Ch. 8 Switching Features and Technologies For Campus Networks

Ch.
8 Switching Features and

Technologies for Campus Networks
CIS 187 Multilayer Switched Networks

CCNP version 7
Rick Graziani
Spring 2016
Chapter 8 Switching Features and
Technologies for the Campus Network
 Discovery Protocols 352
 Introduction to LLDP 352
 Basic Configuration of LLDP 353
 Discovering Neighbors Using LLDP 355
 Unidirectional Link Detection 357

 UDLD Mechanisms and Specifics 358
 UDLD Configuration 358
 Leveraging UDLD and STP Loop Guard Together 360
 Power over Ethernet 360

 PoE Components 362
 PoE Standards 362
 PoE Negotiation 362
 Configuring and Verifying PoE 363 2
 SDM Templates 364
 SDM Template Types 365
 Choosing the Right SDM Template 367
 System Resource Configuration on Other Platforms 367
 Monitoring Features 368

 SPAN and RSPAN Overview 368
 SPAN Configuration 371
 RSPAN Configuration 372
3
 IP SLA 374
 Introduction to IP SLA 375
 IP SLA Source and Responder 377
 IP SLA Configuration 377
 IP SLA Operation with Responder 379
 IP SLA Time Stamps 381
 Configuring Authentication for IP SLA 382
 IP SLA Example for UDP Jitter 383
4
Discovery Protocols
 Discovery Protocols 352

– Introduction to LLDP 352
– Basic Configuration of LLDP 353
– Discovering Neighbors Using LLDP 355
 Unidirectional Link Detection 357

– UDLD Mechanisms and Specifics 358
– UDLD Configuration 358
– Leveraging UDLD and STP Loop Guard Together 360
 Power over Ethernet 360

– PoE Components 362
– PoE Standards 362
– PoE Negotiation 362
– Configuring and Verifying PoE 363
Cisco Discovery Protocol (CDP)
 CDP is the original link layer (Layer 2) information-gathering /
troubleshooting tool for directly connected Cisco neighbors.
 CDP is a Cisco proprietary tool.
 CDP advertisements sent to directly connected Cisco device which

contain information such as:
 The device type
 The interfaces they are connected to
 The model number of the device.
 CDP is enabled by default but can be disabled/enabled:

 Globally:[no] cdp run global configuration command
 Interface: [no] cdp enable interface configuration
command
show cdp neighbors Command
S1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Fas 0/4 161 S I WS-C2960- Fas 0/4
R1 Fas 0/5 179 R B S I CISCO1941 Gig 0/1
S1#
show cdp entry Command
S1# show cdp entry R1
-------------------------
Device ID: R1
Entry address(es):
IP address: 192.168.10.1
Platform: Cisco CISCO1941/K9, Capabilities: Router Source-Route-Bridge Switch
IGMP
Interface: FastEthernet0/5, Port ID (outgoing port): GigabitEthernet0/1
Holdtime : 151 sec
Version :
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 06-Feb-15 17:01 by prod_rel_team
advertisement version: 2
Duplex: full
Power Available TLV:
Power request id: 0, Power management id: 0, Power available: 0, Power

management level: 0
Management address(es):
IP address: 192.168.10.1
S1#
show cdp neighbors Command
R1# sho cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID

S1 Gig 0/1 134 S I WS-C2960- Fas 0/5
Total cdp entries displayed : 1

R1#
show cdp neighbors detail Command
R1# sho cdp neighbors detail
-------------------------
Device ID: S1
Entry address(es):
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5
Holdtime : 151 sec
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7,
RELEASE SOFTWARE (fc1)
Compiled Thu 23-Oct-14 14:49 by prod_rel_team
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF0000000000000CD996E23D00FF0000
VTP Management Domain: ''
Native VLAN: 1
Duplex: full
Total cdp entries displayed : 1

R1#
Link Layer Discovery Protocol (LLDP)
 For interoperability between different vendors the IEEE introduced
802.1AB - Link Layer Discovery Protocol (LLDP).
 All current Cisco device models support LLDP.
 Enabled by default on some platforms.
 However, it is not as lightweight as CDP.
 Implementation properties of LLDP:

