Cisco Switching Basics.

7/27/2019 Cisco Switching Basics.

1/272

1 2004 Cisco Systems, Inc. All rights reserved.

Roland Ducomble

TAC Technical Leader CCIE 3745

[email protected]

August 2006

Bootcamp : GTPLan-sw fundamentals
mailto:[email protected]:[email protected]


2/272

222 2004 Cisco Systems, Inc. All rights reserved.LAN ATTT

Agenda

Ethernet /Autonegotiation / Bridging

Introduction to Architecture/ Cat6k Overview

CatOS / IOS Introduction VLANS / Trunking

Some Additional IOS Caveats

VTP

Etherchannel

SPAN RSPAN


3/272


802.3 Ethernet- CSMA/CD

Ready totransmit

Transmit data and

sense channel

(4)

Transmit

Jam Signal

(5)

Wait according to

backoff strategy

(6)

Sense

Channel

(1)

New attempt

Channel free

for IFG (9.6us)

(2)

Channel busy

(3)

Collision detected

Wait according to a random Binary

Exponential Backoff (BEB)

algorithm, and then try again.

After 16 consecutive

collisions,give up and discard the

frame.


4/272


Half versus Full Duplex

Half Duplex

One station transmits, other listens.

While transmitting, you do not receive, as no one else is transmitting.

If you receive data on your RX pin WHILE youre in the process oftransmitting that is considered a collision.

Full Duplex (standardized in 802.3x)Transmit and receive at the same time.

Transmit on the transmit pair, and receive on the receive pairs.

No collision detection, backoff, retry, etc

No CS, no MA, no CD. Only relationship to HD is frame format and

encoding/signaling method.


5/272


Fast Ethernet

Uses original Ethernet MAC frame, but operates at 10times the speed of regular Ethernet.

Retains everything that original ethernet has, except theInterFrameGap. Decreased from 9.6s to 0.96s.


6/272


Gigabit Ethernet

Comes in 2 flavors 1000Base-T and 1000Base-X

1000Base-T Ethernet

1000Base-T scrambles each byte in the MAC frame to randomize the bit sequencebefore it is encoded using Forward Error Correction method. It is using the 4 wirepair.

Each transmitted frame is encapsulated with start-of-stream and end-of-streamdelimiters.

1000Base-T supports both half-duplex and full-duplex operation. Cisco only doesfull.

1000Base-X Ethernet

Transmission coding is based on the ANSI Fibre Channel 8B/10B encodingscheme. Each 8-bit data byte is mapped into a 10-bit code-group for bit-serialtransmission

All three 1000Base-X versions support full-duplex binary transmission at 1250Mbps over two strands of optical fiber or two STP copper wire-pairs

All 1000Base-X physical layers support both half-duplex and full-duplex operation


7/272777 2004 Cisco Systems, Inc. All rights reserved.LAN ATTT

Auto-negotiation Overview

Auto-negotiation is used on 10/100 M port tonegotiate speed and duplex between two peers.

Standard defined by IEEE : 802.1u

See for more info :http://www.Cisco.com/warp/customer/473/3.html

http://www.iol.unh.edu/training/fether/aneg/
http://www.cisco.com/warp/customer/473/3.htmlhttp://www.iol.unh.edu/training/fether/aneg/http://www.iol.unh.edu/training/fether/aneg/http://www.cisco.com/warp/customer/473/3.html



Case 1 : Both partner are capable of doingauto-negotiation



Exchanging capabilities : The LCW

The two partners exchange their capabilities through theexchange of a LCW (link Code Word) in FLP (Fast link pulse)

The LCW is a 16 bits word sent by each auto-negotiatingpartner to its peer containing its own capabilities

Exchanged in 10baseT Pulse format The FLP is also used to detect the presence of a link



Exchanging capabilities : The LCW (cont.)

S0 to S4 tells the protocol (802.3 in most cases)

A0 to A7 : capability (100 base TX FD, )

Ack bit : set on receipt of 3 consecutive and consistentLCW from peer

RF bit : remote fault indication NP : next page bit



Exchanging capabilities : The LCW (cont.)

This one advertise all 4 capabilities :

100Base-TX Full Duplex

100Base-TX

10Base-T Full Duplex

10Base-T



Choosing speed and duplex

Once capabilities has been exchanged between the twopeers, both peers choose the highest common denominatoraccording the following ranking :

1.100Base-TX Full Duplex

2.100Base-T4

3.100Base-TX

4.10Base-T Full Duplex

5.10Base-T



Using the remote fault bit

A BFLP

FLP

A and B exchange FLP for auto-negotiation and

because of a cable fault A never receive FLP from B

and as such assume a fault and set the RF bit in theFLP it sends to B

Negotiation cannot be completed



Case 2: one of the partner do not do auto-negotiation



Parallel detection

The Parallel Detection Function is an auto-negotiating device'smeans to establish links with non-negotiating, fixed speeddevices.

If an auto-negotiating device receives either 10BaseT or T4 LinkTest Pulses or the idle stream of a TX device, it should do oneof two things:

enable the link at the received pulse speed if it supports it

Or refuse to establish a link.

A device can never parallel detect to a full duplex link, however.Thus in parallel detection mode WE ARE ALWAYS IN HALF-DUPLEX



Auto-negotiation summary

Config Peer 1 Config Peer 2 Result onPeer 1

Result onPeer 2

Comments

Auto Auto 100 FD 100 FD Correct nego when bothpeer are capable of 100 FD

100 FD Auto 100 FD 100 HD DUPLEX MISMATCH

100 FD 100 FD 100 FD 100 FD Correct manual config

100 HD Auto 100 HD 100 HD Link is established, butpeer 2 does not see anyauto-negotiationinformation from NIC anddefaults to half-duplex.

10 HD Auto 10 HD 10 HD Link is established, butpeer 2 will not see FLPand will default to 10 Mbpshalf-duplex.

10 FD 100 FD No link No link SPEED MISMATCH



Auto-Negotiation

Upon initialization, each device transmits a 16-bit message (called aFast Link Pulse Burst) to its link partner, which is used to negotiate:

Speed supported by partner;

Duplex mode supported by partner;

Flow control support via MAC control pause frames; and

It also can be used to indicate a fault and specify the type of fault. The 16-bit negotiation message should be sent repeatedly until

acknowledged by partner.

An acknowledgement should be sent after 3 consecutive messagesconfirming capabilities.

Auto-negotiation signaling is independent of the signaling/encodingused for normal data.



Detecting a duplex mismatch

Full duplex means that the collision detection mechanism isdisable and as such a FD devices will sent frame withoutlistening to see if the media is free

Symptoms of Duplex mismatch :

FCS errors

Align errors

Late collision (seen on HD side)

Runts

Excessive collision (seen on HD side)



Summary : 10/100 auto negotiation

use if possible :

Auto to auto

Fix speed/duplex to Fix speed/duplex

Avoid :Auto to Fix speed/duplex


20/272


Remote fault on 100baseFX

FEFI can provide same functionality on 100M fiberport (not supported on all line card though)


21/272


Gigabit flow control

When Gigabit flow control is enable a congestedreceiver can let know the transmitter thecongestion by sending a PAUSE frame that resultof the sender to stop transmission for a while.

