BGP OSPF Questions: Difference between revisions
→Switching
(→MPLS) |
|||
Line 492:
= Switching =
* Note - Layer 2 header contains source mac, des mac, ether type, ether type fields tells the process next layer 3 protocol like ipv4, ipv6.
sh int fa0/1 switchport ( trunk, access, administrative mode )
sh int trunk ( ports which are trunk )
sh spanning tree vlan 1 ( to check wheather traffic is forwaded in spanning tree )
* If we have layer 2 ether channel then if we do sh spanning tree output it should show individual port channel group in output rather than individually phsyical links else we have issue.
* On the switch we have root port and designate port, all the traffic from root port will be forwaded towards root bridge.
* If the two switches are in differnt VTP domain, as long as they have trunking set between them is correct they will not effect the broadcast domain -Good
* Two ways to change priorty for root bridge
spaniing tree vlan 2 root primary
spanning tree vlan 2 priorty lesser than 32768
* In spanning tree one of election for root port on non route bridge is based path cost that is local to interface
* In 3560 swicth by default PVST+ is enabled
* Auto -Auto -results in access port
* access mode-Dynamic desirable -Access port
* tunk with nonnegotiate ---auto -Because switch on left side is not sending DTP frames.
* Best practises of truking -mode trunk and non negotiate, Trunk negotaition are done on DTP when using DTP both the ends should in same VTP domain
* When frame traverse the trunk link it is marked over truking protocol and on receiving end VID is removed before sending to access link
== ISL and 802.1Q ==
* ISL -encapulsate entire frame, it dos not native vlan traffic, orginal frame unmodifed, ISL adds 26 byts header and 4 bytes trailer.range of isl 1-1024.
* 802.1Q-insert 4 byte tag, does not tag the frame that belong to native vlan, additonal tag includes priroty field, extending qos support, 4096 Vlans, 1-4096.
* Inorder to maintain identical information of vlan database, VLAN information is propagatd over trunk links in same VTP domain, VTP information is advertized over trunk links only.
* VTP is layer 2 messaging protocol. Three version of VTP (1,2,3).
* Limitaion of VTP version 1,2 - extended VLAN funstionality was only used in when switch is configured in transparent mode, so the VTP version 3 is used.
Server mode - create, del, modify, send and forward advertizements, syn vlan database, store information in nvram
Transparent mode - create, del, modify local Vlan, forward advertizements, no syn vlan database, store information in nvram
Client mode - cannot create, del, modify vlans, forward advertizements, syn vlan database, do not store information in nvram.
Important: when ver new switch is added make sure its configration revision is less than any other swiches in VTP doamin else if it is high then it will erase all the vlan information of server and client
to protect that either add switch in transpanrent mode or in differnt domain.
* For VTP configration requires VTP domain ,password ,VTP mode on each switch .sh VTP status or VTP counters.
* VTP pruning -used to remove unnessary flooding of brodcast traffic on the network.
== STP ==
* STP-is used to avoid unwanted loops in the environment.
* STP created one refernce point in n/w that is called root of tree ,based on rerfernce point decides whether there is redundant path in the n/w
* Layer 2 forwading -By default CAM table entries got aged out every 300 sec
* We can also create static mac address table entry in cam - command ( mac-address-table static mac-address VLAN id interface type )
Line 616 ⟶ 584:
spannin tree vlan vlan id port priority
== RSTP ==
RSTP have rapid convergence time ( discadring ,listening ,forwading )
Line 628 ⟶ 597:
== HSRP/VRRP/GLBP ==
* HSPR-Provide redudancy of the gateways ,HSRP exchange the HSRP hello message on 224.0.0.2
* VRRP-In VRRP we can use real ip add of router as virtual address, IEE standard,router with highestest priorty is master router and other acts a back and VRRP messages are send on multicast address 224.0.0.18 ,Default interval is 1 second and preemtion is enabled by default.
* GLBP -uses concept of AVG and one router act as primary while other act as backup ,AVG assign virtual macs to AVF,and it is AVF's which forwrd the packets based on virual mac's assgin by AVG.,
* GLBP communicate over hello packets send every 3 seconds on multicast address (224.0.0.102),GLBP suppots up to 1024 vrtual routers.
== MST ==
* This table shows the support of MST in Catalyst switches and the minimum software required for that support.