 LLDP is unidirectional link-local protocol.
 LLDP operates only in an advertising mode which means LLDP
does not solicit for information or monitor state changes between
LLDP nodes.
 LLDP captures all information received about its neighbors.
Link Layer Discovery Protocol (LLDP)
 The specification defines mandatory and optional TLVs (device
information):
 System name and description
 Port name and description
 Port VLAN and VLAN name
 Management IP address
 System Capabilities (Wi-Fi, routing, switching, and so on)
 Power over Ethernet
 Link aggregation
Configuring LLDP
 LLDP can be disabled/enabled:
 Globally:[no] lldp run global configuration command
 Interface: [no] lldp receive interface configuration
command
[no] lldp transmit interface configuration command
Enabling LLDP on a Switch
S1# show lldp
% LLDP is not enabled
S1#
S1# conf t
Enter configuration commands, one per line. End with
CNTL/Z.
S1(config)# lldp run
S1(config)# exit
S1#
S1# show lldp
Global LLDP Information:

Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
S1#
R1# show lldp
% LLDP is not enabled Enabling LLDP on a Router
R1#
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# lldp run
R1(config)# exit
R1#
R1# show lldp
Global LLDP Information:

Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
R1#
R1# show lldp ?
entry Information for specific neighbor entry
errors LLDP computational errors and overflows
interface LLDP interface status and configuration
neighbors LLDP neighbor entries
traffic LLDP statistics
| Output modifiers
<cr>
Verifying LLDP on a Router
R1# show lldp traffic
LLDP traffic statistics:

Total frames out: 56
Total entries aged: 0
Total frames in: 28
Total frames received in error: 0
Total frames discarded: 0
Total TLVs discarded: 0
Total TLVs unrecognized: 0
R1#
R1# show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID

S1 Gi0/1 120 B Fa0/5
Total entries displayed: 1
R1#
R1# show lldp neighbors detail
Verifying LLDP on
------------------------------------------------
Local Intf: Gi0/1
Chassis id: 0cd9.96e2.3d00 a Router
Port id: Fa0/5
Port Description: FastEthernet0/5
System Name: S1
System Description:
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version
15.0(2)SE7, RELEASE SOFTWARE (fc1)
Compiled Thu 23-Oct-14 14:49 by prod_rel_team
Time remaining: 106 seconds

System Capabilities: B
Enabled Capabilities: B
Management Addresses - not advertised
Auto Negotiation - supported, enabled
Physical media capabilities:
100base-TX(FD)
100base-TX(HD)
10base-T(FD)
10base-T(HD)
Media Attachment Unit type: 16
Vlan ID: 1
Configuring LLDP Interface Specifics
S1# show running-config interface fa0/6
Building configuration...
Current configuration : 33 bytes

!
interface FastEthernet0/6
end
S1#
S1# conf t
S1(config)# interface fa0/6
S1(config-if)# no lldp transmit
S1(config-if)# lldp receive
S1(config-if)#
S1(config-if)# do show running-config interface fa0/6
Current configuration : 51 bytes

!
interface FastEthernet0/6
no lldp transmit
end
S1(config-if)#
Unidirectional Link Detection



Preventing Forwarding Loops
 Prevention of forwarding loops and black holes in a network is a
required aspect of network design.
 Black holes are created when a device receives frames but has
no forwarding information for that packet.
 It essentially drops all such packets.
 Cisco Catalyst switches support two important features to address

such conditions:
 Loop Guard: Loop Guard prevents bridging loops.
 UDLD: UDLD detects and disables unidirectional links.
Loopguard
Loop! X BPDU
No BPDU’s Received
No Loopguard Configured
Change to Forwarding State
 Loopguard also protects against ports erroneously transitioning to

forwarding mode.
 Loopguard will also protect against STP failures, designated switch not
sending BPDUs due to software problems.
Rick Graziani
graziani@cabrillo.edu
22
Loop Guard
 In STP, switches rely on continuous reception or transmission of
BPDUs, depending on the port role.
 A designated port transmits BPDUs whereas a nondesignated
port receives BPDUs.
 Bridging loops occur when a port erroneously transitions to

forwarding state because it has stopped receiving BPDUs.
 Ports with loop guard enabled do an additional check before