Defined in 802.3x


22/272


Gigabit auto-negotiation

Auto-negotiation in 1000baseX is different than in 10/100

What does auto-negotiation at gig speed :

Duplex negotiation

Remote fault detection

Flow control negotiation

Do not include speed negotiation.


23/272


Gigabit auto-negotiation

Exchange word in similar way as 10/100 nego

Duplex and flow control info in the negotiation word depends oncapability and config

Once capability has been exchange, we decide on link settings

Duplex : Full duplex is the priority regarding half duplex

Flow control : PAUSE frame are enable in sending and/orreceiving direction


24/272


Gigabit negotiation issue

Some devices do not support giga negotiation or only part ofit

In case of trouble to bring link up to different type of devices,worth to try disabling link negotiation

Note : GSR in old software do not support gig negotiation.

Nego needs to be enable on both side or the link or disableon both side of the link.


25/272


Review

What is the result of PC 10/100 NIC auto sensing toa switch port fix in 100M full Duplex ?

What is the result of connecting to 1000 base-Xdevices where one side negotiate and the other hasnegotiation disable

If Gig nego is disable on both side of a connection,what will happen is I unplug Rx Strand of fiber onone side ?


26/272


27/272


28/272


Ethernet Frame Types (3)Generic

Name

Novell

Name

Cisco

Name

(switch)

Ethernet

Version II

(DIX)

Ethernet_IIARPA

(EII)

Type

(>1500)DA SA FCS

802.3 w/

802.2 LLC

Header

Ethernet_802.2SAP

(8023)Length

DSAP

(1)

SSAP

(1)

Control

(1)DA SA FCSData

802.3Raw(Novell Raw) Ethernet_802.3Novell_Ether

(802.3raw)

Length

FF-FF

all 1s(2 byte)

DA SA FCSData

Data

1985: Final version of the 802.3 specification was released.

Final version of 802.3 has been modified to include the 802.2

LLC header, making NetWare's proprietary format incompatible.

Two years after that


29/272


Ethernet Frame Types (4)Generic

Name

Novell

Name

Cisco

Name

(switch)

Ethernet

Version II

(DIX)

Ethernet_IIARPA

(EII)

Type

(>1500)DA SA FCS

802.3 w/

802.2 LLC

Header

Ethernet_802.2SAP

(8023)Length

DSAP

(1)

SSAP

(1)

Control

(1)DA SA FCSData

802.3Raw

(Novell Raw)

Ethernet_802.3Novell_

Ether

(802.3raw)

Length

FF-FF

all 1s(2 byte)DA SA FCSData

Data

SNAP Ethernet_SNAPSNAP

(snap)FCSLengthDSAP

AA

(1)

SSAP

AA

(1)

Control

03

(1)DA SA Data

OUI

(3)

Type

(2)

Finally, the 802.3 SNAP format was created to address backwards

compatibility issues between Version 2 and 802.3 Ethernet.


30/272


31/272


32/272


Hub

Rpt

What is a Collision Domain?

What is a Broadcast Domain?

How many of each do we have here?

Hub to Bridge to Switch


33/272


34/272


Hub

Rpt

How does the addition of switches affect collision domains?



35/272


Hub

Rpt

2 collision domains

1 - broadcast domain



36/272


Floor #3

Floor #2

Floor #1

Hub

Rpt



37/272


Floor #3

Floor #2

Floor #1

Hub

Rpt

How many collision

domains?

How many broadcastdomains?



38/272


Floor #3

Floor #2

Floor #1

Hub

Rpt

6 collision

domains

3- broadcastdomains



39/272


40/272


Floor #3

Floor #2

Floor #1

Hub

Rpt

How many collision

domains?

How many broadcastdomains?



41/272


Floor #3

Floor #2

Floor #1

Hub

Rpt

8collision

domains

1- broadcastdomain



42/272


Four major functions:

Learning MAC addresses;

Forwarding/filtering frames;

Forwarding broadcasts; and

Loop avoidance - Spanning Tree

Bridge Functionality

Segment SegmentPort E0 Port E1


43/272


Address Learning

Source MAC address is associated with NIC

Addresses are learned from SA field of ethernet frame.

Independent of Destination- Unicast or Broadcast

MAC Address Table

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

Port Port

A1

B2

B1

A2

0260.8c01.5555

Por

t

0260.8c01.6666

E2

C1 C2

Pre TypeDA SA FCSData


44/272


MAC Address Table

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

Port Port

A1

B2

B1

A2

0260.8c01.5555

Por

t

0260.8c01.6666

E2

C1 C2


Address Learning


45/272


MAC Address Table

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

Port Port

A1

B2

B1

A2

0260.8c01.5555

Por

t

0260.8c01.6666

E2

C1 C2


E0: 0260.8c01.1111

Address Learning


46/272


47/272


48/272


49/272


A1 sends a frame to B2. Forwarded.

Occurs when destination is known.

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

A1

B2

B1

A2

E2

C1 C2

MAC Address Table

E0: 0260.8c01.1111

E0: 0260.8c01.2222E1: 0260.8c01.3333

E1: 0260.8c01.4444E2: 0260.8c01.5555E2: 0260.8c01.6666

0260.8c01.5555 0260.8c01.6666

Frame Forwarding


50/272


A1 sends a frame to A2 which is filtered.

Collisions on segment A do not affect segments B orC. Thus, they are separate collision domains.

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

A1

B2

B1

A2

E2

C1 C2

MAC Address Table

E0: 0260.8c01.1111

E0: 0260.8c01.2222E1: 0260.8c01.3333

E1: 0260.8c01.4444E2: 0260.8c01.5555E2: 0260.8c01.6666

0260.8c01.5555 0260.8c01.6666

X

Frame Filtering


51/272


A1 sends out a broadcast which is forwarded.

Thus, there is a single broadcast domain.

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

A1

B2

B1

A2

E2

C1 C2

MAC Address Table

E0: 0260.8c01.1111

E0: 0260.8c01.2222E1: 0260.8c01.3333

E1: 0260.8c01.4444E2: 0260.8c01.5555E2: 0260.8c01.6666

0260.8c01.5555 0260.8c01.6666

Handling Broadcasts


52/272


Agenda

Ethernet / Bridging


CatOS / IOS Introduction

VLANS / Trunking


VTP

Etherchannel


53/272


Address Learning

EARL = Enhanced Address Recognition Logic

The EARL is the logic that maintains the MAC address tablejust like any learning bridge.

The table where these addresses are stored is referred to asthe CAM (content-addressable memory) because it is hashedby MAC address.

Each entry is a MAC address, port association (based onSA), and VLAN ID.

