ccnp switch final v6

128
9000235254 P. NAGABABU [email protected] 9553.9553.07 This material is valid till 31 st November 2011. New material is available on 1 st December 2011 1 | Page CCNP CISCO CERTIFIED NETWORK PROFESSIONAL- SWITCH 9000235254 P. NAGABABU [email protected] 9553.9553.07 CCNP-Cisco Certified Network Professional Prepared by Nagababu Polisetti C ISCO C ERTIFIED N ETWORK P ROFESSIONAL CCNP SWITCH

Upload: ganondorf-ridley

Post on 22-Oct-2015

355 views

Category:

Documents


63 download

DESCRIPTION

swith final v6 exam switch

TRANSCRIPT

  • 9000235254 P. NAGABABU [email protected] 9553.9553.07

    This material is valid till 31st November 2011. New material is available on 1

    st December 2011 1 | P a g e

    CCNP CISCO CERTIFIED NETWORK PROFESSIONAL- SWITCH

    9000235254

    P. NAGABABU

    [email protected]

    9553.9553.07

    CCNP-Cisco Certified Network Professional

    Prepared by Nagababu Polisetti

    C I S C O C E R T I F I E D N E T W O R K P R O F E S S I O N A L C C N P S W I T C H

  • 9000235254 P. NAGABABU [email protected] 9553.9553.07

    This material is valid till 31st November 2011. New material is available on 1

    st December 2011 2 | P a g e

    INDEX

    Lesson Topic Page No

    1 Switch Operation 3

    2 Ethernet Port Configuration 9

    3 VLANs and Trunks 14

    4 VTP 21

    5 Link Aggregation 26

    6 Switch Functioning 31

    7 Traditional STP 34

    8 STP configuration 42

    9 Protect STP 48

    10 Advanced STP 53

    11 MLS 61

    12 Campus Network Design 68

    13 L3 Availability- Load balancing 74

    14 Supervisor Power Redundancy 89

    15 IP Telephony 98

    16 Secure Switch Access 105

    17 Secure VLANs 113

    18 WLANs 118

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nov

    LESSON 1 : SWITCH OPERATION

    It gets the data from one port

    It reads source MAC and destination MAC from L2 Header

    Looks into CAM table finds the outgoing port information

    Then unicasts the data to outgoing port

    If there is no outgoing port information then do unknown unicast flooding

    It enters source MAC, incoming port information in MAT

    If CAM table already has that entry refreshe

    Switch can work at full duplex or half duplex

    Switch has dedicated circuits between ports (Micro segmentation)

    (Every port has dedicated bandwidth)

    Switch has specialized hardware called ASICS, provides faster switching

    L2Switch can read L2 header. It cant read

    L2 Header contains source MAC, destination MAC information

    L3 Header contains source IP, destination IP information

    L4 Header contains source Port, destination Port information

    P. NAGABABU [email protected]

    November 2011. New material is available on 1st

    Decem

    LESSON 1 : SWITCH OPERATION

    L2 Switch Operation

    It reads source MAC and destination MAC from L2 Header

    table finds the outgoing port information

    Then unicasts the data to outgoing port

    If there is no outgoing port information then do unknown unicast flooding

    It enters source MAC, incoming port information in MAT

    If CAM table already has that entry refreshes it

    Switch can work at full duplex or half duplex

    Switch has dedicated circuits between ports (Micro segmentation)

    (Every port has dedicated bandwidth)

    Switch has specialized hardware called ASICS, provides faster switching

    t cant read L3 header, L4 Header

    L2 Header contains source MAC, destination MAC information

    L3 Header contains source IP, destination IP information

    L4 Header contains source Port, destination Port information

    9553.9553.07

    ecember 2011 3 | P a g e

    LESSON 1 : SWITCH OPERATION

  • 9000235254 P. NAGABABU [email protected] 9553.9553.07

    This material is valid till 31st November 2011. New material is available on 1

    st December 2011 4 | P a g e

    When a frame arrives at switch port, it is placed into one of the ports ingress queues

    Queues have different priority levels to process important frames first

    Switch hardware decides where to and how to forward the frame by making three fundamental decisions

    All decisions are made simultaneously by independent portions of switching hardware, provides faster

    switching

    L2 forwarding table

    The frames destination MAC address is used as index

    If the address is found, the egress switch port and appropriate vlan-id are read from the table

    If there is no destination MAC, unicast flooding happens at egress ports

    Security ACL

    TCAM contains ACL in compiled form in a single table lookup

    It takes decision to permit or deny the frame

    Qos ACL

    TCAM contains Qos ACL in compiled form in a single table lookup

    It takes the decisions to prioritize the traffic and to mark Qos parameters in outbound frames

    MultiLayer Switch Operation

    L2 switches forward frames based on L2 header

    MLS forwards the frames based on L2, L3, L4 headers

    So named as Multi Layer switch or MLS

    Two types of MLS (Multi layer switch)

    o Route Caching

    o Topology based

    MLS- Route Caching

    The first generation of MLS requires Route processor (RP) and Switch Engine (SE)

    RP process a traffic flows first packet to determine the destination

    SE listens to the first packet to the resulting destination and sets up a shortcut entry in its MLS cache

    SE forwards subsequent packets in the same traffic flow based on cache entries

    Net flow LAN switching, flow-based, demand-based switching

    Also called as route once, switch many

    MLS- Topology Based

    The second generation of MLS utilizes a specialized hardware

    FIB forward information base (area of hardware)

    L3 routing information builds and populates into FIB database

    This database has efficient table lookups

    so packets can be forwarded at high speed

    If a network topology changes, the new routing information is updated in FIB database dynamically without

    performance effect

    Topology based MLS is also known as CEF (Cisco Express forwarding)

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nov

    When a frame arrives at switch port, it is placed into one of the ports ingress queues

    Each packet is pulled off an ingress queue and inspected for both L2 and L3 destination addresses

    Decision of where to forward the packet is based on two address tables

    Decision of how to forward the packet is based on ACL and QoS

    All these actions are performed simultaneously in hardware

    L2 forwarding table

    The destination MAC is used as an index to the CAM table

    If the frame contains packet to be forwarded, destinatio

    In this case CAM table results are used

    L3 forwarding table

    The destination IP is used as an index in FIB table

    The longest match is found and next

    FIB also has each next-hop L2 address and egress switch po

    So single table lookups are enough

    Security ACLs

    ACLs are compiled into TCAM entries to filter packets in a single table lookup

    Qos ACLs

    Packet classification, policing and marking all can be performed as single table lookups in Qos TCAM

    L3 rewrite

    The packet is put into L3 rewrite

    The TTL (time to live) decremented by 1 and L3 checksums are recalculated

    L2 header source MAC, destination MAC are rewritten

    New Source MAC is MLS interface L2 address

    New Destination MAC is next hop L2 address

    L2 checksums are recalculated

    CEF can directly forward most IP packets between hosts

    are known.

    P. NAGABABU [email protected]

    November 2011. New material is available on 1st

    Decem

    arrives at switch port, it is placed into one of the ports ingress queues

    Each packet is pulled off an ingress queue and inspected for both L2 and L3 destination addresses

    Decision of where to forward the packet is based on two address tables FIB and CAM

    Decision of how to forward the packet is based on ACL and QoS

    All these actions are performed simultaneously in hardware

    The destination MAC is used as an index to the CAM table

    If the frame contains packet to be forwarded, destination MAC is L3 ports MAC

    In this case CAM table results are used

    The destination IP is used as an index in FIB table

    The longest match is found and next-hop L3 address is obtained

    hop L2 address and egress switch port, vlan-id

    So single table lookups are enough

    ACLs are compiled into TCAM entries to filter packets in a single table lookup

    Packet classification, policing and marking all can be performed as single table lookups in Qos TCAM

    The packet is put into L3 rewrite

    The TTL (time to live) decremented by 1 and L3 checksums are recalculated

    L2 header source MAC, destination MAC are rewritten

    New Source MAC is MLS interface L2 address

    New Destination MAC is next hop L2 address

    CEF can directly forward most IP packets between hosts. This occurs when both source-destination L2, L3 addresses

    9553.9553.07

    ecember 2011 5 | P a g e

    arrives at switch port, it is placed into one of the ports ingress queues

    Each packet is pulled off an ingress queue and inspected for both L2 and L3 destination addresses