transitioning to forwarding state.
 If a nondesignated port stops receiving BPDUs, the switch
places the port into the STP loop-inconsistent blocking state.
 If a switch receives a BPDU on a port in the loop-inconsistent
STP state, the port transitions through STP states according to
the received BPDU.
 As a result, recovery is automatic, and no manual
intervention is necessary.
24
Configuring Loop Guard
 Loop guard can be enabled:
 Per Port: Use the spanning-tree guard loop interface
configuration command.
 Globally: Use the spanning-tree loopguard default
global config command.
 This enables Loop guard on all point-to-point links.
Unidirectional Link Detection Protocol (ULDP)
Designated Port
BPDU
Blocked Port
BPDU Received only,
none sent
 Spanning-Tree Protocol (STP) resolves redundant physical topology

into a loop-free, tree-like forwarding topology.
 This is done by blocking one or more ports.
Rick Graziani
26
ULDP
BPDU BPDU
BPDU Loop! BPDU
BPDU
BPDU No BPDU’s Received
Change to Forwarding State
 STP uses Bridge Protocol Data Units (BPDUs).
 If a switch’s port in blocking port stops receiving BPDUs:
 STP eventually ages out the STP information for the port (up to 50 secs)
 Moves port to forwarding state.
 This creates a forwarding loop or STP loop.
 How is it possible for the switch to stop receiving BPDUs while the port is up?
 The reason is unidirectional link. Rick Graziani
27
Unidirectional Link Problem
 A unidirectional link occurs when traffic is transmitted between neighbors in one
direction only.
 Unidirectional links can cause spanning-tree topology loops.
S2
S2 S3
The
At link between
this moment, S2 both
and S3S2becomesS3 unidirectional
S3 waits until the max-age timerand are expires
(20 seconds) forwarding
before to each
it takes other
action. and
•S2
S2iscan
thereceive
designated bridge
traffic from S3 sending the root BPDUs
•there
When this timerblocking
is no expires, S3 moves in
through
the the listening and learning and then forwarding states.
• S3 cannot receive traffic fromport
S2 network!
UDLD is a feature that
is not specific to STP
Unidirectional Link Detection (UDLD) but is used with STP to
enhance it.
 Unidirectional Link Detection (UDLD) enables devices to detect
when a unidirectional link exists and shuts down the affected
interface.
 Useful on fiber ports to prevent network issues related to
miswiring at the patch panel, causing the link to be in up/up
status but with BPDUs being lost.
• A port configured with • If there is no response,
UDLD sends UDLD (i.e., no echo reply) then
frames about every 15 S1 that signals a
seconds expecting a unidirectional link.
UDLD Echo reply.
S2 S3
UDLD Reply
Two UDLD Modes
 Normal Mode:
 When a unidirectional link is detected, the switch takes no
action and the port is allowed to continue its operation.
 UDLD port status transitions to an undetermined state and
generates a syslog message.
To reset interfaces shut down by UDLD, use either:

• udld reset privileged EXEC command
• Shut down the interface and then bringing it back up (i.e., shut, then no shut).
 Aggressive Mode: (Preferred)

 When a unidirectional link is detected the switch tries to
reestablish the link.
 It sends one message a second, for 8 seconds.
 If none of these messages are sent back, the port is placed in
error-disabled state.
Enable UDLD Globally
 UDLD is disabled on all interfaces by default.
 UDLD can be enabled / disabled globally:

 For normal mode: [no] udld enable global configuration
command
 For aggressive mode: [no] udld aggressive global
configuration command
S1(config)# udld ?
aggressive Enable UDLD protocol in aggressive mode on fiber ports
except
where locally configured
enable Enable UDLD protocol on fiber ports except where locally
configured
message Set UDLD message parameters
S1(config)# udld aggressive

S1(config)#
S1(config)# int fa0/1
S1(config-if)# udld ? UDLD must be enabled on
port Enable UDLD protocol on this interface interconnecting interfaces.
S1(config-if)# udld port ?

aggressive Enable UDLD protocol in aggressive mode on this interface
<cr>
S1(config-if)# udld port aggressive
S1(config-if)# end
S1#
*Mar 1 01:50:32.670: %SYS-5-CONFIG_I: Configured from console by
console
S1#
S1# show udld neighbors
Port Device Name Device ID Port ID Neighbor State
---- ----------- --------- ------- --------------
S1#
UDLD is now enable on S2
---- ----------- --------- ------- --------------
Fa0/1 FCQ1628Y5LK 1 Fa0/1 Unknown
S1#
---- ----------- --------- ------- --------------
Fa0/1 FCQ1628Y5LK 1 Fa0/1 Bidirectional
S1#
The port eventually transitions to a bidirectional state
S1# show udld fa0/1
Interface Fa0/1 Verify UDLD

