CCIE L2 Ep.4 K3y_n0tes_l2.txt
Here I’m sharing my key notes about L2 technologies after finished INE CCIE EI Switched Campus topics. after that, I’ll work on workbook L2 topics. You can access this workbook here.
vLAN Technologies
Layer two switchport mode:
Access — One vlan per interface
Trunk — Multiple vlans across the interface (Legacy ISL or 802.1q)
Tunel — Transparent L2VPN
Dynamic(Dynamic Trunk Protocol) — DTP negotiation
Layer 3 Ports
Switch Virtual Interface (SVI)
Native Routed Interfaces
Layer 2 Trunking
Open standard
“Native” vLAN sent untagged
DTP — Dynaminic trunking protocol
Proprietary and enabled by default on some plataform.
. DTP Desirable mode - Initiates trunk negotiation
switch(conf-if)#switchport mode trunk
or
switch(config-if)#switchport mode dynamic desirable. DTP Auto mode -Passively listen for trunking negotiation
switchport(config-if)switchport mode dynamic auto. Disabling DTP negotiation options
switch(config-if)#switchport nonegotiate
or
switch(config-if)#switchport mode access
or
switchp(config-if)#switchport dot1q-tunnelVerification command
switch#show interface trunk
switch#show interface [interface]switchport
switch#show spanning-tree vlan [vLAN|interface]Virtual LAN — vLAN
Standard range from 1 to 1005
. vLAN 1 is native and access vLAN by default in all interfaces. Cannot be deleted, changed, or pruned on VTP;
. vLAN 1 Should not be used for port assignments;
. vLAN 1002 to 1005 are default legacy tokenring/FDDI vLANs.
Extend vLAN range is 1006 to 4094
. Can be used normallu in VTP transparent mode and VTPv3;
. Some extend vLAN cannot be used because are reserved by system for internal vLAN usage. Native L3 switchport.
switch#show switchport vlan internal usage!Comment
! ascendians 1006 to up
! descendins 4094 to down
Manual trunk prunnig
By defaul trunk interface allow all vLANs.
switch(config-if)#switchport trunk allowd vlan [add/remove/except/all] <vlan id>
switch#show interface trunk
switch#show interface [interface]switchportvLAN Trunking Protocol — VTP
VTP is a proprietary cisco’s protocol. That’s used to share vlan database amond switched network.VTP don’t define broadcast domain and don’t associate ports to vLAN.
VTP modes
. Server - Configure and manage vLAN database;
. Cliente - Cannot creat or delete vLANs;
. Transparent - Can manage local vLAN database and “silent” forward vtp packets.
VTP Configuration revision
Configurations number
. Sequence number form the database;
. Higher number wins;
. Domais is syncronized when revision number matcheseverywhere;
Wron configuration with higher revision number can overwriten databas about VTPv1/v2 is rarely used and VTPv3 use primary server to protect them.
! VTP DOMAIN NAME by default is "empty"
switch(config)#vtp domain name <domain-name>!VTP authentication configuration. Uses Hash md5
switch(config)#vtp password <password>Verification
switch#show vtp password
switch#show vtp status
VTP Prunning
Prunning of vLAN reduce unnecessary broadcast, unknown unicast and multicast flooding. This is supported only for switching in server and client mode.
Vlan range 2- 1001 area “Prune eligible”. To edit prune eligible list:
! Configuration
switch(config)#VTP prunning!edit eligible list
switch(config-if)#switchport trunk prunning vlan!verification
switch#show interface trunk
switch#show interface prunning
VTPv3
. Support MST advertisements;
. Extended vLAN range;
. Support private vLAN;
. Support the hide or secret password; and,
can be disabled globally or per link
! Configuration
switch(config)#vtp version 3
switch(config)# vtp mode off
switch(config-if)no vtpEtherchannel
Etherchannel also called NIC teaming (MS server), Portchannels (normally on Cisco catalyst switches), channeling and Link aggregation LAG. Is a technique for aggregating links improving physical links fault tolerance and spanning-tree links optimization. Permit active/active redundant physical links.
