Cisco Switching Basics.

Bootcamp : GTP Lan-sw fundamentals
Roland Ducomble TAC Technical Leader CCIE 3745 rducombl@cisco.com August 2006
2004 Cisco Systems, Inc. All rights reserved.
Agenda
Ethernet /Autonegotiation / Bridging Introduction to Architecture/ Cat6k Overview CatOS / IOS Introduction VLANS / Trunking Some Additional IOS Caveats VTP Etherchannel SPAN RSPAN
LAN ATTT
802.3 Ethernet- CSMA/CD

Ready to transmit
New attempt
Wait according to backoff strategy (6)
Sense Channel Channel busy (1)

(3) Channel free for IFG (9.6us) (2)
Wait according to a random Binary Exponential Backoff (BEB) algorithm, and then try again. After 16 consecutive collisions,give up and discard the frame.
Transmit data and sense channel (4)
Collision detected
Transmit Jam Signal (5)
LAN ATTT
Half versus Full Duplex

Half Duplex
One station transmits, other listens. While transmitting, you do not receive, as no one else is transmitting. If you receive data on your RX pin WHILE youre in the process of transmitting that is considered a collision.
Full Duplex (standardized in 802.3x)

Transmit and receive at the same time. Transmit on the transmit pair, and receive on the receive pairs.
No collision detection, backoff, retry, etc

No CS, no MA, no CD. Only relationship to HD is frame format and encoding/signaling method.
LAN ATTT
Fast Ethernet
Uses original Ethernet MAC frame, but operates at 10 times the speed of regular Ethernet. Retains everything that original ethernet has, except the InterFrameGap. Decreased from 9.6s to 0.96s.
LAN ATTT
Gigabit Ethernet
Comes in 2 flavors 1000Base-T and 1000Base-X 1000Base-T Ethernet 1000Base-T scrambles each byte in the MAC frame to randomize the bit sequence before it is encoded using Forward Error Correction method. It is using the 4 wire pair. Each transmitted frame is encapsulated with start-of-stream and end-of-stream delimiters. 1000Base-T supports both half-duplex and full-duplex operation. Cisco only does full.
1000Base-X Ethernet
Transmission coding is based on the ANSI Fibre Channel 8B/10B encoding scheme. Each 8-bit data byte is mapped into a 10-bit code-group for bit-serial transmission
All three 1000Base-X versions support full-duplex binary transmission at 1250 Mbps over two strands of optical fiber or two STP copper wire-pairs All 1000Base-X physical layers support both half-duplex and full-duplex operation
LAN ATTT
Auto-negotiation Overview
Auto-negotiation is used on 10/100 M port to negotiate speed and duplex between two peers. Standard defined by IEEE : 802.1u
See for more info :

http://www.Cisco.com/warp/customer/473/3.html http://www.iol.unh.edu/training/fether/aneg/
LAN ATTT
Case 1 : Both partner are capable of doing auto-negotiation
LAN ATTT
Exchanging capabilities : The LCW

The two partners exchange their capabilities through the exchange of a LCW (link Code Word) in FLP (Fast link pulse) The LCW is a 16 bits word sent by each auto-negotiating partner to its peer containing its own capabilities Exchanged in 10baseT Pulse format The FLP is also used to detect the presence of a link
LAN ATTT
Exchanging capabilities : The LCW (cont.)
S0 to S4 tells the protocol (802.3 in most cases) A0 to A7 : capability (100 base TX FD, ) Ack bit : set on receipt of 3 consecutive and consistent LCW from peer RF bit : remote fault indication NP : next page bit
LAN ATTT
10
Exchanging capabilities : The LCW (cont.)
This one advertise all 4 capabilities :

100Base-TX Full Duplex 100Base-TX 10Base-T Full Duplex 10Base-T
LAN ATTT
11
Choosing speed and duplex

Once capabilities has been exchanged between the two peers, both peers choose the highest common denominator according the following ranking :
1.100Base-TX Full Duplex
2.100Base-T4
3.100Base-TX 4.10Base-T Full Duplex 5.10Base-T
LAN ATTT
12
Using the remote fault bit

FLP
FLP
A and B exchange FLP for auto-negotiation and because of a cable fault A never receive FLP from B and as such assume a fault and set the RF bit in the FLP it sends to B
Negotiation cannot be completed
LAN ATTT
13
Case 2: one of the partner do not do autonegotiation
LAN ATTT
14
Parallel detection
The Parallel Detection Function is an auto-negotiating device's means to establish links with non-negotiating, fixed speed devices. If an auto-negotiating device receives either 10BaseT or T4 Link Test Pulses or the idle stream of a TX device, it should do one of two things:
enable the link at the received pulse speed if it supports it
Or refuse to establish a link.
A device can never parallel detect to a full duplex link, however. Thus in parallel detection mode WE ARE ALWAYS IN HALFDUPLEX
LAN ATTT
15
Auto-negotiation summary
Config Peer 1 Config Peer 2 Auto 100 FD 100 FD 100 HD Auto Auto 100 FD Auto Result on Peer 1 100 FD 100 FD 100 FD 100 HD Result on Peer 2 100 FD 100 HD 100 FD 100 HD Comments Correct nego when both peer are capable of 100 FD DUPLEX MISMATCH Correct manual config
Link is established, but peer 2 does not see any auto-negotiation information from NIC and defaults to half-duplex. Link is established, but peer 2 will not see FLP and will default to 10 half-duplex.
10 HD 10 FD
Auto 100 FD
10 HD No link
10 HD No link
Mbps
SPEED MISMATCH
LAN ATTT
16
Auto-Negotiation
Upon initialization, each device transmits a 16-bit message (called a Fast Link Pulse Burst) to its link partner, which is used to negotiate:
Speed supported by partner;
Duplex mode supported by partner; Flow control support via MAC control pause frames; and It also can be used to indicate a fault and specify the type of fault.
The 16-bit negotiation message should be sent repeatedly until acknowledged by partner.
An acknowledgement should be sent after 3 consecutive messages confirming capabilities. Auto-negotiation signaling is independent of the signaling/encoding used for normal data.
LAN ATTT
17
Detecting a duplex mismatch

Full duplex means that the collision detection mechanism is disable and as such a FD devices will sent frame without listening to see if the media is free Symptoms of Duplex mismatch :
FCS errors Align errors Late collision (seen on HD side) Runts Excessive collision (seen on HD side)
LAN ATTT
18
Summary : 10/100 auto negotiation

use if possible :
Auto to auto Fix speed/duplex to Fix speed/duplex
Avoid :
Auto to Fix speed/duplex
LAN ATTT
19
Remote fault on 100baseFX

FEFI can provide same functionality on 100M fiber port (not supported on all line card though)
LAN ATTT
20
Gigabit flow control

When Gigabit flow control is enable a congested receiver can let know the transmitter the congestion by sending a PAUSE frame that result of the sender to stop transmission for a while. Defined in 802.3x
LAN ATTT
21
Gigabit auto-negotiation
Auto-negotiation in 1000baseX is different than in 10/100 What does auto-negotiation at gig speed :
Duplex negotiation
Remote fault detection

Flow control negotiation
Do not include speed negotiation.
LAN ATTT
22
Gigabit auto-negotiation
Exchange word in similar way as 10/100 nego Duplex and flow control info in the negotiation word depends on capability and config Once capability has been exchange, we decide on link settings Duplex : Full duplex is the priority regarding half duplex Flow control : PAUSE frame are enable in sending and/or receiving direction
LAN ATTT
23
Gigabit negotiation issue

Some devices do not support giga negotiation or only part of it In case of trouble to bring link up to different type of devices, worth to try disabling link negotiation
Note : GSR in old software do not support gig negotiation.
Nego needs to be enable on both side or the link or disable on both side of the link.
LAN ATTT
24
Review
What is the result of PC 10/100 NIC auto sensing to a switch port fix in 100M full Duplex ? What is the result of connecting to 1000 base-X devices where one side negotiate and the other has negotiation disable If Gig nego is disable on both side of a connection, what will happen is I unplug Rx Strand of fiber on one side ?
LAN ATTT
25
Ethernet Frame Types (1)

Generic Name Cisco Name (switch) ARPA (EII) Novell Name
Type
DA SA(>1500)
Data
FCS
Ethernet Version II (DIX)
Ethernet_II
1972: Work began on the original version of Ethernet, Ethernet Version 1, at the Xerox Palo Alto Research Center. 1980: Ethernet Version 1 was released in 1980 by a consortium of companies consisting of DEC, Intel, and Xerox. 1980: IEEE meetings on Ethernet began. 1982: DIX (DEC/Intel/Xerox) consortium releases Version II Ethernet
LAN ATTT
26

Type
DA SA(>1500)
Data
FCS
Ethernet_II
DA SA
FF-FF Length all 1s (2 byte)
Data
FCS
802.3Raw Novell_ Ethernet_802.3 (Novell Raw) Ether (802.3raw)
One year later
1983: Novell NetWare '86 was released with a proprietary frame format based on a preliminary release of the 802.3 specification.
LAN ATTT
27

Type
DA SA(>1500)
Data
FCS
Ethernet_II
DA SA
Data
FCS
DA SA Length
DSAP SSAP Control (1) (1) (1)
Data
FCS
802.3 w/ 802.2 LLC Header
SAP (8023)
Ethernet_802.2
Two years after that
1985: Final version of the 802.3 specification was released.