---
Port enable administrative configuration setting: Enabled / in
aggressive mode
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 15000
Time out interval: 5000
Entry 1
---
Expiration time: 31300
Device ID: 1
Current neighbor state: Bidirectional
Device name: FCQ1628Y5LK
Port ID: Fa0/1
Neighbor echo 1 device: FCQ1628Y5LE
Neighbor echo 1 port: Fa0/1
Message interval: 15
Time out interval: 5
CDP Device name: S2
S1#
Power Over Ethernet



Supplying Power to Network Peripherals
PoE switches allow for centralized methods of

backup power.
PoE leverages the data cabling infrastructure, and no additional power

cable is required as with the case with power adapters or injectors.
Power over Ethernet (PoE)
 PoE, also referred to as inline power, supplies power through the same
cable as data.
 This technology reduces the need for power when wired connectivity is
needed.
 PoE terminology includes:

 Power-sourcing devices (PSE): Includes Cisco Catalyst switches and
power injectors.
 Powered devices: Includes access points, IP phones, IP cameras,
thin clients, sensors, wall clocks, remote switches, and so on.
 Ethernet cabling
PoE Negotiation
IEEE Power
Minimum Power Output Notes
Class
0 15.4 Watts • Default class
1 4 Watts • Optional class
2 7 Watts • Optional class
3 15.4 Watts • Optional class
• Valid for 802.3at (thin client) devices
4 51 Watts
only
 Cisco PoE switches only provide to a port if it specifically detects the need
by the end device preventing the wasting of unnecessary power and so on.
 With 802.3af and 802.3at, the switch detects if there’s a powered device
connected by supplying a small voltage across the Ethernet cable and
then measures the resistance.
 The powered device can provide the switch with a power class information
and the PoE switch allocates the powered device with the appropriate
maximum power.
 IEEE 802.3at power classes are numbered from 0 to 4.
Enabling PoE
 To enable PoE and autodetection at the port level, use the power
inline auto command.
 The amount of power that is supplied will be automatically detected.
 A non-PoE device can still be connected to a PoE port.
 PoE is disabled with the power inline never command.

 Shutting down the port also stops the power supply.
 A PoE switch is limited by a switch power budget which indicates the

amount of PoE devices it can connect to.
 The power budget is the total amount of power that a switch can
offer to end devices collectively.
 The show power inline command to display the configuration
and statistics about the power that is drawn by connected powered
devices and the capacity of the power supply.
Verify PoE
S1# show power inline
Module Available Used Remaining
(Watts) (Watts) (Watts)
--------- ------------ ---------- ------------
1 420.0 92.4 327.6
Interface Admin Oper Power Device Class Max

(Watts)
----------- ----- ----- ----- ---------------- ------ -----
Gi1/0/1 auto off 0.0 n/a n/a 15.4
Gi1/0/2 auto on 15.4 AIR-LAP1142N-E-K9 3 15.4
Gi1/0/7 never off 0.0 n/a n/a 15.4
https://www.youtube.com/watch?v=31ml_ngJZs4
44
SDM Templates

– SDM Template Types 365
– Choosing the Right SDM Template 367
– System Resource Configuration on Other Platforms 367

– SPAN and RSPAN Overview 368
– SPAN Configuration 371
– RSPAN Configuration 372
SDM Templates
 The Switching Database Manager (SDM) templates available on

some switches (e.g., 2960, 3560, or 3750) can be used to help
manage how Layer 2 and Layer 3 switching information is
maintained in the CAM and ternary content-addressable memory
(TCAM).
 Cisco SDM templates are used for optimal use of system
resources for specific features or feature set combination.
SDM Templates
SDM Templates Description
• Default template that provides for a balanced mix of

Default
unicast routes, connected, and host routes.
• Enable this template if the device is performing IPv4

