·
In this article I will introduce
the Cisco Internetwork Operating System (IOS) command line interface (CLI) for
the 2960 series switch. You will need to logon to a switch and become familiar
with the different levels of access on the switch. You will also become
familiar with the commands available to you in each mode (user or privileged)
and the switch help facility, history, and editing features.
User vs.
Privileged Mode
User mode is indicated with the
> next to the switch name. You can look at settings but can not make changes
from user mode. In Privilege mode, indicated by the #, you can do anything. To
get into privilege mode the keyword is enable.
HELP
To view all commands available
from this mode type:?This will give you the list of all available
commands for the switch in your current mode. You can also use the question
mark after you have started typing a command. For example if you want to use a
show command but you do not remember which one it is, use the ? as this will
output all commands that you can use with the show command.
Configuration
Mode
From privilege mode you can enter
configuration mode by typing config term command you can exit
configuration mode type type end or <CTL>+z
Configuration
of Cisco 2960 Switch
To practically implement these
command either create a simple topology on packet tracer or download this
topology.
Now click on any switch and
configure it as given below
To know all available command on
user exec mode type ? and press enter
Switch>?
Exec
commands:
[1-99] Session number to resume
connect Open a terminal connection
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC
ping Send echo messages
[Output
is omitted]
Three command can be used to
logout from terminal.
Switch>enable
Switch#disable
Switch>exit
Switch
con0 is now available
Press
RETURN to get started.
show version Command will display the
device platform, detected interface, ios name
Switch>enable
Switch#show
version
Cisco
IOS Software, C2960 Software (C2960-LANBASE-M), Version
12.2(25)FX,
RELEASE SOFTWARE (fc1)
Copyright
(c) 1986-2005 by Cisco Systems, Inc.
Compiled
Wed 12-Oct-05 22:05 by pt_team
ROM:
C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX,
RELEASE
SOFTWARE (fc4)
System
returned to ROM by power-on
Cisco
WS-C2960-24TT (RC32300) processor (revision C0) with
21039K
bytes of memory.
24
FastEthernet/IEEE 802.3 interface(s)
2
Gigabit Ethernet/IEEE 802.3 interface(s)
[Output
is omitted]
show mac address Command will show all
detected mac address dynamically and manually
Switch#show
mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1
0001.643a.5501 DYNAMIC Gig1/1
To view run time configuration of
RAM use show running-config command
Switch#show
running-config
Building
configuration...
Current
configuration : 925 bytes
version
12.2
no
service password-encryption
!
hostname
Switch
[Output
is omitted]
To view startup configuration [
Stored in NVRAM] use show startup-config command
Switch#show
startup-config
Current
configuration : 925 bytes
version
12.2
no
service password-encryption
!
hostname
Switch
[Output
is omitted]
To get information about VLAN
configuration use show vlan command
Switch#show
vlan
VLAN
Name Status Ports
----
-------------------------------- --------- -----------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5,
Fa0/6, Fa0/7, Fa0/8
Fa0/9,
Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21,
Fa0/22, Fa0/23, Fa0/24
[Output
is omitted]
show interface command will show all
detected interface with their hardware description and configuration
Switch#show
interfaces
FastEthernet0/1
is up, line protocol is up (connected)
Hardware is Lance, address is 0060.2f9d.9101
(bia 0060.2f9d.9101)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000
usec,
reliability 255/255, txload 1/255, rxload
1/255
Encapsulation ARPA, loopback not set
[Output
is omitted]
interface vlan 1 is used to assign
ip address and default gateway to switch. Show interface vlan 1 will
give a over view of vlan1.
Switch#show
interface vlan1
Vlan1
is administratively down, line protocol is down
Hardware is CPU Interface, address is
0060.5c23.82ae
(bia 0060.5c23.82ae)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000
usec,
reliability 255/255, txload 1/255, rxload
1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
[Output
is omitted]
delete command is used to delete
all vlan configuration from switch Don’t add space between flash and vlan.dat
Run this exactly shown here adding a space could erase flash entirely leaving
switch blank
Switch#delete
flash:vlan.dat
Delete
filename [vlan.dat]?
Delete
flash:/vlan.dat? [confirm]
%deleting
flash:/vlan.dat
Startup configuration can be
removed by erase commands
Switch#erase
startup-config
Erasing
the nvram filesystem will remove all configuration files!
Continue?
