Kategori: Switch

MDH Lab – HSRP

Jonas CollénCCNP

Topologi

lab5-2

Objective

Configure inter-VLAN routing with HSRP to provide redundant, fault-tolerant routing to the internal network.

Background

Hot Standby Router Protocol (HSRP) is a Cisco-proprietary redundancy protocol for establishing a faulttolerant default gateway. It is described in RFC 2281. HSRP provides a transparent failover mechanism to the end stations on the network. This provides users at the access layer with uninterrupted service to the network if the primary gateway becomes inaccessible.

The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in RFC 3768. The two technologies are similar but not compatible. This lab focuses on HSRP.

Genomförande

Börjar med default-konfig för att få upp vlan/etherchannels/trunkar.

S1

Switch(config)#hostname S1
 S1(config)#line con 0
 S1(config-line)#logging sync
 S1(config-line)#!Trunk-links till S2
 S1(config-line)#int range fa0/1 - 2
 S1(config-if-range)#switchport trunk encaps dot1q
 S1(config-if-range)#switchport mode trunk
 S1(config-if-range)#description to S2
 S1(config-if-range)#channel-protocol lacp
 S1(config-if-range)#channel-group 1 mode active
 Creating a port-channel interface Port-channel 1
S1(config-if-range)#
 S1(config-if-range)#!Trunk-links till S3
 S1(config-if-range)#int range fa0/3 - 4
 S1(config-if-range)#switchport trunk encaps dot1q
 S1(config-if-range)#switchport mode trunk
 S1(config-if-range)#description to S2
 S1(config-if-range)#channel-protocol lacp
 S1(config-if-range)#channel-group 2 mode active
 Creating a port-channel interface Port-channel 2
S1(config-if-range)#exit
 S1(config)#
 S1(config)#vtp mode server
 Device mode already VTP SERVER.
 S1(config)#vtp domain CISCO
 Changing VTP domain name from NULL to CISCO
 S1(config)#
 S1(config)#vlan 10
 S1(config-vlan)#name Red
 S1(config-vlan)#vlan 20
 S1(config-vlan)#name Blue
 S1(config-vlan)#vlan 30
 S1(config-vlan)#name Orange
 S1(config-vlan)#vlan 40
 S1(config-vlan)#

S3

Switch(config)#hostname S3
 S3(config)#line con 0
 S3(config-line)#logging sync
 S3(config-line)#!Trunk-links till S2
 S3(config-line)#int range fa0/1 - 2
 S3(config-if-range)#switchport trunk encaps dot1q
 S3(config-if-range)#switchport mode trunk
 S3(config-if-range)#description to S2
 S3(config-if-range)#channel-protocol lacp
 S3(config-if-range)#channel-group 1 mode active
 Creating a port-channel interface Port-channel 1
S3(config-if-range)#
 S3(config-if-range)#!Trunk-links till S1
 S3(config-if-range)#int range fa0/3 - 4
 S3(config-if-range)#switchport trunk encaps dot1q
 S3(config-if-range)#switchport mode trunk
 S3(config-if-range)#description to S1
 S3(config-if-range)#channel-protocol lacp
 S3(config-if-range)#channel-group 2 mode passive
 Creating a port-channel interface Port-channel 2
S3(config-if-range)#exit
 S3(config)#
 S3(config)#vtp mode client
 Setting device to VTP CLIENT mode.
 S3(config)#vtp domain CISCO

S2

Switch(config)#hostname S2
 S2(config)#line con 0
 S2(config-line)#logging sync
 S2(config-line)#!Trunk-links till S1
 S2(config-line)#int range fa0/1 - 2
 S2(config-if-range)#switchport mode trunk
 S2(config-if-range)#description to S1
 S2(config-if-range)#channel-protocol lacp
 S2(config-if-range)#channel-group 1 mode passive
 Creating a port-channel interface Port-channel 1
S2(config-if-range)#
 S2(config-if-range)#!Trunk-links till S3
 S2(config-if-range)#int range fa0/3 - 4
 S2(config-if-range)#switchport mode trunk
 S2(config-if-range)#description to S3
 S2(config-if-range)#channel-protocol lacp
 S2(config-if-range)#channel-group 2 mode passive
 Creating a port-channel interface Port-channel 2
S2(config-if-range)#exit
 S2(config)#
 S2(config)#vtp mode client
 Setting device to VTP CLIENT mode.
 S2(config)#vtp domain CISCO
 Domain name already set to CISCO.

Då återstår det bara att sätta upp HSRP mellan S1 & S3. Enligt labben ska fördelningen vara enligt följande:

  • S1 Primary – Vl1, 20 & 40
  • S3 Primary – Vl10 & 30

Vi styr detta genom att modfiera priority-värdet för den switch vi vill ska vara active (default = 100, högst värde vinner).

S1

S1(config)#interface vlan 1
 S1(config-if)#ip add 172.16.1.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.1.1
 S1(config-if)#standby 1 priority 150
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 10
 S1(config-if)#ip add 172.16.10.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.10.1
 S1(config-if)#standby 1 priority 100
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 20
 S1(config-if)#ip add 172.16.20.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.20.1
 S1(config-if)#standby 1 priority 150
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 30
 S1(config-if)#ip add 172.16.30.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.30.1
 S1(config-if)#standby 1 priority 100
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 40
 S1(config-if)#ip add 172.16.40.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.40.1
 S1(config-if)#standby 1 priority 150
 S1(config-if)#standby 1 preempt
 S1(config-if)#exit
 S1(config)#ip routing

S3

S3(config)#interface vlan 1
 S3(config-if)#ip add 172.16.1.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.1.1
 S3(config-if)#standby 1 priority 100
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 10
 S3(config-if)#ip add 172.16.10.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.10.1
 S3(config-if)#standby 1 priority 150
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 20
 S3(config-if)#ip add 172.16.20.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.20.1
 S3(config-if)#standby 1 priority 100
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 30
 S3(config-if)#ip add 172.16.30.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.30.1
 S3(config-if)#standby 1 priority 150
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 40
 S3(config-if)#ip add 172.16.40.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.40.1
 S3(config-if)#standby 1 priority 100
 S3(config-if)#standby 1 preempt
 S3(config-if)#exit
 S3(config)#ip routing
 S3(config)#

S2

S2(config)#interface vlan 1
 S2(config-if)#ip add 172.16.1.2 255.255.255.0
 S2(config-if)#no shut
 S2(config-if)#exit
 S2(config)#
 S2(config)#ip default-gateway 172.16.1.1

Verifiering

S3#sh standby
Vlan1 - Group 1
 State is Standby
 Virtual IP address is 172.16.1.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.216 secs
 Preemption enabled
 Active router is 172.16.1.10, priority 150 (expires in 9.600 sec)
 Standby router is local
 Priority 100 (default 100)
 Group name is "hsrp-Vl1-1" (default)
Vlan10 - Group 1
 State is Active
 Virtual IP address is 172.16.10.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 0.208 secs
 Preemption enabled
 Active router is local
 Standby router is 172.16.10.10, priority 100 (expires in 10.112 sec)
 Priority 150 (configured 150)
 Group name is "hsrp-Vl10-1" (default)
Vlan20 - Group 1
 State is Standby
 Virtual IP address is 172.16.20.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 0.560 secs
 Preemption enabled
 Active router is 172.16.20.10, priority 150 (expires in 8.080 sec)
 Standby router is local
 Priority 100 (default 100)
 Group name is "hsrp-Vl20-1" (default)
Vlan30 - Group 1
 State is Active
 Virtual IP address is 172.16.30.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.824 secs
 Preemption enabled
 Active router is local
 Standby router is 172.16.30.10, priority 100 (expires in 10.496 sec)
 Priority 150 (configured 150)
 Group name is "hsrp-Vl30-1" (default)
Vlan40 - Group 1
 State is Standby
 Virtual IP address is 172.16.40.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.040 secs
 Preemption enabled
 Active router is 172.16.40.10, priority 150 (expires in 10.608 sec)
 Standby router is local
 Priority 100 (default 100)
 Group name is "hsrp-Vl40-1" (default)
S2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms

Allt ok så långt. Vi kan även testa failover:

S1(config)#inte range fa0/1 - 4
S1(config-if-range)#shut

En debug visar då följande på S3:

S3#
*Mar 1 00:19:36.980: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
*Mar 1 00:19:36.988: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
*Mar 1 00:19:36.997: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to down
S3#
*Mar 1 00:19:37.978: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
*Mar 1 00:19:38.012: %LINK-3-UPDOWN: Interface Port-channel2, changed state to down
*Mar 1 00:19:38.012: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down
S3#
*Mar 1 00:19:45.452: HSRP: Vl30 Grp 1 Standby router is unknown, was 172.16.30.10
*Mar 1 00:19:45.452: HSRP: Vl30 Nbr 172.16.30.10 no longer standby for group 1 (Active)
*Mar 1 00:19:45.452: HSRP: Vl30 Nbr 172.16.30.10 Was active or standby - start passive holddown
*Mar 1 00:19:45.872: HSRP: Vl10 Grp 1 Standby router is unknown, was 172.16.10.10
*Mar 1 00:19:45.872: HSRP: Vl10 Nbr 172.16.10.10 no longer standby for group 1 (Active)
*Mar 1 00:19:45.872: HSRP: Vl10 Nbr 172.16.10.10 Was active or
S3# standby - start passive holddown
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Standby: c/Active timer expired (172.16.1.10)
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Active router is local, was 172.16.1.10
*Mar 1 00:19:45.872: HSRP: Vl1 Nbr 172.16.1.10 no longer active for group 1 (Standby)
*Mar 1 00:19:45.872: HSRP: Vl1 Nbr 172.16.1.10 Was active or standby - start passive holddown
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Standby router is unknown, was local
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Standby -> Act
S3#ive
*Mar 1 00:19:45.872: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Standby -> Active
*Mar 1 00:19:45.872: HSRP: Vl1 Added 172.16.1.1 to ARP (0000.0c07.ac01)
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Activating MAC 0000.0c07.ac01
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Adding 0000.0c07.ac01 to MAC address filter
*Mar 1 00:19:45.872: HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" standby, local -> unknown
*Mar 1 00:19:45.872: HSRP:
S3# Vl1 IP Redundancy "hsrp-Vl1-1" update, Standby -> Active
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Standby: c/Active timer expired (172.16.20.10)
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Active router is local, was 172.16.20.10
*Mar 1 00:19:46.023: HSRP: Vl20 Nbr 172.16.20.10 no longer active for group 1 (Standby)
*Mar 1 00:19:46.023: HSRP: Vl20 Nbr 172.16.20.10 Was active or standby - start passive holddown
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Standby router is unknown, was local
*Mar 1 00:19:46.02
S3#3: HSRP: Vl20 Grp 1 Standby -> Active
*Mar 1 00:19:46.023: %HSRP-5-STATECHANGE: Vlan20 Grp 1 state Standby -> Active
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Redundancy "hsrp-Vl20-1" state Standby -> Active
*Mar 1 00:19:46.023: HSRP: Vl20 Added 172.16.20.1 to ARP (0000.0c07.ac01)
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Activating MAC 0000.0c07.ac01
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Adding 0000.0c07.ac01 to MAC address filter
*Mar 1 00:19:46.023: HSRP: Vl20 IP Redundancy "hsrp-Vl20-1" standby, lo
S3#cal -> unknown
*Mar 1 00:19:46.023: HSRP: Vl20 IP Redundancy "hsrp-Vl20-1" update, Standby -> Active
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Standby: c/Active timer expired (172.16.40.10)
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Active router is local, was 172.16.40.10
*Mar 1 00:19:46.392: HSRP: Vl40 Nbr 172.16.40.10 no longer active for group 1 (Standby)
*Mar 1 00:19:46.392: HSRP: Vl40 Nbr 172.16.40.10 Was active or standby - start passive holddown
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Standby rout
S3#er is unknown, was local
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Standby -> Active
*Mar 1 00:19:46.392: %HSRP-5-STATECHANGE: Vlan40 Grp 1 state Standby -> Active
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Redundancy "hsrp-Vl40-1" state Standby -> Active
*Mar 1 00:19:46.392: HSRP: Vl40 Added 172.16.40.1 to ARP (0000.0c07.ac01)
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Activating MAC 0000.0c07.ac01
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Adding 0000.0c07.ac01 to MAC address filter
*Mar 1 00:19:46.392: HSRP:
S3# Vl40 IP Redundancy "hsrp-Vl40-1" standby, local -> unknown
*Mar 1 00:19:46.392: HSRP: Vl40 IP Redundancy "hsrp-Vl40-1" update, Standby -> Active
*Mar 1 00:19:48.875: HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Active -> Active
*Mar 1 00:19:49.043: HSRP: Vl20 IP Redundancy "hsrp-Vl20-1" update, Active -> Active
*Mar 1 00:19:49.412: HSRP: Vl40 IP Redundancy "hsrp-Vl40-1" update, Active -> Active

Pingar vi från S2 igen kan vi nu se att S3 har tagit över:

S2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/9 ms

Tar vi upp interfacen på S1 så går den återigen Active för Vl1, 20 & 40 pga “standby 1 preempt”.,

S1#sh standby brief
 P indicates configured to preempt.
 |
Interface Grp Pri P State Active Standby Virtual IP
Vl1 1 150 P Active local 172.16.1.30 172.16.1.1
Vl10 1 100 P Standby 172.16.10.30 local 172.16.10.1
Vl20 1 150 P Active local 172.16.20.30 172.16.20.1
Vl30 1 100 P Standby 172.16.30.30 local 172.16.30.1
Vl40 1 150 P Active local 172.16.40.30 172.16.40.1

Klart!

MDH Lab – Switch Case Study

Jonas CollénCCNP

Topologi

lab4-3clean

Objectives

  • Plan and design the International Travel Agency switched network as shown in the diagram and described below.
  • Implement the design on the switches and router.
  • Verify that all configurations are operational and functioning according to the requirements.

Requirements

You will configure a group of switches and a router for the International Travel Agency. The network includes two distribution switches, S1 and S3, and two one access layer switches, S2. External router R3 and S1 provide inter-VLAN routing. Design the addressing scheme using the address space 172.16.0.0/16 range. You can subnet it any way you want, although it is recommended to use /24 subnets for simplicity.

  1. Place all switches in the VTP domain CISCO. Make S1 the VTP server and all other switches VTP clients.
  2. On S1, create the VLANs shown in the VLAN table and assign the names given. For subnet planning, allocate a subnet for each VLAN.
  3. Configure S1 as the primary spanning-tree root bridge for all VLANs. Configure S3 as the backup root bridge for all VLANs.
  4. Configure Fa0/4 between S1 and S3 as a Layer 3 link and assign a subnet to it.
  5. Create a loopback interface on S1 and assign a subnet to it.
  6. Configure the Fa0/3 link between S1 and S3 as an ISL trunk.
  7. Statically configure all inter-switch links as trunks.
  8. Configure all other trunk links using 802.1Q.
  9. Bind together the links from S1 & S3 to the access-switch together in an EtherChannel.
  10. Enable PortFast on all access ports.
  11. On S2, place Fa0/15 through Fa0/17 in VLAN 10. Place Fa0/19 and Fa0/25 in VLAN 20. Place Fa0/21-22 in VLAN 30.
  12. Create an 802.1Q trunk link between R3 and S3. Only VLANs 10 and 40 to pass through the trunk.
  13. Configure R2 subinterfaces for VLANs 10 and 40.
  14. Create an SVI on S1 in VLANs 20, 30, and 40. Create an SVI on S3 in VLAN 10 and 30, an SVI on S2 in VLAN 40.
  15.  Enable IP routing on S1 and S3. On R2 and S1, configure EIGRP for the whole major network (172.16.0.0/16) and disable automatic summarization.