Routing
routing in the distribution or core of the network.
• Enable this template to maximize system resources for
Access access control lists (ACLs) and accommodate a large
number of ACLs.
• Enable this template to support the maximum number
VLAN
of unicast MAC addresses.
• Enable this template to support IPv4 nd IPv6
capabilities of the device.
Dual IPv4 and IPv6
• When enabling this template, you have to choose
between default, routing, and VLAN.
SDM Templates
 The SDM lanbase-routing template can be enabled to allow routing
between VLANs and to support static routing.
 To verify the current template, use the show sdm prefer
command.
 To enable routing, use the sdm prefer lanbase-routing
global config command and the reload the router.
Enable SDM Template for Routing
S1# show sdm prefer
The current template is "default" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 255 VLANs.
number of unicast mac addresses: 8K

number of IPv4 IGMP groups: 0.25K
number of IPv4/MAC qos aces: 0.125k
number of IPv4/MAC security aces: 0.375k
S1#
S1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)# sdm prefer ?
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
lanbase-routing Supports both IPv4 and IPv6 Static Routing
qos QoS bias
Enable SDM Template for Routing
S1(config)# sdm prefer lanbase-routing
Changes to the running SDM preferences have been stored, but
cannot take effect until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently
active.
Switch(config)# do reload
System configuration has been modified. Save? [yes/no]: yes

[OK]
Proceed with reload? [confirm]
*Mar 20 00:10:24.557: %SYS-5-RELOAD: Reload requested by

console. Reload Reason: Reload command.
Verify SDM Template for Routing
S1# show sdm prefer
The current template is "lanbase-routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 255 VLANs.
number of unicast mac addresses: 4K

number of IPv4 IGMP groups + multicast routes: 0.25K
number of IPv4 unicast routes: 0.75K
number of directly-connected IPv4 hosts: 0.75K
number of indirect IPv4 routes: 16
number of IPv6 multicast groups: 0.375k
number of directly-connected IPv6 addresses: 0.75K
number of indirect IPv6 unicast routes: 16
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.125k
number of IPv4/MAC security aces: 0.375k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0.375k
number of IPv6 security aces: 127
Monitoring Features

– SDM Template Types 365
– Choosing the Right SDM Template 367
– System Resource Configuration on Other Platforms 367

– SPAN and RSPAN Overview 368
– SPAN Configuration 371
– RSPAN Configuration 372
SPAN
 Network traffic passing through ports or VLANs can be analyzed by
using switched port analyzer (SPAN) or remote SPAN (RSPAN).
 SPAN can send a copy of traffic from one port to another port on
the same switch where a network analyzer or monitoring device
is connected.
 RSPAN can send a copy of traffic to a port on a different switch.
 SPAN is commonly deployed when an IPS/IDS is added to a

network.
 IPS devices need to read all packets in one or more VLANs, and
SPAN can be used to get the packets to the IPS devices.
Source (SPAN) port :
SPAN Terminology • A port that is monitored with use of the SPAN feature.
• Can be a Layer 2 or Layer 3 port (including VLAN).
Ingress traffic: Egress traffic:

• Traffic that enters the switch. • Traffic that leaves the switch.
Destination (SPAN) port :

• A port that monitors source
ports, usually where a packet
analyzer or IPS is connected.
SPAN Session:
• The association between source port (or VLAN)
and a destination port (or VLAN).
Configure SPAN
 Configure a SPAN source port.
Switch(config)#
monitor session number source [interface interface-id |
vlan vlan-id]
 Configure a SPAN destination port.

Switch(config)#
monitor session number destination [interface interface-id
| vlan vlan-id]
Configure
SPAN
Example
S1(config)# monitor session 1 source interface fa 0/1

S1(config)# monitor session 1 destination interface fa 0/2
S1(config)# exit
S1#
S1# show monitor
Session 1
---------
Type : Local Session
Source Ports :
Both : Fa0/1
Destination Ports : Fa0/2
Encapsulation : Native
Ingress : Disabled
S1#
Configuring SPAN – Example #2
S1(config)# monitor session 1 source vlan 10 rx