Etherchannel can operate on L2 or L3 deploy
2x gigaethernet is 2Gb/s but, two pipes of 1 Gbp/s.
Link aggregation topologies was discussed on CCIE L2 Ep.2
Pros
. Cheap incremental upgrade
. adds link layer redundant
Cons
. Flow cannot exceed the bandwidth of an individual link
Ethernetchannel negotiation protocols
Port aggregation protocol (PAgP), proprietary Cisco.
. Mode desirable (initiate) & auto ( listen for PAgP)
Link Aggregation Protocol (LACP)
Open standard 802.3ad.
. Mode active (initiate) & passive (listen for LACP)
Static LAG
Not recommend, but some times is deploy with hosts Vmware. Failure or wrong configuration can cause STP loop.
Etherchannel guard can help mitigate this
Etherchannel LoadBalance method is locally significant and outbound direction:
. Source & destination MAC address;
. Source & destionation IP address;
. Source & destionation Layer 4.
Channel mode compatibility
On - On
Desirable - Desirable
Desirable - Auto
Active - Active
Active - Passive
! Configuration L2
switch(config-if-range)#switchport mode [access|trunk]switch(config-if-range)#switchport channel group <ID> mode [on/desirable/auto/active/passive]! Configuration L3
switch(config-if)#interface portchannel <1>
switch(config-if)#no switchport
switch(config-if)#ip address <IP> <mask>
switch(config-if-range)#no switchport
switch(config-if-range)#switchport channel group <ID> mode [on/desirable/auto/active/passive]
Spanning-tree Protocol
Idea behind STP is offer L2 loopfree topology.
Root bridge Election
Switch with lowes bridge ID becomes the root.
Bridge ID is compose of priority(0 – 61440 increments 4096)+ system ID ( Equal vlan ID 0 – 4095)+ Mac address.
Root port selection
All non-root switch must select your root port. This is a port with lowest cost to switchport (cumulative cost all links to get the root bridge).
if tie, choose lowest upstream BID, if tie again, choose lowesr upstream PORT-ID (port priority).
Designated port Election
DPs are downstream facing away from root bridge. Election 1. Lowest root path cost, 2. lowest BID, 3. Lowest Port-ID.
All others go int blocking mode:
. Receive BPDUS
. Cannot send or receive others traffic.
! Root bridge election
switch(config)#spanning-tree vlan <vlan-id> priority (default is 32678)
switch(config)#spanning-tree vlan <vlan-id> root [primary|secondary]!root port selection
switch(config-if)#spanning-tree <vlan-id> cost <cost>
switch(config-if)#bandwidth <bps>!verification
switch#show spanning-tree vlan [vlan-id]
switch#show spanning-tree root
switch#show spanning-tree interface [interface] detail
switch#show spanning-tree vlan <vlan-id> detail
switch#show spanning-tree root detail
STP Timers
Timers effect the trasintion among states. On 802.1d (CSTP), set only on the root bridge.
Hello — Defaults to 2 seconds
. How often configuration BPDUs are sent.
! Change hello time interval
switch(config)#spanning-tree vlan <vlan-id> hello-time <seconds [1-10]>MaxAge — Defaults to 20 seconds
. How long to wait in blocking state without hearing a BPDU.
! Change MAxAge time interval
switch(config)#spanning-tree vlan <vlan-id> max-age <seconds [6-40]>Forwarding Delay- Defaults to 15 seconds
. How long to wait in each the listering and learning phases.
! Change hello time interval
switch(config)#spanning-tree vlan <vlan-id> forward-time <seconds [4-30]>with default timers STP convergence must wait around 52 seconds: 2x Forward-delay (states listering and learning, 1x Max-Age).
To ensure fast convergence
+Keep topology small and avoid excessive redundancy
+Rely on physical layer failure detection not the Hello BPDUs
STP convergence optimizations
CSTP Convergence optimizations:
Portfast
. By pass listering and learning states.
. Don’t generate TCN
UplinkFast
. Direct rootport failure should reconverge immediately if alternate port is available.
BackboneFast
. Indirect failures should start immediately
Spanning-tree filters techniques (globally or interface level)
BPDU filter
. Filter BPDU in and out direction (used in port mode access).
BPDU Guard
. Put interface in shutdown if receive BPDU(used in port mode access)
Root Guard
. Used on downstream interface, put interface in shutdown if received superior BPDU.
Loop Prevention
STP loop guard — Prevent undirectional links by using BPDU keeplives
Unidirectional link detection (UDLD) — Prevent unidericional link by uising UDLD keeplives.
Rapid Spanning-tree Protocol — 802.1w
RSTP improve some enhanced to fast converge, like simplying port states.
Legacy STP port States RSTP simplified to
Disabled Discarting
Blocking .Dropping frames
listering Learning
learning .Dropping frames but build CAM
forwarding Forwarding
.Normal forwardingswitch(config)#spanning-tree mode rapid-pvst
Aditonal port role
Alternate: Less desirable path to root.
. Allows equivalent of Uplinkfast on legacy CSTP. Don’t requeres uplink fast command.
Backup: Backup of designated port.
. Active if primary DPs fails. Operate in discard mode;
Edge: Equivalente of PVSTP+ portfast enabled ports;
. Don’t generate TCN for state change (spanning-tree port-fast)
. Maintains edge status as long no BPDUs are received;
. If BPDU received, remove edge status and generate TCN.
RSTP Link Types
Non-edge ports fall in two types
Point-to-Point — Full Duplex ports
Shared — Half-duplex ports
switch(config-if)# spanning-tree link-type [point-to-point|shared]RSTP Sync Process
Goal is sync bridge its root with rest of the topologies. When a bridge electes root port it assumes all non-edge ports to be designated in discarding mode.
Bridge sendo proposals out all designated ports. Proposal has port role set to designated and root bridge root info (priority,Cost, etc.)
Downstream bridge review this information
. If they don’t has better paths to the root they agree;
. If they do have it the announce their information;
. If downstream bridge agrees to upstream proposal ,the it:
. . Elects a local root port
. . Blockas all non-edge designated ports
. . Start sync proccess on all designated ports
Port blockings is essential in prevent transitive loops. Syns process ensure all bridge agree on the same root bridge.
RSTP Fault detection
. In legace STP, BPDUs are only generated by root bridge. All other bridges forward them on.
. In RSTP, each bridge generate BPDUs every hello interval (2 seconds).
If 3 hellos are missed from a neighbor, reconverge begins. 6 seconds vs. 20 seconds MaxAge.
. Faults can be detected faster by means of physical layer signalings.
. Every bridge sends BPDUs on its own.
. MaxAge also used on shared ports for legacy STP backwards compatibility.
Multiple Spanning-tree Protocol — 802.1s
Uses RSTP algorithm to path calculations. MSTP instance to vlan mapping is user defined. Mapping multiple vlan to an instance reduces BPDU frame and CPU timer.
MST Region
bridge agree up…
. Instance name
. Revision number
. vLan to STP instance mapping
Intra vs. Inter Region
Intra region
. Details of the region are known within the region
. Undefined vlan fall into CSTP (MST Intance 0)
Inter Region
. Details between regions are unkown
. Different regions see each other as virtual edge
. Inter region MSTI are collapsed into CST.
MSTI is compatible with legacy CST and PVST+. MST baheves like inter region and CST root must be withing MST domain.
!configuration!Define region name
switch(config)#spanning-tree mst configuration
switch(config-mst)#name <region name>!Define revision number
switch(config-mst)#revision <0 - 65535>!vlan to instance mapping
switch(config-mst)#instance <instance ID> vlan <vlan range>!enable MST globally
switch(config)#spanning-tree mode mst
What’s next?