    FIB and CAM

    Packet classification, policing and marking all can be performed as single table lookups in Qos TCAM

    destination L2, L3 addresses

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nov

    CEF can not directly forward some IP packets

    needed. These packets are flagged for further processing

    The packets require further process are

    ARP requests and replies

    IP packets require router response (TTL expired, MTU exceeded, fragmentation)

    IP broadcasts relayed as unicast (DHCP reque

    Routing protocol updates

    Cisco Discovery protocol updates

    IPX routing protocol and service updates

    Packets needs encryption

    Packets triggering NAT

    Non-IP and Non

    Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding

    Its not possible to maintain every possible host MAC address in large networks

    CAM table entry expires after 300 seconds by default if no frames are seen

    To make static entry in CAM table

    Switch purges CAM table entry if the port is down or if the same MAC is learned on a different switchport

    If the switch notices that a MAC is being learned on alternating switch ports, it generates an error message

    flapping between interfaces

    TCAM ternary CAM

    TCAMs have compiled information

    TCAM evaluates a packet against an entire ACL in a

    Switches can have multiple TCAMs to process the packet against

    security ACLs and Qos ACL in parallel with L2

    IOS has two components that are part of the TCAM

    1. Feature Manager (FM)

    o if the ACL is created FM

    2. Switching Database Manager (SDM)

    o SDM software configures or tunes the TCAM partitions to perform different functions, if needed

    o TCAMs are fixed in 4500, 6500 platforms, cant be repartitioned

    Three (Ternary) input values are used in TCAM

    0 1 are binary values used to define a key

    P. NAGABABU [email protected]

    November 2011. New material is available on 1st

    Decem

    CEF can not directly forward some IP packets, if they are special packet types or if there is any spec

    These packets are flagged for further processing

    The packets require further process are

    ARP requests and replies

    IP packets require router response (TTL expired, MTU exceeded, fragmentation)

    IP broadcasts relayed as unicast (DHCP requests, IP helper-address functions)

    Routing protocol updates

    Cisco Discovery protocol updates

    IPX routing protocol and service updates

    Packets needs encryption

    Packets triggering NAT

    IP and Non-IPX protocol packets (appletalk, decnet etc)

    CAM TABLES Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding

    Its not possible to maintain every possible host MAC address in large networks

    CAM table entry expires after 300 seconds by default if no frames are seen on that port

    To change CAM entry aging time

    To make static entry in CAM table, Before IOS version 12.1(11)EA1, mac-address-table command works

    Switch purges CAM table entry if the port is down or if the same MAC is learned on a different switchport

    If the switch notices that a MAC is being learned on alternating switch ports, it generates an error message

    TCAM TABLES

    TCAMs have compiled information

    TCAM evaluates a packet against an entire ACL in a single table lookup

    Switches can have multiple TCAMs to process the packet against

    security ACLs and Qos ACL in parallel with L2-L3 forwarding decisions

    IOS has two components that are part of the TCAM

    if the ACL is created FM software compiles and merges the ACL entries (ACE) in the TCAM

    Switching Database Manager (SDM)

    SDM software configures or tunes the TCAM partitions to perform different functions, if needed

    TCAMs are fixed in 4500, 6500 platforms, cant be repartitioned

    Three (Ternary) input values are used in TCAM. They are 0 1 X

    0 1 are binary values used to define a key

    9553.9553.07

    ecember 2011 6 | P a g e

    if they are special packet types or if there is any special process

    IP packets require router response (TTL expired, MTU exceeded, fragmentation)

    address functions)

    Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding

    on that port

    table command works

    Switch purges CAM table entry if the port is down or if the same MAC is learned on a different switchport

    If the switch notices that a MAC is being learned on alternating switch ports, it generates an error message

    software compiles and merges the ACL entries (ACE) in the TCAM

    SDM software configures or tunes the TCAM partitions to perform different functions, if needed

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nov

    X (dont care) is a mask value to define which bits of the key are relevant

    TCAM entries are composed of Value, Mask, Result (VMR) combinations

    Fields from frame or packet are fed into the TCAM

    They are matched against value and mask pairs to yield a result

    Values

    Values are 134 bit quantities, consisting of source and destination addresses and other relevant protocol

    information all patterns to be matched

    Values in the TCAM come directly from any address, port, or other protocol information given in an ACE

    Masks

    Masks are 134 bit quantities, in exactly the same format, or bit order, as the values

    Masks define which value bits should be considered and which should be neglected

    The masks from ACE are compiled and fed into TCAMs

    Results

    Results are numeric values, that represent what action should be taken after TCAM lookup

    TCAM offers a number of possible results or actions

    The result can be permit or deny decision or an index to a QoS policer or a pointer to a next

    table, and so on

    The TCAM always is organized by masks, where each unique mask has 8 value patterns associated with it

    If a mask is filled up with 8 value patterns, the next pattern is placed as new mask

    6500 platforms have multiple TCAMs (security ACLs and QoS ACL) can hold upto 4096 masks and 32768

    value patterns

    Each of the mask value pairs is evaluated simultaneously, re

    table lookup

    P. NAGABABU [email protected]

    November 2011. New material is available on 1st

    Decem

    X (dont care) is a mask value to define which bits of the key are relevant

    TCAM entries are composed of Value, Mask, Result (VMR) combinations

    Fields from frame or packet are fed into the TCAM

    They are matched against value and mask pairs to yield a result

    Values are 134 bit quantities, consisting of source and destination addresses and other relevant protocol

    Values in the TCAM come directly from any address, port, or other protocol information given in an ACE

    Masks are 134 bit quantities, in exactly the same format, or bit order, as the values

    Masks define which value bits should be considered and which should be neglected

    The masks from ACE are compiled and fed into TCAMs

    Results are numeric values, that represent what action should be taken after TCAM lookup

    ssible results or actions

    The result can be permit or deny decision or an index to a QoS policer or a pointer to a next

    The TCAM always is organized by masks, where each unique mask has 8 value patterns associated with it

    a mask is filled up with 8 value patterns, the next pattern is placed as new mask

    6500 platforms have multiple TCAMs (security ACLs and QoS ACL) can hold upto 4096 masks and 32768

    Each of the mask value pairs is evaluated simultaneously, revealing the best or longest match in a single

    9553.9553.07

    ecember 2011 7 | P a g e

    Values are 134 bit quantities, consisting of source and destination addresses and other relevant protocol

    Values in the TCAM come directly from any address, port, or other protocol information given in an ACE

    Masks are 134 bit quantities, in exactly the same format, or bit order, as the values

    Masks define which value bits should be considered and which should be neglected

    Results are numeric values, that represent what action should be taken after TCAM lookup

    The result can be permit or deny decision or an index to a QoS policer or a pointer to a next-hop routing

    The TCAM always is organized by masks, where each unique mask has 8 value patterns associated with it

    6500 platforms have multiple TCAMs (security ACLs and QoS ACL) can hold upto 4096 masks and 32768

    vealing the best or longest match in a single

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nov

    The access-list is compiled and merged into TCAM

    First all possible unique masks are identified for each ACE and fed into TCAM MASKS starting from mask1,

    mask2, mask3 and so on

    These mask bits must be set for matching

    For each unique mask, all possible value pattern are identified and fed into

    Actions are fed into RESULTS (permit or deny)

    IOS Feature Manager checks all ACEs for L4 operations and places them in LOU

    register pairs

    After the LOUs are loaded, they are referenced in the TCAM entries that need them

    When a frame/packet arrives at ingress port,

    and appropriate action will be taken

    P. NAGABABU [email protected]

    November 2011. New material is available on 1st

    Decem

    list is compiled and merged into TCAM

    First all possible unique masks are identified for each ACE and fed into TCAM MASKS starting from mask1,

    ts must be set for matching

    For each unique mask, all possible value pattern are identified and fed into TCAM VALUE PATTERN

    (permit or deny)

    IOS Feature Manager checks all ACEs for L4 operations and places them in LOU

    After the LOUs are loaded, they are referenced in the TCAM entries that need them

    When a frame/packet arrives at ingress port, the header is checked against the TCAM entries very quickly

    and appropriate action will be taken

    9553.9553.07

    ecember 2011 8 | P a g e

    First all possible unique masks are identified for each ACE and fed into TCAM MASKS starting from mask1,

    TCAM VALUE PATTERN

    IOS Feature Manager checks all ACEs for L4 operations and places them in LOU (logical operation unit)

    After the LOUs are loaded, they are referenced in the TCAM entries that need them

