CONMUTACIN Y RUTEO II

Clase 11. Etherchannel, PVLAN

& Tunneling 802.1Q
Alberto Arellano A. Ing. Msc.
aarellano@espoch.edu.ec
CCNA CCNP - CCSP

EtherChannel
EtherChannel is a port link aggregation technology developed by Cisco,
which provides fault-tolerant high-speed links between Switches, Routers,
and Servers.
EtherChannel bundles individual
Ethernet links into a single logical link
that provides bandwidth up to 1600
Mbps (Fast EtherChannel, full duplex) ,
16 Gbps (Gigabit EtherChannel) or
160Gpbs (10 Gigabit EtherChannel)
between two switches.
All interfaces in each EtherChannel must
be the same speed and duplex, and both
ends of the channel must be configured
as either a Layer 2 or Layer 3 interface.

EtherChannel Protocols
PAgP
Port Aggregation Protocol
Cisco proprietary
Sends PAgP packets across
link to negotiate EtherChannel

LACP
Link Aggregation Control Protocol
IEEE standard 802.3ad
Sends LACP packets across link to
bundle multiple ports into a single
channel
Use in mixed switch environment

EtherChannel Interface Modes

ON Forces EtherChannel ON without PAgP or LACP negotiation (not
recommended)
PAgP
Auto (default PAgP mode)
interface enters passive negotiating state
responds to PAgP packets received but doesnt initiate PAgP negotiation
Desirable (PAgP mode)
interface actively negotiates with other interfaces
PAgP packets are exchanged
LACP
Passive (Default LACP mode)
port responds to LACP packets received, but it does not initiate LACP packet
negotiation
Active
port actively negotiates state with other ports by sending LACP packets

EtherChannel Layer 3

Etherchannel Example 1

interface range eth 0/0 3

channel-group 1 mode auto
interface port-cannel 1
switchport trunk encapsulation dot1q
switchport mode trunk

Etherchannel Example 2

Private Vlans
A private VLAN expands on the abilities of a standard
VLAN, allowing traffic to be separated at another level
allowing the design engineer a number of flexible options

Private Vlans
The private-VLAN feature addresses two problems that service
providers face when using VLANs:
Scalability: The switch supports up to 1005 active VLANs. If a
service provider assigns one VLAN per customer, this limits the
numbers of customers that the service provider can support.
To enable IP routing, each VLAN is assigned a subnet address
space or a block of addresses, which can waste the unused IP
addresses and cause IP address management problems.
Private VLANs partition a regular VLAN domain into subdomains and
can have multiple VLAN pairsone for each subdomain. A subdomain
is represented by a primary VLAN and a secondary VLAN

Private Vlans
A private VLAN is defined as a
pairing of a primary VLAN with
a secondary VLAN.

Primary Vlan

Primary VLANs are the normal

VLANs we all know.
Secondary VLANs use the same
VLAN ID range and are defined in
the same manner as primary
VLANs,
but
are
specially
designated
to
operate
as
secondary VLANs in one of two
modes: Isolated and Community.

Secondary VLANs

Private VLANs Terminology

VLAN 1000 and divide it into
three PVLANs:
sub-VLAN 1012 (R1 and
R2)
sub-VLAN 1034 (R3 and
R4)
sub-VLAN 1055 (router
R5 only).
Router R6 will be used as
layer 3 device, to resolve
the layer 3 communication
issue. We name VLAN 1000
as Primary and classify the
ports, assigned to this
VLAN, based on their types:

Private VLANs Terminology

Promiscuous (P) port:
Usually connects to a router.
This port type is allowed to
send and receive L2 frames
from any other port on the
VLAN.
Isolated (I) port: This type
of port is only allowed to
communicate with P-ports
i.e., they are stub port.
You commonly see these
ports connecting to hosts.
Community (C) port:
Community ports are
allowed to talk to their
buddies, sharing the same
community (group) and to
P-ports.

Private VLANs Ports Communications

Private VLANs Configuration

PC 1 and PC 2 in the community VLAN should be able to reach each other and
also the server connected to the promiscuous port.
PC 3 and PC 4 In the isolated VLAN can only communicate with the server on the
promiscuous port.
The server should be able to reach all ports.

Private VLANs Configuration

1. Create Vlan 500, add all ports to vlan 500

2. Verify conectivity all hosts

Private VLANs Configuration

3. Configuring private VLANs requires us to change the VTP mode to Transparent

4. Create VLANs Primary, Community and Isolated

5. Associate VLAN Secundary 501 and 502 to VLAN Primary 500

Private VLANs Configuration

6. Configure Promiscuous Port, it needs to be accessed by all vlans(501 and 502)

7. Add Ports to Vlan 501 Community and Vlan 502 Isolated

SW_ML(config)#interface range ether 0/1 - 2
SW_ML(config-if-range)#switchport mode private-vlan host
SW_ML(config-if-range)#switchport private-vlan host-association 500 501
SW_ML(config)#interface range ether 0/3, ether 1/0
SW_ML(config-if-range)#switchport mode private-vlan host
SW_ML(config-if-range)#switchport private-vlan host-association 500 502

Private VLANs Configuration

8. Verify configuration

Private Vlans SVI

SW1(config)#interface vlan 10
SW1(config-if)#ip address 172.16.10.1 255.255.255.0
SW1(config-if)#private-vlan mapping 101-102,999
SW1(config-if)#exit

Private Vlans Lab 2

Private Vlans Lab 3

Metro Ethernet
A metropolitan-area
Ethernet,
Ethernet
MAN,
or
metro
Ethernet network is a metropolitan area network (MAN) that is based on
Ethernet standards. It is commonly used to connect subscribers to a larger
service network or the Internet. Businesses can also use metropolitanarea Ethernet to connect their own offices to each other

Metro Ethernet Service Basic Model

Customer Equipment (CE) attaches to UNI
CE can be
Router
IEEE 802.1Q bridge (switch)

UNI (User Network Interface)

Standard IEEE 802.3 Ethernet PHY and MAC
10Mbps, 100Mbps, 1Gbps or 10Gbps

Metro Ethernet Network (MEN)

May use different transport and service
delivery technologies

SONET/SDH
WDM
RPR
MAC-in-MAC
Q-in-Q
MPLS

CE
UNI
Metro
Ethernet
Network
(MEN)

CE
UNI

CE

802.1Q Tunneling (Q-in-Q) 802.1ad

802.1Q tunneling enables service providers to use a single VLAN
to support customers who have multiple VLANs, while preserving
customer VLAN IDs and keeping traffic in different customer
VLANs segregated.

802.1Q Tunneling (Q-in-Q) 802.1ad

The customer switches are trunk connected, but with 802.1Q tunneling,
the service provider switches only use one service provider VLAN to carry
all the customer VLANs, instead of directly carrying all the customer
VLANs, remember that the switches provider add tag to frames
customers.

802.1Q Tunneling Lab

802.1Q Tunneling Lab (Switchs Customers)

802.1Q Tunneling Lab (Switchs Customers)

802.1Q Tunneling Lab (Switchs Service Provider)

802.1Q Tunneling Lab (Switchs Service Provider)