What are the elements that actually accomplish addresslearning?


54/272


CAM Table

The EARL consults the CAM table for a MAC corresponding tothe destination address (DA) of each frame, to determine theegress port(s).

DAs that are not already known are flooded to all ports in thesame VLAN as the inbound frame.

Entries are added by the source address (SA) of the frame.

By default, entries will age out at 300 seconds.


55/272


56/272


The Switching/Data Bus (usually called Dbus):

Catalyst 5000/5500: Dbus has a data transfer rate of1.2 Gbps.

The 5500 series has 3-1.2 Gb buses.

Catalyst 6000/6500: Dbus has a data transfer rate of 16-Gbps.

A bus access arbitration scheme is implemented on the supervisor engine, and allline modules and the supervisor have equal access to the switching bus.

The Management Bus: Carries configuration information from the NMP to each

module and statistical information from each module to the NMP, using SCP. Alsocalled MBUS or EOBC (Ethernet Out Of Band Channel).

The Results/Index Bus: Carries port-select (LTL, CBL, etc.) information from thecentral EARL to the ports. This information determines which ports forward the packetand which flush it from the buffer. It is also called RBUS.

Architecture A Couple of Quick Points

Catalyst 6K


57/272


Catalyst 6KWhat does it LOOK like?- Chassis

Chassis

6509 65066509-NEB 6513

6503


58/272


What does it LOOK like? - Supervisor

SupervisorSup1

Sup1A

Sup2

Sup720 (Sup-3)

Routing-Engines MSFC

MSFC2

MSFC3

Switching-EnginesCafe2

PFC

PFC2

PFC3


59/272


What does it LOOK like? - Linecards

Linecard

2 ATM

17 WAN

15 FastEthernet / Ethernet

2 10GigEthernet

11 Special

7 GigEthernet

What does it LOOK like?


60/272


Daughter Cards

Linecard daughter cards



61/272


Daughter Cards




62/272


Daughter Cards



63/272


Agenda

Ethernet / Bridging




VTP

Etherchannel


64/272


Cat OS versus IOS?? (1)

1994Cisco acquires Kalpana, a leading p rovid er ofEthernet switches worldwide.

Cisco gains the Catalyst 5000 and a whole new operatingsystem and command lineCatalyst OS.

Cisco customers must now learn two CLIs:IOS on routers and CatOS on switches


65/272


66/272


IOS

More and more widespread for most of the newcatalyst

Allow configuring L2 feature (Catos like feature)

And L3 feature (like pure ios on routers) A port can be a L2 port or an L3 Port (on some

catalyst)


67/272


Cat6500 Cases

Cat 6500 is composed of a supervisor (called SP orPFC) and a routing engine (called MSFC)

MSFC is daughter on supervisor (not user visibleand no separate console)

Two software option :

Hybrid : CatOS on sup and IOS on MSFC 2 config files, 2separate software

Native: Unique bundled IOS image running on both supand MSFC unique IOS file and unique config file.


68/272


Cat OS versus IOS?? (2)

Comparing and Contrasting

IOS

Two config files (running-config

and startup-config).

Must manually save changes from

running to startup or changes

are lost.

Multiple modes of operation

(EXEC, Privileged EXEC, Global

Config, Interface Config, etc).

Designed primarily for Layer-3,

routing operations.

Ports are disabled by default. Must

issue no shut command.

Command syntax varies.

Cat OS

One config file.

Changes to config saved

automatically.

Only two modes of operation,

EXEC and Privileged EXEC.

Designed primarily for Layer-2,

switching operations.

Ports are enabled by default.

Virtually all config commands

begin with set (i.e. set vlan 99).


69/272


IOS on Switches (1)

Catalyst 5000 is the first switch to offer integrated routing capabilitywith the RSM (Route Switch Module).

Now a single chassis had TWO operating systems:

Supervisor runs CatOS for switching functions; and

RSM runs IOS for routing functions.


70/272


IOS on Switches (2)

This trend (CatOS and IOS BOTH on the same box) continued fora few years:

Catalyst 5000 Route Switch Feature Card (RSFC)

Catalyst 6000 Multilayer Switching Module (MSM)

Catalyst 6000 Multilayer Switching Feature Card (MSFC)

Customers become tired of shuffling back and forth between twooperating systems.

There is a big push to get rid of CatOS and make everything IOS.


71/272


A new, specialized version of IOS, capable of doing routing AND switching, isbuilt.

Now almost ALL Cisco switches run IOS, and CatOS is virtually extinct.

With IOS on a switch, all the same IOS rules apply.

There are 2 configuration files (startup-config and running-config).

Running-config must be manually saved to startup-config using the writememory command.

There are no more set commands.

What DOES still run CatOS?

Catalyst 5000 platform (EOLno longer sold);

Catalyst 6000 when running in Hybrid; and

Catalyst 4000/4500 with Supervisor-1 or Supervisor-2.

IOS on Switches (3)


72/272


Agenda

Ethernet / Bridging




VTP

Etherchannel


73/272



Floor #3

Floor #2

Floor #1

Hub

Rpt

8Collision

Domains

1- Broadcast

Domain

S


74/272


Floor #3

Floor #2

Floor #1

Hub

Rpt

What if I wanted

each floor to be in

its own, unique

broadcast domain?


H b t B id t R t


75/272


Floor #3

Floor #2

Floor #1

A1

A2A3

A4

B1

B2B3

B4

C1C2

C3

C4

C1, C2 C3, C4

A1, A2 A3, A4

B1, B2 B3, B4

Bridge A

Bridge B

Bridge C

One way to do itseparate

each floor using a router.

Hub to Bridge to Router

H b t B id t R t


76/272


Floor #3

Floor #2

Floor #1

A1

A2A3

A4

B1

B2B3

B4

C1C2

C3

C4

C1, C2 C3, C4

A1, A2 A3, A4

B1, B2 B3, B4

Bridge A

Bridge B

Bridge C

But whats the downside?


H b t B id t R t


77/272


Floor #3

Floor #2

Floor #1

A1

A2A3

A4

B1

B2B3

B4

C1C2

C3

C4

C1, C2 C3, C4

A1, A2 A3, A4

B1, B2 B3, B4

Bridge A

Bridge B

Bridge C

1. Each floor needs its

own switch

2. Router interfaces areexpensive


Th S l ti VLAN !!


78/272


The SolutionVLANs!!

VLAN = Method of micro-segmenting an L2 / L3

topology.

Each VLAN is a separate broadcast domain.

Any port on a Catalyst switch can be in any

VLAN.

Inter-VLAN communication requires a L3

routing device.

VLANs may span multiple switches.

A VLAN A P t


79/272


Any VLAN on Any Port

Blue = VLAN10

Red = VLAN 20

Green = VLAN 30

VLAN T i


80/272


VLAN Tagging

FCS is checked on a frame at the ingress port.

If the FCS is good, the VLAN id tag is added to the framebefore it is placed on the switching bus.

