Scribd
Upload
18 views84 pages

VOD-3876 - Campus Enterprise LAN Switching Fundamentals

Uploaded by

مصطفى ماهر مصطفى 3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views84 pages

VOD-3876 - Campus Enterprise LAN Switching Fundamentals

Uploaded by

مصطفى ماهر مصطفى 3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 84

Enterprise & Campus LAN Switching

Fundamentals

ine.com
Keith Bogart
CCIE #4923

[email protected]
@keithbogart1
linkedin.com/in/keith-bogart-2a75042

CCIE Routing & Switching


Course Objectives + Familiarize you with LAN Switching
concepts and features commonly
implemented in Campus and
Enterprise networks
+ Expose you to Cisco IOS commands to
implement, verify and troubleshoot
those concepts
Course + Familiarity with Cisco IOS Command
Prerequisites Line Interface (CLI)
+ Understanding of Ethernet operation
and frame structure
+ Understanding of the concepts of
broadcast domains, collision domains
and IP packet structure
MAC Address-Table & Switching Basics

ine.com
Topic Overview + MAC Address-Table usage and
structure
+ Basics of Ethernet switching
MAC Address-Table

+ Storage repository for MAC addresses


+ MAC address learning process
+ Types of entries
+ Dynamic entries
+ Static entries
MAC Address-Table IOS Commands

+ Show mac address-table <dynamic> <address | value>


+ Show mac address-table count

+ Switch(config)#mac address-table aging-time <secs>


+ Switch(config)#mac address-table static <mac> vlan <id>
interface <type/number>
Ethernet Switching

+ Switching based on destination MAC address.

+ Possible actions:
+ Forward
+ Flood
+ Discard
Thanks for Watching!
TCAM & SDM Concepts

ine.com
Topic Overview + Introduction to TCAM
+ TCAM Structure
+ SDM Templates
TCAM
+ Ternary Content Addressable Memory
+ Unlike regular RAM which is binary (stores a 0 or a 1)
TCAM memory can store three values
+ 0 = True
+ 1 = False
+ X = Don’t Care
+ Good for matching partial patterns
+ Routes
+ ACL Entries
+ Anything that would have an associated subnet-or-wildcard mask
+ Many switches also use TCAMs for MAC Address-Table
TCAM Structure

+ TCAM memory is stored as VMR triplets


+ Value
+ Mask
+ Result

Value Mask Result

00000011 00000001 00000001 00000000 00000000 00000000 00000000 xxxxxxxx Pointer to Adjacency/Rewrite Info

Layer-3 TCAM Entry

Value Mask Result


00000000 11000010 00101011 00001010
00000000 00000000 00000000 00000000 Egress Interface (GigabitEthernet0/1)
00001010 00010101

Layer-2 TCAM Entry


TCAM Implementation
Lower-End Switches Higher-End Switches
TCAMs
TCAM

L2 Entries L2 Entries
TCAM TCAM
Lookups Lookups

Forwarding L3 Entries Forwarding L3 Entries


Engine Engine

Ethernet Frame
QoS Policies
QoS Policies
Lookup Lookup
Results Results
Security Policies

Security Policies
SDM
TCAM
+ What is the mechanism that determines
L2 Entries
TCAM space and usage in lower-end
switches? L3 Entries
+ Switching Database Manager
+ Utilizes pre-formatted “SDM Templates”
QoS Policies
+ Templates cannot be modified
+ One can switch to a different template
+ Different templates only activated after a reload Security Policies
SDM IOS Commands

+ Viewing available SDM Templates


+ Switch# show sdm prefer ?
+ Viewing current template
+ Switch# show sdm prefer
+ Changing to a different template
+ Switch(config)#sdm prefer <template-name>
+ Switch#reload
Thanks for Watching!
A Review Of VLANs

ine.com
Topic Overview + The purpose of VLANs
+ VLAN facts and
configuration
+ VLAN verification
VLANs
+ VLAN = Virtual Local Area Network
+ Logical method of grouping Layer-2 switchports on a
local switch into different broadcast domains

0/14
0/9
0/5
0/1

D
C
B
A
VLAN Facts

+ Working with VLANs is a two-step process:


+ Create VLAN number globally
+ Apply VLAN to switchport
+ Range of VLANs = 1 – 4095
+ 0: Reserved for 802.1p
+ 1 – 1001 : Normal Range VLANs
+ 1002 – 1005: Reserved VLANs
+ 1006 – 4094: Extended Range VLANs
+ 4095: Reserved
VLAN Configuration
+ Creating the VLAN
+ Switch(config)#vlan <vlan-number>
+ Switch(config-vlan)#name <descriptive name>
+ Assigning VLAN to switchports
+ Switch(config)#interface <type/value>
+ Switch(config-if)#switchport access vlan <vlan-number>

Switch(config)#vlan 2,4
Switch(config-vlan)#exit

Switch(config)#interface range gig 0/1 , 0/5 Switch(config)#interface range gig 0/9 , 0/14
Switch(config-int)#switchport mode access Switch(config-int)#switchport mode access
Switch(config-int)#switchport access vlan 2 Switch(config-int)#switchport access vlan 4
VLAN Verification

+ Displaying full, detailed list of configured and reserved


VLANs
+ Switch#show vlan
+ Display only configured and reserved access vlans (not
specialized VLANs or details)
+ Switch#show vlan brief
+ Display a count of configured and reserved VLANs
+ Switch#show vlan summary
+ Display a single VLAN
+ Switch#show vlan id <vlan-value>
VLAN Caveats
+ Each VLAN should equate to a unique IPv4/IPv6 subnet
unless separated by a router
+ Extended Range VLANs can only be configured if:
+ Setting VTP to version 3
+ Turning VTP off
+ Reserved VLANs (0, 1002-1005, 4095) cannot be used.
+ Ports placed within unconfigured VLANs may become
“inactive”
+ Beware of maximum STP instances when configuring
large quantities of VLANs
Thanks for Watching!
Extending VLANs With VLAN Trunks

ine.com
Topic Overview + VLAN trunk functionality
+ Cisco ISL trunks
+ 802.1q trunks
+ VLAN trunk configuration
+ Troubleshooting VLAN trunks
VLAN Trunk Functionality

+ VLAN trunks can be used to extend multiple broadcast


domains (i.e. VLANs) between two switches by utilizing
only a single physical link.
+ Ethernet frames must be embedded with some kind of
VLAN identifier when travelling across a VLAN trunk.
+ Two methods to accomplish this:
+ Encapsulation via ISL
+ Tagging via 802.1q
Cisco ISL Trunking

+ ISL = Inter Switch Link


+ Cisco proprietary
+ Deprecated on most Cisco switches
+ Encapsulated each Ethernet frame with additional ISL Header
IEEE 802.1q Trunking

+ Industry standard VLAN trunking mechanism


+ Inserts 802.1q “tag” into Ethernet header to
denote VLAN id (among other things)
+ Supports a Native VLAN which does not
include a tag
802.1q Tag Structure

DA SA 802.1q Tag Type/Len Data FCS

TPID PCP DEI VID


16-bits 3-bits 1-bit 12-bits
VLAN Trunk Configuration

+ Interfaces can be configured to trunk using two methods:


+ Static/manual trunking
+ Dynamic negotiation of trunking with peer switch
+ Select trunk encapsulation type:
+ Switch(config-if)#switchport trunk encapsulation (isl | dot1q)
+ Force interface into trunking mode:
+ Switch(config-if)#switchport mode trunk
Optional VLAN Trunking Commands

+ Change Native VLAN value:


+ Switch(config-if)#switchport trunk native vlan <vlan-id>
+ Restricting allowed VLANs on trunk:
+ Switch(config-if)#switchport trunk allowed vlan <add | all | except | none |
remove> <vlan-list>

+ Tagging the 802.1q Native VLAN:


+ Switch(config)#vlan dot1q tag native
Monitoring VLAN Trunks

+ Show interface trunk


+ Show interface <type/value> switchport
+ Show interface status
Troubleshooting Static VLAN Trunks

+ Confirm that neither side of trunk is Admin Down


+ If one (or both) sides display as “Up/Down” or “Down/Down”:
+ Check that speed/duplex match on both sides
+ Check cabling
+ Confirm both sides of trunk are using the same encapsulation type.
+ Confirm that Native VLAN matches on both sides
+ Confirm that both sides of the trunk are allowing the same VLANs
+ Confirm matching VTP Domain Name
Thanks for Watching!
Dynamic VLAN Trunking With DTP

ine.com
Topic Overview + The purpose of DTP
+ DTP modes
+ DTP configuration
+ DTP troubleshooting
DTP

+ Dynamic Trunking Protocol


+ Cisco Proprietary, only works on Cisco switches
+ Can dynamically negotiate VLAN trunk encapsulation
type and status
+ Also serves as trunking keepalive mechanism
+ DTP Advertisements transmitted every 30-seconds
DTP Modes

+ DTP can be utilized in three modes:


+ ON: Trunk is statically created but still transmits DTP
+ Desirable: Port remains in “Access Mode” while initiating DTP
requests for trunking
+ Auto: Port remains in “Access Mode” while passively listening for
DTP

Mode Trunk (On) Desirable Auto

Trunk (On) yes yes yes

Desirable yes yes yes

Auto yes yes NO


DTP Sniffer Trace
DTP Configuration

+ Set trunking encapsulation type


+ Switch(config-if)#switchport trunk encapsulation <isl | dot1q>
+ Set DTP Trunking Mode:
+ Switch(config-if)#switchport mode <trunk | auto | desirable>
+ If configuring a static VLAN trunk and you wish to
disable all DTP:
+ Switch(config-if)#switchport nonegotiate
Dynamic Trunk Troubleshooting

+ Same initial troubleshooting steps as those performed


with static VLAN trunks
+ Check that DTP modes on both sides of trunk are
suitable for trunking
+ Remember that DTP cannot be used when trunking to:
+ Non-Cisco devices
+ Cisco Routers
+ DTP carries the VTP domain name, so ensure this
parameter matches on both sides of potential trunk
Thanks for Watching!
VLAN Trunking Protocol

ine.com
Topic Overview + The problem solved by VTP
+ VTP versions
+ VTP modes
+ VTP operation & message
types
VTP Purpose

+ VLAN Trunking Protocol


+ Cisco Proprietary
+ Only works between Cisco switches (not routers)
+ Originally designed to ensure consistency of VLANs
between switches
+ VTP messages carried between switches on VLAN
trunks
VTP Versions

+ VTP Version 1
+ VTP Version 2
+ Added support for Token Ring VLANs
+ Added VTP consistency checks
+ VTP Version 3
+ Enhanced authentication options
+ Support for extended range vlans
+ Can propagate non-vlan information
VTP Modes

+ VTP versions 1 and 2:


+ VTP Server mode (default)
+ VTP Client mode
+ VTP Transparent mode
+ VTP Off
+ VTP version 3
+ VTP Server mode (default)
+ VTP Primary Server
+ VTP Client mode
+ VTP Transparent
+ VTP Off
VTP Operation

+ Important VTP parameters


+ VTP Domain Name
+ VTP Authentication
+ VTP Configuration Revision
VTP Message Types
+ VTP Summary Advertisement
+ Transmitted by VTP Servers every 300-seconds or when VLAN
database is changed
+ Used as a VTP Keepalive
VTP Message Types

+ VTP Subset Advertisement


+ Transmitted after a change in the VLAN
Database
+ Contains list of all known VLANs and
associated VLAN details
VTP Message Types

+ VTP Client Request


+ Transmitted by a switch when it realizes that its Configuration
Revision value is lower than the current value for the Domain
Thanks for Watching!
VTP Configuration & Verification

ine.com
Topic Overview + VTP v1 & v2 configuration
+ VTP v3 configuration
+ VTP v3 authentication options
+ VTP verification
VTP v1 & v2 Configuration

+ Configure VTP domain name (case sensitive)


+ Switch(config)#vtp domain [name]
+ Configure VTP version
+ Switch(config)#vtp version 2
+ Configure VTP mode
+ Switch(config)#vtp mode [client | server | transparent]
+ Configure VTP authentication (optional)
+ Switch(config)#vtp password <password>
VTP v3 Configuration

+ Configure VTP domain name (case sensitive)


+ Switch(config)#vtp domain [name]
+ Configure VTP version
+ Switch(config)#vtp version 3
+ NOTE: This defaults the switch to a VTP Secondary Server
+ Configure VTP mode
+ Switch(config)#vtp mode [client | server | transparent]
+ Configure VTP Primary Server
+ Switch#vtp primary [force | mst | vlan]
VTP v3 Authentication Options

+ Plaintext authentication password:


+ Switch(config)#vtp password <password>

+ Plaintext entry but stored as hashed digest:


+ Switch(config)#vtp password <password> hidden
VTP v3 Authentication Options

+ Entry of pre-hashed authentication password:


+ Switch(config)#vtp password <hashed-digest> secret
VTP Verification

+ Show vtp status


+ Show vtp counters
+ Show vtp password
+ Show vtp interface
Thanks for Watching!
Port Aggregation With Etherchannels

ine.com
Topic Overview + Why Etherchannels?
+ Etherchannels & STP interaction
+ Load-Balancing
+ Dynamic Etherchannels
+ Layer-3 Etherchannels
The Need For Port Aggregation

+ Frequently, a single point-to-point link between two


switches does not provide sufficient bandwidth to
transfer all necessary traffic.
+ Additional links will be blocked by Spanning-Tree
+ Etherchannels obfuscate individual P2P links from STP
and transfer STP control to a single, logical Port-Channel
interface.
STP & Etherchannels

A
0/4
0/0
0/8 0/10 0/12 0/15
B

0/1
Etherchannel Overview

+ Link aggregation method


+ Defined by IEEE 802.3ad standard
+ Allows up to eight (8) active links in a channel
+ Can be used to bundle:
+ L2 Access Ports
+ L2 VLAN Trunks
+ L3 Routed Ports (utilizing a single subnet)
+ Like VLAN Trunks, Etherchannels can either be statically
defined or one can utilize dynamic protocols to create-
and-maintain the channel
Etherchannel Load-Balancing
+ Etherchannels do not fragment Layer-2 frames
+ Load-balancing accomplished per-flow of traffic
+ Frames belonging to the same flow always traverse
the same physical link
+ Multiple methods of defining a flow:
Dynamic Channeling With PAgP

+ PAgP = Port Aggregation Protocol


+ Cisco proprietary
+ Supports up to eight (8) active links in a channel
+ PAgP Modes
+ Auto = Passive/listening state for inbound PAgP frames
+ Desirable = Aggressive/initiating state which transmits
PAgP frames
Dynamic Channeling With LACP

+ LACP = Link Aggregation Control Protocol


+ IEEE Standard (802.3ad)
+ Supports up to eight (8) active links in a channel
+ Supports hot-standby links
+ LACP Modes:
+ Passive = Passive/listening state for inbound LACP frames
+ Active = Aggressive/initiating state which transmits LACP
frames
LACP Priority & ID

Sys Priority = 32768

1 2 3 4 5 6 7 8 9
Port 1 32768 32768 32768 32768 32768 32768 32768 32768
Priorities

32768 32768 32768 32768 32768 32768 32768 32768 1


1 2 3 4 5 6 7 8 9

Sys Priority = 4096


Potential Problems Of Layer-2 Etherchannels

VLAN-2
0/1 0/1
0/2 0/2
Sw-1 0/3 0/3 Sw-2

2.2.2.2

2.2.2.x/24
Potential Problems Of Layer-2 Etherchannels

VLAN-4
0/1 0/1
0/2 0/2
Sw-1 0/3 0/3 Sw-2

dot.1q 4.4.4.4
dot.1q

VLAN-2 VLAN-3

2.2.2.x/24 3.3.3.x/24
Layer-3 Etherchannels

interface port-channel 1
no switchport L3 Etherchannel
ip address 4.4.4.1 /30 0/1 (no switchport) 0/1
0/2 (no switchport) 0/2
Sw-1 0/3 (no switchport) 0/3 Sw-2

dot.1q 4.4.4.2 /30


dot.1q

VLAN-2 VLAN-3

2.2.2.x/24 3.3.3.x/24
Thanks for Watching!
Configuring & Monitoring Etherchannels

ine.com
Topic Overview + Etherchannel configuration
guidelines
+ Configuration steps
+ Monitoring Etherchannels
Etherchannel Configuration Guidelines

+ All links in an Etherchannel must terminate between the


same two switches
+ All link characteristics must be the same
+ Speed & Duplex settings
+ Configuration settings
+ Logical Port-Channel Interfaces
+ Dynamically created
+ Subsequent configuration changes should be done here
Etherchannel Configuration Steps

+ Ensure consistency between all potential links


+ Select an unused number for a Port-Channel interface
+ Bundle links into your Etherchannel
Optional Etherchannel Configurations

+ Designate a minimum number of links for the channel


to become active:
+ Switch(config)#interface port-channel <id>
+ Switch(config-if)#port-channel min-links <value>
+ Designate the maximum number of LACP links allowed in bundle
+ Remaining links placed in hot-standby state
+ Switch(config)#interface port-channel <id>
+ Switch(config-if)#lacp max-bundle <1-8>
Etherchannel Monitoring

+ show etherchannel summary


+ show interface port-channel <value>
+ show lacp neighbor detail
+ show lacp internal
+ show pagp neighbor
Thanks for Watching!

You might also like