S1(config)# monitor session 1 source vlan 20 tx
S1(config)# monitor session 1 destination interface FastEthernet
0/24
S1(config)# exit
S1#
S1# show monitor session 1
Session 1
-----------
 In this example:
Type : Local Session
 Capture
Source VLANs the received traffic on VLAN
: 10
 Capture
RX Only the transmitted traffic for :VLAN
10 20
TX Only
 Forward the output to interface Fa: 0/24
20
Ingress : Disabled
57
Remote Switched Port Analyzer (RSPAN)
 RSPAN can copy traffic from ports or VLANs on one switch (i.e.,
source switch) to a port on a different switch (i.e., destination
switch).
 A VLAN must be designated as the RSPAN VLAN and not be used

for any other purposes.
Note:
 SPAN and RSPAN vary by switching platforms.
RSPAN - Example
SW1(config)# vlan 100
SW1(config-vlan)# name SPAN-VLAN
SW1(config-vlan)# remote-span
SW1(config-vlan)# monitor session 2 source interface Fa0/7
SW1(config)# monitor session 2 destination remote vlan 100
Note:
• RSPAN VLAN
numbers must match
on both switches.
• Session numbers do
not need to match.
SW2(config)# vlan 100

SW2(config-vlan)# name SPAN-VLAN
SW2(config-vlan)# remote-span
SW2(config-vlan)# monitor session 3 destination interface Fa0/8
SW2(config)# monitor session 3 source remote vlan 100
Verifying RSPAN - Example
SW1# show monitor
Session 2
---------
Type : Remote Source Session
Source Ports :
Both : Fa0/7
Dest RSPAN VLAN : 100
SW2# show monitor

Session 3
---------
Type : Remote Destination Session
Source RSPAN VLAN : 100
Ingress : Disabled
IP SLA
 IP SLA 374
– Introduction to IP SLA 375
– IP SLA Source and Responder 377
– IP SLA Configuration 377
– IP SLA Operation with Responder 379
– IP SLA Time Stamps 381
– Configuring Authentication for IP SLA 382
– IP SLA Example for UDP Jitter 383
IP Service Level
Agreement
(SLA)
 Contract between service provider and customers.

 Specifies connectivity and performance agreements.
 Includes guaranteed level of network availability, network
performance in terms of round-trip time, and network response
in terms of latency, jitter, and packet loss.
Cisco IOS IP SLAs
 Cisco IOS IP Service Level Agreements (SLAs) uses active traffic monitoring for
measuring network performance.
 IP SLAs sends simulated data across the network and measure performance
statistics.
 The IP SLAs feature can provide performance data between:

 Cisco devices
 Cisco device and a host
 IP SLAs are used for:

 Edge-to-edge network availability monitoring
 Network performance monitoring and network performance visibility
 Voice over IP (VoIP), video, and virtual private network (VPN) monitoring
 SLA monitoring
 IP service network health
 MPLS network monitoring
 Troubleshooting of network operation
Cisco IOS IP SLAs
 IP SLA provides feedback on these functions (among others):
 Gather information of VoIP quality.
 Track interfaces to influence behavior of first-hop redundancy
protocols.
 IP SLA uses probes to measure:

 Network latency and response time
 Packet-loss statistics
 Network jitter and voice quality scoring
 End-to-end network connectivity
IP SLA Measurements
 IP SLA enables a router to send synthetic traffic to devices to measure
performance.
 One-way travel times and packet loss are gathered.
IP SLA can
be used for:
IP SLA can
measure:
Supported
protocols:
Generate ICMP traffic to any reaschable IP SLAs Generated traffic to IP SLAs

device measure to network response Source measure the network Responder
IP SLAs
Source
DNS R1 R2
MIB data retrieved via SNMP
Server
R1 R2
IP SLAs Operations
• Those in which the target device is Generated ICMP traffic to measure network
response
not running the IP SLAs responder IP SLAs
Source
component (such as a web server
DNS
or IP host). Server
R1 R2
• Mostly ICMP generated traffic.
 There are two types of IP SLAs operations:

• Those in which the target device Generated traffic to measure the
Cisco router is running the IP IP SLAs network IP SLAs
Source Responder
SLAs responder component.
• Measurement accuracy is
R1 R2
improved when the target is a
responder. MIB data retrieved via SNMP
• Additional statistics can be gathered.