    TCAM entries very quickly

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nov

    LESSON 2 : ETHERNET PORT CONFIGURATION

    LAN media technologies

    Ethernet

    FDDI Fiber distribution data interface

    CDDI Copper distribution data interface

    ATM Asynchronous transfer mode

    Token ring

    Ethernet is the most popular choice because of its low cost, market availability, and scalability to higher bandwidths

    Ethernet 10Mbps

    LAN technology based on IEEE 802.3 standard

    Offers speed at 10Mbps

    Ethernet is a shared medium that becomes both a collision and a

    Ethernet is based on CSMA/CD technology

    Half duplex communication with hubs

    Half/full duplex communication with switches

    10BASE-T ethernet cabling (UTP) is restricted to an end

    10BASE2, 10BASE5, 10BASE-F etc are other ethernet applications use different cabling

    Fast Ethernet 100Mbps

    LAN technology based on IEEE 802.3u standard

    Offers speed at 100Mbps

    Full duplex/ half duplex communication

    200Mbps total throughput at full duplex

    100 Mbps fast ethernet also supports 10Mbps to be compatible with legacy ethernet

    With auto negotiation feature the ports can be set to maximum available bandwidth as a common

    understanding

    P. NAGABABU [email protected]

    November 2011. New material is available on 1st

    Decem

    LESSON 2 : ETHERNET PORT CONFIGURATION

    Fiber distribution data interface

    Copper distribution data interface

    Asynchronous transfer mode

    e most popular choice because of its low cost, market availability, and scalability to higher bandwidths

    LAN technology based on IEEE 802.3 standard

    Ethernet is a shared medium that becomes both a collision and a broadcast domain

    Ethernet is based on CSMA/CD technology

    Half duplex communication with hubs

    Half/full duplex communication with switches

    T ethernet cabling (UTP) is restricted to an end-to-end distance of 100mts (328 feet)

    F etc are other ethernet applications use different cabling

    LAN technology based on IEEE 802.3u standard

    Full duplex/ half duplex communication

    200Mbps total throughput at full duplex

    ethernet also supports 10Mbps to be compatible with legacy ethernet

    With auto negotiation feature the ports can be set to maximum available bandwidth as a common

    9553.9553.07

    ecember 2011 9 | P a g e

    LESSON 2 : ETHERNET PORT CONFIGURATION

    e most popular choice because of its low cost, market availability, and scalability to higher bandwidths

    broadcast domain

    end distance of 100mts (328 feet)

    F etc are other ethernet applications use different cabling

    ethernet also supports 10Mbps to be compatible with legacy ethernet

    With auto negotiation feature the ports can be set to maximum available bandwidth as a common

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Gigabit Ethernet 1000 Mbps / 1Gbps

    LAN technology based on IEEE 802.3z

    Offers speed at 1000Mbps (1Gbps)

    Supports only full duplex communication

    Gigabit ethernet supports several cabling types referred to as 1000BASE

    Gigabit over copper (1000BASE

    Gigabit ethernet supports backward

    These ports are called as 10/100/1000 ports which denotes triple speed

    In Cisco switches gigabit ethernet (1000Mbps) is supported only at full duplex

    Duplex auto negotiation is not possible

    But speed auto negotiation is possible

    10 Gigabit Ethernet 10Gbps

    LAN technology based on IEEE 802.3ae

    10Gigabit ethernet is also known as 10GbE

    Offers speed at 10Gbps

    It operates only at full duplex

    This standard defines several different transceivers that can be

    interfaces

    These are classified as

    o LAN PHY

    Interconnects switches in a campus network (at core layer)

    o WAN PHY

    SONET (synchronous optical network), SDH (synchronous Digital hierarchy) networks in

    Metropolitan area ne

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    / 1Gbps

    LAN technology based on IEEE 802.3z

    ers speed at 1000Mbps (1Gbps)

    Supports only full duplex communication

    Gigabit ethernet supports several cabling types referred to as 1000BASE-X

    Gigabit over copper (1000BASE-T) is based on IEEE 802.3ab standard

    Gigabit ethernet supports backward compatibility for fast ethernet and legacy ethernet

    These ports are called as 10/100/1000 ports which denotes triple speed

    In Cisco switches gigabit ethernet (1000Mbps) is supported only at full duplex

    Duplex auto negotiation is not possible

    to negotiation is possible

    LAN technology based on IEEE 802.3ae

    10Gigabit ethernet is also known as 10GbE

    This standard defines several different transceivers that can be used as PMD (physical media dependent)

    Interconnects switches in a campus network (at core layer)

    SONET (synchronous optical network), SDH (synchronous Digital hierarchy) networks in

    Metropolitan area networks

    9553.9553.07

    cember 2011 10 | P a g e

    compatibility for fast ethernet and legacy ethernet

    used as PMD (physical media dependent)

    SONET (synchronous optical network), SDH (synchronous Digital hierarchy) networks in

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    10BASE-LX4 is only a LAN PHY

    Ethernet Port cables- connectors

    Catalyst switches support a variety of network connections, including all forms of ethernet

    They support several types of cabling, including UTP and optical fiber

    Fast ethernet (100BASE-FX) ports use two

    All catalyst switch families support 10/100 autosensing for fast ethernet and 10/100/1000 autosensing for

    Gigabit ethernet

    These ports use RJ-45 connectors on Category 5 UTP cabling (4 pairs)

    Gigabit Ethernet Port cables- connectors

    Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept gigabit

    interface converter (GBIC) or small form factor pluggable (SFP) modules

    The GBIC and SFP modules provide the media personality for the port so that various cable media can

    connect

    GBIC modules can use SC fiber optic and RJ

    SFP modules can use LC and MT

    GBIC and SFP modules are available for the Gigabit

    1000BASE-SX

    SC fiber connectors and MMF for distances up to 550m

    1000BASE-LX/LH

    SC fiber connectors and either MMF or SMF for distances up to 10km

    1000BASE-ZX

    SC fiber connectors and SMF for distances up to 70km to 100km

    GIGASTACK

    Provides a GBIC to GBIC connection between stacking Catalyst switches or between any two

    gigabit switch ports over a short distance

    1000BASE-T

    Supports an RJ-45 connector f

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    LX4 is only a LAN PHY. The remaining PMDs can be used as LAN PHY or a WAN PHY

    Catalyst switches support a variety of network connections, including all forms of ethernet

    cabling, including UTP and optical fiber

    FX) ports use two-strand MMF with MT-RJ or SC connectors to provide connectivity

    All catalyst switch families support 10/100 autosensing for fast ethernet and 10/100/1000 autosensing for

    45 connectors on Category 5 UTP cabling (4 pairs)

    connectors

    Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept gigabit

    GBIC) or small form factor pluggable (SFP) modules

    The GBIC and SFP modules provide the media personality for the port so that various cable media can

    GBIC modules can use SC fiber optic and RJ-45 UTP connectors

    SFP modules can use LC and MT-RJ fiber-optic and RJ-45 UTP connectors

    GBIC and SFP modules are available for the Gigabit Ethernet media

    SC fiber connectors and MMF for distances up to 550m

    SC fiber connectors and either MMF or SMF for distances up to 10km

    SC fiber connectors and SMF for distances up to 70km to 100km

    Provides a GBIC to GBIC connection between stacking Catalyst switches or between any two

    gigabit switch ports over a short distance

    45 connector for four-pair UTP cabling for distances up to 100m

    9553.9553.07

    cember 2011 11 | P a g e

    The remaining PMDs can be used as LAN PHY or a WAN PHY

    Catalyst switches support a variety of network connections, including all forms of ethernet

    SC connectors to provide connectivity

    All catalyst switch families support 10/100 autosensing for fast ethernet and 10/100/1000 autosensing for

    Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept gigabit

    The GBIC and SFP modules provide the media personality for the port so that various cable media can

    SC fiber connectors and either MMF or SMF for distances up to 10km

    Provides a GBIC to GBIC connection between stacking Catalyst switches or between any two

    pair UTP cabling for distances up to 100m

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    The fiber base modules always have receive fiber on left connector and transmit fiber on right connector

    while facing the connector

    These modules produce invisible laser radiation from the transmit

    direct look at connectors

    SwitchPort Error conditions

    Catalyst switch detects an error condition on every switchport for every possible cause

    If an error condition is detected, the switchport is put into errdisable state and is disabled

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    The fiber base modules always have receive fiber on left connector and transmit fiber on right connector

    These modules produce invisible laser radiation from the transmit connector. Its very dangerous to have a

    Catalyst switch detects an error condition on every switchport for every possible cause