Final version of 802.3 has been modified to include the 802.2 LLC header, making NetWare's proprietary format incompatible.
LAN ATTT
28

Type
DA SA(>1500)
Data
FCS
Ethernet_II
DA SA
Data
FCS
DA SA Length
DSAP SSAP Control (1) (1) (1)
Data
FCS
802.3 w/ 802.2 LLC Header
SAP (8023)
Ethernet_802.2
DA SA
DSAP SSAPControl OUI Type AA 03 (3) (2) Length AA (1) (1) (1)
Data
FCS
SNAP
SNAP (snap)
Ethernet_SNAP
Finally, the 802.3 SNAP format was created to address backwards compatibility issues between Version 2 and 802.3 Ethernet.
LAN ATTT
29
Hub to Bridge to Switch
Hub
LAN ATTT
30
Hub
LAN ATTT
31

Rpt Hub
What is a Collision Domain? What is a Broadcast Domain? How many of each do we have here?
LAN ATTT
32

Rpt Hub
1 collision domain 1- broadcast domain
LAN ATTT
33

Rpt Hub
How does the addition of switches affect collision domains?
LAN ATTT
34

Rpt Hub
2 collision domains 1 - broadcast domain
LAN ATTT
35

Rpt Hub
Floor #3
Floor #2
Floor #1
LAN ATTT
36

Rpt Hub
Floor #3
How many collision domains? How many broadcast domains?
Floor #2
Floor #1
LAN ATTT
37

Rpt Hub
Floor #3
6 collision domains 3- broadcast domains
Floor #2
Floor #1
LAN ATTT
38

Rpt Hub
Floor #3
Half-Duplex
Floor #2
Half-Duplex
Floor #1
LAN ATTT
39

Rpt Hub
Floor #3
How many collision domains? How many broadcast domains?
Floor #2
Floor #1
LAN ATTT
40

Rpt Hub
Floor #3
8 collision domains 1- broadcast domain
Floor #2
Floor #1
LAN ATTT
41
Bridge Functionality
Segment
Port E0
Port E1
Segment
Four major functions: Learning MAC addresses; Forwarding/filtering frames; Forwarding broadcasts; and Loop avoidance - Spanning Tree
LAN ATTT
42
Address Learning MAC Address Table

Pre DA SA Type Data FCS
A1
0260.8c01.1111
B1
Port E0
Port E1
0260.8c01.3333
A2
0260.8c01.2222
Por t E2
C1 C2
0260.8c01.6666
B2
0260.8c01.4444
0260.8c01.5555
Source MAC address is associated with NIC Addresses are learned from SA field of ethernet frame.
Independent of Destination- Unicast or Broadcast

LAN ATTT
43

A1
0260.8c01.1111
B1
Port E0
Port E1
0260.8c01.3333
A2
0260.8c01.2222
Por t E2
C1 C2
0260.8c01.6666
B2
0260.8c01.4444
0260.8c01.5555
LAN ATTT
44

E0: 0260.8c01.1111
A1
0260.8c01.1111
B1
Port E0
Port E1
0260.8c01.3333
A2
0260.8c01.2222
Por t E2
C1 C2
0260.8c01.6666
B2
0260.8c01.4444
0260.8c01.5555
LAN ATTT
45

E0: 0260.8c01.1111
A1
0260.8c01.1111
B1
Port E0
Port E1
0260.8c01.3333
A2
0260.8c01.2222
Por t E2
C1 C2
0260.8c01.6666
B2
0260.8c01.4444
0260.8c01.5555
LAN ATTT
46

E0: 0260.8c01.1111 E0: 0260.8c01.2222
A1
0260.8c01.1111
B1
Port E0
Port E1
0260.8c01.3333
A2
0260.8c01.2222
Por t E2
C1 C2
0260.8c01.6666
B2
0260.8c01.4444
0260.8c01.5555
LAN ATTT
47

A1
0260.8c01.1111
E0: E0: E1: E1: E2: E2:
0260.8c01.1111 0260.8c01.2222 0260.8c01.3333 0260.8c01.4444 0260.8c01.5555 0260.8c01.6666
B1
0260.8c01.3333
Port E0
Port E1
A2
0260.8c01.2222
Por t E2
C1 C2
0260.8c01.6666
B2
0260.8c01.4444
0260.8c01.5555
LAN ATTT
48
Frame Forwarding
MAC Address Table E0: E0: E1: E1: E2: E2: 0260.8c01.1111 0260.8c01.2222 0260.8c01.3333 0260.8c01.4444 0260.8c01.5555 0260.8c01.6666
A1
0260.8c01.1111
B1
0260.8c01.3333
E0
E1
E2
A2
0260.8c01.2222
B2
0260.8c01.4444
C1
C2
0260.8c01.6666
0260.8c01.5555
A1 sends a frame to B2. Forwarded. Occurs when destination is known.

LAN ATTT
49
Frame Filtering
A1
0260.8c01.1111
B1
0260.8c01.3333
E0
A2
0260.8c01.2222
E1
X
C1
0260.8c01.5555
E2
B2
0260.8c01.4444
C2
0260.8c01.6666
A1 sends a frame to A2 which is filtered.

Collisions on segment A do not affect segments B or C. Thus, they are separate collision domains.
LAN ATTT
50
Handling Broadcasts
A1
0260.8c01.1111
B1
0260.8c01.3333
E0
E1
E2
A2
0260.8c01.2222
B2
0260.8c01.4444
C1
C2
0260.8c01.6666
0260.8c01.5555
A1 sends out a broadcast which is forwarded.

Thus, there is a single broadcast domain.
LAN ATTT
51
Agenda
Ethernet / Bridging
Introduction to Architecture/ Cat6k Overview CatOS / IOS Introduction VLANS / Trunking
Some Additional IOS Caveats

VTP Etherchannel
LAN ATTT
52
Address Learning
What are the elements that actually accomplish address learning?
EARL = Enhanced Address Recognition Logic
The EARL is the logic that maintains the MAC address table just like any learning bridge. The table where these addresses are stored is referred to as the CAM (content-addressable memory) because it is hashed by MAC address. Each entry is a MAC address, port association (based on SA), and VLAN ID.
LAN ATTT
53
CAM Table
The EARL consults the CAM table for a MAC corresponding to the destination address (DA) of each frame, to determine the egress port(s). DAs that are not already known are flooded to all ports in the same VLAN as the inbound frame. Entries are added by the source address (SA) of the frame. By default, entries will age out at 300 seconds.
LAN ATTT
54
Architecture A Couple of Quick Points

Three Cat5ks and 6Ks share the same basic buses:
Data Switching Bus, Management Bus and Index/Results Bus.
LAN ATTT
55
Architecture A Couple of Quick Points
The Switching/Data Bus (usually called Dbus): Catalyst 5000/5500: Dbus has a data transfer rate of 1.2 Gbps. The 5500 series has 3-1.2 Gb buses. Catalyst 6000/6500: Dbus has a data transfer rate of 16-Gbps.
A bus access arbitration scheme is implemented on the supervisor engine, and all line modules and the supervisor have equal access to the switching bus. The Management Bus: Carries configuration information from the NMP to each module and statistical information from each module to the NMP, using SCP. Also called MBUS or EOBC (Ethernet Out Of Band Channel). The Results/Index Bus: Carries port-select (LTL, CBL, etc.) information from the central EARL to the ports. This information determines which ports forward the packet and which flush it from the buffer. It is also called RBUS.
LAN ATTT
56
Catalyst 6K What does it LOOK like?- Chassis

Chassis
6509-NEB 6509
6513 6506
6503
LAN ATTT
57
What does it LOOK like? - Supervisor

Supervisor
Sup1 Sup1A Sup2 Sup720 (Sup-3)
Routing-Engines
MSFC MSFC2 MSFC3
Switching-Engines
Cafe2 PFC PFC2 PFC3
LAN ATTT
58
What does it LOOK like? - Linecards

Linecard
15 FastEthernet / Ethernet 7 GigEthernet 2 10GigEthernet 17 WAN 2 ATM 11 Special
LAN ATTT
59
What does it LOOK like? Daughter Cards

Linecard daughter cards
LAN ATTT
60

LAN ATTT
61

LAN ATTT
62
Agenda
Ethernet / Bridging

VTP Etherchannel
LAN ATTT
63
Cat OS versus IOS?? (1)

1994 Cisco acquires Kalpana, a leading provider of Ethernet switches worldwide. Cisco gains the Catalyst 5000 and a whole new operating system and command lineCatalyst OS. Cisco customers must now learn two CLIs: IOS on routers and CatOS on switches
LAN ATTT
64
Catos
Pure L2 software (only L2 functionality no routing) One ip address at a time used for management No config mode or anything like that Config done per set command Verification done per show command Sh tech supported
Debug per set trace xx command (cautious)
LAN ATTT
65
IOS
More and more widespread for most of the new catalyst Allow configuring L2 feature (Catos like feature) And L3 feature (like pure ios on routers) A port can be a L2 port or an L3 Port (on some catalyst)
LAN ATTT
66
Cat6500 Cases
Cat 6500 is composed of a supervisor (called SP or PFC) and a routing engine (called MSFC) MSFC is daughter on supervisor (not user visible and no separate console) Two software option :
Hybrid : CatOS on sup and IOS on MSFC 2 config files, 2 separate software
Native: Unique bundled IOS image running on both sup and MSFC unique IOS file and unique config file.
LAN ATTT
67
Cat OS versus IOS?? (2)

Comparing and Contrasting
IOS Two config files (running-config and startup-config). Must manually save changes from running to startup or changes are lost. Cat OS
One config file.

