Sie sind auf Seite 1von 4

Layer 2(Primary Source: Cisco Network Professional's Advanced Internetworking Guide, Patrick J Conlan, Jhon Wiley Publications; plus

editorialization). Part I: VLAN and STP

Saturday, April 21, 2012 7:08 PM

If ever the nature of frame changes, FCS has to be recalculated. When 802.1Q adds new field in name of Tag, FCS naturally has to be recalculated.

The priority field in dot1Q, 802.1P, helps in getting a richer QoS. A QoS is the reason why dot1q has become sort of a standard for IP Telephony. Dot1q supports ethernet, token-ring, Common Spanning tree(CST), Multiple Spanning Tree(MST), Rapid Spanning Tree(RST). Native VLAN support in it allows point-to-multipoint topology and transference of untagged traffic on trunk link. On dot1q all the trunk ports must belong to the same native VLAN to be able to communicate. Otherwise, there is a VLAN mismatch. Dynamic Trunking Protocol(DTP) achieves the configuration of links as trunks dynamically rather than manually. This is Cisco proprietary. This is enabled on every port by default and frames are sent between devices to negotiate the port status by themselves. Although, once configured a port manually as access or trunk, DTP negotiation won't have any effect. A manually configured access port if connected to a DTP trunk, there will be a lot of drops. Dynamic Operating modes of DTP: There are 3--dynamic desirable, dynamic auto and dynamic Negotiate. Dynamic desirable is default mode in which the port actively sends and receives DTP frames and solicits the connected port with a trunk link. In Dynamic Auto, the port doesn't send DTP frames, but upon receiving it does respond by configuring itself likewise. In Dynamic Negotiate port neither sends nor receives DTP frames.

End-to-end VLAN: when a VLAN extends PHYSICALLY to the switch which connects the user who needs the resources of that LAN. VTP Pruning: It uses advertisements to determine whether the data is being flooded to the switches which don't need it, hence more efficient use of bandwidth. A switch might have the VLAN in its database but no ports assigned or no device connected; such a switch doesn't need those VLAN broadcasts. It has to be enabled in all the switches. The switch which doesn't have any assigned ports tells it to all that it doesn't need broadcasts. Configuring VLAN--Commands: 1. sh vlan; 2. name <VLAN name>; 3. vlan <id> (run in config term); 4. no vlan <id>; 5. switchport access vlan <id> (run in config-if#); 6. switchport mode access; 7. switchport voice vlan <id>; 8. switchport trunk encapsulation dot1q (run in config-if#); 9. switchport mode trunk (after configuring encapsulation); 10. sh int trunk; 11. switchport mode ?; for DTP: switchport mode dynamic ? Configuring VTP--commands: (config)# vtp ? : vtp domain <domain-name>; vtp password <password>; vtp mode <server | client | transparent>; vtp pruning; no vtp pruning

Inter-VLAN Routing
Multilayer Switching: layer 3 switch forward traffic with really small delay(at line speed, one can say). Forwarding lookups are done in hardware using an ASIC[like in Layer 2 switch]. The routing and required forwarding information are held in the hardware. The information is built into tables that are stored in content-addressable memory (CAM) and ternary content-addressable memory (TCAM). Now this is quite confusing to say that 'something is in hardware' because everything eventually is. What he must mean here is that there is separate set of gates which have pattern to produce the same effect which processor would have produced through a series of commands--like putting a NOR gate to perform what one would have accomplished through a series of register values and instructions to the processor. But, ASIC as a black-box is still keeping it quite confusing. Cisco Express Forwarding(CEF) is the mechanism which accomplishes the lookup and required processing in these tables. In order for a multilayer switch to have the ability to route, it needs a route processor. However, remember that on routers each interface is a separate subnet; this is a fundamental part of its functionality. A router routes traffic from one network or subnet to another. On a switch, when we think about the physical ports, they are Layer 2 ports and cannot have an IP address configured on them. Switched Virtual Terminal(SVI) is the terminal--VLAN 1--we use on L2 switch to provide it an IP, layer 3 Pathway and a gateway. The so called route processor uses these SVIs for layer3 tasks. If you are seeing it here, you should realize that L3 switch still doesn't understand host IPs. Although the router doesn't either, I mean it also forwards according which network must take it on some interface; it is the L2 switch's MAC table which sorts it out further. How many SVIs can be stored/how many VLANs can be stuffed depends upon three things, usually: 1. Switch Platform; 2. Number of supported VLANs; 3. Processing