    If an error condition is detected, the switchport is put into errdisable state and is disabled

    9553.9553.07

    cember 2011 12 | P a g e

    The fiber base modules always have receive fiber on left connector and transmit fiber on right connector

    Its very dangerous to have a

    Catalyst switch detects an error condition on every switchport for every possible cause

    If an error condition is detected, the switchport is put into errdisable state and is disabled

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    9553.9553.07

    cember 2011 13 | P a g e

  • 9000235254 P. NAGABABU [email protected] 9553.9553.07

    This material is valid till 31st November 2011. New material is available on 1

    st December 2011 14 | P a g e

    LESSON 3 : VLANs AND TRUNKs

    Flat Network

    A full Layer 2 only switched network is called as flat network topology

    A flat network is a single broadcast domain

    Every device can see every broadcast packet

    To overcome problems with flat network topology, network is subdivided into logical areas, called vlans

    Vlan is a single broadcast domain

    Vlan consists of hosts defined as members, communicating as logical network segment

    Devices in a vlan can see broadcast packets sent by same vlan members

    Inter vlan communication is not possible in L2 networks

    VLAN- Virtual LAN

    VLANs are identified with numbers called VLAN id

    Vlan id range is 1-1005

    Vlan 1 is default vlan

    By default all the ports assigned to vlan 1

    Vlans 1002-1005 are reserved for legacy functions related to token ring, FDDI

    Catalyst switches also support extended range of vlans range from 1 - 4094 for compatibility with IEEE

    802.1q standard

    The extended range is enabled only when the switch is configured for VTP transparent

    VTP versions 1 and 2 do not replicate extended vlans

    VTP version 3 can replicate extended vlans

    Switches maintain VLAN definitions and VTP configuration information in a separate file called vlan.dat in

    flash memory

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Vlan Membership

    The ports can gain membership into a vlan in two ways

    Static vlan configuration

    o Manual configuration of ports into vlans

    o Port based vlan membership

    o End user devices become vlan

    o Each port receives Port vlan

    o End user device is not aware of vlan membership

    o Static vlan membership is handled in hardware with ASIC

    Dynamic vlan configuration

    o Dynamic configuration of ports into vlans

    o End user mac based vlan membership

    o VMPS vlan membership policy server needed to handle mac database

    o When a system connected to switchport, it queries vmps about vlan membership

    o Finally end device gets the vlan membership

    o VMPS can be configured with cisco works application

    Deploying VLANs

    Cisco recommends one to one correspondence between vlans and IP subnets

    As per Cisco, the no of devices in a broadcast domains should be less than 254 (/24)

    Limiting the devices in a broadcast domain increases network performance

    Vlans should not be allowed to extend beyond the L2 domain of the distribution switch

    Means vlans should not reach networks core layer

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    The ports can gain membership into a vlan in two ways

    Manual configuration of ports into vlans

    Port based vlan membership

    End user devices become vlan members based on physical switchport

    Each port receives Port vlan-id (PVID) that associated with vlan number

    End user device is not aware of vlan membership

    Static vlan membership is handled in hardware with ASIC

    configuration of ports into vlans

    End user mac based vlan membership

    vlan membership policy server needed to handle mac database

    When a system connected to switchport, it queries vmps about vlan membership

    Finally end device gets the vlan membership

    VMPS can be configured with cisco works application

    Cisco recommends one to one correspondence between vlans and IP subnets

    As per Cisco, the no of devices in a broadcast domains should be less than 254 (/24)

    broadcast domain increases network performance

    Vlans should not be allowed to extend beyond the L2 domain of the distribution switch

    Means vlans should not reach networks core layer

    9553.9553.07

    cember 2011 15 | P a g e

    When a system connected to switchport, it queries vmps about vlan membership

    As per Cisco, the no of devices in a broadcast domains should be less than 254 (/24)

    Vlans should not be allowed to extend beyond the L2 domain of the distribution switch

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    VLANs can be scaled in the switch block by using two basic methods

    End to End vlans

    o Called as Campus wide Vlans, spans entire switch fabric of a network

    o Supports maximum flexibility and end user moment

    o This vlan is available at the access layer in every switch block in the campus

    o Follows 80/20 rule (80% local, 20% remote

    o Not recommended in ECNM, because broadcast traffic is carried over till far ends

    o Difficult to maintain

    Local vlans

    o Local Vlans, do not span entire switch fabric of a network

    o Vlans are local to a specific switch block

    o Follows 20/80 rule (20% local,

    o Recommended in ECNM

    o Provides maximum manageability

    Trunk Links

    Vlan connectivity is possible by connecting access

    Its not possible to connect access

    Multiple access-links can be replaced with single trunk link

    A trunk link can transport more than one VLAN through a single switchport

    So Switchports are categorized into access ports and trunk ports

    Access ports can be associated with a single vlan

    Trunk ports can be associated with one, many or all active vlans

    Cisco supports trunking on both fast ethernet, gigabit ethernet and aggregated links

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    VLANs can be scaled in the switch block by using two basic methods

    Called as Campus wide Vlans, spans entire switch fabric of a network

    Supports maximum flexibility and end user moment

    This vlan is available at the access layer in every switch block in the campus

    Follows 80/20 rule (80% local, 20% remote traffic)

    Not recommended in ECNM, because broadcast traffic is carried over till far ends

    Local Vlans, do not span entire switch fabric of a network

    Vlans are local to a specific switch block

    Follows 20/80 rule (20% local, 80% remote traffic)

    Recommended in ECNM

    Provides maximum manageability

    Vlan connectivity is possible by connecting access-links between switches

    Its not possible to connect access-links if more vlans exist in the network

    links can be replaced with single trunk link

    A trunk link can transport more than one VLAN through a single switchport

    So Switchports are categorized into access ports and trunk ports

    Access ports can be associated with a single vlan

    be associated with one, many or all active vlans

    Cisco supports trunking on both fast ethernet, gigabit ethernet and aggregated links

    9553.9553.07

    cember 2011 16 | P a g e

    This vlan is available at the access layer in every switch block in the campus

    Not recommended in ECNM, because broadcast traffic is carried over till far ends

    Cisco supports trunking on both fast ethernet, gigabit ethernet and aggregated links

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Frame Tagging

    As trunk links carry multiple vlans data, the switches must identify from which vlan the data is coming

    The vlan-id should be attached to the frames while travelling through trunk links

    Trunk port adds vlan-id to the normal ethernet frame before sending it through trunk link

    This frame is called tagged ethernet frame

    Trunk port removes vlan-id from the tagged

    System can identify only the normal frame

    Attaching vlan identifier to the normal ethernet frame is called

    Frame tagging can be done in two methods

    ISL

    Dot1Q

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    As trunk links carry multiple vlans data, the switches must identify from which vlan the data is coming

    id should be attached to the frames while travelling through trunk links

    id to the normal ethernet frame before sending it through trunk link

    This frame is called tagged ethernet frame

    id from the tagged ethernet frame before sending it to the system

    System can identify only the normal frame

    Attaching vlan identifier to the normal ethernet frame is called frame-tagging or frame

    Frame tagging can be done in two methods

    9553.9553.07

    cember 2011 17 | P a g e

    As trunk links carry multiple vlans data, the switches must identify from which vlan the data is coming

    id to the normal ethernet frame before sending it through trunk link

    ethernet frame before sending it to the system

    tagging or frame-encapsulation

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Dot1Q Frame tagging

    The first two bytes are TPID and last two bytes are TCI (Tag control information)

    TPID always has a value of 0x8100 to signify 802.1q tag

    TCI contains 3 bit priority used to implement CoS (class of service)

    1 bit of TCI is CFI(canonical format indicator), identifies whether MAC address is in ethernet or token ring

    format

    CFI is also called as little-endian or big

    The last 12 bits are VLAN-ID to indicate source vlan for the frame

    The vlan-id can have values from 0 t

    Frame tagging Errors

    Normal ethernet frame size is 1518 bytes

    Frame-tagging methods increase frame size to 1522 bytes or 1548 bytes

    Generally these frames exceed MTU size and reported as baby giant frames

    Switches usually report these frames as ethernet errors or oversize frames

    But Switches have to forward these frames anyway,

    In case of ISL, Catalyst switches use proprietary hardware

    In case of 802.1q, switches comply with IEEE 802.3ac standard, which can accept t