VLAN belonging to this port.

Port ID of this port.The tag is removed at the egress port(s).

VLAN C fi ti (C t OS)


81/272


VLAN Configuration (Cat OS)

To add VLAN

set vlan

To remove VLAN

clear vlan To view configured VLANs

show vlan

VLAN C fi ti ( C t IOS )


82/272


VLAN Configuration ( Cat IOS )

Enter vlan database

3524XL#vlan database

Must be in server mode

3524XL(vlan)#vtp server

Add vlan

3524XL(vlan)#vlan 2

Remove vlan

3524XL(vlan)#no vlan 2

Enter Global Config

4500#config t

Must be in server mode4500(config)#vtp server

Add vlan

4500(config)#vlan 2

Remove vlan

4500(config)#no vlan 2

The old way The new way

Still required on XL series switches.

VLAN C t


83/272


VLAN Caveats

What happens if I delete a VLANand there are still

ports assigned to that VLAN?

VLAN Caveats


84/272


VLAN Caveats

Creating VLAN 60 and assigning it to port 3/21.

VLAN Caveats


85/272


VLAN Caveats

Verifying

VLAN Caveats


86/272


VLAN Caveats

Now I delete the VLANwithout first moving the port toan alternate VLAN.

VLAN Caveats


87/272


VLAN Caveats

So whats the status now of port 3/21??

Deactivated!!

Linking Different Switches


88/272



Building 2Building 1

I have several departments that span more than one building.

Each department has their own VLAN.How can I connect the buildings and maintain the broadcast

domains?



89/272



Building 2

Building 1



90/272



Building 2

Building 1



91/272



Building 2

Building 1

Question: What is the design

problem with this method?



92/272



Building 2

Building 1

Answer: Too many ports are used

just for switch-to-switch

connections!

Trunking to the Rescue


93/272





94/272



Problem: How do you identify

which frame belongs to which

VLAN if all VLANs are carried in a

single link?



95/272



Answer: Well tag each frameplaced on the trunk with the VLAN

it belongs to. Trunking

encapsulation will do this for us.

Trunking Methods


96/272


Trunking Methods

There are two trunking protocols.

ISL = Cisco proprietary

802.1q = IEEE specification

Trunking status can be negotiated on a link.

Trunking is also supported on some routers.

Some NIC vendors support trunking.

ISL Overview


97/272


ISL Overview

All frames are encapsulated.Adds 26 byte ISL header and 4 byte CRC to ethernet frame.

VLAN ID is carried in ISL header.

ISL is sent as a giant, MAC-layer multicast: (01-00-0C-CC-CC-

CC ether type 2004).

ISL Frame Tagging


98/272


External TaggingFrame is encapsulated with the tag

Frame is not altered (New FCS)

TAG FCS

(e.g. ISL Header)

DA SA Data FCS

DA SA Data FCS

Type/

Length

Type/

Length

ISL Frame Tagging

IEEE 802 1q Overview


99/272


IEEE 802.1q Overview

All frames are encapsulated except the native VLAN(covered later).

A TAG is inserted into the frame, which extendsmaximum frame size to 1522 bytes from 1518 bytes.

The FCS is recomputed for the entire frame afterthe tag is inserted.

This assumes that there is only one instance ofspanning tree.

802 1q Frame Tagging


100/272


Internal TaggingTag is inside the frame

Frame is altered (FCS recalculated)

DA SA Data FCSType/

Length

SA Data FCSDA DataType/

LengthTAG

(802.1Q Tag)

802.1q Frame Tagging

802 1q Frame Format


101/272


DA SA Type/Len Data FCS

DA SA Type/Len Data FCSTAG

EtherType PRI VLAN ID

Token-Ring Encapsulation Flag

4 Bytes

2 Bytes 3bits 1bit 12bits

0-7 0 - 40950-1Value = 0x8100

802.1q Frame Format

What is the Native VLAN?


102/272


What is the Native VLAN?

VLAN trunks (either ISL or 802.1q) carry traffic from all VLANs by default.

Switches and routers need to send certain management frames to each other,

such as:

CDP

VTP

DTP

If a switch has 300 VLANs, does it really need to send 300 CDP packets everyminute (one per VLAN)? No.

So if were only going to send one CDP packet, which VLAN will send that

frame?

VLAN 1

VLAN 1 is the Native VLAN (by default)

This can be changed via configuration.Native VLAN must always match on both sides of the trunk.

ISL and dot1q Frame format


103/272


Layer 2ISL

FCS4 Bytes

Encapsulated Frame 124.5 KbytesISL Header26 Bytes

Layer 2802.1Q/p

FCSDATATypeLen

TAG4 Bytes

SADASFDPREAM.

ISL and dot1q Frame format

TPID

0x8100

CoS

CFI

VLAN ID

0-4095

16bits 3bits1bit

12bits

ISL against dot1q


104/272


ISL against dot1q

Cisco proprietary

Encapsulation

One spanning tree per Vlanon each trunk.

All Vlan encapsulated.

30 bytes overhead per frame

IEEE standard Internal Tag

One SPT only per dot1q trunkper standard.

Native Vlan is NOT

tagged(unless dot1q-all-taggedis configured).

4 bytes overhead only perframe

DTP Feature


105/272


DTP Feature

Dynamic negotiation of trunkingmode :

To trunk or not ?

Trunk ISL or trunk dot1q ?

(ISL preferred)

supports on, off, auto, desirable,nonegotiate

Want to trunk?802.1q or ISL?

I am ISL -auto.

DTP

DTP

DTP

Trunking Configuration (Cat OS)


106/272


Trunking Configuration (Cat OS)

Syntax:set trunk [on|off|desirable|auto|nonegotiate] [vlans][trunk_type](vlans = 1..1005 An example of vlans is 2-10,1005)(trunk_type =isl,dot1q,dot10,lane,negotiate)

Example:set trunk 1/1 desirable dot1q

On Trunk is manually on regardless of what the other side can/cannot do. DTPframes sent.

Off Trunk is manually turned off, regardless of possible receipt of DTP frames fromremote end of link.

Auto Trunk is in a passive state waiting for receipt of DTP frames. Will not originateDTP frames.

Desirable Port wishes to become trunk. Will source/originate DTP frames to remoteport.

Nonegotiate - Trunk is manually on regardless of what the other side can/cannot do.DTP frames NOT sent.