VLANs:

  • Vlan 10 – Red
  • Vlan 20 – Blue
  • Vlan 30 – Orange
  • Vlan 40 – Green

Genomförande

Subnetting

Jag har som synes redan lagt in den subnetting jag gjorde i topologin men såhär ser den ut iaf: 172.16.0.0/16

Vlan 10 - Red 172.16.10.0/24
 Vlan 20 - Blue 172.16.20.0/24
 Vlan 30 - Orange 172.16.30.0/24
 Vlan 40 - Green 172.16.40.0/24

S1

Lo0 - 172.16.1.1/24
Vlan 20 - 172.16.20.1/24
Vlan 30 - 172.16.30.1/24
Vlan 40 - 172.16.40.1/24
S1-S3 Link - 172.16.13.1/24

S3

Vlan 10 - 172.16.10.3/24
S1-S3 Link - 172.16.13.3/24

S2

Vlan 40 - 172.16.40.2/24

R3

Vlan 40 - 172.16.40.200/24
Vlan 10 - 172.16.10.200/24

Med den information vi fått ovan kan vi uppdatera vår topologi lite:

Basic L2-konfig

S1 – Kom ihåg att S1 även ska vara Root-bridge för samtliga VLAN & VTP-server

Switch(config)#hostname S1
 S1(config)#line con 0
 S1(config-line)#logging sync
 S1(config-line)#!Trunk-links till S2
 S1(config-line)#int range fa0/1 - 2
 S1(config-if-range)#switchport trunk encaps dot1q
 S1(config-if-range)#switchport mode trunk
 S1(config-if-range)#description to S2
 S1(config-if-range)#channel-protocol lacp
 S1(config-if-range)#channel-group 1 mode active
 Creating a port-channel interface Port-channel 1
S1(config-if-range)#!L3-link till S3
 S1(config-if-range)#inte fa0/4
 % Command exited out of interface range and its sub-modes.
 Not executing the command for second and later interfaces
 S1(config-if)#no switchport
 S1(config-if)#ip add 172.16.13.1 255.255.255.0
 S1(config-if)#description to S3 L3-port
 S1(config-if)#!ISL-trunk till S3
 S1(config-if)#int fa0/3
 S1(config-if)#switchport trunk encapsulation isl
 S1(config-if)#switchport mode trunk
 S1(config-if)#description Trunklink to S3
 S1(config-if)#!VTP
 S1(config-if)#exit
 S1(config)#vtp mode server
 Device mode already VTP SERVER.
 S1(config)#vtp domain CISCO
 Changing VTP domain name from NULL to CISCO
 S1(config)#
 *Mar 1 00:14:20.226: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to CISCO.
 S1(config)#!VLANs
 S1(config)#vlan 10
 S1(config-vlan)#name Red
 S1(config-vlan)#vlan 20
 S1(config-vlan)#name Blue
 S1(config-vlan)#vlan 30
 S1(config-vlan)#name Orange
 S1(config-vlan)#vlan 40
 S1(config-vlan)#name Green
 S1(config-vlan)#exit
 S1(config)#spanning-tree vlan 1,10,20,30,40 root primary

S3 – Ska även vara Secondary Root-bridge för samtliga vlan

Switch(config)#hostname S3
 S3(config)#line con 0
 S3(config-line)#logging sync
 S3(config-line)#!Trunk-links till S2
 S3(config-line)#int range fa0/1 - 2
 S3(config-if-range)#switchport trunk encaps dot1q
 S3(config-if-range)#switchport mode trunk
 S3(config-if-range)#channel-protocol lacp
 S3(config-if-range)#channel-group 1 mode active
 Creating a port-channel interface Port-channel 1
S3(config-if-range)#
 S3(config-if-range)#description to S2
 S3(config-if-range)#inte fa0/3
 % Command exited out of interface range and its sub-modes.
 Not executing the command for second and later interfaces
 S3(config-if)#!ISL-trunk till S1
 S3(config-if)#switchport trunk encaps ISL
 S3(config-if)#switchport mode trunk
 S3(config-if)#description ISL-trunk to S1
 S3(config-if)#!L3-port till S1
 S3(config-if)#int fa0/4
 S3(config-if)#no switchport
 S3(config-if)#ip add 172.16.13.3 255.255.255.0
 S3(config-if)#description L3-link to S1
 S3(config-if)#exit
 S3(config)#vtp mode client
 Setting device to VTP CLIENT mode.
 S3(config)#vtp domain CISCO
 Domain name already set to CISCO.
 S3(config)#spanning-tree vlan 1,10,20,30,40 root secondary

S2

Switch(config)#hostname S2
 S2(config)#line con 0
 S2(config-line)#logging sync
 S2(config-line)#!Etherchannels till S1 & S3
 S2(config-line)#inte range fa0/1 - 2
 S2(config-if-range)#switchport mode trunk
 S2(config-if-range)#description to S1
 S2(config-if-range)#channel-protocol lacp
 S2(config-if-range)#channel-group 1 mode passive
 Creating a port-channel interface Port-channel 1
S2(config-if-range)#int range fa0/3 - 4
 S2(config-if-range)#switchport mode trunk
 S2(config-if-range)#description to S3
 S2(config-if-range)#channel-protocol lacp
 S2(config-if-range)#channel-group 2 mode passive
 Creating a port-channel interface Port-channel 2
S2(config-if-range)#exit
 S2(config)#!VTP
 S2(config)#vtp mode client
 Setting device to VTP CLIENT mode.
 S2(config)#vtp domain CISCO
 Domain name already set to CISCO.
S2(config)#!Host-interface
 S2(config)#int range fa0/15 - 17
 S2(config-if-range)#switchport mode access
 S2(config-if-range)#switchport access vlan 10
 S2(config-if-range)#spanning-tree portfast
 S2(config-if-range)#int range fa0/19 - 20
 S2(config-if-range)#switchport mode access
 S2(config-if-range)#switchport access vlan 20
 S2(config-if-range)#spanning-tree portfast
 S2(config-if-range)#int range fa0/21-22
 S2(config-if-range)#switchport mode access
 S2(config-if-range)#switchport access vlan 30
 S2(config-if-range)#spanning-tree portfast
 S2(config-if-range)end

L3-Konfig

S1 – Kom ihåg att aktivera routing innan vi lägger in EIGRP-konfig

S1(config)#int lo0
 S1(config-if)#ip add 172.16.1.1 255.255.255.0
 S1(config-if)#!SVIs for VLANs
 S1(config-if)#int vlan 20
 S1(config-if)#ip add 172.16.20.1 255.255.255.0
 S1(config-if)#description Red
 S1(config-if)#int vlan 30
 S1(config-if)#ip add 172.16.30.1 255.255.255.0
 S1(config-if)#description Blue
 S1(config-if)#int vlan 40
 S1(config-if)#ip add 172.16.40.1 255.255.255.0
 S1(config-if)#description Green
 S1(config-if)#exit
 S1(config)#ip routing
 S1(config)#router eigrp 1
 S1(config-router)#network 172.16.0.0
 S1(config-router)#no auto
 S1(config-router)#no auto-summary

S3

S3(config)#int vlan 10
 S3(config-if)#ip add 172.16.10.3 255.255.255.0
 S3(config-if)#description Red
 S3(config-if)#int vlan 30
 S3(config-if)#ip add 172.16.30.3 255.255.255.0
 S3(config-if)#description Orange
 S3(config-if)#exit
 S3(config)#ip routing
S3(config-if)#!trunk to R3
S3(config-if)#int fa0/5
S3(config-if)#description trunk to R3
S3(config-if)#switchport mode trunk
S3(config-if)#switchport trunk allowed vlan 10,40

S2

S2(config)#int vlan 40 
S2(config-if)#ip add 172.16.40.2 255.255.255.0 
S2(config-if)#description Green

Då var all switch-konfig klar, endast routern kvar.. R3

Router(config)#hostname R3
 R3(config)#inte fa0/1
 R3(config-if)#description to S3-trunklink
 R3(config-if)#no shut
 R3(config-if)#inte fa0/1.10
 R3(config-subif)#encapsulation dot1q 10
 R3(config-subif)#ip add 172.16.10.200 255.255.255.0
 R3(config-subif)#inte fa0/1.40
 R3(config-subif)#encapsulation dot1q 40
 R3(config-subif)#ip add 172.16.40.200 255.255.255.0
 R3(config-subif)#exit
R3(config)#router eigrp 1
 R3(config-router)#network 172.16.0.0
 R3(config-router)#no auto-summary
 R3(config-router)#end