Changes to config saved automatically. Only two modes of operation, EXEC and Privileged EXEC. Designed primarily for Layer-2, switching operations. Ports are enabled by default.
Multiple modes of operation (EXEC, Privileged EXEC, Global Config, Interface Config, etc).
Designed primarily for Layer-3, routing operations. Ports are disabled by default. Must issue no shut command. Command syntax varies.
LAN ATTT
Virtually all config commands begin with set (i.e. set vlan 99).
68
IOS on Switches (1)

Catalyst 5000 is the first switch to offer integrated routing capability with the RSM (Route Switch Module).
Now a single chassis had TWO operating systems:

Supervisor runs CatOS for switching functions; and RSM runs IOS for routing functions.
LAN ATTT
69
IOS on Switches (2)

This trend (CatOS and IOS BOTH on the same box) continued for a few years:
Catalyst 5000 Route Switch Feature Card (RSFC)
Catalyst 6000 Multilayer Switching Module (MSM)

Catalyst 6000 Multilayer Switching Feature Card (MSFC)
Customers become tired of shuffling back and forth between two operating systems.
There is a big push to get rid of CatOS and make everything IOS.
LAN ATTT
70
IOS on Switches (3)

A new, specialized version of IOS, capable of doing routing AND switching, is built. Now almost ALL Cisco switches run IOS, and CatOS is virtually extinct.
With IOS on a switch, all the same IOS rules apply.

There are 2 configuration files (startup-config and running-config). Running-config must be manually saved to startup-config using the write memory command. There are no more set commands.
What DOES still run CatOS?

Catalyst 5000 platform (EOLno longer sold); Catalyst 6000 when running in Hybrid; and Catalyst 4000/4500 with Supervisor-1 or Supervisor-2.
LAN ATTT
71
Agenda
Ethernet / Bridging

VTP Etherchannel
LAN ATTT
72

Rpt Hub
Floor #3
8 Collision Domains 1- Broadcast Domain
Floor #2
Floor #1
LAN ATTT
73

Rpt Hub
Floor #3
What if I wanted each floor to be in its own, unique broadcast domain?
Floor #2
Floor #1
LAN ATTT
74
Hub to Bridge to Router

A3 A2 A1 A1, A2 A3, A4 A4
Floor #3
Bridge A
B2 B1 B1, B2
One way to do itseparate each floor using a router.

B3, B4 Bridge B
B3 B4
Floor #2
C3 C2 C1 C1, C2 C3, C4 Bridge C C4
Floor #1
LAN ATTT
75

A3 A2 A1 A1, A2 A3, A4 A4
Floor #3
Bridge A
B2 B1 B1, B2
But whats the downside?
B3 B4
B3, B4 Bridge B
Floor #2
Floor #1
LAN ATTT
76

A3 A2 A1 A1, A2 A3, A4 A4
Floor #3 1.
B2 B1 B1, B2
Bridge A
Each floor needs its own switch Router interfaces are expensive
B3, B4 Bridge B
B3 B4
2.
Floor #2
Floor #1
LAN ATTT
77
The SolutionVLANs!!
VLAN = Method of micro-segmenting an L2 / L3 topology. Each VLAN is a separate broadcast domain. Any port on a Catalyst switch can be in any VLAN. Inter-VLAN communication requires a L3 routing device.
VLANs may span multiple switches.

LAN ATTT
78
Any VLAN on Any Port
Blue = VLAN10 Red = VLAN 20 Green = VLAN 30
LAN ATTT
79
VLAN Tagging
FCS is checked on a frame at the ingress port. If the FCS is good, the VLAN id tag is added to the frame before it is placed on the switching bus. VLAN belonging to this port. Port ID of this port. The tag is removed at the egress port(s).
LAN ATTT
80
VLAN Configuration (Cat OS)

To add VLAN set vlan <vlan id> <mod/port> To remove VLAN clear vlan <vlan id> To view configured VLANs show vlan
LAN ATTT
81
VLAN Configuration ( Cat IOS )

The old way The new way
Enter vlan database 3524XL#vlan database Must be in server mode 3524XL(vlan)#vtp server Add vlan 3524XL(vlan)#vlan 2 Remove vlan 3524XL(vlan)#no vlan 2 Enter Global Config 4500#config t Must be in server mode 4500(config)#vtp server Add vlan 4500(config)#vlan 2 Remove vlan 4500(config)#no vlan 2
Still required on XL series switches.

LAN ATTT
82
VLAN Caveats
What happens if I delete a VLANand there are still ports assigned to that VLAN?
LAN ATTT
83
VLAN Caveats
Creating VLAN 60 and assigning it to port 3/21.
LAN ATTT
84
VLAN Caveats
Verifying
LAN ATTT
85
VLAN Caveats
Now I delete the VLANwithout first moving the port to an alternate VLAN.
LAN ATTT
86
VLAN Caveats
So whats the status now of port 3/21?? Deactivated!!
LAN ATTT
87
Linking Different Switches

I have several departments that span more than one building. Each department has their own VLAN. How can I connect the buildings and maintain the broadcast domains?
Building 1
LAN ATTT
Building 2
88
Building 1
Building 2
LAN ATTT
89
Building 1
Building 2
LAN ATTT
90
Building 1 Question: What is the design problem with this method?

LAN ATTT
Building 2
91
Building 1 Answer: Too many ports are used just for switch-to-switch connections!
LAN ATTT
Building 2
92
Trunking to the Rescue
LAN ATTT
93
Problem: How do you identify which frame belongs to which VLAN if all VLANs are carried in a single link?
LAN ATTT
94
Answer: Well tag each frame

placed on the trunk with the VLAN it belongs to. Trunking encapsulation will do this for us.
LAN ATTT
95
Trunking Methods
There are two trunking protocols. ISL = Cisco proprietary 802.1q = IEEE specification Trunking status can be negotiated on a link.
Trunking is also supported on some routers.

Some NIC vendors support trunking.
LAN ATTT
96
ISL Overview
All frames are encapsulated. Adds 26 byte ISL header and 4 byte CRC to ethernet frame. VLAN ID is carried in ISL header. ISL is sent as a giant, MAC-layer multicast: (01-00-0C-CC-CCCC ether type 2004).
LAN ATTT
97
ISL Frame Tagging

External Tagging Frame is encapsulated with the tag Frame is not altered (New FCS)
DA SA
Type/ Length
Data
FCS
TAG
DA SA
Type/ Length
Data
FCS
FCS
(e.g. ISL Header)
LAN ATTT
98
IEEE 802.1q Overview

All frames are encapsulated except the native VLAN (covered later). A TAG is inserted into the frame, which extends maximum frame size to 1522 bytes from 1518 bytes. The FCS is recomputed for the entire frame after the tag is inserted.
This assumes that there is only one instance of spanning tree.
LAN ATTT
99
802.1q Frame Tagging

Internal Tagging Tag is inside the frame Frame is altered (FCS recalculated)
DA SA
Type/ Length
Data
Type/ Length
FCS
DA
SA
TAG
Data
FCS
(802.1Q Tag)
LAN ATTT
100
802.1q Frame Format

DA SA Type/Len Data FCS
DA
SA
TAG 4 Bytes
Type/Len
Data
FCS
EtherType 2 Bytes Value = 0x8100
PRI 3bits 1bit 0-7 0-1
VLAN ID 12bits 0 - 4095
Token-Ring Encapsulation Flag

LAN ATTT
101
What is the Native VLAN?

VLAN trunks (either ISL or 802.1q) carry traffic from all VLANs by default. Switches and routers need to send certain management frames to each other, such as: CDP VTP DTP If a switch has 300 VLANs, does it really need to send 300 CDP packets every minute (one per VLAN)? No. So if were only going to send one CDP packet, which VLAN will send that frame? VLAN 1 VLAN 1 is the Native VLAN (by default) This can be changed via configuration. Native VLAN must always match on both sides of the trunk.
LAN ATTT
102
ISL and dot1q Frame format

Layer 2 ISL
ISL Header 26 Bytes Encapsulated Frame 124.5 Kbytes FCS 4 Bytes
Layer 2 802.1Q/p
PREAM. SFD DA SA TAG Type 4 Bytes Len DATA FCS
CoS
TPID 0x8100
16bits
VLAN ID 0-4095
12bits
CFI
3bits 1bit
LAN ATTT
103
ISL against dot1q

Cisco proprietary Encapsulation One spanning tree per Vlan on each trunk. All Vlan encapsulated. 30 bytes overhead per frame
IEEE standard Internal Tag One SPT only per dot1q trunk per standard. Native Vlan is NOT tagged(unless dot1q-all-tagged is configured). 4 bytes overhead only per frame
LAN ATTT
104
DTP Feature
Dynamic negotiation of trunking mode :
To trunk or not ? Trunk ISL or trunk dot1q ? (ISL preferred)
DTP
supports on, off, auto, desirable, nonegotiate
DTP
Want to trunk? 802.1q or ISL? I am ISL -auto.
DTP
LAN ATTT
105
Trunking Configuration (Cat OS)
Syntax: set trunk <mod_num/port_num> [on|off|desirable|auto|nonegotiate] [vlans] [trunk_type] (vlans = 1..1005 An example of vlans is 2-10,1005)(trunk_type = isl,dot1q,dot10,lane,negotiate) Example: set trunk 1/1 desirable dot1q On Trunk is manually on regardless of what the other side can/cannot do. DTP frames sent. Off Trunk is manually turned off, regardless of possible receipt of DTP frames from remote end of link. Auto Trunk is in a passive state waiting for receipt of DTP frames. Will not originate DTP frames. Desirable Port wishes to become trunk. Will source/originate DTP frames to remote port. Nonegotiate - Trunk is manually on regardless of what the other side can/cannot do. DTP frames NOT sent.
LAN ATTT
106
Trunking Configuration (Cat IOS)

Syntax: Switch#config t Switch(config)#int fa0/1 Switch(config-if)# switchport Switch(config-if)# switchport trunk encapsulation isl Switch(config-if)# switchport mode trunk or Switch(config-if)# switchport mode dynamic desirable or Switch(config-if)# switchport mode dynamic auto Switch(config-if)# switchport trunk native 2
Or dot1q
LAN ATTT
Optional to change the Native VLAN

107
Trunking on the Router Configuration (IOS)

Syntax:
Router#conf t Router(config)#int fa5/0/0.1 Router(config-subif)#encapsulation isl 1 Router(config)#int fa5/0/0.2 Router(config-subif)# ip address 2.2.2.2 255.0.0.0 Router(config-subif)#encapsulation isl 2 Router(config)# int fa5/0/0.3 Router(config-subif)# ip address 3.3.3.3 255.0.0.0 Router(config-subif)#encapsulation isl 3
No IP address configuredassuming no users on VLAN 1
LAN ATTT
108
Native VLAN
Native VLAN is the VLAN a port would be assigned to if it was not participating in a trunk In 802.1q, frames in the native VLAN are not tagged at all by default Native VLAN on each end of a trunk MUST match for correct operation
LAN ATTT
109
Pruning VLANs
By default a trunk allow all Vlan from 1 to 4096 You can prune some Vlan manually which means that you will disallow some Vlan on the trunk
When new vlan are added, pay attention to allow them on the trunks.
LAN ATTT
110
Pruning VLAN : 2 methods

1. Manual Pruning (best) 2. VTP pruning (to avoid) : automatic pruning relying on VTP message. Quiet complex and do not remove port from spanning-tree instance just reduce size of broadcast domain Exception : With Spanning-Tree MST manual pruning is risky VTP pruning might be an option
LAN ATTT
111
DTP and VTP

DTP sends the VTP domain name in a DTP packet. Therefore, if you have two ends of a link belonging to a different VTP domain, the trunk will not come up if you are using DTP. In this special case, you need to configure the trunk mode as "on or nonegotiate, on both sides, to prevent DTP from running.
LAN ATTT
112
DTP and spanning tree

Note that a port will only starts the SPT transition when the DTP negotiation is over.
LAN ATTT
113
Trunking on CatOS based switch

Cat4k based : 4003,4006,2948G,4912G,2980G
only support dot1q (Hw limitation)
Cat5k based : 2901,2902,2926,5002,5000,5500,5505,5509

Support both ISL and dot1q (depends on the line card)
Use sh port capa to know capabilities of the port
Cat6k based
Supports both isl and dot1q on all port
LAN ATTT
114
Trunking verification on CatOS

Taras> (enable) sh trunk * - indicates vtp domain mismatch Port Mode Encapsulation -------- ----------- ------------4/3 auto n-isl Port -------4/3 Port -------4/3
Status -----------trunking
Native vlan ----------1
Vlans allowed on trunk -------------------------------------------------1-1005 Vlans allowed and active in management domain --------------------------------------------------1-2,101-109,151-152,500,999-1000
Port Vlans in spanning tree forwarding state and not pruned -------- -----------------------------------------------------4/3 1-2,101-109,151-152,500,999-1000 Taras> (enable)
LAN ATTT
115
Trunking on the IOS based switches

Interface mode :
Switchport mode trunk Switchport encapsulation .
Sh interface [fa|gig] x/x switchport XL family switches do not support DTP 2950 only support dot1q and DTP 3550/3750/4k sup3/sup4 and 6k native do support both isl and dot1q and they supports DTP
LAN ATTT
116
Trunking verification on XL switches
Brush#sh int gig 0/1 switchport Name: Gi0/1 Switchport: Enabled Administrative mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))

Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: 1-3,1002-1005 Trunking VLANs Active: 1 Pruning VLANs Enabled: 2-1001
LAN ATTT
117
Trunking on IOS router

Do not support DTP Done per sub-interface ISL supported for ages (11.1 in enterprise, 11.2 in IP plus)
Dot1q supported in 12.0(T)

Native vlan configured on the main interface
Dot1q bridging in 12.1(3)T

Possibility to configure native vlan on sub interface with : encapsulation dot1q x native
LAN ATTT
118
Sample config of a trunk in ios

interface GigabitEthernet1/2 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10-199,222,4000 switchport mode trunk no ip address
LAN ATTT
119
Sample config of a trunk in ios

Crank#sh int gig 1/2 trunk Port Gi1/2 Mode on Encapsulation 802.1q Status trunking Native vlan 1
Port Gi1/2 Port Gi1/2 Port Gi1/2
Vlans allowed on trunk 1,10-199,222,4000 Vlans allowed and active in management domain 1,10-11,100-102,155,161,166,171-173,198-199,222,4000 Vlans in spanning tree forwarding state and not pruned 1,10-11,100-102,155,161,166,171-173,198-199,222,4000
LAN ATTT
120
Trunking summary
In case of trunk problem or connectivity problem get on both side :
Sh trunk (or sh int x/x switchport)
Sh spant x/x (or sh spanning int x/x)

Sh config
LAN ATTT
121
Agenda
Ethernet / Bridging

VTP Etherchannel
LAN ATTT
122
Port Type Basics

Access: L2 Ports (single vlan)
LAN ATTT
123
Port Type Basics

How do you configure an access L2 Port (single VLAN)?
Cat4k# conf t Enter configuration commands, one per line. End with CNTL/Z.
LAN ATTT
124
Port Type Basics

Cat4k# conf t Enter configuration commands, one per line. End with CNTL/Z. Cat4k(config)# interface fastethernet 3/1
LAN ATTT
125
Port Type Basics

Cat4k# conf t Enter configuration commands, one per line. End with CNTL/Z. Cat4k(config)# interface fastethernet 3/1 Cat4k(config-if)# switchport
Different defaults per IOS version. Dynamic Auto Dynamic Desirable
LAN ATTT
126
Port Type Basics

Cat4k# conf t Enter configuration commands, one per line. End with CNTL/Z. Cat4k(config)# interface fastethernet 3/1 Cat4k(config-if)# switchport Cat4k(config-if)# switchport mode access
Forces the port to be a switchport. Will not send, or respond to, DTP. In VLAN 1 by default
LAN ATTT
127
Port Type Basics

Cat4k# conf t Enter configuration commands, one per line. End with CNTL/Z. Cat4k(config)# interface fastethernet 3/1 Cat4k(config-if)# switchport Cat4k(config-if)# switchport mode access Cat4k(config-if)# switchport access vlan 2 Cat4k(config-if)# end Cat4k#
LAN ATTT
128
Configuration Task
Pause the presentation now and do the following on your ownon a piece of paper: You are on a switch at the following prompt:
Router > Catalyst IOS Switch
Write down the commands (using only Catalyst IOS) to:

Create VLAN 55. Assign VLAN 55 to interface fastethernet 3/1.
Ensure fastethernet 3/1 does NOT become a trunk.
Move on to the next slide when you think you have the answer.
LAN ATTT
129
Configuration Task (Catalyst IOS)

Pause this slide to review your answer.
Router> enable
you must first type enable
Router# configure terminal Router (config)# vlan 55 this creates the VLAN Router (config-vlan)# exit Router(config)# interface fastethernet 3/1 Router (config-if)# switchport this ensures the port is a Layer-2 switching port
Router(config-if)# switchport mode access this ensures that the port will NOT become a trunk
Router (config-if)# switchport access vlan 55 port is now in VLAN 55 Router (config-if)# no shut
LAN ATTT
130
Port Type Basics

Access: L2 Ports (single VLAN) Trunk: L2 ports (multiple VLANs)
LAN ATTT
131
Port Type Basics

Access: L2 Ports (single VLAN) Trunk: L2 ports (multiple VLANs) Routed: L3 ports
Direct interface like in any router today.
int Fasteth 0/0

ip address 1.1.1.1 255.0.0.0 no shut int Fasteth 7/1 no switchport
ip address 1.1.1.2 255.0.0.0

no shut
LAN ATTT
132
Port Type Basics

Access: L2 Ports (single VLAN) Trunk: L2 ports (multiple VLANs)
Routed: L3 ports
Direct interface as in any router today. sub-interface support on 6500 sup720 Whats the Default? Depends on platform. On Cat6ks with Native IOS, ports are routed and shutdown like IOS. CAT can have a mixture of above ports configured in one box (should we call it interfaces?).
LAN ATTT
133
Port Type
Hybrid model: Router has only logical int. Cosmos handles both logical and physical. SVI (logical int) created with int vlan command. If underlying !=L2 then SVI down. Bridge-groups supported but no BVIno needuse CAT.
SVIs are optional; you can route to VLAN N, but not to VLAN 3 in this case
Layer 3/SW Bridging (in Software/Hardware)

SVI SVI
Router
SVI
Layer 2/VLANs (in Hardware)
VLAN 1
VLAN 2
VLAN 3
VLAN N
Physical Ports
Port 1 Port 2 Port 3 Port 4
Port 5 Access Port in VLAN3
Port M
Access Port in VLAN1

LAN ATTT
Trunk Port
Access Port in VLAN2
Routed Port
Routed Port
Port Types: L2: - Access - Trunk L3: - Routed - VLAN
134
Configuration Task
Pause the presentation now and do the following on your ownon a piece of paper: You are on an IOS-based switch at the following prompts:
Router > Write down the command(s) (using only Catalyst IOS) to: Configure interface Fastethernet 5/6 as a desirable 802.1q trunk.
The switch contains NO passwords. Move on to the next slide when you think you have the answer
LAN ATTT
135
Configuration Task (Catalyst IOS)

Pause this slide to review your answer.
Router> enable
you must first type enable
Router# configure terminal Router(config)# interface fastethernet 5/6 Router (config-if)# switchport this ensures the port is a Layer-2 switching port Router(config-if)# switchport trunk encapsulation dot1q you must configure the trunking
encapsulation BEFORE you configure the trunking mode.
Router (config-if)# switchport mode dynamic desirable
Router (config-if)# no shut
LAN ATTT
136
What is a Switched Virtual Interface (SVI)?

PCs need default gateways (routers) to reach external networks. Typically, if a router was used, the IP address configured on that routers Ethernet interface would serve as the default gateway.
Router# config t Router(config)# interface fastethernet 0/0
Default gateway address for hosts
Router(config-if)# ip address 1.1.1.1 255.0.0.0
With Layer-3 switches (Cat6k, 3550, 4500, etc) you place the IP address on an SVI (Switched Virtual Interface) to have the same effect:
SVI Cat6k# config t Cat6k(config)# interface vlan 1 Cat6k(config-if)# ip address 1.1.1.1 255.0.0.0
Default gateway address for hosts in VLAN 1
LAN ATTT
137
What is an SVI? (1)

PCs need default gateways (routers) to reach external networks. Typically, if a router is used, the IP address configured on that routers Ethernet interface servers as the default gateway.
Router# config Router(config)# interface fastethernet 0/0 Router(config-if)# ip address 2.2.2.2 255.0.0.0 Router(config-if)# no shut Router(config-if)# exit Router(config)# Router(config)# interface fastethernet 0/1 Router(config-if)# ip address 3.3.3.2 255.0.0.0 Router(config-if)# no shut
Fa 0/0 2.2.2.2 /8 VLAN 2
Fa 0/1 3.3.3.2 /8 VLAN 3
Vlan-2
Vlan-3
2.2.2.1 /8
3.3.3.1 /8
LAN ATTT
138
What is an SVI? (2)

With Layer 3 switches (Cat6k, 3550, 4500, etc) the IP address is placed on an SVI to have the same effect:
MSFC
Cat6k# config t Cat6k(config)# interface vlan 2 Cat6k(config-if)# ip address 2.2.2.2 255.0.0.0 Cat6k(config)# interface vlan 3 Cat6k(config-if)# ip address 3.3.3.2 255.0.0.0
2.2.2.1 /8
3.3.3.1 /8
LAN ATTT
139
Interface Rangea useful Command

Interface range - up to 5 ranges at once
Cosmos(config)#interface range GigabitEthernet 1/1 2 , FastEthernet 4/1 - 24 Cosmos(config-if)# switchport Cosmos(config-if)# switchport mode access Cosmos(config-if)# switchport access vlan 25 Cosmos(config-if)# no shut
NOTE: A space is required before and after all hyphens and commas.
LAN ATTT
140
Review
What kind of interface can we have an a sup720 running native ?
Switchport :
L2 Trunk
L2 access No switchport : Main interface Subinterface SVI Portchannel either L2 trunk, L2 access, L3 main or L3 subinterface !!!
LAN ATTT
141
Review : is it a valid config ?

Interface gig 1/1 Switchport Switchport trunk encaps dot1q Switchport mode trunk
Int gig 2/1 Switchport Ip address 1.1.1.1 255.255.255.0 Int gig 3/1 No switchport Ip address 2.2.2.2 255.255.255.0 Can we route with that config between a frame in vlan 3 incoming ongig 1/1 towards a port 3/1 ? Can we route with that config between a frame in vlan 3 incoming ongig 1/1 towards a port 2/1 ?
LAN ATTT
142
Can we route a packet incoming from 3/1 with source ip 2.2.2.10 towards a destination in vlan 4 ?
Interface gig 1/1 Switchport Switchport trunk encaps dot1q Switchport trunk allowed vlan 2,3,4 Switchport mode trunk
Int gig 2/1 Switchport Switchport mode access Switchport access vlan 3 Int gig 3/1 No switchport Ip address 2.2.2.2 255.255.255.0 Int vlan 3 Ip address 3.3.3.1 255.255.255.0
LAN ATTT
143
Is it a valid config ?
Int gig 1/1.1 Encapsulation dot1q 3 Ip address 3.3.3.1 255.255.255.0 Int vlan 3
Ip address 1.1.1.1 255.255.255.0
LAN ATTT
144
Agenda
Ethernet / Bridging Introduction to Architecture/ Cat6k Overview CatOS / IOS Introduction VLANS / Trunking Some Additional IOS Caveats VTP
Etherchannel
LAN ATTT
145
VLAN Trunking Protocol (VTP)

The purpose of VTP is to ease the VLAN administration of a large number of switches. Its primary function is to carry VLAN information to all switches within VTP domain. VTP can also be used to make intelligent decisions about VLAN pruning.
LAN ATTT
146
VTP
VTP is Cisco proprietary. It is managed through layer 2 multicast packets. It only works over established trunks (cant do through a router). VTP packet only goes over vlan 1 on trunk
LAN ATTT
147
VTP Domains
VTP domain is empty by default (no name configured). A VTP domain must be configured before VLANs can be created on a switch.
CatOS: set vtp domain {name} *case sensitive, must be exact Catalyst IOS: Switch# config t Switch(config)# vtp domain {name} *case sensitive, must be exact
LAN ATTT
148
VTP Modes (Server)

Server Default on all switches.
Manual adding/clearing of VLANs allowed.

Generates VTP messages upon each change.
LAN ATTT
149
VTP Modes (Client)

Client
Must be manually configured.
NO manual adding/clearing of VLANs allowed.

Responds to VTP messages sent from servers.
LAN ATTT
150
VTP Modes (Transparent)

Transparent
Must be manually configured.
Manual adding/clearing of VLANs allowed.

Will not respond to VTP messages sent from servers. Will not generate VTP messages of its own. Transparently passes VTP messages between servers and clients.
LAN ATTT
151
VTP Configuring VTP Modes

Define VTP mode in Catalyst OS
set vtp mode {client|server|transparent}
Define VTP mode in Catalyst IOS

Switch# config t Switch(config)# vtp mode {client|server|transparent}
LAN ATTT
152
VTP - VLAN Trunking Protocol

VTP Server VTP Client
VTP Transparent
ISL
ISL
HeyI have some VLANs you should know about!
VTP Client
VTP information is distributed throughout the network
LAN ATTT
153

VTP Transparent
ISL
ISL
Great! Now I can add those new VLANs and Ill also pass them on!
VTP Client
LAN ATTT
154

VTP Transparent I could care less. But Ill pass them on anyway.
ISL
ISL
VTP Client
LAN ATTT
155

VTP Transparent I could care less. But Ill pass them on anyway.
ISL
ISL
VTP Client
Thanks! Now I can add those new VLANs!
LAN ATTT
156
VTP Configuration Revision Number

The configuration revision number is a 32 bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number assigned to it, and most of the VTP packets contain the VTP configuration revision number of the sender. This information is used to determine whether the received information is more recent than the current version. Each time you make a VLAN change in a VTP device, the configuration revision is incremented by one.
If a switch receives a VTP packet with a configuration revision that is higher than its own, stored, number, the action specified in that packet is acted upon.
If it is lower or equal, the packet is ignored.
LAN ATTT
157
VTPThe Big One
An existing VTP domain is running well Add a new switch Almost all production VLANs get deleted everywhere!
LAN ATTT
158
A Working VTP Domain
VLAN 1
VTP Rev 4
VLAN 2 VLAN 3 VLAN 4
VTP Rev 4
VTP Rev 4
LAN ATTT
159
New Switch with Higher Revision
VTP
VLAN 1
VTP Rev 7 VTP Rev 4
VTP Rev 4
VTP Rev 4
LAN ATTT
160
VLANs GonePorts Inactive!
VTP
VLAN 1
VTP Rev 7 VTP Rev 4 7
VTP Rev 4 7
VTP Rev 4
LAN ATTT
161
VTP
VLAN 1
VTP Rev 4 7
VTP Rev 4
LAN ATTT
162
VTP
VLAN 1
VTP Rev 4 7
VTP Rev 4 7
LAN ATTT
163
VTP
The revision number is incremented each time a VLAN is added or deleted via the set vlan and clear vlan commands Revision must be synched across entire VTP domain VLANs not known to the server of highest revision will be deleted
Note that a vtp client can update a vtp server.
LAN ATTT
164
Monitoring VTP on CatOS

Use show vtp domain early and often
Switch> show vtp domain Domain VTP Domain Name Index Version ----------------- ----mydomain 1 2 Vlan-count ---------15
Local Mode -----server
Password -----------
Max-vlan-storage Config Revision Notifications ---------------- --------------- ------------1023 5 4

PruneEligible on Vlans ------------------------2-1000
Last Updater V2 Mode Pruning -------------- ------- ------172.20.44.30 enabled disabled
LAN ATTT
165
Monitoring VTP packet on CatOS

Sh vtp stat : shows number of each type of VTP packet received with of without errors :
torq (enable) sh vtp stat VTP statistics: summary advts received subset advts received request advts received summary advts transmitted subset advts transmitted request advts transmitted No of config revision errors No of config digest errors 200 52 2 0 0 0 0 1
LAN ATTT
166
Monitoring VTP on IOS switch

Use
sh vtp stat sh vtp counters debug sw-vlan vtp ..
LAN ATTT
167
VTP Pruning
Alternative to manual pruning

Nice way to control unnecessary flooding of packets and conserve bandwidth.
If there are no ports on the switch in a given VLAN, packets will not get flooded across the trunk to that switch.
STP still runs on all pruned VLANs. Manually clearing trunks will remove STP from the trunk.
LAN ATTT
168
VTP Normal Operation Without Pruning (1)
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
169

Switch-2 powered on. No users connected yet.
swit ch 2
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
170

Trunk connected between both switches.
swit ch 2
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
171
swit ch 2 VTP Summary Advertisement sent by switch 1, I have some VLANs.

VLAN 10
swit ch 1
VLAN 10
Configuration Register = 4
LAN ATTT
172
swit ch 2
VLAN 10
swit ch 1
VLAN 10
VTP Advertisement Request sent by switch 2, My configuration register is lower than yours. Please send me your list of VLANs.
LAN ATTT
173
swit ch 2
VLAN 10
swit ch 1
VLAN 10
VTP Subset Advertisement sent by switch 1, I have VLANs 1 and 10. Configuration Register = 4
LAN ATTT
174
swit ch 2
VLAN 10
VLAN 10
2
swit ch 1
Broadcast generated by PC 2
LAN ATTT
175
swit ch 2
VLAN 10
VLAN 10
2
swit ch 1
Broadcast is forwarded through all ports in VLAN 10 including all VLAN trunks
Inefficient utilization of trunk bandwidththeres nobody on switch 2 who cares about the broadcast so why send it to switch 2?
LAN ATTT
176
VTP Operation with VTP Pruning Enabled (1)
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
177

Switch-2 powered on. No users connected yet.
swit ch 2
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
178

Trunk connected between both switches.
swit ch 2
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
179
swit ch 2
VTP Summary Advertisement sent by switch 1, I have some VLANs Configuration Register = 4
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
180
swit ch 2
VLAN 10
swit ch 1
VLAN 10
VTP Advertisement Request sent by switch 2, My configuration register is lower than yours. Please send me your list of VLANs
LAN ATTT
181
swit ch 2
VLAN 10
swit ch 1
VLAN 10
VTP Subset Advertisement sent by switch 1, I have VLANs 1 and 10 Configuration Register = 4
LAN ATTT
182

HmmmI dont have any access ports in VLAN 10
swit ch 2
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
183
swit ch 2
VTP Join sent by switch 2

VLAN 10
Join contains a list of all known VLANs

swit ch 1
VLAN 10
Each VLAN in a VTP Join message contains a 1-bit flood descriptor If bit for VLAN = 1 then it means flooding is allowed across the trunk. If bit for VLAN = 0 then it means flooding for this VLAN is not allowed across the trunk. Please dont flood any traffic to me on VLAN 10
LAN ATTT
184
swit ch 2
VLAN 10
VLAN 10
2
swit ch 1
Broadcast generated by PC 2
LAN ATTT
185
swit ch 2
VLAN 10
X
swit ch 1
VLAN 10
2
Broadcast is forwarded all ports in VLAN 10but pruned from trunk to switch 2.
LAN ATTT
186

HeyI have some access ports in VLAN 10 now!
VLAN 10
swit ch 2
VLAN 10
VLAN 10
swit ch 1
VLAN 10
LAN ATTT
187
swit ch 2
VTP Join sent by switch 2

VLAN 10
swit ch 1
VLAN 10
Bits for VLAN 1 and VLAN 10 both set to 1 If you need to flood traffic to me on either VLAN 1 or VLAN 10, thats okay.
LAN ATTT
188
VTP Pruning - Configuration

set vtp pruning enable By default, all VLANs are prune eligible. You can override this by using the clear vtp pruneeligible {vlan num} command.
LAN ATTT
189
Quiz!!
Name some of the reasons a company may choose to implement VLANs on their switches.
LAN ATTT
190
Quiz!!
Name some of the reasons a company may choose to implement VLANs on their switches.
To isolate broadcasts into segmented broadcast domains. To implement a basic form of security. To be able to implement common QoS policies based on distinct groupings of people or departments.
LAN ATTT
191
Quiz!!
What kind of networking device is required for interVLAN communications?
LAN ATTT
192
Quiz!!
What kind of networking device is required for interVLAN communications?
A router
LAN ATTT
193
Quiz!!
What is the purpose of a VLAN trunk?
LAN ATTT
194
Quiz!!
What is the purpose of a VLAN trunk?
To extend VLANs across two or more switches and conserve on the quantity of ports needed to do so.
LAN ATTT
195
Quiz!!
How many Ethernet trunking protocols can you currently configure on a Catalyst switchand which one (if any) is an IEEE standard?
LAN ATTT
196
Quiz!!
How many Ethernet trunking protocols can you currently configure on a Catalyst switchand which one (if any) is an IEEE standard?
TwoISL and 802.1Q (802.1Q is an IEEE standard)
LAN ATTT
197
Quiz!!
Can you configure an ISL trunk between a Cisco Catalyst switch and a non-Cisco switch?
LAN ATTT
198
Quiz!!
Can you configure an ISL trunk between a Cisco Catalyst switch and a non-Cisco switch?
NoISL is Cisco-proprietary.
LAN ATTT
199
Quiz!!
Explain the concept of a Native VLAN as it applies to VLAN trunks.
LAN ATTT
200
Quiz!!
Explain the concept of a Native VLAN as it applies to VLAN trunks.
A Native VLAN:
Is the default VLAN for that port. In other words, the VLAN that port would revert back to if trunking failed.
Is non tag in default implementation of dot1q trunking by cisco.. However latest soft allows on each switch to configure the tagging of native vlan.
LAN ATTT
201
Quiz!!
If switches do not pay attention to Layer 3 (IP addresses) and you cant place an IP address on a switchport how can you telnet to a switch running CaTos?
See next slide for the answer
LAN ATTT
202
The SC0 Interface

You cannot place an IP address on a switchport / physical interface. You need to place an IP address SOMEWHERE on the switch so you can telnet to it (and ping it). The SC0 interface is:
A logical interfacedoesnt have a physical port assigned.
In VLAN 1 by defaultbut can be moved to any VLAN.

So, you can assign an IP address and subnet mask to it. If youre familiar with routers, think of the SC0 interface as equivalent to a Loopback Interface on a router.
LAN ATTT
203
The SC0 Interface CatOS Configuration

Assigning an IP Address:
Console> (enable) set interface sc0 10.1.1.1 255.255.0.0 Interface sc0 IP address and netmask set. Console> (enable)
Changing the VLAN:

Console> (enable) set interface sc0 5 Interface sc0 vlan set. Console> (enable)
Places the SC0 into VLAN 5
10.1.0.1 /16
B
Console> (enable) show port Port Name Status Vlan Level Duplex Speed Type ----- ------------------ ---------- ---------- ------ ------ ----- -----------2/1 notconnect 1 normal full 1000 1000BaseSX 2/2 notconnect 1 normal full 1000 1000BaseSX 2/3 connected 1 normal a-full a-100 10/100BaseTX 2/4 connected 5 normal a-full a-100 10/100BaseTX 2/5 connected 10 normal a-full a-100 10/100BaseTX
2/4
A
10.0.0.1 /8
2/3 2/5
C
10.1.0.2 /16
Question Which PC will be able to ping the switch given the above configuration?
LAN ATTT
204
An Important Note
Only switches running CatOS have an SC0 interface. SC0 does NOT exist in switches running IOS. There is no need for it.
LAN ATTT
205
Agenda
Ethernet / Bridging Introduction to Architecture/ Cat6k Overview CatOS / IOS Introduction VLANS / Trunking Some Additional IOS Caveats VTP
Etherchannel
LAN ATTT
206
Why Etherchannel?
Cat 6500-A
Non-Channel
5/6 5/7 5/6 5/7
Cat 6500-B
Under normal configuration, Spanning Tree would block one connection. Blocked Link = Wasted Bandwidth;
Solution
LAN ATTT
207
Etherchannel
The purpose of channeling is to aggregate ports for additional bandwidth utilization.
Etherchannel functions as an access port or trunk port.

Etherchannel is treated as a single port by spanning tree (therefore, all ports in the channel should be in same STP state)
LAN ATTT
208
Etherchannel
Cat 6500-A
5/6 5/7
Channel
5/6 5/7
Cat 6500-B
Since an etherchannel is considered one port for STP, full bandwidth utilization is achieved. Etherchannel is built in redundancy. If one link fails, other links in the etherchannel will pick up the traffic. There is minimal traffic loss after link failure. No STP convergence is required.
LAN ATTT
209
Etherchannel Which link do I use?

How do we determine which packets traverse which links of the etherchannel?
Algorithms are used to determine path (platform specific).

Either MAC address or IP address is used for path determination. All packets take the same path for a given source to destination. This prevents out of order packets.
LAN ATTT
210
Etherchannel - Configuration
FEC/GEC bundling modes (Cat OS)
ON: Can form a channel only with a partner also in ON mode. PAgP packets are not sent. AUTO: Can form a channel only with a partner in DESIRABLE mode. AUTO does not initiate negotiation. DESIRABLE: (recommended) Can form a channel with a partner in either AUTO or DESIRABLE modes. OFF: Can not form a channel with any port.
LAN ATTT
211
Etherchannel - Configuration
IOS configuration note: 2900/3500XL
EtherChannel has to be created manually because Catalyst 2900XL/3500XL switches do not support Port Aggregation Protocol.
If the Etherchannel is connected to a CAT OS switch, the Cat OS switch must be in the ON mode.
LAN ATTT
212
Etherchannel Configuration (CAT OS)

Syntax:
Console> (enable) set port channel ? Usage: set port channel <port_list> [on|off|desirable|auto] (example of port_list: 2/1-4 or 2/1-2 or 2/5,2/6) Console> (enable)
URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/cha nnel.htm
LAN ATTT
213
Etherchannel Configuration (IOS)

Configure and assign the physical ports to a port channel-group
Router (config)# interface range FastEthernet 5/6 9 no ip address switchport switchport access vlan 10 switchport mode access no shut channel-group 2 mode desirable
Layer 2 Port-Channel will dynamically be created:

Router# Show run
Interface Port-Channel 2 no ip address switchport switchport access vlan 10 switchport mode access
**Note: When configuring the individual ports/interfaces, ensure that all configuration matches between all ports BEFORE configuring the channel-group command. Also ensure that all ports are up and functional.
**Note: Once the port-channel interface is createdall subsequent modifications to the Etherchannel should be configured within this interface, NOT the physical interfaces.
LAN ATTT
214
Etherchannel Show Commands

show port channel (Cat OS)
show channel traffic (Cat OS) show agport (CAT OS)
show channel hash ( Cat OS 6500 only)

show etherchannel (RP of Native)
LAN ATTT
215
Etherchannel show port channel

To display port channel status and neighbor information
Switch-A> (enable) show port channel Port Status Channel Channel mode -------------------status ----------channel channel channel channel Neighbor device ---------WS-C5505 WS-C5505 WS-C5505 WS-C5505 Neighbor port -------2/1 2/2 2/3 2/4
2/1 connected on 2/2 connected on 2/3 connected on 2/4 connected on
Native IOS Equivalent = show pagp x counters where x is your port-channel number.
LAN ATTT
216
Etherchannel show channel traffic
To display traffic utilization on EtherChannel ports:

Console> (enable) show channel traffic ChanId Port Rx-Ucst Tx-Ucst Rx-Mcst Tx-Mcst Rx-Bcst Tx-Bcst -----808 808 816 816 ----------------0.00% 0.00% 0.00% 0.00% ------------------------2/16 0.00% 2/17 0.00% 2/31 0.00% 2/32 0.00% 50.00% 75.75% 0.00% 0.00% 50.00% 25.25% 0.00% 0.00% 25.25% 50.50% 0.00% 0.00% 75.75% 50.50% 0.00% 0.00%
LAN ATTT
217
Etherchannel show channel hash

Catalyst 6000s in Hybrid Mode only
To determine which port a packet will traverse

cat6000> (enable) show channel hash Usage: show channel hash <channel_id> <src_ip_addr> [dest_ip_addr] show channel hash <channel_id> <dest_ip_addr> show channel hash <channel_id> <src_mac_addr> [dest_mac_addr] show channel hash <channel_id> <dest_mac_addr> show channel hash <channel_id> <src_port> <dest_port> show channel hash <channel_id> <dest_port> (src_port, dest_port = 0..65535) Console> (enable) show channel hash 808 172.20.32.10 172.20.32.66 Selected channel port:2/17
LAN ATTT
218
Quiz!!
Two switches are connected by an ISL trunk. The trunk is fully functional and has no problems. One switch is configured to be a VTP serverthe other a VTP client. However, the VTP client is not receiving any new VLANs (or deleted VLANs) from the VTP server. Why might this be?
LAN ATTT
219
Quiz!!
Two switches are connected by an ISL trunk. The trunk is fully functional and has no problems. One switch is configured to be a VTP serverthe other a VTP client. However, the VTP client is not receiving any new VLANs (or deleted VLANs) from the VTP server. Why might this be?
The two switches arent in the same VTP domain. VTP passwords have been configured on one switch but not the other. VTP passwords have been configured on both switches but there is a misspelling in one switch.
LAN ATTT
220
Quiz!!
Will VTP announcements pass through a router?
LAN ATTT
221
Quiz!!
Will VTP announcements pass through a router?
No
LAN ATTT
222
Quiz!!
If you need to temporarily modify VLANs on a production switch, but you dont want those modifications spread to other switches via VTP, what should you do?
LAN ATTT
223
Quiz!!
If you need to temporarily modify VLANs on a production switch, but you dont want those modifications spread to other switches via VTP, what should you do?
Configure the switch as VTP transparent while you make your temporary modifications. Then set it back to VTP client.
LAN ATTT
224
Quiz!!
In an Etherchannel consisting of 4 links, what will happen to traffic that was previously directed to the fourth link if that link fails?
LAN ATTT
225
Quiz!!
In an Etherchannel consisting of 4-links, what will happen to traffic that was previously directed to the fourth link if that link fails?
It will be redirected to one of the other functional links in the channel.
LAN ATTT
226
Quiz!!
When configuring individual links to be part of an Etherchannel, the most important thing to remember is that all the links must have ______________ configuration.
LAN ATTT
227
Quiz!!
When configuring individual links to be part of an Etherchannel, the most important thing to remember is that all the links must have ______________ configuration.
Exactly the same
LAN ATTT
228
Quiz!!
On a Catalyst 6000/6500 running Native IOS, by default, when you enable a port it is (routed, access, or trunk) __________?
LAN ATTT
229
Quiz!!
On a Catalyst 6000/6500 running Native IOS, by default, when you enable a port it is __________?
A routed, Layer 3 port
LAN ATTT
230
Quiz!!
On a Catalyst 6000/6500 series switch running Native IOS, what is the first command you would use on an interface (that has never been configured) before you start configuring it as a Layer 2 access port?
LAN ATTT
231
Quiz!!
On a Catalyst 6000/6500 series switch running Native IOS, what is the first command you would use on an interface (that has never been configured) before you start configuring it as a Layer 2 access port?
You must first use the switchport command.
LAN ATTT
232
Quiz!!
If I have the following configuration, will a person connected to interface fastethernet 2/1 be able to communicate with a person connected to interface fastethernet 2/2?
Interface vlan 2 ip address 2.2.2.2 255.0.0.0 no shut interface vlan 3 no shut Interface fastethernet 2/1 switchport switchport access vlan 2 no shut Interface fastethernet 2/2 switchport switchport access vlan 3 no shut
LAN ATTT
233
Quiz!!
If I have the following configuration, will a person connected to interface fastethernet 2/1 be able to communicate with a person connected to interface fastethernet 2/2?
Interface vlan 2 ip address 2.2.2.2 255.0.0.0 no shut interface vlan 3 no shut Interface fastethernet 2/1 switchport switchport access vlan 2 no shut Interface fastethernet 2/2 switchport switchport access vlan 3 no shut
No, they would not be able to communicate because routing is not possible between VLANs 2 and 3 in this configuration.
LAN ATTT
234
Quiz!!
(You can use the slides/handouts for this next question)
1.
2.
On a piece of paper or on your computer, create the configuration for a Catalyst 6000/6500 in Native IOS so that it meets the following criteria: It contains three VLANs (VLANs 50, 60, and 70) VLAN 50 is in the 50.0.0.x /8 subnet. VLAN 60 is in the 60.0.0.x /8 subnet. VLAN 70 is in the 70.0.0.x /8 subnet. User A has the following parameters: Is in VLAN 50; Is connected to interface fastethernet 3/1 (as an Access Port); and Can talk to other users in both VLANs 60 and 70
LAN ATTT
235
Quiz (Continued)
3.
Interface FastEthernet 3/2 is a trunk with the following parameters: It is using ISL encapsulation It is statically configured to be a trunk. It will send DTP but not negotiate. This Etherchannel should also be an 802.1Q trunk that is statically configured (no negotiation) It should NOT negotiate and NOT send out PAgP frames
4.
Place FastEthernet interfaces 3/3, 3/4, and 3/5 into a Etherchannel.
LAN ATTT
236
Solution (1)
Solution (part-1): Router (config)# vlan database Router (vlan)# vlan 50 Router (vlan)# vlan 60 Router (vlan)# vlan 70 Router (vlan)# exit Router (config)# interface vlan 50 Router (config-if)# ip address 50.0.0.1 255.0.0.0 Router (config-if)# no shut Router (config-if)# interface vlan 60 Router (config-if)# ip address 60.0.0.1 255.0.0.0 Router (config-if)# no shut Router (config-if)# interface vlan 70 Router (config-if)# ip address 70.0.0.1 255.0.0.0 Router (config-if)# no shut
LAN ATTT
237
Solution (2)
Solution (part-2): Router (config-if)# interface fastethernet 3/1 Router (config-if)#switchport Router (config-if)#switchport mode access Router (config-if)#switchport access vlan 50 Router (config-if)#no shut
LAN ATTT
238
Solution (3)

Solution (part-3): Router (config-if)#interface fastethernet 3/2 Router (config-if)#switchport Router (config-if)#switchport trunk encapsulation isl Router (config-if)# switchport mode trunk
Solution (part-4): Router (config-if)#interface range fastethernet 3/3 5 Router (config-if)#switchport
Router (config-if)#switchport trunk encapsulation dot1q Router (config-if)# switchport mode trunk Router (config-if)# channel-group 1 mode on
LAN ATTT
239
Agenda
Ethernet /Autonegotiation / Bridging Introduction to Architecture/ Cat6k Overview CatOS / IOS Introduction VLANS / Trunking Some Additional IOS Caveats VTP Etherchannel SPAN RSPAN
LAN ATTT
240
SPAN
: Switch Port ANalyser
The goal of span is to mirror traffic Rx or Tx (or both) on one or more port to a monitoring port for analysis :
Either to a sniffer
Either to an IDS
LAN ATTT
241
SPAN terminology
Ingress traffic: traffic entering the switch Egress traffic: traffic leaving the switch
Source (SPAN) Port: port that is monitored using the SPAN feature.
Destination (SPAN) Port: a port that is monitoring source ports, usually where a network analyser is connected.
LAN ATTT
242
SPAN terminology
PSPAN: stands for port-based SPAN. The user specifies one or several source ports on the switch and one destination port.
VSPAN: stands for VLAN-based SPAN. On a given switch, the user can choose to monitor all the ports belonging to a particular VLAN in a single command.
LAN ATTT
243
RSPAN : Remote SPAN

Some source ports are not located on the same switch as the destination port. This is an advanced feature that requires a special VLAN to carry the traffic being monitored by SPAN between switches
LAN ATTT
244
RSPAN example
LAN ATTT
245
SPAN session
We call a SPAN session a set :
One or more SPAN source port/VLAN One SPAN destination port Session Number
Some Catalyst do support more than one SPAN session
LAN ATTT
246
SPAN destination port

One and only one SPAN destination port per session A SPAN destination cannot be as well span source A SPAN destination port cannot be part of a port channel
A SPAN destination port do not participate in STP
LAN ATTT
247
SPAN source
A source SPAN port can be spanned in egress/ingress or both. If a VLAN is specified as source SPAN that means all port of the vlan are considered as span source. The same port can be source span port for several session
LAN ATTT
248
Ingress source SPAN port

Ingress source SPAN port : We only SPAN the traffic received on that port Ex : Set span 3/1 3/2 rx Traffic From A to B is sent (copied) to the sniffer Traffic from B to A is NOT Sent to the sniffer
PC B 3/3 Span Dest 3/2 Ingress 3/1 SPAN sniffer
PC A
LAN ATTT
249
Egress source SPAN port

Egress source SPAN port : We only SPAN the traffic transmitted by that switch port Ex : Set span 3/1 3/2 tx Traffic From A to B is sent (copied) to the sniffer Traffic from B to A is NOT Sent to the sniffer
PC B 3/3 Span Dest 3/2 Egress SPAN 3/1 sniffer
PC A
LAN ATTT
250
Operational <> Admin source SPAN

Admin source port : all port configured as source in span session.
Ex : port 1/1 and vlan 2
Operational Source port : Physical port actually spanned

Ex : port 1/1 + list of all port active in vlan 2 !!!
LAN ATTT
251
VSPAN source
VLAN can be spanned in egress, ingress or both direction. Trunk are included in oper list of source for all VLAN that are in admin source list.
LAN ATTT
252
Trunk VLAN filtering

We can span a trunk port for only some of the vlan active on the trunk (not all)
LAN ATTT
253
Inpkts disable
By default a span destination port cannot receive packet from the sniffer/IDS If inpkts option is enable we do allow span destination port to receive traffic But it still do not participate to STP Watch out to STP loop if put in a looped topology !!!
LAN ATTT
254
STP loop with Inpkts enable

Sniffer Spanning two switched to the same sniffer through a hub Safe if inpkts enable not use VERY dangerous if inpkts enable
100BaseT Hub
Span dest
Span dest
Intranet -- Internet
LAN ATTT 255
SPANning port of different speed

It is perfectly OK to span in the same session 10M/100M and or Gig port It is perfectly OK to SPAN a gigabit port to a 100M port
Traffic in excess will be dropped in output of the span destination
LAN ATTT
256
Duplicate traffic when spanning ?

Span port A and B We end up with duplicate packet on the sniffer PC B
Ingress SPAN of B Copy sent to Sniffer
Span
Dest
Egress SPAN
Egress SPANsniffer of A ANOTHER Copy sent to Sniffer
PC A
LAN ATTT
257
Duplicate Traffic on span port

Usually it will show up as exact same packet with delta time on sniffer trace very low (order of microseconds Time needed to go from ingress to egress) Other scenario :
We span a VLAN in both direction A packet INTRA VLAN will be seen twice : Packet is captured when entering the vlan in the ingress port AND when leaving the vlan in the egress port.
LAN ATTT
258
Duplicate Routed traffic

Packet Goes from vlan 2 to vlan 3 We might still end up in packet sent twice :
First in the ingress VLAN Second in the egress vlan after routing !!!
Watch out to the IP id field for example to distinguish packet
LAN ATTT
259
Spanning a Trunk and Seeing the VLAN id

When spanning a trunk we lose the ISL/dot1q header in the span session Work-around : the span destination can be configured as Trunk (no negotiation or on mode for DTP)
Supported in CatOS Native IOS on 6k in 12.1(13)E Supported as well on 2950/3550 Not supported on XL switches
a New dot1q/ISL header will be added by the span destination port
LAN ATTT
260
Spanning a Trunk and Seeing the VLAN id : Caveat

It will be a new ISL/dot1q tag NOT the original one, but VLAN id should be correct ISL is preferred as it seems some sniffer (PC) do strip dot1q tag before reaching the sniffing application Watch out to the MTU (especially with ISL)
1500 bytes IP packet will make 1548 bytes ISL packet Dropped by most of the PC
LAN ATTT
261
Viewing CRC/Errors on sniffer

Very difficult to detect because :
With SPAN, they are usually drop by the switch and not spanned Even if capture, most of the NIC card will drop them and not send them to sniffer !!
Conclusion : Packet not seen on sniffer do not necessarily mean packet lost. Might be packet corrupted.
LAN ATTT
262
SPANNING blocked port

When spanning Tx traffic through blocked port, sniffer might show broadcast/multicast/unknown unicast
Packet are not really transmitted through the blocked port.
LAN ATTT
263
RSPAN support
RSPAN is currently supported in the following platform :
6k hybrid and native
4k sup1/sup2
2950 3550
LAN ATTT
264
RSPAN
RSPAN do have all the feature of SPAN except that the Span Source and Span destination can be located on different switches
This is done through the use of a specific RSPAN VLAN
LAN ATTT
265
RSPAN topology
LAN ATTT
266
RSPAN Terminology
RSPAN Source are the port that will be mirrored to the RSPAN vlan Packet from source RSPAN port are flooded to the RSPAN VLAN RSPAN Destination are the port that will receive the RSPANned traffic. RSPAN destination are part of the RSPAN Vlan
Intermediate switch should support RSPAN VLAN and RSPAN VLAN needs to be defined on each intermediate switch
We need one unique RSPAN VLAN per RSPAN session (the RSPAN vlan is the only identifier of the RSPAN session the RSPAN session number is a local parameter)
LAN ATTT
267
RSPAN session limitation

Cat6500 :
Max one RSPAN source per switch (Rx, TX or Both) A RSPAN source session cannot coexist with a Local SPAN in egress (or both direction) A RSPAN source session can only coexist with one Ingress local SPAN. Max 24 RSPAN destination per switch (64 in native ios)
LAN ATTT
268
RSPAN VLAN properties and implications
The RSPAN VLAN has some special properties
Learning is disable on RSPAN vlan

RSPAN VLAN should not have any access port in it, access port in the RSPAN VLAN gets disabled. RSPAN do not support BPDU monitoring The RSPAN VLAN needs to be configured on all intermediate switch as RSPAN VLAN STP, VTP and VTP pruning are supported in the RSPAN VLAN. Any ethernet VLAN can be configured as RSPAN VLAN. You can as well configure a output RACL on the RSPAN vlan in the source switch to filter the traffic to be sent to the RSPAN destination. Each link carrying the RSPAN vlan probably needs to be a trunk.
LAN ATTT
269
Config CatOS
Defining RSPAN VLAN
Console> (enable) set vlan 500 rspan vlan 500 configuration successful
Defining RSPAN source port

set rspan source {mod/ports... | vlans... | sc0} {rspan_vlan} [rx | tx | both] [multicast {enable | disable}] [filter vlans...] [create]
Defining RSPAN Destination

set rspan destination {mod/port} {rspan_vlan} [inpkts {enable | disable}] [learning {enable | disable}] [create]
LAN ATTT
270
Config IOS
Router(config)# vlan x Router (config-vlan)# remote-span Router(config)# monitor session session_number source {{single_interface | interface_list | interface_range | mixed_interface_list | single_vlan | vlan_list | vlan_range | mixed_vlan_list} [rx | tx | both]} | {remote vlan rspan_vlan_ID}} Router(config)# monitor session session_number destination {single_interface | interface_list | interface_range | mixed_interface_list} | {remote vlan rspan_vlan_ID}}
LAN ATTT
271
LAN ATTT
2004 Cisco Systems, Inc. All rights reserved. 2002, Cisco Systems, Inc. All rights reserved.
272

Cisco Switching Basics.

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cisco Switching Basics.

Hochgeladen von

Copyright:

Verfügbare Formate

Bootcamp : GTP Lan-sw fundamentals

2004 Cisco Systems, Inc. All rights reserved.

802.3 Ethernet- CSMA/CD

Wait according to backoff strategy (6)

Sense Channel Channel busy (1)

Transmit data and sense channel (4)

Transmit Jam Signal (5)

2004 Cisco Systems, Inc. All rights reserved.

Half versus Full Duplex

Full Duplex (standardized in 802.3x)

No collision detection, backoff, retry, etc

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

See for more info :

2004 Cisco Systems, Inc. All rights reserved.

Case 1 : Both partner are capable of doing auto-negotiation

2004 Cisco Systems, Inc. All rights reserved.

Exchanging capabilities : The LCW

2004 Cisco Systems, Inc. All rights reserved.

Exchanging capabilities : The LCW (cont.)

2004 Cisco Systems, Inc. All rights reserved.

Exchanging capabilities : The LCW (cont.)

This one advertise all 4 capabilities :

2004 Cisco Systems, Inc. All rights reserved.

Choosing speed and duplex

2004 Cisco Systems, Inc. All rights reserved.

Using the remote fault bit

Case 2: one of the partner do not do autonegotiation

2004 Cisco Systems, Inc. All rights reserved.

Or refuse to establish a link.

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

Detecting a duplex mismatch

2004 Cisco Systems, Inc. All rights reserved.

Summary : 10/100 auto negotiation

2004 Cisco Systems, Inc. All rights reserved.

Remote fault on 100baseFX

2004 Cisco Systems, Inc. All rights reserved.

Gigabit flow control

2004 Cisco Systems, Inc. All rights reserved.

Remote fault detection

Do not include speed negotiation.

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

Gigabit negotiation issue

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

Ethernet Frame Types (1)

Ethernet Version II (DIX)

Ethernet Frame Types (2)

Ethernet Version II (DIX)

FF-FF Length all 1s (2 byte)

802.3Raw Novell_ Ethernet_802.3 (Novell Raw) Ether (802.3raw)

One year later

2004 Cisco Systems, Inc. All rights reserved.

Ethernet Frame Types (3)

Ethernet Version II (DIX)

FF-FF Length all 1s (2 byte)

802.3Raw Novell_ Ethernet_802.3 (Novell Raw) Ether (802.3raw)

DSAP SSAP Control (1) (1) (1)

802.3 w/ 802.2 LLC Header

Two years after that