    Native VLANs

    Native vlan is the vlan from which the frames are not tagged

    Native vlans are supported only with IEEE 802.1q trunking method

    ISL do not support native vlans

    Native vlans must match at both the ends on the trunk link

    By default vlan 1 is native vlan

    Native vlans are very useful if ethernet segments are connected between trunk links

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    The first two bytes are TPID and last two bytes are TCI (Tag control information)

    TPID always has a value of 0x8100 to signify 802.1q tag

    TCI contains 3 bit priority used to implement CoS (class of service)

    ical format indicator), identifies whether MAC address is in ethernet or token ring

    endian or big-endian format

    ID to indicate source vlan for the frame

    id can have values from 0 to 4095, but vlans 0,1,4095 are reserved

    Normal ethernet frame size is 1518 bytes

    tagging methods increase frame size to 1522 bytes or 1548 bytes

    Generally these frames exceed MTU size and reported as baby giant frames

    usually report these frames as ethernet errors or oversize frames

    Switches have to forward these frames anyway,

    In case of ISL, Catalyst switches use proprietary hardware

    In case of 802.1q, switches comply with IEEE 802.3ac standard, which can accept the frames with 1522 bytes

    Native vlan is the vlan from which the frames are not tagged

    Native vlans are supported only with IEEE 802.1q trunking method

    Native vlans must match at both the ends on the trunk link

    Native vlans are very useful if ethernet segments are connected between trunk links

    9553.9553.07

    cember 2011 18 | P a g e

    ical format indicator), identifies whether MAC address is in ethernet or token ring

    he frames with 1522 bytes

    Native vlans are very useful if ethernet segments are connected between trunk links

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    DTP

    DTP Dynamic Trunking Protocol

    DTP is Cisco proprietary point-to

    Used to negotiate common trunking mode between

    A trunk link can be negotiated between two switches, only if they belong to same

    or anyone of the switch set to NULL domain

    If two switches belong to different VTP management domains negotiation is not possible

    Then trunk mode should be set to ON with manual intervention

    By default DTP frames are sent out every 30 seconds to keep neighboring switchports informed of the link

    mode

    The trunk encapsulation method is negotiated to select either ISL or IEEE 802.1q, whichev

    the trunk support

    If both ends support both types, ISL is preferred

    DTP is enabled by default

    Trunk Negotiation

    Local switchport state

    Access

    Trunk

    Desirable

    Auto

    Auto

    Nonegotiate

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    Dynamic Trunking Protocol

    to-point protocol

    Used to negotiate common trunking mode between two switches

    A trunk link can be negotiated between two switches, only if they belong to same

    or anyone of the switch set to NULL domain

    If two switches belong to different VTP management domains negotiation is not possible

    trunk mode should be set to ON with manual intervention

    By default DTP frames are sent out every 30 seconds to keep neighboring switchports informed of the link

    The trunk encapsulation method is negotiated to select either ISL or IEEE 802.1q, whichev

    If both ends support both types, ISL is preferred

    Far end switchport state Trunk negotiation

    Access, trunk, desirable, auto No Trunk

    Trunk, desirable, auto Trunk

    Trunk, auto, desirable Trunk

    Trunk, desirable Trunk

    Auto No Trunk

    Access, trunk, desirable, auto No Trunk

    9553.9553.07

    cember 2011 19 | P a g e

    VTP management domain

    If two switches belong to different VTP management domains negotiation is not possible

    By default DTP frames are sent out every 30 seconds to keep neighboring switchports informed of the link

    The trunk encapsulation method is negotiated to select either ISL or IEEE 802.1q, whichever both ends of

    Trunk negotiation

    No Trunk

    Trunk

    Trunk

    Trunk

    No Trunk

    No Trunk

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    9553.9553.07

    cember 2011 20 | P a g e

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    VTP

    Since campus network contains more

    Cisco developed a method to manage vlans easily in campus networks

    VTP Vlan Trunking Protocol

    VTP carries vlan information from one switch to other switch automatically

    VTP allows the switches to replicate vlan information dynamically

    VTP uses L2 trunk frames to communicate VLAN information among a group of switches

    VTP manages the addition, deletion and renaming of vlans across the network from a central point of

    control

    VTP, VLAN information is stored in vlan.dat file located at flash

    VTP Domains

    VTP is organized into management domains

    Switches in same VTP domain share vlan information

    Switches with different VTP domains cant share vlan information

    By default domain name is NULL

    the entire VTP operations are controlled by VTP advertisements

    VLAN replication is bounded by VTP domain

    VTP Modes

    VTP works in three modes

    Server mode

    Client mode

    Transparent mode

    Server Mode

    Vlan configuration is possible

    Server is master

    Vlan replication

    VTP information is synchronized

    Default mode

    Network needs at least one server

    Works like VTP relay

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    LESSON 4 : VTP

    Since campus network contains more number of switches, management of vlans is not easy in general

    Cisco developed a method to manage vlans easily in campus networks

    VTP carries vlan information from one switch to other switch automatically

    s to replicate vlan information dynamically

    VTP uses L2 trunk frames to communicate VLAN information among a group of switches

    VTP manages the addition, deletion and renaming of vlans across the network from a central point of

    is stored in vlan.dat file located at flash

    VLANs replication

    VTP is organized into management domains

    Switches in same VTP domain share vlan information

    Switches with different VTP domains cant share vlan information

    name is NULL

    the entire VTP operations are controlled by VTP advertisements

    VLAN replication is bounded by VTP domain

    Client Mode Transparent Mode

    Vlan configuration is not possible Vlan configuration is possible

    Client follows server Transparent does not follow server

    Vlan replication No vlan replication

    VTP information is synchronized VTP information is not synchronized

    Not a default mode Not a default mode

    No of clients depends on

    requirement

    No of transparents depends on

    requirement

    Works like VTP relay Works like VTP relay in version 2

    9553.9553.07

    cember 2011 21 | P a g e

    number of switches, management of vlans is not easy in general

    VTP uses L2 trunk frames to communicate VLAN information among a group of switches

    VTP manages the addition, deletion and renaming of vlans across the network from a central point of

    Transparent Mode

    Vlan configuration is possible

    Transparent does not follow server

    No vlan replication

    VTP information is not synchronized

    Not a default mode

    No of transparents depends on

    requirement

    Works like VTP relay in version 2

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    VTP Advertisements

    Entire VTP operations are maintained by VTP advertisements

    VTP advertisements are sent as multicast frames

    By default VTP advertisement are sent as non

    If secure mode is enabled, VTP password must be same on every switch to share VTP advertisements

    VTP switches use an index called VTP configuration revision number to keep a track of most recent

    information

    Every switch stores latest VTP c

    VTP process always starts with 0 as VTP configuration revision number

    If there is any change in server configuration revision number will be incremented by 1

    If a new server switch is added to network with highest revision number,

    it may collapse the network with VTP advertisements

    Every switch thinks that new server is added, try to synchronize, may delete existing vlan information

    This is called VTP synchronization problem

    To avoid this, revision number must be set to 0

    To reset revision number

    o Change the switch VTP mode to transparent and then back to server

    o Change switchs VTP domain to a bogus name and then change back to the original name

    VTP advertisements can occur in three forms

    Summary advertisements

    o Sent by server for every 300 seconds or vlan database change occurs

    o Includes summary information

    Subset advertisements

    o Sent by servers if vlan configuration change occurs

    o They contain information about every vlan

    Advertisement requests from clients

    o Sent by client as a query if it needs any vlan information

    o Subset advertisements are sent by server as reply

    Summary Advertisements

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    Entire VTP operations are maintained by VTP advertisements

    VTP advertisements are sent as multicast frames

    By default VTP advertisement are sent as non-secure advertisements, without password

    If secure mode is enabled, VTP password must be same on every switch to share VTP advertisements

    VTP switches use an index called VTP configuration revision number to keep a track of most recent

    Every switch stores latest VTP configuration revision number

    VTP process always starts with 0 as VTP configuration revision number

    If there is any change in server configuration revision number will be incremented by 1

    If a new server switch is added to network with highest revision number,

    it may collapse the network with VTP advertisements

    Every switch thinks that new server is added, try to synchronize, may delete existing vlan information

    synchronization problem

    To avoid this, revision number must be set to 0

    Change the switch VTP mode to transparent and then back to server (Or)

    Change switchs VTP domain to a bogus name and then change back to the original name