Verifiering – L3

S1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 6 subnets
C 172.16.40.0 is directly connected, Vlan40
C 172.16.30.0 is directly connected, Vlan30
C 172.16.20.0 is directly connected, Vlan20
C 172.16.13.0 is directly connected, FastEthernet0/4
D 172.16.10.0 [90/28416] via 172.16.40.200, 00:01:51, Vlan40
C 172.16.1.0 is directly connected, Loopback0
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 6 subnets
C 172.16.40.0 is directly connected, FastEthernet0/1.40
D 172.16.30.0 [90/28416] via 172.16.40.1, 00:02:35, FastEthernet0/1.40
D 172.16.20.0 [90/28416] via 172.16.40.1, 00:02:35, FastEthernet0/1.40
D 172.16.13.0 [90/30720] via 172.16.40.1, 00:02:35, FastEthernet0/1.40
C 172.16.10.0 is directly connected, FastEthernet0/1.10
D 172.16.1.0 [90/156160] via 172.16.40.1, 00:02:35, FastEthernet0/1.40
S1#ping 172.16.40.200
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
S1#ping 172.16.10.200
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
S1#ping 172.16.40.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
R3#ping 172.16.40.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Verifiering L2

S3#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/3 on isl trunking 1
Fa0/5 on 802.1q trunking 1
Po1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/3 1-4094
Fa0/5 10,40
Po1 1-4094
S1#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0010, VLAN0020, VLAN0030, VLAN0040
S2#sh etherchannel summary
Flags: D - down P - bundled in port-channel
 I - stand-alone s - suspended
 H - Hot-standby (LACP only)
 R - Layer3 S - Layer2
 U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
 u - unsuitable for bundling
 w - waiting to be aggregated
 d - default port

Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) 
2 Po2(SU) LACP Fa0/3(P) Fa0/4(P)

Härligt! Stötte på lite problem under labben då det visade sig att interfacet jag tänkte använda mellan Switch & Router inte var directly connected. Det var inga problem att sätta upp trunkingen etc men trafiken fastnade i någon dold switch eller dylikt. Från början var det tänkt att Routern skulle vara ansluten till S2 men det fanns tyvärr inget interface att använda där som fungerade. Fick istället göra om ritningen lite och använda länken mellan R3-S3 men det fungerade ju precis lika bra efter lite mindre modifieringar. 🙂 Kul labb!

MDH Lab – Inter-VLAN MLS Routing

Jonas CollénCCNP

Topologi

lab4-2real

Objective

  • Route between VLANs using a 3560 switch with an internal route processor using Cisco Express Forwarding (CEF).

Background

The current network equipment includes a 3560 distribution layer switch and two 2960 access layer switches. The network is segmented into three functional subnets using VLANs for better network management. The VLANs include Finance, Engineering, and a subnet for equipment management, which is the default management VLAN, VLAN 1. After VTP and trunking have been configured for the switches, switched virtual interfaces (SVI) are configured on the distribution layer switch to route between these VLANs, providing full connectivity to the internal network.

Genomförande

Easy! Blir inte så mycket förklaringar här då all konfig är rätt självklar. Först fixar vi upp grundkonfigen:

S1

Switch(config)#hostname S1
S1(config)#line con 0
S1(config-line)#logging sync
S1(config-line)#int range fa0/3 - 4
S1(config-if-range)#switchport trunk encaps dot1q
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#channel-protocol pagp
S1(config-if-range)#channel-group 2 mode desirable 
Creating a port-channel interface Port-channel 2
S1(config-if-range)#int range fa0/1 - 2
S1(config-if-range)#switchport trunk encaps dot1q
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#channel-protocol pagp
S1(config-if-range)#channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
S1(config-if-range)#exit
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain Cisco
Changing VTP domain name from NULL to Cisco
S1(config)#vlan 100
S1(config-vlan)#name Finance
S1(config-vlan)#vlan 200
S1(config-vlan)#name Engineering
S1(config-vlan)#exit
S1(config)#spanning-tree vlan 1,100,200 root primary 
S1(config)#

S3

Switch(config)#hostname S3
S3(config)#line con 0
S3(config-line)#logging sync
S3(config-line)#int range fa0/1 - 4
S3(config-if-range)#switchport trunk encaps dot1q
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#int range fa0/1 - 2
S3(config-if-range)#channel-protocol pagp
S3(config-if-range)#channel-group 1 mode desirable 
Creating a port-channel interface Port-channel 1
3(config-if-range)#int range fa0/3 - 4
S3(config-if-range)#channel-protocol pagp
S3(config-if-range)#channel-group 2 mode auto
Creating a port-channel interface Port-channel 2
S3(config-if-range)#exit
S3(config)#vtp domain Cisco
Domain name already set to Cisco.
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.

S2

Switch(config)#hostname S2
S2(config)#int range fa0/1 - 4
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#int range fa0/1 - 2
S2(config-if-range)#channel-protocol pagp
S2(config-if-range)#channel-group 1 mode auto
Creating a port-channel interface Port-channel 1
S2(config-if-range)#int range fa0/3 - 4
S2(config-if-range)#channel-protocol pagp
S2(config-if-range)#channel-group 2 mode auto
Creating a port-channel interface Port-channel 2
S2(config-if-range)#exit
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain Cisco
Domain name already set to Cisco.
S2#sh etherchannel summary
Flags: D - down P - bundled in port-channel
 I - stand-alone s - suspended
 H - Hot-standby (LACP only)
 R - Layer3 S - Layer2
 U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
 u - unsuitable for bundling
 w - waiting to be aggregated
 d - default port

Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P) 
2 Po2(SU) PAgP Fa0/3(P) Fa0/4(P)
S3#sh etherchannel summary
Flags: D - down P - bundled in port-channel
 I - stand-alone s - suspended
 H - Hot-standby (LACP only)
 R - Layer3 S - Layer2
 U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
 u - unsuitable for bundling
 w - waiting to be aggregated
 d - default port

Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P) 
2 Po2(SU) PAgP Fa0/3(P) Fa0/4(P)

Allt ok så långt!

Så då återstår det bara att konfa upp lite L3 SVI’s, vilket är oerhört enkelt egentligen.

S1(config)#interface vlan 1
S1(config-if)#ip add 172.16.1.1 255.255.255.0
S1(config-if)#no shut
S1(config-if)#interface vlan 100
S1(config-if)#ip add 172.16.100.1 255.255.255.0
S1(config-if)#no shut
S1(config-if)#interface vlan 200
S1(config-if)#ip add 172.16.200.1 255.255.255.0
S1(config-if)#no shut
S1(config-if)#exit

Lätt att glömma är att vi även måste aktivera routing-funktionen i switchen!

S1(config)#ip routing

Vi har ju tyvärr ingen host att testa med nu men vi kan åtminstone dra en ping från S3 till något av S1’s vlan.

S3(config)#int vlan 1
S3(config-if)#ip add 172.16.1.3 255.255.255.0
S3(config-if)#no shut
S3(config-if)#exit
S3(config)#ip default-gateway 172.16.1.1
S3(config)#do ping 172.16.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms

Vackert.

Om vi tar en titt i CEF-table för 172.16.1.3 kan vi se följande:

S1#sh ip cef 172.16.1.3 detail
 172.16.1.3/32, epoch 2, flags attached
 Adj source: IP adj out of Vlan1, addr 172.16.1.3 038C1420
 Dependent covered prefix type adjfib cover 172.16.1.0/24
 attached to Vlan1

Och switchen har även ett entry i adjacency-table med L2-information för nexthop (S3):

S1#sh adjacency detail
Protocol Interface Address
IP Vlan1 172.16.1.3(8)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
0014A8899CC00024C33F9EC00800
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ip
ARP

MDH Lab – Inter-VLAN routing

Jonas CollénCCNP

Topologi

lab4-2

Objective

  • Configure inter-VLAN routing using an external router, also known as a router on a stick.