Configuring IP SLA
 To implement IP SLA network performance measurement, perform
the following tasks:
1. Enable the IP SLAs responder, if required.
2. Configure the required IP SLA’s operation type.
3. Configure any options available for the specified operation type.
4. Configure threshold conditions, if required.
5. Schedule the operation to run, and then let the operation run for a
period of time to gather statistics.
6. Display and interpret the results of the operation using the Cisco
IOS CLI or an NMS with SNMP.
Configuring IP SLA – Example
Switch(config)# ip sla 12
Switch(config-ip-sla)# icmp-echo 192.168.139.134
Switch(config-ip-sla-echo)# frequency 30
Switch(config-ip-sla-echo)# exit
Switch(config)# ip sla schedule 5 start-time now life forever
Switch(config)# end
Verifying IP SLA Configuration
 When IP SLA is configured, the test is conducted as per the
scheduled configuration.
 The test might succeed or fail.
 If you do not monitor the test results, it might fail silently.
 Use the show ip sla statistics command to display

information about the test.
S1# show ip sla statistics
Round Trip Time (RTT) for Index 1
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 11:11:22.533 eastern Thu Jul 9 2010
Latest operation return code: Timeout
Over thresholds occurred: FALSE
Number of successes: 177
Number of failures: 6
Operation time to live: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Example: Network
Availability
Router(config)# ip route 0.0.0.0 0.0.0.0 fa0/0
fa0/0
Router(config)# ip route 0.0.0.0 0.0.0.0 fa0/1 5
fa0/1
172.16.1.1
 Customer A is multihoming to two ISPs.

 Customer A is not using BGP with the ISPs; but using static default routes.
 Two default static routes with different administrative distances are
configured
 Link to ISP-1 is the primary link
 Link to ISP-2 is the backup link
 The static default route with the lower administrative distance will be
preferred and injected into the routing table.
 However, if there is a problem within the ISP-1 domain but its interface to
Customer A is still up, all traffic from Customer A will still go to that ISP
76
 The traffic may then get lost within the ISP.
fa0/0
fa0/1
172.16.1.1
 The solution to this issue is the Cisco IOS IP SLAs functionality

 Configure the SLAs to:
 Continuously check the reachability of a specific destination such as:
 Provider edge [PE] router interface
 ISP's DNS server
 Any other specific destination: 10.1.1.1 and 172.16.1.1
 Conditionally announce the default route only if the connectivity is
verified.
77
R1(config)# ip sla 11
R1(config-rtr)# type echo protocol ipIcmpEcho 10.1.1.1 source-interface fa0/0
R1(config-rtr)# frequency 10 Probe
R1(config)# ip sla schedule schedule 11 life forever start-time now
Tracking
R1(config)# track 1 rtr 11 reachability
Object
R1(config)# ip route 0.0.0.0 0.0.0.0 fa0/0 2 track 1 Status of

Tracking Object
172.16.1.1
Defining the Probe
 ip sla: defines probe 11
 type echo: specifies that the ICMP echoes are sent:
 To destination 10.1.1.1 to check connectivity
 With the source interface of FastEthernet0/0
 frequency 10: schedules the connectivity test to repeat every 10 seconds.
 ip sla monitor schedule 11 life forever start-time now: defines the start
time of now and it will continue forever
78
Tracking
R1(config)# track 1 rtr 11 reachability
Object

Tracking Object
172.16.1.1
Defining the Tracking Object
 track 1 rtr 11 reachability: Specifies that:
 Object 1 is tracked (next step)
 Linked to probe 11 (defined in the first step) so that the reachability of
the 10.1.1.1 is tracked.
79
Tracking
R1(config)# track 1 ip sla 11 reachability
Object

Tracking Object
AD=2
172.16.1.1
Defining an action based on the status of the tracking object

 ip route 0.0.0.0 0.0.0.0 fa0/0 2 track 1: Conditionally announces the default
route, out fa0/0, with an administrative distance 2 if the result of tracking
object 1 is true – if the probe is successful.
To summarize: If 10.1.1.1 is reachable, a static default route out Fa0/0 with an

administrative distance of 2, is installed in the routing table.
80
Probe
R1(config-rtr)# frequency 10
R1(config)# ip sla schedule 22 life forever start-time now
Tracking
Object

Tracking Object
Defining the Probe 172.16.1.1
 ip sla: defines probe 22

 type echo: specifies that the ICMP echoes are sent:
 To destination 172.16.1.1 to check connectivity,
 With the source interface of FastEthernet0/1
 frequency 10: schedules the connectivity test to repeat every 10 seconds.
 ip sla monitor schedule 22 life forever start-time now: defines the start
time of now and it will continue forever
81
R1(config)# ip sla monitor 22
Probe
R1(config)# ip sla monitor schedule 22 life forever start-time now
Tracking
Object