LAN Page 1

How many SVIs can be stored/how many VLANs can be stuffed depends upon three things, usually: 1. Switch Platform; 2. Number of supported VLANs; 3. Processing overhead. Multilayer switches can also be configured with the port to act just as a port on a real router would. You can place the IP address and router interface commands directly on the interface. The port when configured this way is no longer part of any VLAN; it represents a subnet just as a router interface would. Switching Types: Well, there have been many, but can still be broadly categorized in: 1. Process Switching in which all packets have to processed by central processor; 2. Cache-based is the one in which only the first arriving packet is processed and the info from it is stored in tables for following packets to be switched quickly by looking up RAM; 3. Cisco Express Forwarding is yet another improvement for it is topology based and uses new tables to better use new hardware. One popular table is Forward Information Base(FIB) which is only a renamed routing table. However, CEF is NOT a routing protocol. If a destination isn't in FIB and packet arrives asking for it, gates are closed for this poor guy in British manner--it is dropped! Adjacency Table keeps the L2 information and is stored in CAM where 'algorithms' are used for fast lookup: A key is created to compare the frame to the table content. For example, the destination MAC address and VLAN ID (VID) of a frame constitute the key for Layer 2 table lookup. This key is fed into a hashing algorithm, which produces a pointer into the table. The system uses the pointer to access a smaller specific area of the table without requiring a search of the entire table. Preparing to Transmit: a packet needs to be re-written on the output interface once routing decision has been made and everything is set for forwarding. First, the device must change the source MAC address from the senders to its own. Second, the device must change the destination MAC address from its address to the next hops address. Third, the time to live (TTL) must be decremented by one, which means that the IP header checksum must be recalculated. Last, the frame checksum must be recalculated. If you have not created the VLAN in the VLAN database, creating an SVI for a VLAN will not create the VLAN in the VLAN database. The VLAN and the SVI for a VLAN are completely separate items.

Creating a routed port, which is not a part of any VLAN already there, gives one freedom to connect something like a server or a firewall to it. The command for this configuration is just no switchport. The switchport command is used to configure most of the Layer 2 functions for the switch, so by saying no switchport you take away the Layer 2 functions and leave a Layer 3 port.

Ether-Channel is a switch-to-switch technique that inversely multiplexes multiple Fast or Gigabit Ethernet switch ports into one logical channel. Its major advantage is being cheaper than higher-speed media while utilizing existing switch ports. Also, it is used to increase bandwidth to single server. EtherChannel is a cross-platform method of load balancing between servers, switches, and routers; can combine two, four, or eight ports (depending on the switch platform) into one logical connection that can deliver redundancy. Doesn't just do round-robin; uses techniques which are platform dependent e.g. X-OR of two lowest order bits of source and destination which uses a specific header to load-balance. An EtherChannel will NOT form if one of the interfaces is a SPAN destination port. If this is to be a Layer 3 EtherChannel, then the Layer 3 addresses must be configured on the port-channel logical interface, not to the physical interfaces in the channel. All ports in the EtherChannel bundle must be assigned to the same VLAN or be configured as a trunk. Must have the same allowed range of VLANs on all the interfaces in a trunked Layer 2 EtherChannel. If the allowed range of VLANs is not the same, the interfaces do not form an EtherChannel. Automatic Bundling Protocols: The protocol for EtherChannel is called Port Aggregation Protocol (PAgP). PAgP packets are sent between switches on EtherChannel capable ports. These packets are used to negotiate the forming of a channel. When PAgP finds Ethernet links that match all their settings, it groups or bundles the links into an EtherChannel. The EtherChannel is then added to the spanning tree topology as a single bridge port.

Then PAgP creates virtual interface for EtherChannel, the one with which processor identifies link bundle. The configuration changes are also made in this only. Link Aggregation Control Protocol(LACP) is open standard bundling protocol, part of 802.3ad. A device running LACP needs to be set with system priority which is used to determine system ID automatically with MAC address.