[confirm]
[OK]
Erase
of nvram: complete
%SYS-7-NV_BLOCK_INIT:
Initialized the geometry of nvram
Basic Switch
Configuration Step by Step
use configure terminal command
to go in global configuration mode
Switch#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
Now change default switch name
to switch 1
Switch(config)#hostname
Switch1
Set enable password to vinita and
secret to nikki
Switch1(config)#enable
password vinita
Switch1(config)#enable
secret nikki
Set console password to vinita and
enable it by login command. Order of command is
important. Set password before you enable it.
Switch1(config)#line
console 0
Switch1(config-line)#password
vinita
Switch1(config-line)#login
Switch1(config-line)#exit
Enable 5 telnet session [ vty0 -
vty4] for router and set their password to vinita
Switch1(config)#line
vty 0 4
Switch1(config-line)#password
vinita
Switch1(config-line)#login
Switch1(config-line)#exit
Now set switch ip address to 192.168.0.10
255.255.255.0 and default gateway to 192.168.0.5
Switch1(config)#interface
vlan1
Switch1(config-if)#ip
address 192.168.0.10 255.255.255.0
Switch1(config-if)#exit
Switch1(config)#ip
default-gateway 192.168.0.5
Set a description finance
VLAN to interface fast Ethernet 1
Switch1(config)#interface
fastEthernet 0/1
Switch1(config-if)#description
finance VLAN
By default switch automatically
negotiate speed and duplex but you can adjust it manually
Switch1(config-if)#duplex
full
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1,
changed state to downSwitch1
(config-if)#duplex
auto
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex
half
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1,
changed
state to down
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex
auto
Switch1(config-if)#speed
10
Switch1(config-if)#speed
100
Switch1(config-if)#speed
auto
Switch1(config-if)#exit
Switch1(config)#exit
mac address table can be wiped out
by clear commands
Switch1#show
Switch1#show
mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- -----------
-------- -----
1
0001.643a.5501 DYNAMIC Gig1/1
Switch1#clear
mac-address-table
Switch1#clear
mac-address-table ?
dynamic
dynamic entry type
Switch1#clear
mac-address-table dynamic
To restart switch use reload
command [ running configuration will be erased so copy it first to startup
configuration ]
Switch1#reload
Proceed
with reload? [confirm]
Switch
con0 is now available
Press
RETURN to get started.
CCNA
basic switch configuration commands sheet
|
Command
|
descriptions
|
|
switch>?
|
The ? works here the same as in a router Used to get the list
of all available commands
|
|
switch>enable
|
User mode, same as a router
|
|
switch#
|
Privileged mode
|
|
switch#disable
|
Leaves privileged mode
|
|
switch>exit
|
Leaves user mode
|
|
switch#show version
|
Displays information about software and hardware.
|
|
switch#show flash:
|
Displays information about flash memory (will work only for
the 2900/2950 series).
|
|
switch#show mac-address-table
|
Displays the current MAC address forwarding table
.
|
|
switch#show running-config
|
Displays the current configuration in DRAM.
|
|
switch#show startup-config
|
Displays the current configuration in NVRAM.
|
|
switch#show vlan
|
Displays the current VLAN configuration.
|
|
switch#show interfaces
|
Displays the interface configuration and status of line:
up/up, up/down, admin down.
|
|
switch#show interface vlan1
|
Displays setting of virtual interface VLAN 1, the default VLAN
on the switch.
|
|
To Reset Switch Configuration
|
|
|
Switch#delete flash:vlan.dat
|
Removes the VLAN database from flash memory.
|
|
Delete filename [vlan.dat]?
|
Press Enter
|
|
Delete flash:vlan.dat? [confirm]
|
Press Enter
|
|
Switch#erase startup-config
|
Erases the file from NVRAM.
|
|
Switch#reload
|
Restarts the switch.
|
|
To Set Host Names
|
|
|
Switch#configure terminal
|
Moves to global configuration mode
|
|
Switch(config)#hostname Switch1
|
Creates a locally significant host name of the switch. This is
the same command as the router.