Trunking Configuration (Cat IOS)


107/272


Trunking Configuration (Cat IOS)

Syntax:

Switch#config t

Switch(config)#int fa0/1

Switch(config-if)# switchport

Switch(config-if)# switchport trunk encapsulation isl

Switch(config-if)# switchport mode trunk

or

Switch(config-if)# switchport mode dynamic desirable

or

Switch(config-if)# switchport mode dynamic auto

Switch(config-if)# switchport trunk native 2

Or

dot1q

Optional to change the

Native VLAN

Trunking on the RouterConfiguration (IOS)


108/272


Configuration (IOS)

Syntax:Router#conf t

Router(config)#int fa5/0/0.1

Router(config-subif)#encapsulation isl 1

Router(config)#int fa5/0/0.2Router(config-subif)# ip address 2.2.2.2 255.0.0.0

Router(config-subif)#encapsulation isl 2

Router(config)# int fa5/0/0.3

Router(config-subif)# ip address 3.3.3.3 255.0.0.0Router(config-subif)#encapsulation isl 3

No IP addressconfiguredassuming

no users on VLAN 1

Native VLAN


109/272


Native VLAN

Native VLAN is the VLAN a port would be assigned toif it was not participating in a trunk

In 802.1q, frames in the native VLAN are not tagged

at all by default Native VLAN on each end of a trunk MUST match for

correct operation


110/272

Pruning VLAN : 2 methods


111/272


u g et ods

1. Manual Pruning (best) 2. VTP pruning (to avoid) : automatic pruning relying on VTP

message. Quiet complex and do not remove port fromspanning-tree instance just reduce size of broadcastdomain

Exception : With Spanning-Tree MST manual pruning is riskyVTP pruning might be an option

DTP and VTP


112/272


DTP sends the VTP domain name in a DTP packet.Therefore, if you have two ends of a link belongingto a different VTP domain, the trunk will not comeup if you are using DTP. In this special case, youneed to configure the trunk mode as "on ornonegotiate, on both sides, to prevent DTP fromrunning.

DTP and spanning tree


113/272


p g

Note that a port will only starts the SPT transitionwhen the DTP negotiation is over.

Trunking on CatOS based switch


114/272


g

Cat4k based : 4003,4006,2948G,4912G,2980Gonly support dot1q (Hw limitation)

Cat5k based : 2901,2902,2926,5002,5000,5500,5505,5509

Support both ISL and dot1q (depends on the line card)

Use sh port capa to know capabilities of the port Cat6k based

Supports both isl and dot1q on all port

Trunking verification on CatOS


115/272


g

Taras> (enable) sh trunk

* - indicates vtp domain mismatch

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

4/3 auto n-isl trunking 1

Port Vlans allowed on trunk

-------- --------------------------------------------------4/3 1-1005

Port Vlans allowed and active in management domain

-------- ---------------------------------------------------

4/3 1-2,101-109,151-152,500,999-1000

Port Vlans in spanning tree forwarding state and not pruned

-------- ------------------------------------------------------

4/3 1-2,101-109,151-152,500,999-1000

Taras> (enable)

Trunking on the IOS based switches


116/272


g

Interface mode :Switchport mode trunk

Switchport encapsulation .

Sh interface [fa|gig] x/x switchport

XL family switches do not support DTP

2950 only support dot1q and DTP

3550/3750/4k sup3/sup4 and 6k native do support both isl and dot1q andthey supports DTP

Trunking verification on XL switches


117/272


g

Brush#sh int gig 0/1 switchport

Name: Gi0/1

Switchport: Enabled

Administrative mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: Disabled

Access Mode VLAN: 0 ((Inactive))

Trunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: 1-3,1002-1005

Trunking VLANs Active: 1

Pruning VLANs Enabled: 2-1001

Trunking on IOS router


118/272


g

Do not support DTP Done per sub-interface

ISL supported for ages (11.1 in enterprise, 11.2 in IP plus)

Dot1q supported in 12.0(T)

Native vlan configured on the main interface

Dot1q bridging in 12.1(3)T

Possibility to configure native vlan on sub interface with :encapsulation dot1q x native

Sample config of a trunk in ios


119/272


p g

interface GigabitEthernet1/2switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10-199,222,4000

switchport mode trunk

no ip address

Sample config of a trunk in ios


120/272


Crank#sh int gig 1/2 trunk

Port Mode Encapsulation Status Native vlan

Gi1/2 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi1/2 1,10-199,222,4000

Port Vlans allowed and active in management domainGi1/2 1,10-11,100-102,155,161,166,171-173,198-199,222,4000

Port Vlans in spanning tree forwarding state and not pruned

Gi1/2 1,10-11,100-102,155,161,166,171-173,198-199,222,4000

Trunking summary


121/272


In case of trunk problem or connectivity problemget on both side :

Sh trunk (or sh int x/x switchport)

Sh spant x/x (or sh spanning int x/x)

Sh config

Agenda


122/272


Ethernet / Bridging



VLANS / Trunking


VTP

Etherchannel

Port Type Basics


123/272


Access: L2 Ports (single vlan)

Port Type Basics


124/272


How do you configure an access L2 Port (single VLAN)?

Cat4k# conf t

Enter configuration commands, oneper line. End with CNTL/Z.

Port Type Basics


125/272



Cat4k# conf t


Cat4k(config)# interface fastethernet

3/1

Port Type Basics


126/272



Cat4k# conf t



3/1

Cat4k(config-if)# switchport

Different defaults per IOS version.

Dynamic Auto

Dynamic Desirable

Port Type Basics


127/272



Cat4k# conf t

Enter configuration commands, one

per line. End with CNTL/Z.


3/1


Cat4k(config-if)# switchport mode

access

Forces the port to be a switchport. Will not

send, or respond to, DTP.

In VLAN 1 by default

Port Type Basics


128/272



Cat4k# conf t

Enter configuration commands, one per

line. End with CNTL/Z.

Cat4k(config)# interface fastethernet 3/1


Cat4k(config-if)# switchport mode access

Cat4k(config-if)# switchport access vlan 2

Cat4k(config-if)# end

Cat4k#

Configuration Task


129/272


Pause the presentation now and do the following on yourownon a piece of paper:

You are on a switch at the following prompt:

Router > Catalyst IOS Switc h

Write down the commands (using only Catalyst IOS) to:

Create VLAN 55.

Assign VLAN 55 to interface fastethernet 3/1.

Ensure fastethernet 3/1 does NOT become a trunk.

Move on to the next slide when you think you have the answer.

Configuration Task (Catalyst IOS)


130/272


Router> enable you must first type enable

Router# configure terminal

Router (config)# vlan 55 th is creates the VLAN

Router (config-vlan)# exit

Router(config)# interface fastethernet 3/1

Router (config-if)# switchport th is ensures the port is a Layer-2 switching port

Router(config-if)# switchport mode access th is ensures that the port w i l l NOT become a trunk

Router (config-if)# switchport access vlan 55 port is now in VLAN 55

Router (config-if)# no shut

Pause this slide to review your answer.

Port Type Basics


131/272


Access: L2 Ports (single VLAN)

Trunk: L2 ports (multiple VLANs)

Port Type Basics


132/272




Routed: L3 ports

Direct interface like in any router today.

int Fasteth 0/0

ip address 1.1.1.1 255.0.0.0

no shut

int Fasteth 7/1

no switchport

ip address 1.1.1.2 255.0.0.0

no shut

Port Type Basics


133/272




Routed: L3 ports

Direct interface as in any router today.

sub-interface support on 6500 sup720

Whats the Default?