    VTP advertisements can occur in three forms

    Sent by server for every 300 seconds or vlan database change occurs

    Includes summary information

    Sent by servers if vlan configuration change occurs

    rmation about every vlan

    Advertisement requests from clients

    Sent by client as a query if it needs any vlan information

    Subset advertisements are sent by server as reply

    9553.9553.07

    cember 2011 22 | P a g e

    without password

    If secure mode is enabled, VTP password must be same on every switch to share VTP advertisements

    VTP switches use an index called VTP configuration revision number to keep a track of most recent

    If there is any change in server configuration revision number will be incremented by 1

    Every switch thinks that new server is added, try to synchronize, may delete existing vlan information

    Change switchs VTP domain to a bogus name and then change back to the original name

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Summary Advertisements

    Advertisements Request

    VTP Modes

    Version 1

    Default version

    Transparent mode does not work as

    VTP relay

    Supports only 1-1005 vlan id

    Can coexist with version 2

    No Consistency check on VTP to prevent

    errors

    Doesnt support token ring

    Doesnt support unrecognized TLVs

    (Type, length, value)

    If a VTP version is set in server switch, automatically it populates to client switches, if they support that version

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    Version 2

    Not default version Not default version

    Transparent mode does not work as Transparent mode works as

    VTP relay

    Transparent mode works as

    Supports only 1-1005 vlan id Supports 1

    Can coexist with version 1

    Future version

    No Consistency check on VTP to prevent Consistency check on VTP

    to prevent errors

    Supports token ring

    Doesnt support unrecognized TLVs Supports unrecognized TLVs

    (Type, length, value)

    If a VTP version is set in server switch, automatically it populates to client switches, if they support that version

    9553.9553.07

    cember 2011 23 | P a g e

    Version 3

    Not default version

    Transparent mode works as

    VTP relay

    Supports 1-4095 vlan id

    Future version

    If a VTP version is set in server switch, automatically it populates to client switches, if they support that version

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    VTP Configuration

    VTP Pruning

    VTP pruning reduces unnecessary flooded traffic

    It makes more efficient use of trunk bandwidth

    With VTP pruning, broadcast and unknown unicast flooding are forwarded over a trunk link only if the

    receiving switch has active ports in that vlan

    VTP pruning improves network performance and consumes less processing cycles of switch

    By default VTP is disabled on IOS

    Vlan 1 carries management information and control information

    Vlan 1, 1002-1005 are not eligible for pruning

    Vlans 2-1001 are eligible for pruning

    VTP pruning has no effect on transparent switches, manual configuration requires to prune vlans from trunk

    links

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    VTP pruning reduces unnecessary flooded traffic

    It makes more efficient use of trunk bandwidth

    With VTP pruning, broadcast and unknown unicast flooding are forwarded over a trunk link only if the

    receiving switch has active ports in that vlan

    pruning improves network performance and consumes less processing cycles of switch

    By default VTP is disabled on IOS-based switches

    Vlan 1 carries management information and control information

    1005 are not eligible for pruning

    re eligible for pruning

    VTP pruning has no effect on transparent switches, manual configuration requires to prune vlans from trunk

    No VTP Pruning

    9553.9553.07

    cember 2011 24 | P a g e

    With VTP pruning, broadcast and unknown unicast flooding are forwarded over a trunk link only if the

    pruning improves network performance and consumes less processing cycles of switch

    VTP pruning has no effect on transparent switches, manual configuration requires to prune vlans from trunk

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    VTP Pruning Configuration

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    VTP Pruning

    9553.9553.07

    cember 2011 25 | P a g e

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    LESSON 5 : LINK AGGREGATIONEtherchannel

    Individual physical links are bundled together to aggregate the bandwidth

    Individual physical links can be bundled together to aggregate the bandwidth between switches

    This works like single logical channel between switches called ETHERCHANNEL

    2 to 8 physical links can be bundled together in an Etherchannel

    FEC : Fast Ether Channel

    o 100 Mbps links are bundled together, supports 800Mbps speed (1600Mbps throughput)

    GEC : Gigabit Ether Channel

    o 1 Gbps links are bundled together, supports 8Gbps speed (16Gbps throughput)

    10GEC : 10Gigabit Ether Channel

    o 10 Gbps links are bundled together, supports 80Gbps speed (160Gbps throughput

    Generally L2 loops will occur by connecting parallel links between switch

    But Etherchannel will combine them to a single logical link

    On Etherchannel, traffic load is

    With load-balancing algorithm, Etherchannel selects one of the links to forward the traffic

    The physical link with same speed and properties can be bundled

    The Etherchannel can be access link or trunk link

    Etherchannel supports redundancy

    If one of the link is failed within the channel, the traffic will be moved to another adjacent link. Failover

    occurs in less than few milliseconds

    Etherchannel Traffic Distribution

    In etherchannel traffic is not distributed equally on all links

    The traffic distribution is based on a hashing algorithm

    o Source IP

    o Destination IP

    o Source IP-Destination IP

    o Source MAC

    o Destination MAC

    o Source MAC-Destination MAC

    o Source Port

    o Destination Port

    o Source Port-Destination Port

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    LESSON 5 : LINK AGGREGATION

    Individual physical links are bundled together to aggregate the bandwidth

    Individual physical links can be bundled together to aggregate the bandwidth between switches

    channel between switches called ETHERCHANNEL

    2 to 8 physical links can be bundled together in an Etherchannel

    100 Mbps links are bundled together, supports 800Mbps speed (1600Mbps throughput)

    inks are bundled together, supports 8Gbps speed (16Gbps throughput)

    10GEC : 10Gigabit Ether Channel

    10 Gbps links are bundled together, supports 80Gbps speed (160Gbps throughput

    Generally L2 loops will occur by connecting parallel links between switch

    Etherchannel will combine them to a single logical link

    On Etherchannel, traffic load is not distributed equally among the individual links

    balancing algorithm, Etherchannel selects one of the links to forward the traffic

    same speed and properties can be bundled

    The Etherchannel can be access link or trunk link

    Etherchannel supports redundancy

    If one of the link is failed within the channel, the traffic will be moved to another adjacent link. Failover

    w milliseconds

    In etherchannel traffic is not distributed equally on all links

    The traffic distribution is based on a hashing algorithm. This algorithm can use

    Destination IP

    Destination MAC

    Destination Port

    9553.9553.07

    cember 2011 26 | P a g e

    LESSON 5 : LINK AGGREGATION

    Individual physical links can be bundled together to aggregate the bandwidth between switches

    100 Mbps links are bundled together, supports 800Mbps speed (1600Mbps throughput)

    inks are bundled together, supports 8Gbps speed (16Gbps throughput)

    10 Gbps links are bundled together, supports 80Gbps speed (160Gbps throughput

    balancing algorithm, Etherchannel selects one of the links to forward the traffic

    If one of the link is failed within the channel, the traffic will be moved to another adjacent link. Failover

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    The hash algorithm computes a binary pattern that selects a link number in the bundle to carry each frame

    If only one address or port number is us

    If two addresses or port number are used, algorithm performs XOR (exclusive OR) operation on one or more

    low-order-bits

    Link selections - if only one address is used in distribution algorithm

    Link selections if two addresses are used in distribution algorithm

    A conversation between two devices always is sent through the same Etherchannel link because two

    endpoint addresses stay the same

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    The hash algorithm computes a binary pattern that selects a link number in the bundle to carry each frame

    If only one address or port number is used, algorithm takes one or more low-order

    If two addresses or port number are used, algorithm performs XOR (exclusive OR) operation on one or more

    if only one address is used in distribution algorithm

    if two addresses are used in distribution algorithm

    A conversation between two devices always is sent through the same Etherchannel link because two

    endpoint addresses stay the same

    9553.9553.07

    cember 2011 27 | P a g e

    The hash algorithm computes a binary pattern that selects a link number in the bundle to carry each frame

    order-bits

    If two addresses or port number are used, algorithm performs XOR (exclusive OR) operation on one or more

    A conversation between two devices always is sent through the same Etherchannel link because two

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    If there is a high data conversation between two servers, they

    of distribution algorithm. It may lead to load imbalance

    To avoid this, Source-Destination ports can be used as load balancing method

    When a device talks to multiple devices, the traffic can be distributed on

    distribution algorithm

    Etherchannel load balancing

    method

    Src-ip

    Dst-ip

    Src-dst-ip

    Src-mac

    Dst-mac

    Src-dst-mac

    Src-port

    Dst-port

    Src-dst-port

    For L2 switching the default load balance method is src

    For L3 switching the default load balance method is src

    Etherchannel Protocols

    Etherchannel negotiation protocols are used to provide dynamic link

    Two protocols are available to negotiate bundled links in catalyst switches

    o PAgP

    Port Aggregation Protocol

    Cisco Proprietary solution

    o LACP

    Link aggregation control protocol

    Open standard solution

    Negotiation Mode Negotiation packets sent

    PAgP LACP

    On On

    Auto Passive

    Desirable Active

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    If there is a high data conversation between two servers, they always use same Etherchannel link as a result