Background

Inter-VLAN routing using an external router can be a cost-effective solution when it is necessary to segment a network into multiple broadcast domains. In this lab, you split an existing network into two separate VLANs on the access layer switches, and use an external router to route between the VLANs.

An 802.1Q trunk connects the switch and the Fast Ethernet interface of the router for routing and management.

Static routes are used between the gateway router and the ISP router. The switches are connected via an 802.1Q EtherChannel link.

Genomförande

För omväxlingsskull kan vi väl börja med routrarna den här gången.

ISP

Router(config)#hostname ISP
 ISP(config)#line con 0
 ISP(config-line)#logging synchro
 ISP(config-line)#exit
 ISP(config)#int lo0
 ISP(config-if)#ip add 200.200.200.1 255.255.255.0
 ISP(config-if)#int s0/0/0
 ISP(config-if)#ip add 192.168.1.2 255.255.255.0
 ISP(config-if)#no shut
 ISP(config-if)#exit
 ISP(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 192.168.1.1

Gateway

Router(config)#hostname Gateway
 Gateway(config)#line con 0
 Gateway(config-line)#logging sync
 Gateway(config-line)#int s0/0/0
 Gateway(config-if)#ip add 192.168.1.1 255.255.255.0
 Gateway(config-if)#no shut
 Gateway(config-if)#clock rate 256000
 Gateway(config-if)#exit
 Gateway(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 192.168.1.2
 Gateway(config)#do ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms

Vi kan väl vänta lite med att sätta upp Intervlan-routingen tills vi är klara med grundkonfigen så vi fortsätter med S1 och S3 istället.

S1

Switch(config)#hostname S1
 S1(config)#line con 0
 S1(config-line)#logging sync
 S1(config-line)#exit
 S1(config)#int range fa0/3 - 4
 S1(config-if-range)#switchport trunk encaps dot1q
 S1(config-if-range)#switchport mode dynamic desirable
 S1(config-if-range)#description to S3
 S1(config-if-range)#channel-protocol pagp
 S1(config-if-range)#channel-group 1 mode desirable
 Creating a port-channel interface Port-channel 1
S1(config-if-range)#int vlan 1
 % Command exited out of interface range and its sub-modes.
 Not executing the command for second and later interfaces
 S1(config-if)#ip add 172.16.1.2 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#exit
 S1(config)#ip default-gateway 172.16.1.1
 S1(config)#vlan 100,200

S3

Switch(config)#hostname S3
 S3(config)#line con 0
 S3(config-line)#logging sync
 S3(config-line)#exit
 S3(config)#int range fa0/3 - 4
 S3(config-if-range)#switchport trunk encaps dot1q
 S3(config-if-range)#switchport mode dynamic auto
 S3(config-if-range)#channel-protocol pagp
 S3(config-if-range)#channel-group 1 mode auto
 Creating a port-channel interface Port-channel 1
 S3(config-if-range)#description to S1
 S3(config-if-range)#int vlan 1
 % Command exited out of interface range and its sub-modes.
 Not executing the command for second and later interfaces
 S3(config-if)#ip add 172.16.1.3 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#exit
 S3(config)#ip default-gateway 172.16.1.1
 S3(config)#vlan 100,200

Då var det dags att konfa upp Inter-VLAN routing. För att kunna använda oss av subinterface för varje vlan (1, 100, 200) behöver vi aktivera trunking mellan S1 & Gateway. Observera att vi ej kan använda DTP-negotiaton när det är en router vi ansluter till (inget stöd för DTP).

S1

S1(config)#int fa0/5
 S1(config-if)#switchport trunk encapsulation dot1q
 S1(config-if)#switchport mode trunk
 S1(config-if)#description to Gateway
 S1(config-if)#spanning-tree portfast trunk
 %Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

Gateway

Gateway(config)#int fa0/1
 Gateway(config-if)#description to S1
 Gateway(config-if)#no shut
 Gateway(config-if)#inte fa0/1.1
 Gateway(config-subif)#encapsulation dot1q 1 native
 Gateway(config-subif)#ip add 172.16.1.1 255.255.255.0
 Gateway(config-subif)#inte fa0/1.100
 Gateway(config-subif)#encapsulation dot1q 100
 Gateway(config-subif)#ip add 172.16.100.1 255.255.255.0
 Gateway(config-subif)#inte fa0/1.200
 Gateway(config-subif)#encapsulation dot1q 200
 Gateway(config-subif)#ip add 172.16.200.1 255.255.255.0
 Gateway(config-subif)#end

Klart!

Vi kan verifera med att pinga mellan S3 & ISPs loopback t.ex.:

S3#ping 200.200.200.1
Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 8/209/1015 ms

MDH Lab – MST

Jonas CollénCCNP

Topologi

lab3-4

Objective

  • Observe the behavior of multiple spanning tree (MST)

Background

Four switches have just been installed. The distribution layer switches are Catalyst 3560s, and the accesslayer switches are Catalyst 2960s. There are redundant uplinks between the access layer and distributionlayer. Because of the possibility of bridging loops, spanning tree logically removes any redundant links.

In this lab, we will group VLANs using MST so that we can have fewer spanning tree instances running at once to minimize switch CPU load.

Genomförande

Har redan lagt in grundkonfig för trunking & vlan, se tidigare inlägg om du är intresserad om hur det är konfat.

Vi börjar med att ta fram en MST-konfig i notepad++ som vi kan använda på alla tre switchar:

spanning-tree mst configuration
name GoCCIE
revision 1
instance 1 vlan 10,20,30,40,50
instance 2 vlan 60,70,80,90,100
exit

Detta paste’ar vi inte i S1, S2 & S3 och aktiverar sedan MST genom kommandot:

spanning-tree mode mst

Det är nämligen rekommenderat att skapa instansen först på samtliga switchar innan vi aktiverar MST för att inte få “region-inconsistencies”.

S1#show spanning-tree mst
##### MST1 vlans mapped: 10,20,30,40,50
Bridge address 0024.c33f.9e80 priority 32769 (32768 sysid 1)
Root address 0014.a889.9c80 priority 32769 (32768 sysid 1)
 port Fa0/3 cost 200000 rem hops 19
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 200000 128.3 P2p 
Fa0/2 Desg FWD 200000 128.4 P2p 
Fa0/3 Root FWD 200000 128.5 P2p 
Fa0/4 Altn BLK 200000 128.6 P2p
##### MST2 vlans mapped: 60,70,80,90,100
Bridge address 0024.c33f.9e80 priority 32770 (32768 sysid 2)
Root address 0014.a889.9c80 priority 32770 (32768 sysid 2)
 port Fa0/3 cost 200000 rem hops 19
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 200000 128.3 P2p 
Fa0/2 Desg FWD 200000 128.4 P2p 
Fa0/3 Root FWD 200000 128.5 P2p 
Fa0/4 Altn BLK 200000 128.6 P2p

Precis som tidigare kan vi se att det default blir S3 som tar rollen som root-bridge pga sin lägre mac-adress.  Enligt uppgiften ska det dock vara enligt följande:

  • S1 – Primary för instans 1, Secondary för instans 2
  • S3  – Secondary för instans 1, Primary för instans 2

Konfigen påminner väldigt mycket om hur vi gör i PVST:

S1(config)#spanning-tree mst 1 root primary
S1(config)#spanning-tree mst 2 root secondary
S3(config)#spanning-tree mst 1 root secondary
S3(config)#spanning-tree mst 2 root primary

Svårare än så är det inte. Kommer göra lite mer avancerade topologier senare bara jag blir klar med MDH’s labbar där vi kan kolla på ex. “MST Multipel Regions” som kan bli lite halvklurigt. 🙂

MDH Lab – PVST/Rapid-PVST

Jonas CollénCCNP

Topologi

lab3-3

Objectives

• Observe the behavior of a separate spanning tree instance per VLAN.
• Change spanning tree mode to rapid spanning tree.

Background

Four switches have just been installed. The distribution layer switches are Catalyst 3560s, and the access
layer switches are Catalyst 2960s. There are redundant uplinks between the access layer and distribution
layer. Because of the possibility of bridging loops, spanning tree logically removes any redundant links. In this
lab, you will see what happens when spanning tree is configured differently for different VLANs.

Genomförande

Vi börjar med lite grundkonfig för respektive switch.

S1

Switch(config)#hostname S1
S1(config)#line con 0
S1(config-line)#logging synchronous 
S1(config-line)#exit
S1(config)#int range fa0/1 - 2
S1(config-if-range)#switchport trunk encapsulation dot1q
S1(config-if-range)#switchport mode dynamic desirable 
S1(config-if-range)#description to S2
S1(config-if-range)#int range fa0/3 - 4
S1(config-if-range)#switchport trunk encapsulation isl
S1(config-if-range)#switchport mode dynamic desirable 
S1(config-if-range)#description to S3
S1(config-if-range)#exit
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain Cisco
Changing VTP domain name from NULL to Cisco
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S1(config)#vtp version 2
S1(config)#vlan 10,20,50,60,70,80,90,100
S1(config-vlan)#exit

S1#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable isl trunking 1
Fa0/4 desirable isl trunking 1
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,50,60,70,80,90,100
Fa0/2 1,10,20,50,60,70,80,90,100
Fa0/3 1,10,20,50,60,70,80,90,100
Fa0/4 1,10,20,50,60,70,80,90,100

S3

Switch(config)#hostname S3
S3(config)#line con 0
S3(config-line)#logging synchro
S3(config-line)#int range fa0/1 - 2
S3(config-if-range)#switchport trunk encapsulation dot1q
S3(config-if-range)#switchport mode dynamic desirable 
S3(config-if-range)#description to S2
S3(config-if-range)#int range fa0/3 - 4
S3(config-if-range)#switchport trunk encapsulation isl
S3(config-if-range)#switchport mode dynamic auto
S3(config-if-range)#description to S1
S3(config-if-range)#exit
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain Cisco
Changing VTP domain name from NULL to Cisco
S3(config)#vtp password cisco
Setting device VLAN database password to cisco

3#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 auto isl trunking 1
Fa0/4 auto isl trunking 1
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,50,60,70,80,90,100
Fa0/2 1,10,20,50,60,70,80,90,100
Fa0/3 1,10,20,50,60,70,80,90,100
Fa0/4 1,10,20,50,60,70,80,90,100

S2

Switch(config)#hostname S2
S2(config)#line con 0
S2(config-line)#logging sync
S2(config-line)#int range fa0/1 - 2
S2(config-if-range)#switchport trunk encaps
S2(config-if-range)#switchport mode dynamic auto
S2(config-if-range)#description to S1
S2(config-if-range)#int range fa0/3 - 4
S2(config-if-range)#switchport mode dynamic auto
S2(config-if-range)#description to S3
S2(config-if-range)#exit
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain Cisco
Changing VTP domain name from NULL to Cisco
S2(config)#vtp 
*Mar 1 00:27:37.639: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to Cisco.
S2(config)#vtp password cisco
Setting device VLAN database password to cisco

S2#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 auto 802.1q trunking 1
Fa0/2 auto 802.1q trunking 1
Fa0/3 auto 802.1q trunking 1
Fa0/4 auto 802.1q trunking 1
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,50,60,70,80,90,100
Fa0/2 1,10,20,50,60,70,80,90,100
Fa0/3 1,10,20,50,60,70,80,90,100
Fa0/4 1,10,20,50,60,70,80,90,100

Enligt uppgiften ska S1 vara:

  • Primary root-bridge för Vlan 10, 50, 60, 70
  • Secondary root-bridge för Vlan 20, 80, 90, 100

Det fixar vi enkelt med följande kommando:

S1(config)#spanning-tree vlan 10,50,60,70 root primary
S1(config)#spanning-tree vlan 20,80,90,100 root secondary

Och vice versa på S3:

S3(config)#spanning-tree vlan 10,50,60,70 root secondary
S3(config)#spanning-tree vlan 20,80,90,100 root primary

Verifiera med:

S3#sh spanning-tree vlan 10
VLAN0010
 Spanning tree enabled protocol ieee
 Root ID Priority 24586
 Address 0024.c33f.9e80
 Cost 19
 Port 5 (FastEthernet0/3)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
S3#sh spanning-tree vlan 20
VLAN0020
 Spanning tree enabled protocol ieee
 Root ID Priority 24596
 Address 0014.a889.9c80
 This bridge is the root

Vi skulle sedan ändra cost för Vlan20 till 15 mellan S1-S2’s Fa0/4 interface. Observera att fa0/3 just nu används som root-port på S1 till S3 (root-bridge) innan vi ändrar något, detta pga equal cost 19 – fa0/3 vinner med lägre port-id. Behöver endast ändra på S1 då S3 har alla portar som designated (root-bridge).

S1(config)#int fa0/4 
S1(config-if)#spanning-tree vlan 20 cost 15
S1(config-if)#do sh spanning-tree vlan 20
VLAN0020
 Spanning tree enabled protocol ieee
 Root ID Priority 24596
 Address 0014.a889.9c80
 Cost 15
 Port 6 (FastEthernet0/4)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28692 (priority 28672 sys-id-ext 20)
 Address 0024.c33f.9e80
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p 
Fa0/2 Desg FWD 19 128.4 P2p 
Fa0/3 Altn BLK 19 128.5 P2p 
Fa0/4 Root FWD 15 128.6 P2p

Vackert!

Vi skulle även byta till rapid-pvst:

S1(config)#spanning-tree mode rapid-pvst 
S2(config)#spanning-tree mode rapid-pvst 
S3(config)#spanning-tree mode rapid-pvst 
S3#sh spanning-tree vlan 20
VLAN0020
 Spanning tree enabled protocol rstp
 Root ID Priority 24596
 Address 0014.a889.9c80
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Klart!

MDH Lab – Spanning-tree Tuning

Jonas CollénCCNP

Topologi

lab3-2

Objective

Observe what happens when the default spanning tree behavior is modified.

Background

Four switches have just been installed. The distribution layer switches are Catalyst 3560s, and the accesslayer switches are Catalyst 2960s. There are redundant uplinks between the access layer and distribution layer.

Because of the possibility of bridging loops, spanning tree logically removes any redundant links. In this lab, you will see what happens when the default spanning tree behavior is modified.

Verifiering

Vi kan väl börja med att ta en titt på hur STP ser ut innan vi börjar modifera något.

S1

S1#sh spanning-tree
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 0014.a889.9c80
 Cost 19
 Port 5 (FastEthernet0/3)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0024.c33f.9e80
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p 
Fa0/2 Desg FWD 19 128.4 P2p 
Fa0/3 Root FWD 19 128.5 P2p 
Fa0/4 Altn BLK 19 128.6 P2p

S2

S2#sh spanning-tree
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 0014.a889.9c80
 Cost 19
 Port 3 (FastEthernet0/3)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0025.b4c7.c580
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Altn BLK 19 128.1 P2p 
Fa0/2 Altn BLK 19 128.2 P2p 
Fa0/3 Root FWD 19 128.3 P2p 
Fa0/4 Altn BLK 19 128.4 P2p

S3

S3#sh spanning-tree
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 0014.a889.9c80
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0014.a889.9c80
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p 
Fa0/2 Desg FWD 19 128.4 P2p 
Fa0/3 Desg FWD 19 128.5 P2p 
Fa0/4 Desg FWD 19 128.6 P2p

Som synes är S3 root, varför? Om vi jämför mac-adresserna så ser vi att S3 har lägst, och då priority för alla tre är 32768 vinner därför S3.

S1’s root-port är fa0/3, fa0/4 står därför i Alternate/Blocking pga lägre port-id (cost är samma).

S2’s root-port är fa0/3, fa0/4 står därför i Alternate/Blocking pga lägre port-id (cost samma). Fa0/1-2 stängs också av då S1 har lägre mac-adress och sätter därför sina portar mot S2 som designated. Vi kan endast ha en designated-port per länk och fa0/1-2 blir därför Alternate.

Genomförande

Vi börjar med att konfa S1 som Primary och S3 som Secondary root.

S1

S1(config)#spanning-tree vlan 1 root primary

S3

S3(config)#spanning-tree vlan 1 root secondary

Vi kan se att R2’s root-port nu ändrats till Fa0/1:

S2#sh spanning-tree
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 24577
 Address 0024.c33f.9e80 <- S1
 Cost 19
 Port 1 (FastEthernet0/1)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0025.b4c7.c580
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p 
Fa0/2 Altn BLK 19 128.2 P2p 
Fa0/3 Altn BLK 19 128.3 P2p 
Fa0/4 Altn BLK 19 128.4 P2p

S3 som tidigare hade alla portar som designated (root-bridge) har nu satt Fa0/3 som root-port och fa0/4 som alternate.

S3(config)#do sh sp
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 24577
 Address 0024.c33f.9e80
 Cost 19
 Port 5 (FastEthernet0/3)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
 Address 0014.a889.9c80
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p 
Fa0/2 Desg FWD 19 128.4 P2p 
Fa0/3 Root FWD 19 128.5 P2p 
Fa0/4 Altn BLK 19 128.6 P2p

Hur gör vi då om vi vill att STP ska föredra att gå över Fa0/4 istället för Fa0/3?

Första alternativet är att ändra port-priority (default 128), kom ihåg att lägst är bäst:

S3(config)#int fa0/4
S3(config-if)#spanning-tree port-priority ?
<0-240> port priority in increments of 16
S3(config-if)#spanning-tree port-priority 112
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p 
Fa0/2 Desg FWD 19 128.4 P2p 
Fa0/3 Root FWD 19 128.5 P2p 
Fa0/4 Altn BLK 19 112.6 P2p

När vi verifierar med sh spanning-tree märks det ingen förändring? Vi har lägre priority men porten står fortfarande som ALT/Blocking. Detta hade jag helt glömt bort, root-port bestäms efter vad “upstream-neighbor” advertisar som port-id (port-priority+ interface-id). Ändrar vi istället samma konfig på S1 så kan vi direkt se skillnaden:

S1(config-if)#spanning-tree port-priority 112
S3#sh spanning-tree
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p 
Fa0/2 Desg FWD 19 128.4 P2p 
Fa0/3 Altn BLK 19 128.5 P2p 
Fa0/4 Root FWD 19 128.6 P2p

Hittade följande förklaring på nätet som förklarade koncecptet bra:

The root bridge originates the bpdus, switch D receives bpdus on ports 5/1 and 5/2 , it compares the two bpdus received, both have the same bridge id so the port cost is checked. Port cost is dependent on the bw of the interface, in this case both have the same bandwidth so the senders port id is checked.

The senders port-id consists of the senders port priority and the port number of the sending interface.The bpdu with the lowest port-id will be preferred so the interface which received the best bpdu will be root and the other interface with a lower priority bpdu is blocked.

So in order to manipulate which port is forwarding or blocking on your local switch, you must configure the remote switch ports so that they will modify bpdu parameters on transmission.

Vi kan även ändra spanning-tree cost för en länk, vilket som synes är 19 just nu på samtliga länkar mellan S1-S2-S3 (default för 100M).

Om vi vill ändra S2’s root-port från Fa0/1 till Fa0/2 behöver vi bara öka costen på Fa0/1 (alternativt sänka den på Fa0/2):

S2(config)#inte fa0/1
S2(config-if)#spanning-tree cost ?
 <1-200000000> port path cost
S2(config-if)#spanning-tree cost 200
S2#sh spanning-tree
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Altn BLK 200 128.1 P2p 
Fa0/2 Root LIS 19 128.2 P2p 
Fa0/3 Altn BLK 19 128.3 P2p 
Fa0/4 Altn BLK 19 128.4 P2p

Observera att för cost så kan vi ändra direkt på switchen, vi behöver inte göra ändringen på neighbor. Detta då switchen alltid lägger till sin egen “Root Path Cost” när den mottager ett BPDU. S1 kommer skicka BPDU’s med RPC = 0, för fa0/1 blir det då 0+200, och fa0/2 0+19 -> fa0/2 blir root-port pga lägre cost.

MDH Lab – Etherchannel

Jonas CollénCCNP

Topologi

lab2-2

Objective

  • Configure EtherChannel

Background

Four switches have just been installed. The distribution layer switches are Catalyst 3560 switches, and the access layer switches are Catalyst 2960 switches. There are redundant uplinks between the access layer and
distribution layer.

Usually, only one of these links could be used; otherwise, a bridging loop might occur. However, using only one link utilizes only half of the available bandwidth. EtherChannel allows up to eight redundant links to be bundled together into one logical link.

In this lab, you configure Port Aggregation  Protocol (PAgP), a Cisco EtherChannel protocol, and Link Aggregation Control Protocol (LACP), an IEEE 802.3ad open standard version of EtherChannel.

Genomförande

Är som synes samma topologi från förra labben så all gammal konfig ligger fortfarande kvar, bör dock inte ställa till med några problem förhoppningsvis. Har dock tagit bort ip-adresserna från vlan 1 (default interface vlan 1) på samtliga switchar.

Låt oss börja med att konfa upp PAgP & LACP.

S1 – PAgP

S1(config)#int range fa0/1 - 2
S1(config-if-range)#shut
S1(config-if-range)#channel-protocol pagp
S1(config-if-range)#channel-group 1 mode desirable 
Creating a port-channel interface Port-channel 1
S1(config-if-range)#no shut

S2 – PAgP

S2(config)#int range fa0/1 - 2
S2(config-if-range)#shut
S2(config-if-range)#channel-protocol pagp
S2(config-if-range)#channel-group 1 mode auto
Creating a port-channel interface Port-channel 1
S2(config-if-range)#no shut

S2 – LACP (Obs, kom ihåg att använda en ny channel-group!)

S2(config)#inte range fa0/3 -4
S2(config-if-range)#shut
S2(config-if-range)#channel-protocol lacp
S2(config-if-range)#channel-group 2 mode passive
Creating a port-channel interface Port-channel 2
S2(config-if-range)#no shut

S3 – LACP

S3(config)#int range fa0/1 -2 
S3(config-if-range)#shut
S3(config-if-range)#channel-protocol lacp
S3(config-if-range)#channel-group 2 mode active
Creating a port-channel interface Port-channel 2
S3(config-if-range)#no shut

Enklast är väl att verifiera på S2 att allt är ok.

S2#sh etherchannel summary
Flags: D - down P - bundled in port-channel
 I - stand-alone s - suspended
 H - Hot-standby (LACP only)
 R - Layer3 S - Layer2
 U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
 u - unsuitable for bundling
 w - waiting to be aggregated
 d - default port

Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P) 
2 Po2(SU) LACP Fa0/3(P) Fa0/4(P)

Allt ok så långt.

Innan vi sätter upp L3-Etherchannel mellan S1 & S3 måste vi vara noga med att konfa upp det i rätt ordning, se tidigare inlägg för en genomgång av L3-Etherchannel.

S1

S1(config)#int range fa0/3 - 4
S1(config-if-range)#shut
S1(config-if-range)#no switchport 
S1(config-if-range)#channel-group 5 mode on
Creating a port-channel interface Port-channel 5
S1(config-if-range)#int po5
% Command exited out of interface range and its sub-modes.
 Not executing the command for second and later interfaces
S1(config-if)#ip add 10.1.1.101 255.255.255.0

S3

S3(config)#int range fa0/3 - 4
S3(config-if-range)#shut
S3(config-if-range)#no switchport 
S3(config-if-range)#channel-group 5 mode on
Creating a port-channel interface Port-channel 5
S3(config-if-range)#no shut
S3(config-if-range)#int po5
% Command exited out of interface range and its sub-modes.
 Not executing the command for second and later interfaces
S3(config-if)#ip add 10.1.1.102 255.255.255.0
S3(config-if)#end
S3#ping 10.1.1.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.101, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/9 ms

Då var det bara last-balanseringen kvar, vilket är väldigt simpelt att konfa.

För S1, S2 & S3:

S3(config)#port-channel load-balance src-dst-mac
S3#show etherchannel load-balance 
EtherChannel Load-Balancing Configuration:
 src-dst-mac
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
 IPv4: Source XOR Destination MAC address
 IPv6: Source XOR Destination MAC address

Klart!