Configuring EhterChannel: commands start with creating virtual terminals first, and then physical ports are assigned to them. (config)#interface port-channel
LAN Page 2

Configuring EhterChannel: commands start with creating virtual terminals first, and then physical ports are assigned to them. (config)#interface port-channel <channel group number> creates EtherChannel like VLANs are. (config)#interface port-channel fa0/19 - 20 is used to assign many physical slots at once. But only that many slots can be assigned this way the many belong to same module/blade actually. Then go into the interface of the post and assign it the channel-group by (configif)#channel-group <channel-group number created>; (config-if)#channel-protocol <lcap | pagp> ; (config-if)#channel-group <channel-group number created> mode <on | active | passive | desirable> to configure the interface for a particular mode. EtherChannels can be configured at both access and distribution layer switches. The layer 3 EtherChannel config looks like

Well, layer 3 EtherChannel has an IP other than the VLAN's--it doesn't belong to any VLAN. The subnet mask here is, although, total waste of IPs. Show etherchannel <channel-number> port channel and show interfaces fastethernet0/1 etherchannel show the etherchannel statistics in two different ways.

Spanning Tree Protocol(STP)

IEEE 802.1d Standard: Under this standard, when STP starts up on a switch, which by default is automatic when a switch boots, it sends out information so that each of the switches can compare themselves to one another for the purpose of finding who has the best bridge ID to select a root bridge.. The information is basically a hello frame. Specifically, in STP the hello is called Bridge Protocol Data Unit or BPDU which allows also the knowledge of how, which links, the switches are connected. The switches are finally made part of a single tree struct with shortest path available to each other basically to avoid loops. BPDUs are communicated between switches in same broadcast domain. It contains a switch's bridge ID. BPDU fields are described as

BPDUs are sent to all the ports which are not in blocking mode every 2 seconds; this 2 sec thing is controlled by Hello Timer. Switch with the lowest BID is Root Bridge. All the non-root bridge switches determine the shortest path to the root and the tree structure takes form. Classification of Ports depending upon the roles they play: 1. Root Port: That port of the switch which has a direct shortest path to the root bridge. Each switch
LAN Page 3

Classification of Ports depending upon the roles they play: 1. Root Port: That port of the switch which has a direct shortest path to the root bridge. Each switch except the root switch has one and only one root port. 2. Designated Port: The port on the switch which is in forwarding mode. Each network segment, except ofcourse the root bridge, must have one--and the only one. 3. Non-designated Port: the port which is in Blocking state. This isn't always needed though on a segment, but you can have one. BID is made up of switch priority and its MAC address. The complete BID looks like 32768.00c0.004c.3451, where 32768 is priority.

In order to figure out the root ports, you have to determine the path costs for each of the non root bridges. Or, each port in use has a path cost associated with it this path eventually leads to the root bridge. When path costs are same, port with the lower port ID becomes designated, e.g . Fa0/7 will become designated in place of fa0/8 or any higher one. Otherwise the one with lower cost is designated. It is always path cost, BID and port ID which are primary criteria to determine port state in a particular set-up. The root bridge must be fast enough to handle the traffic loads of all probable sizes. Setting priorities Manually: Switch1(config)#spanning-tree [vlan number | vlan list] priority value. Now the command implies that you can have different root switches for different VLANs. Needless to say, the switch must have that VLAN in its database. Here the role of VTP is critical as it tries to make sure that each switch have idea of VLANs configured. A backup switch might be desired in case of root going down--I mean do you want a scuffle between switches after daddy is dead? Simply assign a priority value next to present root bridge to the switch you want to be heir. Macros might be used quite frequently to configure IOS in place of a series of commands. Before putting a switch in the network ONE MUST CHECK THE SET PRIORITY, VTP STATUS, DOMAIN CONFIGURED, ETHERCHANNEL ETC. If ever you run a macro before putting a switch with lower priority in the network, the macro is negated because it WON'T RUN ITSELF AGAIN! Also, if a switch with priority 4096 is there, macro won't make primary of priority 0 because it just doesn't. STP timer settings: 1. hello timer, 2. forward delay; 3. max age. The timers signify how long it will take for the STP topology to converge from a change. The DIAMETER setting is a way for the STP to recalculate its timers using size of network as reference. It is the number of switches traffic has to travel through for reaching from one end of fabric to another; can be anything from 2 to 7. By default STP timers assume diameter to be 7. Configuring diameters is the best way set STP timers at once and the most reliably.

LAN Page 4