    It may lead to load imbalance

    Destination ports can be used as load balancing method

    When a device talks to multiple devices, the traffic can be distributed on several etherchannel links based on

    Hash input Hash Operation

    Source ip Bits

    Destination ip Bits

    Source and destination ip XOR

    Source mac Bits

    Destination mac Bits

    Source and destination mac XOR

    Source port Bits

    Destination port Bits

    Source and destination port XOR

    For L2 switching the default load balance method is src-mac

    For L3 switching the default load balance method is src-dst-ip

    Etherchannel negotiation protocols are used to provide dynamic link configuration

    Two protocols are available to negotiate bundled links in catalyst switches

    Port Aggregation Protocol

    Cisco Proprietary solution

    Link aggregation control protocol

    Open standard solution

    Negotiation packets sent Characteristics

    No All ports channeling

    Yes Waits to channel until asked

    Yes Actively asks to form a channel

    9553.9553.07

    cember 2011 28 | P a g e

    always use same Etherchannel link as a result

    several etherchannel links based on

    Switch model

    All models

    All models

    All models

    All models

    All models

    All models

    6500,4500

    6500,4500

    6500,4500

    configuration

    Characteristics

    All ports channeling

    Waits to channel until asked

    Actively asks to form a channel

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    PAgP

    PAgP packets are exchange between switches over Etherchannel capable ports

    PAgP forms an Etherchannel only on ports that are

    PAgP dynamically modifies parameters of the Etherchannel if one of the bundled ports is modified (vlan

    speed, duplex)

    PAgP configured in desirable mode

    PAgP configured in auto mode (default) waits to be asked by far

    LACP

    Defined in IEEE 802.3ad (Clause 43)

    LACP packets are exchanged between switches over Etherchannel

    The switch with lowest system priority (2B priority

    actively are participating in the Etherchannel

    Ports are selected and become active according to their

    A set of up to 16 potential links can be defined for each etherchannel

    8 ports with lowest priorities are grouped together, remaining are stand

    LACP configured in active mode asks far

    LACP configured in passive mode waits to be asked by far

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    PAgP packets are exchange between switches over Etherchannel capable ports

    PAgP forms an Etherchannel only on ports that are configured for identical static VLANs or trunking

    PAgP dynamically modifies parameters of the Etherchannel if one of the bundled ports is modified (vlan

    PAgP configured in desirable mode asks a far-end switch to negotiate Etherchannel

    PAgP configured in auto mode (default) waits to be asked by far-end switch to negotiate Etherchannel

    Defined in IEEE 802.3ad (Clause 43)

    LACP packets are exchanged between switches over Etherchannel capable ports

    The switch with lowest system priority (2B priority-6B switch MAC) makes decisions about what ports

    actively are participating in the Etherchannel

    Ports are selected and become active according to their lowest port priority (2B priority

    A set of up to 16 potential links can be defined for each etherchannel

    8 ports with lowest priorities are grouped together, remaining are stand-by

    LACP configured in active mode asks far-end switch to negotiate Etherchannel

    ssive mode waits to be asked by far-end switch to negotiate Etherchannel

    9553.9553.07

    cember 2011 29 | P a g e

    static VLANs or trunking

    PAgP dynamically modifies parameters of the Etherchannel if one of the bundled ports is modified (vlan-id,

    end switch to negotiate Etherchannel

    end switch to negotiate Etherchannel

    6B switch MAC) makes decisions about what ports

    lowest port priority (2B priority-2B port number)

    end switch to negotiate Etherchannel

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Etherchannel Status

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    9553.9553.07

    cember 2011 30 | P a g e

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    LESSON 6 : SWITCH FUNCTIONING

    Example 1:

    Example 2:

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    LESSON 6 : SWITCH FUNCTIONING

    9553.9553.07

    cember 2011 31 | P a g e

    LESSON 6 : SWITCH FUNCTIONING

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Loops

    In L3 Networks multiple paths to destination offer redundancy or

    In L2 Networks multiple paths to destination create loops

    In switching Networks Loops occur if a switch has multiple paths to another switch

    This is the situation where a single frame propagates between switches multiple times, in various p

    Broadcast Storm

    If a system broadcasts (or unknown uni cast flooding) t

    the systems as multiple copies in various paths

    It consumes switch processing cycles and memory

    Finally Network performance comes down

    This situation is called broadcast storm

    Avoiding Loops

    Ensure the switches have only one path to reach every other switch

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    In L3 Networks multiple paths to destination offer redundancy or load balancing

    In L2 Networks multiple paths to destination create loops

    In switching Networks Loops occur if a switch has multiple paths to another switch

    This is the situation where a single frame propagates between switches multiple times, in various p

    If a system broadcasts (or unknown uni cast flooding) the data in the loop network,

    the systems as multiple copies in various paths

    It consumes switch processing cycles and memory

    comes down

    This situation is called broadcast storm

    Ensure the switches have only one path to reach every other switch

    9553.9553.07

    cember 2011 32 | P a g e

    In switching Networks Loops occur if a switch has multiple paths to another switch

    This is the situation where a single frame propagates between switches multiple times, in various paths

    he data in the loop network, a single frame goes to all

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Loop Prevention

    Redundancy is required between switches to avoid network outages

    Backup paths are required to achieve 100% network uptime

    At the same time loops must be avoided

    This can be done spanning tree protocol (STP) dynamically

    STP blocks some ports automatically which are causing loops

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    Redundancy is required between switches to avoid network outages

    achieve 100% network uptime

    At the same time loops must be avoided

    This can be done spanning tree protocol (STP) dynamically

    STP blocks some ports automatically which are causing loops

    9553.9553.07

    cember 2011 33 | P a g e

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    LESSON 7 : TRADITIONAL STPBPDU

    BPDU- Bridge Protocol Data Unit

    STP operations are performed by exchanging BPDU messages between switches

    By default BPDUs are sent for every 2 seconds

    A switch sends BPDU frames to other switches using its own MAC as Source MAC and 01

    destination MAC

    01-80-c2-00-00-00 is STP multicast MAC address

    Two types of BPDU

    o Configuration BPDU

    Used for Spanning tree computation

    o TCN BPDU

    Topology Change Notification BPDU

    Used to announce

    CONFIGURATION BPDU

    Bridge ID

    STP Link Cost

    In STP process, the links are given with a number called cost

    Cost is used to suspend slowest links than high speed links to avoid loops

    High speed links have low cost

    To support high speed links, STP cost standards are modified

    New STP cost is in use at present

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    LESSON 7 : TRADITIONAL STP

    Bridge Protocol Data Unit

    STP operations are performed by exchanging BPDU messages between switches

    By default BPDUs are sent for every 2 seconds

    A switch sends BPDU frames to other switches using its own MAC as Source MAC and 01

    00 is STP multicast MAC address(IP Multicast MAC : 01-00-5e-00-00

    Used for Spanning tree computation

    Topology Change Notification BPDU

    Used to announce changes in the network topology

    In STP process, the links are given with a number called cost

    Cost is used to suspend slowest links than high speed links to avoid loops

    support high speed links, STP cost standards are modified

    New STP cost is in use at present

    9553.9553.07

    cember 2011 34 | P a g e

    A switch sends BPDU frames to other switches using its own MAC as Source MAC and 01-80-c2-00-00-00 as

    00-00 - 01-00-5e-7f-ff-ff)

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    Link Bandwidth

    4 Mbps

    10 Mbps

    16 Mbps

    45 Mbps

    100 Mbps

    155 Mbps

    622 Mbps

    1 Gbps

    10 Gbps

    STP Terminology

    BPDU Bridge Protocol data Unit

    RB Root Bridge

    NRB Non Root Bridge

    RP Root Port

    DP Designated Port

    NDP Non Designated Port

    STP Process

    1.Electing Root Bridge

    2.Electing Root port per switch

    3.Electing Designated port per segment

    4.Electing Non designated ports

    Reference STP Topology for Analysis

    This topology has multiple switches and multiple loops. The links have different speeds as shown in figure.

    STP can be explained by using this physically loop topology. The result will be logically loop free topology

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    Link Bandwidth Old STP cost New STP cost

    250 250

    10 Mbps 100 100

    16 Mbps 63 62

    45 Mbps 22 39

    100 Mbps 10 19

    155 Mbps 6 14

    622 Mbps 2 6

    1 4

    0 2

    Bridge Protocol data Unit Fundamental message in STP process

    Switch with lowest bridge ID

    Switches other than RB

    Port on NRB that has best cost path to RB

    Goes to forwarding state

    Port on LAN segment that has best cost path to RB

    Goes to forwarding state

    Non Designated Port Port neither RP nor DP. Goes to blocking state (BLK)

    switch

    Electing Designated port per segment

    Electing Non designated ports

    This topology has multiple switches and multiple loops. The links have different speeds as shown in figure.

    using this physically loop topology. The result will be logically loop free topology

    9553.9553.07

    cember 2011 35 | P a g e

    Fundamental message in STP process

    Switch with lowest bridge ID

    Switches other than RB

    Port on NRB that has best cost path to RB

    forwarding state

    Port on LAN segment that has best cost path to RB

    Goes to forwarding state

    Goes to blocking state (BLK)

    This topology has multiple switches and multiple loops. The links have different speeds as shown in figure.

    using this physically loop topology. The result will be logically loop free topology

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    1. Electing Root Bridge

    All ports on all switches are in blocked state initially

    Every switch treats itself as Root Bridge when STP process starts

    Every switch sends BPDU to the remaining switches

    BPDUs carry bridge id information to select root bridge

    Finally only one switch with lowest Bridge ID is elected as Root Bridge

    If priority is same, the switch with lowest MAC becomes Root Bridge

    2. Electing Root Ports

    Switch may have multiple paths to reach root bridge

    The port with best cost path to RB is elected as Root Port

    High speed ports have best cost paths. Cost is inversely proportional to speed

    Only one Root Port exists per switch. Root Port goes to forwarding

    If there is a tie in selecting RP, It prefers the link from the switch with lowest Bridge ID

    Still there is a tie, then looks at Port ID, the port with least port id is preferred

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    All ports on all switches are in blocked state initially

    Every switch treats itself as Root Bridge when STP process starts

    U to the remaining switches

    BPDUs carry bridge id information to select root bridge

    Finally only one switch with lowest Bridge ID is elected as Root Bridge

    If priority is same, the switch with lowest MAC becomes Root Bridge

    Switch may have multiple paths to reach root bridge

    The port with best cost path to RB is elected as Root Port

    High speed ports have best cost paths. Cost is inversely proportional to speed

    Only one Root Port exists per switch. Root Port goes to forwarding state

    If there is a tie in selecting RP, It prefers the link from the switch with lowest Bridge ID

    Still there is a tie, then looks at Port ID, the port with least port id is preferred

    9553.9553.07

    cember 2011 36 | P a g e

    If there is a tie in selecting RP, It prefers the link from the switch with lowest Bridge ID

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    3. Electing Designated Port Per Segment

    The port on the segment that has best cost path to RB is elected as designated Port (DP)

    Only one DP exists per segment (switch to switch link). DP goes to forwarding state

    All the ports on Root Bridge are Designated Ports

    If there is a tie in selecting DP, It prefers the link fr

    Still there is a tie, then looks at Port ID, the port with least port id is preferred

    Tie Break: Lowest Root Bridge ID/Lowest root path cost/Lowest Sender Bridge ID/ Lowest sender Port ID

    4. Electing Non-Designated Ports

    The port neither RP nor DP becomes Non designated port

    Non designated port goes to blocking state. NDP is also called as Blocked port (BLK)

    These ports have the chances to become active if operational link fails

    STP rebuilds the topology if something goes wrong with active links

    STP rebuilds the new topology by activating some blocked ports ensuring loop free topology all the time

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    Electing Designated Port Per Segment

    that has best cost path to RB is elected as designated Port (DP)

    Only one DP exists per segment (switch to switch link). DP goes to forwarding state

    All the ports on Root Bridge are Designated Ports

    If there is a tie in selecting DP, It prefers the link from the switch with lowest Bridge ID

    Still there is a tie, then looks at Port ID, the port with least port id is preferred

    Lowest Root Bridge ID/Lowest root path cost/Lowest Sender Bridge ID/ Lowest sender Port ID

    The port neither RP nor DP becomes Non designated port

    Non designated port goes to blocking state. NDP is also called as Blocked port (BLK)

    These ports have the chances to become active if operational link fails

    gy if something goes wrong with active links

    STP rebuilds the new topology by activating some blocked ports ensuring loop free topology all the time

    9553.9553.07

    cember 2011 37 | P a g e

    that has best cost path to RB is elected as designated Port (DP)

    Only one DP exists per segment (switch to switch link). DP goes to forwarding state

    om the switch with lowest Bridge ID

    Lowest Root Bridge ID/Lowest root path cost/Lowest Sender Bridge ID/ Lowest sender Port ID

    Non designated port goes to blocking state. NDP is also called as Blocked port (BLK)

    STP rebuilds the new topology by activating some blocked ports ensuring loop free topology all the time

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    STP Physical and Logical topologies

    To participate in STP, each switch port progress through 5 states

    Disable

    Blocking

    Listening

    Learning

    Forwarding

    Disable

    Disable state is shutdown state and not a part of normal STP progression

    Blocked

    When a port initializes, it begins in the blocking state so that no loops can form

    The port is allowed only to send and receive BPDU

    The ports that are put into standby mode to remove a loop enter the blocking state

    Listening

    A port is moved from Blocking to Listening if the switch thinks that the port can be selected as a root port or

    designated port

    In listening state port the port is allowed to send/receive BPDUs

    If the port loses its RP or DP status in STP process, it returns to the blocking state

    The port stays in Listening state for 15 sec, forward delay

    Learning

    After forward delay(15sec) in listening state, the port is moved to learning state

    The port can send/receive BPDU and learns MAC addresses to add them to MAT

    The Port stays in Learning state for 15sec, forward delay

    Forwarding

    After forward delay(15sec) in learning sta

    Only RPs and DPs are moved to forwarding state

    The port can send/receive BPDU, learn MAC and send/receive data

    Now the port is fully functioning switch port in STP topology

    P. NAGABABU [email protected]

    ovember 2011. New material is available on 1st

    Decem

    STP States

    progress through 5 states

    Disable state is shutdown state and not a part of normal STP progression

    When a port initializes, it begins in the blocking state so that no loops can form

    is allowed only to send and receive BPDU

    The ports that are put into standby mode to remove a loop enter the blocking state

    A port is moved from Blocking to Listening if the switch thinks that the port can be selected as a root port or

    In listening state port the port is allowed to send/receive BPDUs

    If the port loses its RP or DP status in STP process, it returns to the blocking state

    The port stays in Listening state for 15 sec, forward delay

    delay(15sec) in listening state, the port is moved to learning state

    The port can send/receive BPDU and learns MAC addresses to add them to MAT

    The Port stays in Learning state for 15sec, forward delay

    After forward delay(15sec) in learning state, the port is moved to forwarding state

    Only RPs and DPs are moved to forwarding state

    The port can send/receive BPDU, learn MAC and send/receive data

    Now the port is fully functioning switch port in STP topology

    9553.9553.07

    cember 2011 38 | P a g e

    The ports that are put into standby mode to remove a loop enter the blocking state

    A port is moved from Blocking to Listening if the switch thinks that the port can be selected as a root port or

  • 9000235254 P. NAGABABU

    This material is valid till 31st Nove

    STP States

    Disabled

    Blocking

    Listening Send & Receive BPDUs

    Learning Send & Receive BPDUs

    Forwarding Send & Receive

    Send & Receive data

    STP uses three timers to make sure that a network converges properly before a bridging loop can form

    STP timers provide facility for the switches to have time to receive network changes

    STP three timers

    o Hello Time

    The time interval between configuration BPDUs sent by Root Bridge

    IEEE 802.1d standard

    o Forward delay

    The port spending time in Listening and Learni

    Default is 15 sec

    o Maximum Age

    The time interval that a switch stores a BPDU before discarding it

    In STP process every switch keeps a copy of best BPDU, it learned

    The BPDU ages out if the switch loses contact with BPDUs source

    The default Max ag

    The default STP timers are designed based on a reference model of L2 network with 7 switches diameter

    including Root Bridge (as shown in above diagram)

    STP timers