|
|
Switch1(config)#
|
|
|
To Set Passwords
|
|
|
Switch(config)#enable password vinita
|
Sets the enable password to vinita
|
|
Switch(config)#enable secret nikki
|
Sets the encrypted secret password to nikki
|
|
Switch(config)#line console 0
|
Enters line console mode
|
|
Switch(config-line)#login
|
Enables password checking
|
|
Switch(config-line)#password vinita
|
Sets the password to vinita
|
|
Switch(config-line)#exit
|
Exits line console mode
|
|
Switch(config-line)#line vty 0 4
|
Enters line vty mode for all five virtual ports
|
|
Switch(config-line)#login
|
Enables password checking
|
|
Switch(config-line)#password vinita
|
Sets the password to vinita
|
|
Switch(config-line)#exit
|
Exits line vty mode
|
|
Switch(config)#
|
|
|
To Set IP Addresses and Default
Gateways
|
|
|
Switch(config)#interface vlan1
|
Enters the virtual interface for VLAN 1, the default VLAN on
the switch
|
|
Switch(config-if)#ip address 192.168.0.10 255.255.255.0
|
Sets the IP address and netmask to allow for remote access to
the switch
|
|
Switch(config-if)#exit
|
|
|
Switch(config)#ip default-gateway 192.168.0.5
|
Allows IP information an exit past the local network
|
|
To Set Interface Descriptions
|
|
|
Switch(config)#interface fastethernet 0/1
|
Enters interface configuration mode
|
|
Switch(config-if)#description Finance VLAN
|
Adds a description of the interface
|
|
To Set Duplex Operation
|
|
|
Switch(config)#interface fastethernet 0/1
|
Moves to interface configuration mode
|
|
Switch(config-if)#duplex full
|
Forces full-duplex operation
|
|
Switch(config-if)#duplex auto
|
Enables auto-duplex config
|
|
Switch(config-if)#duplex half
|
Forces half-duplex operation
|
|
To Set Operation Speed
|
|
|
Switch(config)#interface fastethernet 0/1
|
|
|
Switch(config-if)#speed 10
|
Forces 10-Mbps operation
|
|
Switch(config-if)#speed 100
|
Forces 100-Mbps operation
|
|
Switch(config-if)#speed auto
|
Enables autospeed configuration
|
|
MAC Address Table
|
|
|
switch#show mac address-table
|
Displays current MAC address forwarding table
|
|
switch#clear mac address-table
|
Deletes all entries from current MAC address forwarding table
|
|
switch#clear mac address-table dynamic
|
Deletes only dynamic entries from table
|
·
A virtual
LAN (VLAN) is a logical grouping of network devices
in the same broadcast domain that can span multiple physical segments.
Advantages
of VLANs:
·
Increase
the number of broadcast domains while reducing their size.
·
Provide
additional security.
·
Increase
the flexibility of network equipment.
·
Allow
a logical grouping of users by function, not location.
·
Make
user adds, moves, and changes easier.
Subnets
and VLANs
Logically speaking,
VLANs are also subnets. A subnet, or a network, is a contained broadcast
domain. A broadcast that occurs in one subnet will not be forwarded, by
default, to another subnet. Routers, or layer-3 devices, provide this boundary
function. Switch provide this function at layer 2 by VLAN.
Scalability
VLANs provide for location
independence. This flexibility makes adds, changes, and moves of networking
devices a simple process. It also allows you to group people together, which
also makes implementing your security policies straightforward.
IP protocols supports
500 devices per vlans.
VLAN
Membership
A device's membership
in a VLAN can be determined by one of two methods: static or dynamic
·
Static:
- you have to assign manually
·
Dynamic:-
Configure VTP server and it will automatically do rest
VLAN
Connections
two types of connections:
access links and trunks.
Access-Link
Connections An access-link
connection is a connection between a switch and a device with a normal Ethernet
NIC, where the Ethernet frames are transmitted unaltered.
Trunk
Connections trunk connections are
capable of carrying traffic for multiple VLANs. Cisco supports two Ethernet
trunking methods:
·
Cisco's
proprietary Inter Switch Link (ISL) protocol for Ethernet
·
IEEE's
802.1Q, commonly referred to as dot1q for Ethernet
ISL is Cisco-proprietary
trunking method that adds a 26-byte header and a 4-byte trailer to the original
Ethernet frame. Cisco's 1900 switch supports only ISL
802.1Q is a standardized
trunking method that inserts a four-byte field into the original Ethernet frame
and recomputed the FCS. The 2950 only supports 802.1Q. 802.1Q trunks support
two types of frames: tagged and untagged.
·
An untagged frame does not carry any VLAN
identification information in it—basically, this is a standard, unaltered
Ethernet frame.
