.07
cember 2011 33 | P a g e
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
LESSON 7 : TRADITIONAL STPBPDU
BPDU- Bridge Protocol Data Unit
STP operations are performed by exchanging BPDU messages between switches
By default BPDUs are sent for every 2 seconds
A switch sends BPDU frames to other switches using its own MAC as Source MAC and 01
destination MAC
01-80-c2-00-00-00 is STP multicast MAC address
Two types of BPDU
o Configuration BPDU
Used for Spanning tree computation
o TCN BPDU
Topology Change Notification BPDU
Used to announce
CONFIGURATION BPDU
Bridge ID
STP Link Cost
In STP process, the links are given with a number called cost
Cost is used to suspend slowest links than high speed links to avoid loops
High speed links have low cost
To support high speed links, STP cost standards are modified
New STP cost is in use at present
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
LESSON 7 : TRADITIONAL STP
Bridge Protocol Data Unit
STP operations are performed by exchanging BPDU messages between switches
By default BPDUs are sent for every 2 seconds
A switch sends BPDU frames to other switches using its own MAC as Source MAC and 01
00 is STP multicast MAC address(IP Multicast MAC : 01-00-5e-00-00
Used for Spanning tree computation
Topology Change Notification BPDU
Used to announce changes in the network topology
In STP process, the links are given with a number called cost
Cost is used to suspend slowest links than high speed links to avoid loops
support high speed links, STP cost standards are modified
New STP cost is in use at present
9553.9553.07
cember 2011 34 | P a g e
A switch sends BPDU frames to other switches using its own MAC as Source MAC and 01-80-c2-00-00-00 as
00-00 - 01-00-5e-7f-ff-ff)
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
Link Bandwidth
4 Mbps
10 Mbps
16 Mbps
45 Mbps
100 Mbps
155 Mbps
622 Mbps
1 Gbps
10 Gbps
STP Terminology
BPDU Bridge Protocol data Unit
RB Root Bridge
NRB Non Root Bridge
RP Root Port
DP Designated Port
NDP Non Designated Port
STP Process
1.Electing Root Bridge
2.Electing Root port per switch
3.Electing Designated port per segment
4.Electing Non designated ports
Reference STP Topology for Analysis
This topology has multiple switches and multiple loops. The links have different speeds as shown in figure.
STP can be explained by using this physically loop topology. The result will be logically loop free topology
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
Link Bandwidth Old STP cost New STP cost
250 250
10 Mbps 100 100
16 Mbps 63 62
45 Mbps 22 39
100 Mbps 10 19
155 Mbps 6 14
622 Mbps 2 6
1 4
0 2
Bridge Protocol data Unit Fundamental message in STP process
Switch with lowest bridge ID
Switches other than RB
Port on NRB that has best cost path to RB
Goes to forwarding state
Port on LAN segment that has best cost path to RB
Goes to forwarding state
Non Designated Port Port neither RP nor DP. Goes to blocking state (BLK)
switch
Electing Designated port per segment
Electing Non designated ports
This topology has multiple switches and multiple loops. The links have different speeds as shown in figure.
using this physically loop topology. The result will be logically loop free topology
9553.9553.07
cember 2011 35 | P a g e
Fundamental message in STP process
Switch with lowest bridge ID
Switches other than RB
Port on NRB that has best cost path to RB
forwarding state
Port on LAN segment that has best cost path to RB
Goes to forwarding state
Goes to blocking state (BLK)
This topology has multiple switches and multiple loops. The links have different speeds as shown in figure.
using this physically loop topology. The result will be logically loop free topology
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
1. Electing Root Bridge
All ports on all switches are in blocked state initially
Every switch treats itself as Root Bridge when STP process starts
Every switch sends BPDU to the remaining switches
BPDUs carry bridge id information to select root bridge
Finally only one switch with lowest Bridge ID is elected as Root Bridge
If priority is same, the switch with lowest MAC becomes Root Bridge
2. Electing Root Ports
Switch may have multiple paths to reach root bridge
The port with best cost path to RB is elected as Root Port
High speed ports have best cost paths. Cost is inversely proportional to speed
Only one Root Port exists per switch. Root Port goes to forwarding
If there is a tie in selecting RP, It prefers the link from the switch with lowest Bridge ID
Still there is a tie, then looks at Port ID, the port with least port id is preferred
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
All ports on all switches are in blocked state initially
Every switch treats itself as Root Bridge when STP process starts
U to the remaining switches
BPDUs carry bridge id information to select root bridge
Finally only one switch with lowest Bridge ID is elected as Root Bridge
If priority is same, the switch with lowest MAC becomes Root Bridge
Switch may have multiple paths to reach root bridge
The port with best cost path to RB is elected as Root Port
High speed ports have best cost paths. Cost is inversely proportional to speed
Only one Root Port exists per switch. Root Port goes to forwarding state
If there is a tie in selecting RP, It prefers the link from the switch with lowest Bridge ID
Still there is a tie, then looks at Port ID, the port with least port id is preferred
9553.9553.07
cember 2011 36 | P a g e
If there is a tie in selecting RP, It prefers the link from the switch with lowest Bridge ID
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
3. Electing Designated Port Per Segment
The port on the segment that has best cost path to RB is elected as designated Port (DP)
Only one DP exists per segment (switch to switch link). DP goes to forwarding state