Catalyst Platform MST with RSTP -- (12.1 or higher )
Catalyst 2900 XL and 3500 XL Not Available
Catalyst 2950 and 3550 Cisco IOS\AE 12.1(9)EA1
Catalyst 3560 Cisco IOS 12.1(9)EA1
Catalyst 3750 Cisco IOS 12.1(14)EA1
Catalyst 2955 All Cisco IOS versions
Catalyst 2948G-L3 and 4908G-L3 Not Available
Catalyst 4000, 2948G, and 2980G (Catalyst OS (CatOS)) 7.1
Catalyst
Catalyst
Catalyst
Catalyst
Catalyst
== Spaning tree features ==
Spaning tree features that helps in reducing covergence time
1
2. uplink fast -is used in case of one of uplink goes down ,root port and alternate port forms uplink group ,if the root port goes down alternate port directyly transtion to forwading state with out going to lisening and learing states .
3. backbone fast -In case of indirect link failure ,switch on where backbone fast is enabled receice inferior BPD's from Desiganting switch anouncing it self as root bride ,On revceving the inferior BPDUS it will expire the max aga time imidiatlly and reconverge the toplogy.Backbone fast helps in optimisation of max-age timer,should be implemented globally .
Line 670 ⟶ 635:
== PAGP ==
* auto: Places a port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation. This setting minimizes the transmission of PAgP packets. This mode is not supported when the EtherChannel members are from different switches in the switch stack (cross-stack EtherChannel).
* desirable: Places a port into an active negotiating state, in which the port starts negotiations with other ports by sending PAgP packets. This mode is not supported when the EtherChannel members are from different switches in the switch stack (cross-stack EtherChannel).
== CISCO 3750 Stacking ==
* All stack members are eligible stack masters. If the stack master becomes unavailable, the stack members that remain participate in the election of a new stack master from among themselves
* Switches should have same ios for stack memeber to be fully functional ,if there is major version misimatch then switch will not join the stack however if there is minor version mismacth it will upgrade the switch to become fully functional.
* The default stack member number of a 3750 switch is 1. When it joins a switch stack, its default stack member number changes to the lowest available member number in the stack. Stack members in the same switch stack cannot have the same stack member number. Every stack member, which includes a standalone switch, retains its member number until you manually change the number or unless the number is already used by another member in the stack.
== Provisioning of switch ==
You can use the offline configuration feature to provision (to supply a configuration to) a new switch before it joins the switch stack. In advance, you can configure the stack member number, switch type, and interfaces associated with a switch that are not currently part of the stack. The configuration that you create on the switch stack is called the provisioned configuration. The switch that is added to the switch stack and that receives this configuration is called the provisioned switch.
Line 706 ⟶ 657:
Remove switch from stack-no switch 2 provision ws-c3750-48ts
== Spaning tree security features ==
== Spanning Tree enhancements ==
Line 749 ⟶ 697:
IP source guard ( layer 2 port ,Dyanmic arp inspection is for arp spoofing .
== VLAN ==
* Create a broadcast domain,PVlan allows splitting the domain into multiple isolated subdomains.
* Private Vlans - Promicious, Community, Isolated
* Promiciuos - Carry traffic for all the pvlans
* Community Vlan - Can only talk to ports in same community vlan and its promiciuos port
* Isolated - Can only talk to promicious port
* Primary VLAN - The primary VLAN carries traffic from the promiscuous ports to the host ports, both isolated and community, and to other promiscuous ports.
* For low end switches, there is command switchport mode protected act simmlar to isloated vlan, all those ports configured for protected donot talk to each other. Usually, ports configured as protected are also configured not to receive unknown unicast (frame with destination MAC address not in switch's MAC table) and multicast frames flooding for added security.
== Configure ==
Vlan 1000
Private vlan primary
vlan 1012
private vlan community
vlan 1013
private vlan ISolated
vlan 1000
private vlan association 1012,1013.
== Configure ports ==
1. int fa0/1
swicth port private-vlan 1000,1012 -each host port is member of two vlans .
switch port private-vlan host
2. int fa0/2
3. int vlan 1000
* This example shows how to associate community VLANs 100 through 103 and isolated VLAN 109 with primary VLAN 5:
switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# private-vlan association 100-103, 109
* This example shows how to configure the Ethernet port 1/12 as a host port for a private VLAN and associate it to primary VLAN 5 and secondary VLAN 101:
switch# configure terminal
switch(config)# interface ethernet 1/12
switch(config-if)# switchport mode private-vlan host
switch(config-if)# switchport private-vlan host-association 5 101
= Layer 2 COS =
| |||