Depends on platform. On Cat6ks with Native IOS, ports arerouted and shutdown like IOS.

CAT can have a mixture of above ports configured in one box(should we call it interfaces?).

Port Type


134/272


Router

VLAN 1 VLAN 2 VLAN 3 VLAN N

Port 1 Port 2 Port 3 Port 4 Port M

Access

Port

in VLAN1

Trunk

Port

Access

Port

in VLAN2

Routed

Port

Routed

Port

Layer 3/SW Bridging

(in Software/Hardware)

Layer 2/VLANs

(in Hardware)

Physical Ports

SVI SVI SVI

SVIs are optional; you

can route to VLAN N, but

not to VLAN 3 in this

case

Port 5

Access

Port

in VLAN3

Port Types:L2:

- Access

- Trunk

L3:

- Routed

- VLAN

Hybrid model: Router has only logical int. Cosmos handles both logical and physical.

SVI (logical int) created with int vlan command. If underlying !=L2 then SVI down.

Bridge-groups supported but no BVIno needuse CAT.

Configuration Task


135/272


Pause the presentation now and do the following on yourownon a piece of paper:

You are on an IOS-based switch at the following prompts:

Router > Write down the command(s) (using only Catalyst IOS) to:

Configure interface Fastethernet 5/6 as a desirable 802.1q trunk.

The switch contains NO passwords.Move on to the next slide when you think you have the answer

Configuration Task (Catalyst IOS)


136/272


Router> enable you must first type enable

Router# configure terminal


Router (config-if)# switchport th is ensures the port is a Layer-2 switching port

Router(config-if)# switchport trunk encapsulation dot1q you m ust conf igure the trunkingencapsulation BEFORE you con figure the trunking mod e.

Router (config-if)# switchport mode dynamic desirable

Router (config-if)# no shut

Pause this slide to review your answer.

What is a Switched Virtual Interface(SVI)?


137/272


PCs need default gateways (routers) to reach external networks.

Typically, if a router was used, the IP address configured on thatrouters Ethernet interface would serve as the default gateway.

Router# config t


Router(config-if)# ip address 1.1.1.1 255.0.0.0

With Layer-3 switches (Cat6k, 3550, 4500, etc) you place the IP addresson an SVI (Switched Virtual Interface) to have the same effect:

Cat6k# config t

Cat6k(config)# interface vlan 1

Cat6k(config-if)# ip address 1.1.1.1 255.0.0.0

Default gateway address for hosts

SVI

Default gateway address for hosts

in VLAN 1

What is an SVI? (1)


138/272


Vlan-2 Vlan-3

2.2.2.1 /8 3.3.3.1 /8

Fa 0/1

3.3.3.2 /8

Fa 0/0

2.2.2.2 /8

VLAN 2 VLAN 3

PCs need default gateways (routers) to reachexternal networks.

Typically, if a router is used, the IP address

configured on that routers Ethernet interface

servers as the default gateway.

Router# configRouter(config)# interface fastethernet 0/0


Router(config-if)# no shut

Router(config-if)# exit

Router(config)#



Router(config-if)# no shut

What is an SVI? (2)


139/272


2.2.2.1 /8 3.3.3.1 /8

MSFC

With Layer 3 switches (Cat6k, 3550, 4500,

etc) the IP address is placed on an SVI to

have the same effect:

Cat6k# config t

Cat6k(config)# interface vlan 2

Cat6k(config-if)# ip address 2.2.2.2 255.0.0.0Cat6k(config)# interface vlan 3

Cat6k(config-if)# ip address 3.3.3.2 255.0.0.0

Interface Rangea useful Command


140/272


Interface range - up to 5 ranges at once

Cosmos(config)#interface range GigabitEthernet 1/1 2 , FastEthernet4/1 - 24

Cosmos(config-if)# switchport

Cosmos(config-if)# switchport mode access

Cosmos(config-if)# switchport access vlan 25

Cosmos(config-if)# no shut

NOTE: A space is required before and after all hyphens and commas.

Review


141/272


What kind of interface can we have an a sup720running native ?

Switchport :

L2 Trunk

L2 accessNo switchport :

Main interface

Subinterface

SVIPortchannel either L2 trunk, L2 access, L3 main or L3subinterface !!!

Review : is it a valid config ?


142/272


Interface gig 1/1

Switchport

Switchport trunk encaps dot1q

Switchport mode trunk

Int gig 2/1

Switchport

Ip address 1.1.1.1 255.255.255.0

Int gig 3/1

No switchport

Ip address 2.2.2.2 255.255.255.0

Can we route with that config between a frame in vlan 3 incoming ongig 1/1 towards aport 3/1 ?

Can we route with that config between a frame in vlan 3 incoming ongig 1/1 towards aport 2/1 ?

Can we route a packet incoming from 3/1 withsource ip 2.2.2.10 towards a destination in vlan 4 ?


143/272


Interface gig 1/1

Switchport

Switchport trunk encaps dot1q

Switchport trunk allowed vlan 2,3,4

Switchport mode trunk

Int gig 2/1

Switchport

Switchport mode access

Switchport access vlan 3

Int gig 3/1

No switchport

Ip address 2.2.2.2 255.255.255.0

Int vlan 3

Ip address 3.3.3.1 255.255.255.0

Is it a valid config ?


144/272


Int gig 1/1.1

Encapsulation dot1q 3

Ip address 3.3.3.1 255.255.255.0

Int vlan 3

Ip address 1.1.1.1 255.255.255.0

Agenda


145/272


Ethernet / Bridging



VLANS / Trunking


VTP

Etherchannel

VLAN Trunking Protocol (VTP)


146/272


The purpose of VTP is to ease the VLANadministration of a large number of switches.

Its primary function is to carry VLAN information toall switches within VTP domain.

VTP can also be used to make intelligent decisionsabout VLAN pruning.

VTP


147/272


VTP is Cisco proprietary.

It is managed through layer 2 multicast packets.

It only works over established trunks (cant dothrougha router).

VTP packet only goes over vlan 1 on trunk

VTP Domains


148/272


VTP domain is empty by default (no name configured).

A VTP domain must be configured before VLANs can be created on aswitch.

CatOS:set vtp domain {name}*case sensitive, must be exact

Catalyst IOS:

Switch# config t

Switch(config)# vtp domain {name}

*case sensit ive, must b e exact

VTP Modes (Server)


149/272


Server

Default on all switches.

Manual adding/clearing of VLANs allowed.

Generates VTP messages upon each change.

VTP Modes (Client)


150/272


ClientMust be manually configured.

NO manual adding/clearing of VLANs allowed.

Responds to VTP messages sent from servers.

VTP Modes (Transparent)


151/272


TransparentMust be manually configured.

Manual adding/clearing of VLANs allowed.

Will not respond to VTP messages sent from servers.