Tracking Object
Defining the Tracking Object 172.16.1.1
 track 1 rtr 22 reachability: Specifies that:

 Object 2 is tracked (next step)
 Linked to probe 22 (defined in the first step) so that the reachability of
the 172.16.1.1 is tracked.
82
Probe
Tracking
Object

Tracking Object
AD=2
AD=3
172.16.1.1
Defining an action based on the status of the tracking object

 ip route 0.0.0.0 0.0.0.0 fa 0/1 3 track 2: Conditionally announces the
default route, exit fa0/1, with an administrative distance 3 if the result of
tracking object 1 is true – if the probe is successful.
To summarize: If 172.16.1.1 is reachable, a static default route exit fa0/1 with

an administrative distance of 3 is “offered” to the routing table.
 Because this default route has a higher AD of 3, if the path via R2 is 83
available, this path will be the backup path.
Tracking
Object

Tracking Object
Probe
Tracking
Object

Tracking Object
If 10.1.1.1 is reachable, a static default

route via R2 with an administrative
distance of 2, is installed in the routing
table AD=2
AD=3
If 172.16.1.1 is reachable, a static default
route via R3 with an administrative
172.16.1.1
distance of 3 is “available” to the routing
table as a backup path. 84
Lab 8-1

Ch. 8 Switching Features and Technologies For Campus Networks

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ch. 8 Switching Features and Technologies For Campus Networks

Hochgeladen von

Copyright:

Verfügbare Formate

Ch.

8 Switching Features and

CIS 187 Multilayer Switched Networks

 Unidirectional Link Detection 357

 Power over Ethernet 360

 Monitoring Features 368

 Discovery Protocols 352

 Unidirectional Link Detection 357

 Power over Ethernet 360

 CDP advertisements sent to directly connected Cisco device which

 CDP is enabled by default but can be disabled/enabled:

Device ID Local Intrfce Holdtme Capability Platform Port ID

Power request id: 0, Power management id: 0, Power available: 0, Power

Device ID Local Intrfce Holdtme Capability Platform Port ID

Total cdp entries displayed : 1

Total cdp entries displayed : 1

 Implementation properties of LLDP:

Global LLDP Information:

Global LLDP Information:

LLDP traffic statistics:

Device ID Local Intf Hold-time Capability Port ID

Total entries displayed: 1

Time remaining: 106 seconds

Current configuration : 33 bytes

Current configuration : 51 bytes

 Discovery Protocols 352

 Unidirectional Link Detection 357

 Power over Ethernet 360

 Cisco Catalyst switches support two important features to address

 Loopguard also protects against ports erroneously transitioning to

 Bridging loops occur when a port erroneously transitions to

 Ports with loop guard enabled do an additional check before

 Spanning-Tree Protocol (STP) resolves redundant physical topology

BPDU Loop! BPDU

To reset interfaces shut down by UDLD, use either:

 Aggressive Mode: (Preferred)

 UDLD can be enabled / disabled globally:

S1(config)# udld aggressive

S1(config-if)# udld port ?

Interface Fa0/1 Verify UDLD

 Discovery Protocols 352

 Unidirectional Link Detection 357

 Power over Ethernet 360

PoE switches allow for centralized methods of

PoE leverages the data cabling infrastructure, and no additional power

 PoE terminology includes:

 PoE is disabled with the power inline never command.

 A PoE switch is limited by a switch power budget which indicates the

Interface Admin Oper Power Device Class Max

 SDM Templates 364

 Monitoring Features 368

 The Switching Database Manager (SDM) templates available on

SDM Templates Description

• Default template that provides for a balanced mix of

• Enable this template if the device is performing IPv4

number of unicast mac addresses: 8K

System configuration has been modified. Save? [yes/no]: yes

*Mar 20 00:10:24.557: %SYS-5-RELOAD: Reload requested by

number of unicast mac addresses: 4K

 SDM Templates 364

 Monitoring Features 368

 SPAN is commonly deployed when an IPS/IDS is added to a

Ingress traffic: Egress traffic: