Extreme Networks Switches Test Report

Testing Report
Testing performed by
Mikheil Kartvelishvili
UGT
Lab equipment:
Hostname
SW1
SW2
SW3
R1
R2
R3
Hardware Platform
Cisco Catalyst 3750
Extreme Networks X670-48x
Extreme Networks X440-24p
Cisco 1841
Juniper ACX1100
Juniper ACX1100
Software Version
12.2(44)SE5
12.6.2.10
15.1.0.20
12.4(15)T5
12.3X54-D15.3
12.3X54-D15.3
Features Tested:
1.
2.
3.
4.
5.
6.
7.
Rapid PVST+
MST (802.1s)
STP Security
Link Aggregation (LACP)
DHCP Snooping / IP Source-guard
IP Routing / OSPF
First-Hop Redundancy / VRRP
1|Page
1. Rapid PVST+
1.1 TOPOLOGY
R1
Cisco 1841
.1 Fa0/0
VLAN 10,20,30
Fa1/0/1
SW1
Cisco Catalyst 3750
Gi1/0/1
Gi1/0/2
VLAN 10,20,30
VLAN 10,20,30
SW3
Extreme Summit X440
Port 1
Port 1
Port 2
SW2
Extreme Summit X670
Port 2
VLAN 10,20,30
Port 3
Port 3
VLAN 10,20,30
GE0/0/0
.2
R2
ACX1100
VLAN 10,20,30
.3
GE0/0/0
R3
ACX1100
1.2 CONFIGURATION
SW1
spanning-tree
spanning-tree
spanning-tree
spanning-tree
!
vlan 10
name LAN1
!
vlan 20
mode rapid-pvst
etherchannel guard misconfig
extend system-id
vlan 20 priority 4096
2|Page
name LAN2
!
vlan 23
!
vlan 30
name LAN3
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
switchport trunk encapsulation dot1q
!
!
end
SW2
configure vlan default delete ports all
configure vr VR-Default delete ports 1-48
configure vr VR-Default add ports 1-48
create vlan "LAN10"
configure vlan LAN10 tag 10
create vlan "LAN20"
create vlan "LAN30"
configure vlan Default add ports 1-48 untagged
configure vlan LAN10 add ports 1-2 tagged
create stpd LAN10
configure stpd LAN10 mode dot1w
configure stpd LAN10 priority 4096
configure stpd LAN10 default-encapsulation pvst-plus
create stpd LAN20
create stpd LAN30
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default
configure stpd LAN10 add vlan LAN10 ports 1 pvst-plus
3|Page
configure stpd LAN20

enable stpd LAN10
enable stpd LAN20
enable stpd LAN30
add vlan LAN20 ports 2 pvst-plus

add vlan LAN30 ports 2 pvst-plus
tag 10
tag 20
tag 30
SW3
configure vr VR-Default delete ports 1-24
configure vr VR-Default add ports 1-24
create vlan "LAN10"
create vlan "LAN20"
create vlan "LAN30"
configure vlan Default add ports 1 untagged
create stpd LAN10
create stpd LAN20
create stpd LAN30
configure stpd LAN30 priority 4096
enable stpd s0 auto-bind vlan Default
configure stpd LAN10 tag 10
enable stpd LAN10
enable stpd LAN20
enable stpd LAN30
4|Page
1.3 VERIFICATION
SW1#sho spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 4096
Address 0004.966d.5c18
Cost
4
Port
2 (GigabitEthernet1/0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 001d.45d0.4080
Aging Time 300 sec
Interface
Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- -------------------------------Gi1/0/1
Desg FWD 4
128.1 P2p
Gi1/0/2
Root FWD 4
128.2 P2p

VLAN0020
This bridge is the root
Aging Time 300 sec
Interface
------------------- ---- --- --------- -------- -------------------------------Gi1/0/1
Desg FWD 4
128.1 P2p
Gi1/0/2
Desg FWD 4
128.2 P2p

VLAN0030
5|Page
Address 0004.966d.558b
Cost
4
Port
1 (GigabitEthernet1/0/1)
Aging Time 300 sec
Interface
------------------- ---- --- --------- -------- -------------------------------Gi1/0/1
Root FWD 4
128.1 P2p
Gi1/0/2
Desg FWD 4
128.2 P2p
=============================
SW2.73 # sho stpd LAN10
Stpd: LAN10
Stp: ENABLED
Number of Ports: 2
Rapid Root Failover: Disabled
Operational Mode: 802.1W
Default Binding Mode: PVST+
802.1Q Tag: 10
Ports: 1,2
Participating Vlans: LAN10
Auto-bind Vlans: (none)
Bridge Priority: 4096
BridgeID:
10:00:00:04:96:6d:5c:18
Designated root:
10:00:00:04:96:6d:5c:18
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s CfgBrForwardDelay: 15s
Topology Change Time: 35s
Hold time: 1s
Topology Change Detected: FALSE
Topology Change: FALSE
Number of Topology Changes: 4
Time Since Last Topology Change: 1686s
Stpd: LAN20
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: 20
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:5c:18
Designated root:
10:14:00:1d:45:d0:40:80
RootPathCost: 20000 Root Port: 1
6|Page
MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
Stpd: LAN30
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: 30
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:5c:18
Designated root:
10:00:00:04:96:6d:55:8b
MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
===========================================
SW3.13 # sho stp LAN10
Stpd: LAN10
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: 10
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:55:8b
Designated root:
10:00:00:04:96:6d:5c:18
MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
7|Page
Stpd: LAN20
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: 20
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:55:8b
Designated root:
10:14:00:1d:45:d0:40:80
MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
Stpd: LAN30
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: 30
Ports: 1,2
BridgeID:
10:00:00:04:96:6d:55:8b
Designated root:
10:00:00:04:96:6d:55:8b
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
R1#ping 192.168.20.2 repeat 10000

Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8|Page
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (1392/1393), round-trip min/avg/max = 1/8/16 ms
* SW3.2 # disable ports 1

* SW3.3 # enable ports 1
SW1(config)#int gi1/0/2
SW1(config-if)#shut
SW1(config-if)#
mikho@R3# run ping 192.168.10.1 rapid count 10000
PING 192.168.10.1 (192.168.10.1): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
9|Page
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!^C
--- 192.168.10.1 ping statistics --3384 packets transmitted, 3379 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.820/9.510/16.475/2.055 ms
[edit interfaces]
mikho@R3#
10 | P a g e
2. MST (802.1s)
2.1 TOPOLOGY
R1
Cisco 1841
.1 Fa0/0
VLAN 10,20,30
Fa1/0/1
SW1
Cisco Catalyst 3750
Gi1/0/1
Gi1/0/2
VLAN 10,20,30
VLAN 10,20,30
SW3
Extreme Summit X440
Port 1
Port 1
Port 2
SW2
Extreme Summit X670
Port 2
VLAN 10,20,30
Port 3
Port 3
VLAN 10,20,30
GE0/0/0
.2
R2
ACX1100
VLAN 10,20,30
.3
GE0/0/0
R3
ACX1100
2.2 CONFIGURATION
SW1
spanning-tree mode mst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
spanning-tree mst configuration
name TEST
revision 1
instance 1 vlan 10, 20
instance 2 vlan 30
!
spanning-tree mst 1 priority 4096
!
11 | P a g e
vlan internal allocation policy

!
vlan 10
name LAN1
!
vlan 20
name LAN2
!
vlan 30
name LAN3
!
!
!
!
!
interface FastEthernet1/0/1
switchport trunk encapsulation
spanning-tree portfast trunk
!
!
!
!
end
ascending
dot1q
dot1q
dot1q
SW2
create vlan "LAN10"
create vlan "LAN20"
create vlan "LAN30"
configure mstp region TEST
configure mstp revision 1
configure stpd s0 mode mstp cist
create stpd INST1
configure stpd INST1 mode mstp msti 1
12 | P a g e
create stpd INST2

configure stpd INST2
enable stpd s0
enable stpd INST1
enable stpd INST2
mode mstp msti

add vlan LAN10
add vlan LAN20
add vlan LAN30
add vlan LAN10
add vlan LAN20
add vlan LAN30
2
ports
ports
ports
ports
ports
ports
1
1
1
2
2
2
dot1d
dot1d
dot1d
dot1d
dot1d
dot1d
SW3
configure vlan default delete ports 3-24
create vlan "LAN10"
create vlan "LAN20"
create vlan "LAN30"
configure vlan LAN10 add ports 1-2, 23-24 tagged
configure mstp region TEST
configure mstp revision 1
configure stpd s0 mode mstp cist
create stpd INST1
create stpd INST2
configure stpd INST2 priority 4096
configure stpd INST1 add vlan LAN10 ports 1 dot1d
enable stpd s0
enable stpd INST1
enable stpd INST2
13 | P a g e
2.3 VERIFICATION
SW1#sho spanning-tree mst 1
##### MST1 vlans mapped: 10,20
Bridge
address 001d.45d0.4080 priority
Root
this switch for MST1
4097 (4096 sysid 1)
Interface
---------------- ---- --- --------- -------- -------------------------------Gi1/0/1
Desg FWD 20000 128.1 P2p
Gi1/0/2
Desg FWD 20000 128.2 P2p
Fa1/0/1
Desg FWD 200000 128.3 P2p Edge
SW1#sho spanning-tree mst 2
##### MST2 vlans mapped: 30
Bridge
address 001d.45d0.4080 priority 32770 (32768 sysid 2)
Root
address 0004.966d.558b priority 4098 (4096 sysid 2)
port Gi1/0/1
cost
20000 rem hops 19
Interface
---------------- ---- --- --------- -------- -------------------------------Gi1/0/1
Root FWD 20000 128.1 P2p
Gi1/0/2
Altn BLK 20000 128.2 P2p
Fa1/0/1
Desg FWD 200000 128.3 P2p Edge
* SW2.2 # sho stp INST1

Stpd: INST1
Stp: ENABLED
Number of Ports: 2
Operational Mode: MSTP
Default Binding Mode: 802.1D
MSTI Instance: MSTI 1
802.1Q Tag: (none)
Ports: 1,2
Participating Vlans: LAN10,LAN20
BridgeID:
80:00:00:04:96:6d:5c:18
Designated root:
10:00:00:1d:45:d0:40:80
CIST Root:
80:00:00:04:96:6d:55:8b
CIST Regional Root: 80:00:00:04:96:6d:55:8b
MSTI Regional Root: 10:00:00:1d:45:d0:40:80
External RootPathCost: 0
Internal RootPathCost: 20000
Root Port: 1
Master Port: ---MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
RemainHopCount: 19 CfgMaxHopCount: 20
14 | P a g e

Hold time: 1s
* SW2.3 # sho stp INST2
Stpd: INST2
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: (none)
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:5c:18
Designated root:
80:00:00:04:96:6d:55:8b
CIST Root:
80:00:00:04:96:6d:55:8b
MSTI Regional Root: 80:00:00:04:96:6d:55:8b
Root Port: 2
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
SW3.1 # sho stp INST1
Stpd: INST1
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: (none)
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:55:8b
Designated root:
10:00:00:1d:45:d0:40:80
CIST Root:
80:00:00:04:96:6d:55:8b
MSTI Regional Root: 10:00:00:1d:45:d0:40:80
Root Port: 1
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
15 | P a g e
Hold time: 1s
SW3.2 # sho stp INST2
Stpd: INST2
Stp: ENABLED
Number of Ports: 2
802.1Q Tag: (none)
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:55:8b
Designated root:
80:00:00:04:96:6d:55:8b
CIST Root:
80:00:00:04:96:6d:55:8b
MSTI Regional Root: 80:00:00:04:96:6d:55:8b
Root Port: ---Master Port: ---MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
Hold time: 1s
root@R2# run ping 192.168.10.1 rapid count 10000

PING 192.168.10.1 (192.168.10.1): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!^C
16 | P a g e
SW1(config)#int gi1/0/1
SW1(config-if)#shut
SW1(config-if)#
*Apr 27 01:43:46.546: %LINK-5-CHANGED: Interface GigabitEthernet1/0/1, changed state to
administratively down
*Apr 27 01:43:46.554: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1,
changed state to down
SW1(config-if)#
17 | P a g e
3. STP Security
3.1 TOPOLOGY
< Same as section[2] >
3.2 CONFIGURATION
3.2.1 BPDU Guard/Loop Guard
configure stpd s0 ports link-type edge 1 edge-safeguard enable bpdu-restrict
3.3.2 Root Guard
configure stpd INST1 ports restricted-role enable 1
3.3 VERIFICATION
3.3.1 BPDU Guard/Loop Guard
* SW2.17 # sho log
02/16/2015 20:24:44.22 <Info:vlan.msgs.portLinkStateDown> Port 1 link down - Local fault
02/16/2015 20:24:44.12 <Info:vlan.dbg.info> Toggling AdminState on Port 1
02/16/2015 20:24:44.12 <Warn:STP.DsblPortBrdgDtect> BPDU Restrict Port (1) has received a bpdu and
will be shutdown
* SW2.20 # sho port 1 no-refresh
Port Summary
Port Display
VLAN Name
Port Link Speed Duplex
# String
(or # VLANs)
State State Actual Actual
==================================================================
1
(0004)
R D
==================================================================
Port State: D-Disabled, E-Enabled
Link State: A-Active, R-Ready, NP-Port not present, L-Loopback,
D-ELSM enabled but not up
d-Ethernet OAM enabled but not up
* SW2.18 # enable ports 1
* SW2.19 # sho port 1 no-refresh
Port Summary
Port Display
VLAN Name
# String
(or # VLANs)
==================================================================
1
(0004)
E A 1000 FULL
==================================================================
18 | P a g e
3.3.2 Role-restricted
Note: This feature is similar to Cisco Root-guard, but is a bit different: in case of superior BPDU
received on protected port it is not disabled, and violating BPDU is simply ignored leaving port in
forwarding state and avoiding it to assume root role.
* SW2.66 # show stpd INST1

Stpd: INST1
Stp: ENABLED
Number of Ports: 2


802.1Q Tag: (none)
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:5c:18
Designated root:
CIST Root:
80:00:00:04:96:6d:55:8b
80:00:00:04:96:6d:55:8b
CIST Regional Root:
80:00:00:04:96:6d:55:8b
MSTI Regional Root:
80:00:00:04:96:6d:55:8b
Root Port: 2
Master Port: ----
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
RemainHopCount: 19
ForwardDelay: 15s
CfgBrHelloTime: 2s
CfgBrForwardDelay: 15s
CfgMaxHopCount: 20

Hold time: 1s
19 | P a g e

* SW2.67 # configure stpd INST1 ports restricted-role dis 1
* SW2.68 # show stpd INST1
Stpd: INST1
Stp: ENABLED
Number of Ports: 2


802.1Q Tag: (none)
Ports: 1,2
BridgeID:
80:00:00:04:96:6d:5c:18
Designated root:
CIST Root:
10:00:00:1d:45:d0:40:80
80:00:00:04:96:6d:55:8b
CIST Regional Root:
80:00:00:04:96:6d:55:8b
MSTI Regional Root:
10:00:00:1d:45:d0:40:80
Root Port: 1
Master Port: ----
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
RemainHopCount: 19
ForwardDelay: 15s
CfgBrHelloTime: 2s
CfgBrForwardDelay: 15s
CfgMaxHopCount: 20

Topology Change Detected: TRUE
Hold time: 1s
Topology Change: TRUE

20 | P a g e
4. Link Aggregation (LACP)

4.1 TOPOLOGY
R1
Cisco 1841
.1 Fa0/0
VLAN 10,20,30
Fa1/0/1
SW1
Cisco Catalyst 3750
Gi1/0/1
VLAN 10,20,30
SW3
Extreme Summit X440
Port 23
VLAN 10,20,30
Port 1
Port 1
Port 2
VLAN 10,20,30 Port 2
Port 3
Port 4
Port 24
VLAN 10,20,30
GE0/0/0 .2 GE0/0/1
R2
ACX1100
Gi1/0/2
SW2
Extreme Summit X670
Port 3
VLAN 10,20,30
.3
GE0/0/0
R3
ACX1100
4.2 CONFIGURATION
SW2
enable sharing 2 grouping 2, 4 algorithm address-based L3_L4 lacp
SW3
enable sharing 2 grouping 2-3 algorithm address-based L2 lacp
enable sharing 23 grouping 23-24 algorithm address-based L3_L4 lacp
configure sharing 23 lacp timeout short
21 | P a g e
R2
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ae0 {
vlan-tagging;
aggregated-ether-options {
lacp {
active;
}
}
unit 10 {
vlan-id 10;
family inet {
address 192.168.10.2/24;
}
}
unit 20 {
vlan-id 20;
family inet {
address 192.168.20.2/24;
}
}
unit 30 {
vlan-id 30;
family inet {
address 192.168.30.2/24;
}
}
}
}
22 | P a g e
4.3 VERIFICATION
* SW2.22 # show sharing
Load Sharing Monitor
Config Current Agg
Ld Share Ld Share Agg Link Link Up
Master Master Control Algorithm Group Mbr State Transitions
==============================================================================
2 2
LACP L3_L4
2
Y A
3
L3_L4
4
Y A
2
==============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based
(L3_L4) Layer 3 address and Layer 4 port based
(custom) User-selected address-based configuration
Custom Algorithm Configuration: ipv4 L3-and-L4, xor
Number of load sharing trunks: 1
SW3.1 # show sharing
Load Sharing Monitor
Config Current Agg
Ld Share Ld Share Agg Link Link Up
Master Master Control Algorithm Group Mbr State Transitions
==============================================================================
2 2
LACP L2
2
Y A
10
L2
3
Y A
1
23 23
LACP L3_L4
23
Y A
8
L3_L4
24
Y A
8
==============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based
(L3_L4) Layer 3 address and Layer 4 port based
Number of load sharing trunks: 2
mikho@R2# run show lacp interfaces
Aggregated interface: ae0
LACP state:
Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-0/0/0
Actor No No Yes Yes Yes Yes Fast Active
ge-0/0/0 Partner No No Yes Yes Yes Yes Fast Active
ge-0/0/1
Actor No No Yes Yes Yes Yes Fast Active
ge-0/0/1 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol:
Receive State Transmit State
Mux State
ge-0/0/0
Current Fast periodic Collecting distributing
ge-0/0/1
Current Fast periodic Collecting distributing
[ R2 Set up as FTP server ]
[edit interfaces]
mikho@R3# ...kernel-ppc-12.3X51-D10.5 ftp://mikho:cisco123@192.168.10.2/
ftp://mikho:cisco123@192.168.10.2/jkernel-ppc- 18% of 66 MB 142 kBps 06m24s^C
23 | P a g e
fetch: transfer interrupted

[abort]
* SW2.3 # show ports 2,4 utilization bytes
Port Link Rx
Peak Rx
Tx
Peak Tx
State bytes/sec
bytes/sec
bytes/sec
bytes/sec
================================================================================
2
A
5521
5521
169639
169639
4
A
0
5588
0
172405
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
[edit interfaces]
mikho@R3# top replace pattern 192.168.10.3/24 with 192.168.10.4/24
[edit interfaces]
mikho@R3# commit
commit complete
[edit interfaces]
mikho@R3# ...kernel-ppc-12.3X51-D10.5 ftp://mikho:cisco123@192.168.10.2/
ftp://mikho:cisco123@192.168.10.2/jkernel-ppc- 9% of 66 MB 143 kBps 07m04s^C
fetch: transfer interrupted
[abort]
* SW2.3 # show ports 2,4 utilization bytes
Port Link Rx
Peak Rx
Tx
Peak Tx
State bytes/sec
bytes/sec
bytes/sec
bytes/sec
================================================================================
2
A
5032
5521
9
169639
4
A
0
5588
155258
172405
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
24 | P a g e
5. DHCP Snooping / IP Source-Guard

5.1 TOPOLOGY
R1
Cisco 1841
DHCP Server
.1 Fa0/0
VLAN 10,20,30
Fa1/0/1
SW1
Cisco Catalyst 3750
Gi1/0/2
Gi1/0/1
VLAN 10,20,30
VLAN 10,20,30
SW3
Extreme Summit X440
Port 23
Port 1
Port 1
Port 2
VLAN 10,20,30 Port 2
Port 3
Port 4
Port 24
VLAN 10,20,30
GE0/0/0 .2 GE0/0/1
SW2
Extreme Summit X670
Port 3
VLAN 10,20,30
DHCP Client GE0/0/0
Rogue DHCP Server
R2
ACX1100
R3
ACX1100
5.2 CONFIGURATION
SW2
enable ip-security dhcp-snooping vlan LAN20 port 1 violation-action drop-packet
configure trusted-ports 1-2 trust-for dhcp-server
enable ip-security source-ip-lockdown ports 3
25 | P a g e
SW3
block-port permanent
configure trusted-servers vlan LAN20 add server 192.168.20.1 trust-for dhcp-server
R1
ip dhcp pool TEST
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
domain-name ugt.ge
R2
system {
services {
ftp;
dhcp-local-server {
pool-match-order {
ip-address-first;
}
group GROUP1 {
interface ae0.20;
}
}
}
}
access {
address-assignment {
26 | P a g e
pool TEST {
family inet {
network 192.168.20.0/24;
}
}
}
}
R3
interfaces {
ge-0/0/0 {
unit 20 {
vlan-id 20;
family inet {
dhcp-client;
}
}
}
}
5.3 VERIFICATION
* SW2.1 # show ip-security dhcp-snooping entries LAN20
-----------------------------------------------------------------Vlan: LAN20
-----------------------------------------------------------------Lease Time Server Client
IP Addr
MAC Addr
(hh:mm:ss) Port Port
----------------------- ------ -----192.168.20.9 28:8a:1c:74:9a:80 24:00:00 1
3
Total number of entries : 1
* SW2.2 # show ip-security source-ip-lockdown
Ports
Locked IP Address
3
192.168.20.9
mikho@R3# run show interfaces terse | except down
27 | P a g e
Interface
ge-0/0/0
ge-0/0/0.10
Admin Link Proto Local

Remote
up up
up up inet 192.168.10.4/24
multiservice
ge-0/0/0.20
up up inet 192.168.20.9/24
multiservice
ge-0/0/0.30
up up inet 192.168.30.3/24
multiservice
ge-0/0/0.32767
up up multiservice
ge-0/0/7
up up
ge-0/0/7.0
up up inet 172.20.77.103/16
[edit interfaces]
mikho@R3# run ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: icmp_seq=0 ttl=255 time=1.319 ms
^C
[edit interfaces]
mikho@R3# delete ge-0/0/0.20 family inet dhcp-client
[edit interfaces]
mikho@R3# set ge-0/0/0.20 family inet address 192.168.20.10/24
[edit interfaces]
mikho@R3# commit
commit complete
[edit interfaces]
mikho@R3# run ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
^C
[edit interfaces]
mikho@R3# delete ge-0/0/0.20 family inet address 192.168.20.10/24
ge-0/0/0.20 family inet dhcp-client
[edit interfaces]
mikho@R3# set ge-0/0/0.20 family inet dhcp-client
[edit interfaces]
28 | P a g e
mikho@R3# commit
commit complete
[edit interfaces]
SW3.15 # show log

02/24/2015 16:15:57.25 <Info:LACP.RemPortFromAggr> Remove port 23 from aggregator
02/24/2015 16:15:57.24 <Info:vlan.dbg.info> Port 23 is Down, remove from aggregator 23
02/24/2015 16:15:57.24 <Info:vlan.msgs.portLinkStateDown> Port 23 link down
02/24/2015 16:15:57.19 <Info:vlan.dbg.info> Toggling AdminState on Port 23
02/24/2015 16:15:57.19 <Warn:ipSecur.blkPort> DHCP violation occurred. Disabling port 23
permanently
02/24/2015 16:15:57.19 <Warn:ipSecur.dhcpViol> A Rogue DHCP server with IP 192.168.20.2 was
detected on port 23
* SW3.16 # show ports 23 no-refresh
Port Summary
Port Display
VLAN Name
# String
(or # VLANs)
==================================================================
23
(0004)
D R
==================================================================
29 | P a g e
6. IP Routing / OSPF
6.1 TOPOLOGY
VLAN20
OSPF Area 20 Stub
192.168.20.0/24
R1
VLAN10
OSPF Area 0
192.168.10.0/24
SW2
R2
6.2 CONFIGURATION
R1
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 20 stub
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip ospf 1 area 20
interface FastEthernet0/0.10
shutdown
ip ospf 1 area 20
shutdown
R2
routing-options {
router-id 3.3.3.3;
}
protocols {
ospf {
area 0.0.0.0 {
interface ae0.10;
interface lo0.0;
}
}
}
SW2
configure vlan LAN10 ipaddress 192.168.10.12 255.255.255.0
enable ipforwarding vlan LAN10
configure vlan LAN20 ipaddress 192.168.20.12 255.255.255.0
30 | P a g e
enable ipforwarding vlan LAN20

configure ospf routerid 2.2.2.2
enable ospf
create ospf area 0.0.0.20
configure ospf area 0.0.0.20 stub nosummary stub-default-cost 10
configure ospf add vlan LAN10 area 0.0.0.0
configure ospf vlan LAN10 priority 0
configure ospf add vlan LAN20 area 0.0.0.20
configure ospf vlan raqcxa priority 0
6.3 VERIFICATION
[edit protocols ospf]
mikho@R2# run show ospf interface
Interface
State Area
DR ID
ae0.10
DR 0.0.0.0
3.3.3.3
lo0.0
DR 0.0.0.0
3.3.3.3
BDR ID
0.0.0.0
0.0.0.0
Nbrs
1
0

mikho@R2# run show ospf neighbor
Address
Interface
State ID
Pri Dead
192.168.10.12 ae0.10
Full 2.2.2.2
0 32
mikho@R2# run show route protocol ospf
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.1.1/32
*[OSPF/10] 00:20:01, metric 6
> to 192.168.10.12 via ae0.10
192.168.20.0/24 *[OSPF/10] 00:20:01, metric 5
> to 192.168.10.12 via ae0.10
224.0.0.5/32
*[OSPF/10] 02:08:00, metric 1
MultiRecv
* SW2.8 # show ospf interfaces

VLAN IP Address
AREA ID
Flags Cost State Neighbors
LAN10 192.168.10.12 /24 0.0.0.0
-rif4/A ODR
1
LAN20 192.168.20.12 /24 0.0.0.20
-rif4/A ODR
1
LAN30 192.168.30.12 /24 0.0.0.0
-r-f4/A DOWN 0
raqcxa 10.10.200.100 /24 0.0.0.0
-r-f- 10/A DOWN 0
Flags : f - Interface Forwarding Enabled, i - Interface OSPF Enabled,
31 | P a g e
n - Multinetted VLAN, p - Passive Interface,

r - Router OSPF Enable,
A - Automatic Cost, C - Configured Cost.
Total number of interfaces: 4
* SW2.9 # show ospf neighbor
Neighbor ID Pri State
Up/Dead Time
Address
Interface
3.3.3.3
128 FULL /DR 00:00:21:01/00:00:00:09 192.168.10.2 LAN10
1.1.1.1
1 FULL /DR 00:00:21:06/00:00:00:02 192.168.20.1 LAN20
Total number of neighbors: 2 (All neighbors in Full state)
* SW2.10 # sho iproute origin ospf
Ori Destination
Gateway
Mtr Flags
VLAN
Duration
#oa 10.1.1.1/32
192.168.20.1 5 UG-D---um--f- LAN20 0d:0h:21m:4s
#oa 10.2.2.2/32
192.168.10.2 4 UG-D---um--f- LAN10 0d:0h:21m:0s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B) BlackHole, (b) BFD protection requested, (c) Compressed, (D) Dynamic
(f) Provided to FIB, (G) Gateway, (H) Host Route, (L) Matching LDP LSP
(l) Calculated LDP LSP, (3) L3VPN Route, (m) Multicast, (P) LPM-routing
(p) BFD protection active, (R) Modified, (S) Static, (s) Static LSP
(T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
MPLS Label: (S) Bottom of Label Stack
Mask distribution:
2 routes at length 32
Route Origin distribution:
2 routes from OSPFIntra
Total number of routes = 2
Total number of compressed routes = 0
R1#sho ip ospf interface br

Interface PID Area
IP Address/Mask Cost State Nbrs F/C
Lo0
1 20
10.1.1.1/32
1 LOOP 0/0
32 | P a g e
Fa0/0.20 1 20
192.168.20.1/24 1
R1#sho ip ospf neighbor
DR 1/1
Neighbor ID Pri State

Dead Time Address
Interface
2.2.2.2
0 FULL/DROTHER 00:00:31 192.168.20.12 FastEthernet0/0.20
R1#sho ip route ospf
O*IA 0.0.0.0/0 [110/11] via 192.168.20.12, 00:21:49, FastEthernet0/0.20
mikho@R2# run ping 10.1.1.1 source 10.2.2.2

PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=2 ttl=254 time^C
33 | P a g e
7. First-Hop Redundancy / VRRP

7.1 TOPOLOGY
8.8.8.8
8.8.8.8
VRRP ID 1
VIP 192.168.20.1
R1
.11
SW2
.12
VLAN20
192.168.20.0/24
.2
R2
7.2 CONFIGURATION
SW2
create vlan "LOOPBACK"
enable loopback-mode vlan LOOPBACK
configure vlan LOOPBACK ipaddress 8.8.8.8 255.255.255.255
create vrrp vlan LAN20 vrid 1

configure vrrp vlan LAN20 vrid 1 priority 110
configure vrrp vlan LAN20 vrid 1 authentication simplepassword CISCO
configure vrrp vlan LAN20 vrid 1 add 192.168.20.1
enable vrrp vlan LAN20 vrid 1
34 | P a g e
R1
interface Loopback100
ip address 8.8.8.8 255.255.255.255
!
vrrp 1 ip 192.168.20.1
vrrp 1 priority 120
vrrp 1 authentication CISCO
end
7.3 VERIFICATION
R1#sho vrrp all
FastEthernet0/0.20 - Group 1
State is Master
Virtual IP address is 192.168.20.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 120
Authentication text "CISCO"
Master Router is 192.168.20.11 (local), priority is 120
Master Advertisement interval is 1.000 sec
Master Down interval is 3.531 sec
* SW2.48 # show vrrp vlan LAN20

VLAN: LAN20 VRID: 1
VRRP: Enabled State: BACKUP
Virtual Router: VR-Default
Priority: 110(backup) Advertisement Interval: 1 sec
Preempt: Yes Authentication: simple-password key: CISCO
Virtual IP Addresses:
192.168.20.1
Tracking mode: ALL
Tracked Pings: Tracked IP Routes: Tracked VLANs: * indicates a tracking condition has failed
R1(config)#int fa0/0
35 | P a g e
R1(config-if)#shut
R1(config-if)#
*Feb 24 12:05:29.436: %VRRP-6-STATECHANGE: Fa0/0.20 Grp 1 state Master -> Init
*Feb 24 12:05:31.436: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively
down
*Feb 24 12:05:32.436: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
state to down
mikho@R2# run ping 8.8.8.8 rapid count 10000

PING 8.8.8.8 (8.8.8.8): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!^C
36 | P a g e

Extreme Networks Switches Test Report

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Extreme Networks Switches Test Report

Hochgeladen von

Copyright:

Verfügbare Formate

Testing Report

Cisco Catalyst 3750

configure stpd LAN20

add vlan LAN20 ports 2 pvst-plus

SW1#sho spanning-tree vlan 20

SW1#sho spanning-tree vlan 30

R1#ping 192.168.20.2 repeat 10000

* SW3.2 # disable ports 1

Cisco Catalyst 3750

vlan internal allocation policy

create stpd INST2

mode mstp msti

4097 (4096 sysid 1)

* SW2.2 # sho stp INST1

Topology Change Time: 35s

root@R2# run ping 192.168.10.1 rapid count 10000

* SW2.66 # show stpd INST1

Rapid Root Failover: Disabled

Default Binding Mode: 802.1D

MSTI Instance: MSTI 1

CIST Regional Root:

MSTI Regional Root:

Internal RootPathCost: 20000

Master Port: ----

Topology Change Time: 35s

Number of Topology Changes: 6

Rapid Root Failover: Disabled

Default Binding Mode: 802.1D

MSTI Instance: MSTI 1

CIST Regional Root:

MSTI Regional Root:

Internal RootPathCost: 20000

Master Port: ----

Topology Change Time: 35s

Number of Topology Changes: 7

4. Link Aggregation (LACP)

Cisco Catalyst 3750

VLAN 10,20,30 Port 2

fetch: transfer interrupted

5. DHCP Snooping / IP Source-Guard

Cisco Catalyst 3750

VLAN 10,20,30 Port 2

DHCP Client GE0/0/0

Rogue DHCP Server

Admin Link Proto Local

SW3.15 # show log

enable ipforwarding vlan LAN20

[edit protocols ospf]

* SW2.8 # show ospf interfaces

n - Multinetted VLAN, p - Passive Interface,

R1#sho ip ospf interface br

Neighbor ID Pri State

mikho@R2# run ping 10.1.1.1 source 10.2.2.2

7. First-Hop Redundancy / VRRP

create vrrp vlan LAN20 vrid 1

* SW2.48 # show vrrp vlan LAN20

mikho@R2# run ping 8.8.8.8 rapid count 10000

Das könnte Ihnen auch gefallen