Will not generate VTP messages of its own.

Transparently passes VTP messages between servers and clients.

VTP Configuring VTP Modes


152/272


Define VTP mode in Catalyst OS

set vtp mode {cl ient |server | t ransparent}

Define VTP mode in Catalyst IOS

Switch# config t

Switch(config)# vtp mode {cl ient |server| t ransparent}

VTP - VLAN Trunking Protocol


153/272


ISL

ISL

VTPServer

VTPClient

VTPTransparent

VTP

Client

HeyI have some

VLANs you should

know about!

VTP information is distributedthroughout the network



154/272


ISL

ISL

VTPServer

VTPClient

VTPTransparent

VTP

Client

HeyI have some

VLANs you should

know about!

Great! Now I can

add those new

VLANs and Ill also

pass them on!



155/272


ISL

ISL

VTPServer

VTPClient

VTPTransparent

VTP

Client

HeyI have some

VLANs you should

know about!

Great! Now I can

add those new

VLANs and Ill also

pass them on!

I could care

less. But Ill

pass them on

anyway.



156/272


ISL

ISL

VTPServer

VTPClient

VTPTransparent

VTP

Client

HeyI have some

VLANs you should

know about!

Great! Now I can

add those new

VLANs and Ill also

pass them on!

I could care

less. But Ill

pass them on

anyway.

Thanks! Now I

can add those

new VLANs!

VTP Configuration Revision Number


157/272


The configuration revision number is a 32 bit number that indicates thelevel of revision for a VTP packet.

Each VTP device tracks the VTP configuration revision number assignedto it, and most of the VTP packets contain the VTP configuration revisionnumber of the sender.

This information is used to determine whether the received information

is more recent than the current version.

Each time you make a VLAN change in a VTP device, the configurationrevision is incremented by one.

If a switch receives a VTP packet with a configuration revision that ishigher than its own, stored, number, the action specified in that packet is

acted upon. If it is lower or equal, the packet is ignored.

VTPThe Big One


158/272


An existing VTP domain isrunning well

Add a new switch

Almost all production VLANsget deleted everywhere!

A Working VTP Domain


159/272


VLAN 2

VLAN 3

VLAN 4

VLAN 1

VTP Rev 4 VTP Rev 4

VTP Rev 4


160/272

VLANs GonePorts Inactive!


161/272


VTP Rev 7

VTP

VLAN 2

VLAN 3

VLAN 4

VLAN 1

VTP Rev 4 VTP Rev 4

VTP Rev 4

VTP Rev 7

VTP Rev 7



162/272


VTP Rev 7

VTP

VLAN 2

VLAN 3

VLAN 4

VLAN 1

VTP Rev 4 VTP Rev 4

VTP Rev 4

VTP Rev 7

VTP Rev 7



163/272


VTP Rev 7

VTP

VLAN 2

VLAN 3

VLAN 4

VLAN 1

VTP Rev 4 VTP Rev 4

VTP Rev 4

VTP Rev 7

VTP Rev 7

VTP Rev 7

VTP


164/272


The revision number is incremented each time a VLAN is addedor deleted via the set vlan and clear vlan commands

Revision must be synched across entire VTP domain

VLANs not known to the server of highest revision will be

deleted

Note that a vtp client can update a vtp server.

Monitoring VTP on CatOS

Use show vtp domain early and often


165/272


Switch> show vtp domain

Domain VTP Local

Domain Name Index Version Mode Password

----------- ------- ----- ------ -----------mydomain 1 2 server -

Vlan-count Max-vlan-storage Config Revision Notifications

---------- ---------------- --------------- -------------

15 1023 5 4

Last Updater V2 Mode Pruning PruneEligible on Vlans-------------- ------- ------- -------------------------

172.20.44.30 enabled disabled 2-1000

Use show vtp domain early and often

Monitoring VTP packet on CatOS


166/272


Sh vtp stat : shows number of each type of VTP packetreceived with of without errors :

torq (enable) sh vtp stat

VTP statistics:

summary advts received 200

subset advts received 52

request advts received 2

summary advts transmitted 0

subset advts transmitted 0

request advts transmitted 0

No of config revision errors 0

No of config digest errors 1

Monitoring VTP on IOS switch


167/272


Usesh vtp stat

sh vtp counters

debug sw-vlan vtp ..

VTP Pruning


168/272


Alternative to manual pruning

Nice way to control unnecessary flooding of packetsand conserve bandwidth.

If there are no ports on the switch in a given VLAN,packets will not get flooded across the trunk to thatswitch.

STP still runs on all pruned VLANs. Manually clearingtrunks will remove STP from the trunk.

VTP Normal Operation Without Pruning(1)


169/272


switch 1

VLAN 10

VLAN 10


170/272

VTP Normal Operation WithoutPruning (3)


171/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

Trunk connected between both switches.



172/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Summary Advertisement sent by

switch 1, I have some VLANs.

Configuration Register = 4



173/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Advertisement Request sent

by switch 2, My configuration

register is lower than yours.

Please send me your list of

VLANs.



174/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Subset Advertisement sent

by switch 1, I have VLANs 1

and 10.




175/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

Broadcast generated by PC 2

2



176/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

Broadcast is forwarded through all ports in VLAN 10

including all VLAN trunks

Inefficient utilization of trunk bandwidththeres nobody

on switch 2 who cares about the broadcast so why send

it to switch 2?

2

VTPOperation with VTP PruningEnabled (1)


177/272


switch 1

VLAN 10

VLAN 10

Switch 2 powered on

VTPOperation with VTP Pruning Enabled(2)


178/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

Switch-2 powered on.

No users connected yet.

VTP Operation with VTP PruningEnabled (3)


180/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Summary Advertisement sent

by switch 1, I have some VLANs


VTP Operation with VTP Pruning Enabled (5)


181/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Advertisement Request sent

by switch 2, My configuration

register is lower than yours.

Please send me your list of

VLANs



182/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Subset Advertisement sent

by switch 1, I have VLANs 1

and 10




183/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

HmmmI dont have any

access ports in VLAN 10



184/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Join sent by switch 2

Join contains a list of all known VLANs

Each VLAN in a VTP Join message

contains a 1-bit flood descriptor

If bit for VLAN = 1 then it means

flooding is allowed across the trunk.

If bit for VLAN = 0 then it means

flooding for this VLAN is not

allowed across the trunk.

Please dont flood any traffic to me on

VLAN 10



185/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

Broadcast generated by PC 2

2



186/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

Broadcast is forwarded all ports in VLAN 10but pruned from trunk to

switch 2.

2

X



187/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VLAN 10

VLAN 10

HeyI have some access

ports in VLAN 10 now !



188/272


switch 1

swit

ch 2

VLAN 10

VLAN 10

VTP Join sent by switch 2

Bits for VLAN 1 and VLAN 10 both

set to 1 If you need to floodtraffic to me on either VLAN 1 or

VLAN 10, thats okay.