All the ports on Root Bridge are Designated Ports
If there is a tie in selecting DP, It prefers the link fr
Still there is a tie, then looks at Port ID, the port with least port id is preferred
Tie Break: Lowest Root Bridge ID/Lowest root path cost/Lowest Sender Bridge ID/ Lowest sender Port ID
4. Electing Non-Designated Ports
The port neither RP nor DP becomes Non designated port
Non designated port goes to blocking state. NDP is also called as Blocked port (BLK)
These ports have the chances to become active if operational link fails
STP rebuilds the topology if something goes wrong with active links
STP rebuilds the new topology by activating some blocked ports ensuring loop free topology all the time
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
Electing Designated Port Per Segment
that has best cost path to RB is elected as designated Port (DP)
Only one DP exists per segment (switch to switch link). DP goes to forwarding state
All the ports on Root Bridge are Designated Ports
If there is a tie in selecting DP, It prefers the link from the switch with lowest Bridge ID
Still there is a tie, then looks at Port ID, the port with least port id is preferred
Lowest Root Bridge ID/Lowest root path cost/Lowest Sender Bridge ID/ Lowest sender Port ID
The port neither RP nor DP becomes Non designated port
Non designated port goes to blocking state. NDP is also called as Blocked port (BLK)
These ports have the chances to become active if operational link fails
gy if something goes wrong with active links
STP rebuilds the new topology by activating some blocked ports ensuring loop free topology all the time
9553.9553.07
cember 2011 37 | P a g e
that has best cost path to RB is elected as designated Port (DP)
Only one DP exists per segment (switch to switch link). DP goes to forwarding state
om the switch with lowest Bridge ID
Lowest Root Bridge ID/Lowest root path cost/Lowest Sender Bridge ID/ Lowest sender Port ID
Non designated port goes to blocking state. NDP is also called as Blocked port (BLK)
STP rebuilds the new topology by activating some blocked ports ensuring loop free topology all the time
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
STP Physical and Logical topologies
To participate in STP, each switch port progress through 5 states
Disable
Blocking
Listening
Learning
Forwarding
Disable
Disable state is shutdown state and not a part of normal STP progression
Blocked
When a port initializes, it begins in the blocking state so that no loops can form
The port is allowed only to send and receive BPDU
The ports that are put into standby mode to remove a loop enter the blocking state
Listening
A port is moved from Blocking to Listening if the switch thinks that the port can be selected as a root port or
designated port
In listening state port the port is allowed to send/receive BPDUs
If the port loses its RP or DP status in STP process, it returns to the blocking state
The port stays in Listening state for 15 sec, forward delay
Learning
After forward delay(15sec) in listening state, the port is moved to learning state
The port can send/receive BPDU and learns MAC addresses to add them to MAT
The Port stays in Learning state for 15sec, forward delay
Forwarding
After forward delay(15sec) in learning sta
Only RPs and DPs are moved to forwarding state
The port can send/receive BPDU, learn MAC and send/receive data
Now the port is fully functioning switch port in STP topology
P. NAGABABU [email protected]
ovember 2011. New material is available on 1st
Decem
STP States
progress through 5 states
Disable state is shutdown state and not a part of normal STP progression
When a port initializes, it begins in the blocking state so that no loops can form
is allowed only to send and receive BPDU
The ports that are put into standby mode to remove a loop enter the blocking state
A port is moved from Blocking to Listening if the switch thinks that the port can be selected as a root port or
In listening state port the port is allowed to send/receive BPDUs
If the port loses its RP or DP status in STP process, it returns to the blocking state
The port stays in Listening state for 15 sec, forward delay
delay(15sec) in listening state, the port is moved to learning state
The port can send/receive BPDU and learns MAC addresses to add them to MAT
The Port stays in Learning state for 15sec, forward delay
After forward delay(15sec) in learning state, the port is moved to forwarding state
Only RPs and DPs are moved to forwarding state
The port can send/receive BPDU, learn MAC and send/receive data
Now the port is fully functioning switch port in STP topology
9553.9553.07
cember 2011 38 | P a g e
The ports that are put into standby mode to remove a loop enter the blocking state
A port is moved from Blocking to Listening if the switch thinks that the port can be selected as a root port or
-
9000235254 P. NAGABABU
This material is valid till 31st Nove
STP States
Disabled
Blocking
Listening Send & Receive BPDUs
Learning Send & Receive BPDUs
Forwarding Send & Receive
Send & Receive data
STP uses three timers to make sure that a network converges properly before a bridging loop can form
STP timers provide facility for the switches to have time to receive network changes
STP three timers
o Hello Time
The time interval between configuration BPDUs sent by Root Bridge
IEEE 802.1d standard
o Forward delay
The port spending time in Listening and Learni
Default is 15 sec
o Maximum Age
The time interval that a switch stores a BPDU before discarding it
In STP process every switch keeps a copy of best BPDU, it learned
The BPDU ages out if the switch loses contact with BPDUs source
The default Max ag
The default STP timers are designed based on a reference model of L2 network with 7 switches diameter
including Root Bridge (as shown in above diagram)
STP timers