MDH Lab – Basic Trunking & VTP

Jonas CollénCCNP

Topologi

lab2-1

Objectives

  • Set up a VTP domain
  • Create and maintain VLANs
  • Configure ISL and 802.1Q trunking

Background  

VLANs logically segment a network by function, team, or application, regardless of the physical location of the users. End stations in a particular IP subnet are often associated with a specific VLAN. VLAN membership on a switch that is assigned manually for each interface is known as static VLAN membership. Trunking, or connecting switches, and the VLAN Trunking Protocol (VTP) are technologies that support VLANs.

VTP manages the addition, deletion, and renaming of VLANs on the entire network from a single central switch.  Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz.122- 46.SE.bin, and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin.

You can use other switches (such as a 2950 or 3550) and Cisco IOS Software versions if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Genomförande

Första labben av ~10 vi fått från MDH att genomföra närmaste 2 veckorna. De första verkar väldigt basic dock så får se hur långt jag hinner idag, skönt att vara igång och konfa lite och släppa teorin 😉

Det är ingen idé att börja med VTP då det kräver fungerande trunk-länkar för att kunna utbyta paket, så vi tar trunkarna & vlan1 först.

S1

Switch(config)#hostname S1
S1(config)#line con 0
S1(config-line)#logging synchronous
S1(config-line)#int range fa0/1 - 2
S1(config-if-range)#switchport trunk encapsulation dot1q 
S1(config-if-range)#switchport mode dynamic desirable 
S1(config-if-range)#description To S2
S1(config-if-range)#int range fa0/3 - 4
S1(config-if-range)#switchport trunk encapsulation isl
S1(config-if-range)#switchport mode dynamic desirable
S1(config-if-range)#description To S3
S1(config)#int vlan 1
S1(config-if)#ip add 10.1.1.101 255.255.255.0
S1(config-if)#no shut

S3

Switch(config)#hostname S3
S3(config)#line con 0
S3(config-line)#logging synchronous 
S3(config-line)#exit
S3(config)#int range fa0/1 - 2
SS3(config-if-range)#switchport trunk encapsulation dot1q
S3(config-if-range)#switchport mode dynamic desirable 
S3(config-if-range)#description to S2
S3(config-if-range)#int range fa0/3 - 4
S3(config-if-range)#switchport trunk encapsulation ISL
S3(config-if-range)#switchport mode dynamic auto
S3(config-if-range)#description to S1
S3(config-if-range)#end
S3(config)#int vlan1
S3(config-if)#ip add 10.1.1.102 255.255.255.0
S3(config-if)#no shut

S2

Switch(config)#hostname S2
S2(config)#line con 0
S2(config-line)#logging synchronous 
S2(config-line)#exit
S2(config)#inte range fa0/1 - 2
S2(config-if-range)#switchport mode dynamic auto
S2(config-if-range)#description to S1
S2(config-if-range)#int range fa0/3 - 4
S2(config-if-range)#switchport mode dynamic auto
S2(config-if-range)#description to S3
S2(config)#int vlan 1
S2(config-if)#ip add 10.1.1.103 255.255.255.0
S2(config-if)#no shut

S2 är en 2960 och har ej stöd för ISL, vi behöver därför endast sätta dynamic auto på upplänkarna mot S1 & S3.

S1#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable isl trunking 1
Fa0/4 desirable isl trunking 1

Allt ok så långt, vi tar och sätter S1 som VTP-server & skapar vlanen där, S2+S3 konfas som VTP klienter.

S1

S1(config)#vlan 100
S1(config-vlan)#name ServerFarm1
S1(config-vlan)#vlan 110
S1(config-vlan)#name ServerFarm2
S1(config-vlan)#vlan 120
S1(config-vlan)#name Net-Eng
S1(config-vlan)#exit
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain CCIE 
Changing VTP domain name from NULL to CCIE
S1(config)#vtp password cc1e
Setting device VLAN database password to cc1e
S1(config)#vtp version 2

S3

S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain CCIE
Domain name already set to CCIE. <- Kom ihåg att VTP-clienter automatiskt byter till den domän som annonseras om de inte redan är med i en domän.
S3(config)#vtp password cc1e
Setting device VLAN database password to cc1e
S3(config)#vtp version 2 <- Annonseras av VTP-servern
Cannot modify version in VTP client mode

S2

S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp password cc1e
Setting device VLAN database password to cc1e
S2#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Fa0/22, Fa0/23, Fa0/24
 Gi0/1, Gi0/2
100 ServerFarm1 active 
110 ServerFarm2 active 
120 Net-Eng active 
1002 fddi-default act/unsup 
1003 token-ring-default act/unsup 
1004 fddinet-default act/unsup 
1005 trnet-default act/unsup

Sen kan vi väl även ta och slänga in några interface i respektive vlan med grundläggande säkerhetsfunktioner.

S1

S1(config)#int range fa0/5 - 10
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 100
S1(config-if-range)#spanning-tree portfast
S1(config-if-range)#description ServerFarm1, vlan 100
S1(config-if-range)#switchport port-security 
S1(config-if-range)#switchport port-security violation shutdown
S1(config-if-range)#switchport port-security max 1

S3

S3(config)#int range fa0/5 - 10
S3(config-if-range)#switchport mode access
S3(config-if-range)#switchport access vlan 120
S3(config-if-range)#spanning-tree portfast 
S3(config-if-range)#description Net-Eng
S3(config-if-range)#switchport port-security 
S3(config-if-range)#switchport port-security violation shutdown
S3(config-if-range)#switchport port-security max 1

S2

S2(config)#int range fa0/5 - 10
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 110
S2(config-if-range)#spanning-tree portfast
S2(config-if-range)#description ServerFarm2, vlan 110
S2(config-if-range)#switchport port-security 
S2(config-if-range)#switchport port-security violation shutdown 
S2(config-if-range)#switchport port-security max 1

Klart! Har tyvärr inga hostar jag kan testa mot men genom show interface trunk, show vlan, show vtp status kan vi verifera att allt ser ok ut.

S1#sh vtp status
VTP Version : running VTP2
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : CCIE
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x27 0x6D 0xB4 0x0D 0xA5 0xB5 0x1E 0x45 
Configuration last modified by 0.0.0.0 at 3-1-93 01:06:54
Local updater ID is 0.0.0.0 (no valid interface found)

S1#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable isl trunking 1
Fa0/4 desirable isl trunking 1

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
 Fa0/15, Fa0/16, Fa0/17, Fa0/18
 Fa0/19, Fa0/20, Fa0/21, Fa0/22
 Fa0/23, Fa0/24, Gi0/1, Gi0/2
100 ServerFarm1 active Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10
110 ServerFarm2 active 
120 Net-Eng active 
1002 fddi-default act/unsup 
1003 trcrf-default act/unsup 
1004 fddinet-default act/unsup 
1005 trbrf-default act/unsup

Switching – RSTP

Jonas CollénCCNP

Då STP är alldeles för långsamt att konvergera och vi inte direkt kan konfigurera PortFast överallt togs istället “Rapid Spanning-Tree” 802.1w, fram.

RSTP-Ports

Nya Port-states:

  • Discarding (Blocking)
  • Learning
  • Forwarding

Port-Roles:

  • Root-port
  • Designated-port
  • Alternate-port
  • Edge-port
  • Backup-port

Link-types:

  • Point-to-point Link
  • Shared Link
  • Edge

Känns tyvärr lite ointressant att lägga ner en massa tid på att skriva ett långt inlägg om hur RSTP fungerar. Kommer nog istället hålla mina inlägg till att endast ta upp de mer praktiska bitarna (konfig/labbar) inom Switching tillsvidare. Har läst klart “CCNP Switch – Official Certification Guide” så ska lägga större delen av tiden nu på att labba och skumma igenom  TSHOOT – O-C Guide inför kommande cert om 2-3 veckor.

För att läsa mer om RSTP finns bl.a. följande sidor:

http://keepingitclassless.net/2013/07/ccie-spanning-tree-part-2-rstp/

http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

http://lostintransit.se/2013/08/08/rstp-synchronization-behind-the-scenes/