VTP Pruning - Configuration


189/272


set vtp pruning enableBy default, all VLANs are prune eligible. You can

override this by using the clear vtp pruneeligible{vlan num} command.

Quiz!!

f


190/272


Name some of the reasons a company may choose to

implement VLANs on their switches.

Quiz!!


191/272


Name some of the reasons a company may choose toimplement VLANs on their switches.

To isolate broadcasts into segmented broadcast domains.

To implement a basic form of security.

To be able to implement common QoS policies based on

distinct groupings of people or departments.

Quiz!!


192/272


What kind of networking device is required for inter-VLAN communications?

Quiz!!


193/272


What kind of networking device is required for inter-VLAN communications?

A router

Quiz!!

Wh t i th f VLAN t k?


194/272


What is the purpose of a VLAN trunk?

Quiz!!


195/272


What is the purpose of a VLAN trunk?To extend VLANs across two or more switches and conserveon the quantity of ports needed to do so.

Quiz!!


196/272


How many Ethernet trunking protocols can youcurrently configure on a Catalyst switchand whichone (if any) is an IEEE standard?

Quiz!!


197/272


How many Ethernet trunking protocols can youcurrently configure on a Catalyst switchand whichone (if any) is an IEEE standard?

TwoISL and 802.1Q (802.1Q is an IEEE standard)

Quiz!!


198/272


Can you configure an ISL trunk between a CiscoCatalyst switch and a non-Cisco switch?

Quiz!!

C fi ISL k b Ci


199/272


Can you configure an ISL trunk between a CiscoCatalyst switch and a non-Cisco switch?

NoISL is Cisco-proprietary.

Quiz!!


200/272


Explain the concept of a Native VLAN as it applies toVLAN trunks.

Quiz!!

Explain the concept of a Native VLAN as it applies to


201/272


p p pp

VLAN trunks.A Native VLAN:

Is the default VLAN for that port. In other words, the VLANthat port would revert back to if trunking failed.

Is non tag in default implementation of dot1q trunking bycisco.. However latest soft allows on each switch to configurethe tagging of native vlan.

If switches do not pay attention to Layer 3 (IP

Quiz!!


202/272


If switches do not pay attention to Layer 3 (IP

addresses) and you cant place an IP address on aswitchport how can you telnet to a switch runningCaTos?

See next slide for the answer

The SC0 Interface


203/272


You cannot place an IP address on a switchport / physical interface.

You need to place an IP address SOMEWHERE on the switch so you cantelnet to it (and ping it).

The SC0 interface is:

A logical interfacedoesnt have a physical port assigned.In VLAN 1 by defaultbut can be moved to any VLAN.

So, you can assign an IP address and subnet mask to it.

If youre familiar with routers, think of the SC0 interface as equivalent to aLoopback Interface on a router.

The SC0 InterfaceCatOS Configuration

Assigning an IP Address:Console> (enable) set interface sc0 10 1 1 1 255 255 0 0


204/272


Console> (enable) set interface sc0 10.1.1.1 255.255.0.0

Interface sc0 IP address and netmask set.Console> (enable)

Changing the VLAN:Console> (enable) set interface sc0 5

Interface sc0 vlan set.

Console> (enable) Places the SC0 into VLAN 5

Console> (enable) show port

Port Name Status Vlan Level Duplex Speed Type

----- ------------------ ---------- ---------- ------ ------ ----- ------------

2/1 notconnect 1 normal full 1000 1000BaseSX

2/2 notconnect 1 normal full 1000 1000BaseSX

2/3 connected 1 normal a-full a-100 10/100BaseTX



A C

B

10.0.0.1 /8 10.1.0.2 /16

10.1.0.1 /16

2/3

2/4

2/5

Question Which PC will be able to ping the switch given the above configuration?

An Important Note


205/272


Only switches running CatOS have an SC0interface.

SC0 does NOT exist in switches running IOS. Thereis no need for it.

Agenda


206/272


Ethernet / Bridging




VTP

Etherchannel

Why Etherchannel?


207/272


Non-ChannelCat 6500-A Cat 6500-B

5/6

5/7

5/6

5/7X

Under normal configuration, Spanning Tree wouldblock one connection.

Blocked Link = Wasted Bandwidth;

Solution

Etherchannel


208/272


The purpose of channeling is to aggregate ports foradditional bandwidth utilization.

Etherchannel functions as an access port or trunk port.

Etherchannel is treated as a single port by spanning tree(therefore, all ports in the channel should be in same STPstate)


209/272


210/272

Etherchannel - Configuration

FEC/GEC bundling modes (Cat OS)


211/272


ON: Can form a channel only with a partner also in ON mode. PAgPpackets are not sent.

AUTO: Can form a channel only with a partner in DESIRABLE mode.

AUTO does not initiate negotiation.DESIRABLE: (recommended) Can form a channel with a partner in

either AUTO or DESIRABLE modes.

OFF: Can not form a channel with any port.

FEC/GEC bundling modes (Cat OS)

Etherchannel - Configuration


212/272


EtherChannel has to be created manually becauseCatalyst 2900XL/3500XL switches do not support PortAggregation Protocol.

If the Etherchannel is connected to a CAT OS switch,the Cat OS switch must be in the ON mode.

IOS configuration note: 2900/3500XL

Etherchannel Configuration (CAT OS)


213/272


Syntax:Console> (enable) set port channel ?

Usage: set port channel [on|off|desirable|auto]

(example of port_list: 2/1-4 or 2/1-2 or 2/5,2/6)

Console> (enable)

URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/channel.htm

Etherchannel Configuration (IOS) Configure and assign the physical ports to a port channel-group

Router (config)# interface range FastEthernet 5/6 9
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/channel.htmhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/channel.htmhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/channel.htmhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/channel.htm


214/272


no ip addressswitchportswitchport access vlan 10switchport mode accessno shutchannel-group 2 mode desirable

Layer 2 Port-Channel will dynamically be created:Router# Show runInterface Port-Channel 2

no ip addressswitchportswitchport access vlan 10switchport mode access

**Note: When configuring the individual

ports/interfaces, ensure that all

configuration matches between all ports

BEFORE configuring the channel-group

command. Also ensure that all ports are up

and functional.

**Note: Once the port-channel interface is

createdall subsequent modifications tothe Etherchannel should be configured

within this interface, NOT the physical

interfaces.

Etherchannel Show Commands


215/272


show port channel (Cat OS)

show channel traffic (Cat OS)

show agport (CAT OS)

show channel hash ( Cat OS 6500 only)

show etherchannel (RP of Native)

Etherchannel show port channel

To display port channel status and neighbor information


216/272


Switch-A> (enable) show port channelPort Status Channel Channel Neighbor Neighbor

mode status device port

----- ---------- -------

Date post:	14-Apr-2018
Category:	Documents
Upload:	vipin-arora
View:	225 times
Download:	0 times

Cisco Switching Basics.

Documents