·
A tagged frame contains VLAN
information, and only other 802.1Q-aware devices on the trunk will be able to
process this frame
Trunk Tagging
For VLANs to span
across multiple switches, you obviously need to connect the switches to each
other. Although it is possible to simply plug one switch into another using an
Access port just as you would plug in a host or a hub, doing so kills the
VLAN-spanning feature and a bunch of other useful stuff too. A switch-to-switch
link must be set up as a trunk link in order for the VLAN system to work
properly. A trunk link is a special connection; the key difference between an
ordinary connection (an Access port) and a Trunk port is that although an
Access port is only in one VLAN at a time, a Trunk port has the job of carrying
traffic for all VLANs from one switch to another. Any time you connect a switch
to another switch, you want to make it a trunk.
Trunking
methods create the illusion
that instead of a single physical connection between the two trunking devices,
a separate logical connection exists for each VLAN between them. When trunking,
the switch adds the source port's VLAN identifier to the frame so that the
device (typically a switch) at the other end of the trunk understands what VLAN
originated this frame and the destination switch can make intelligent
forwarding decisions on not just the destination MAC address, but also the
source VLAN identifier. Since information is added to the original Ethernet
frame, normal NICs will not understand this information and will typically drop
the frame. Therefore, you need to ensure that when you set up a trunk
connection on a switch's interface, the device at the other end also supports
the same trunking protocol and has it configured. If the device at the other
end doesn't understand these modified frames or is not set up for trunking, it
will, in most situations, drop them. The modification of these frames, commonly
called tagging.
By
default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk
links always require the use of a crossover cable, never a straight-through
cable.
Key
feature about DTP
·
A
trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection;
10Mb Ethernet ports are not fast enough to support the increased traffic from
multiple VLANs, so the commands are not available for a regular Ethernet port.
·
By
default, traffic from all VLANs is allowed on a trunk. You can specify which
VLANs are permitted (or not) to cross a particular trunk if you have that
requirement, but these functions are not covered in the CCNA exam.
·
Switches
(whether trunked or not) are always connected with crossover cables, not
straight-through cables.
Dynamic Trunk Protocol
(DTP) DTP supports five trunking modes
·
On or Trunk interface always
assumes the connection is a trunk, even if the remote end does not support
trunking.
·
Desirable the interface will
generate DTP messages on the interface, but it make the assumption that the
other side is not trunk-capable and will wait for a DTP message from the remote
side. In this state, the interface starts as an access-link connection. If the
remote side sends a DTP message, and this message indicates that trunking is
compatible between the two switches, a trunk will be formed and the switch will
start tagging frames on the interface. If the other side does not support
trunking, the interface will remain as an access-link connection
·
Auto-negotiate interface passively
listens for DTP messages from the remote side and leaves the interface as an
access-link connection. If the interface receives a DTP message, and the
message matches trunking capabilities of the interface, then the interface will
change from an access-link connection to a trunk connection and start tagging
frames
·
No-negotiate, interface is set as a
trunk connection and will automatically tag frames with VLAN information;
however, the interface will not generate DTP messages: DTP is disabled. This
mode is typically used when connecting trunk connections to non-Cisco devices
that don't understand Cisco's proprietary trunking protocol and thus won't
understand the contents of these messages.
·
Off If an interface is set
to off, the interface is configured as an access link. No DTP messages are
generated in this mode, nor are frames tagged.
VLAN Trunk Protocol (VTP)
VTP is a Layer 2
protocol that takes care of the steps of creating and naming VLANs on all
switches in the system. We still have to set port membership to VLANs at each
switch, which we can do either statically or using a VMPS. VTP works by
establishing a single switch as being in charge of the VLAN information for a
domain. In this case, a domain is simply a group of switches that all have the
same VTP domain name. This simply puts all the switches into a common administrative
group.
The VLAN Trunk
Protocol (VTP) is a proprietary Cisco protocol used to share VLAN configuration
information between Cisco switches on trunk connections When you are setting up
VTP, you have three different modes: Server client
and transparent.
Server
mode—
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
Client
mode—
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Transparent
mode—
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
VTP
Messages
An advertisement
request message is a VTP message a client generates When the server responds to
a client's request, it generates a subset advertisement A summary advertisement
is also generated by a switch in VTP server mode. Summary advertisements are
generated every five minutes by default (300 seconds), or when a configuration
change takes place on the server switch
VTP
Pruning
VTP gives you a way to
preserve bandwidth by configuring it to reduce the amount of broadcasts,
multicasts, and unicast packets. This is called pruning. VTP pruning enabled
switches sends broadcasts only to trunk links that actually must have the
information.
VTP pruning is used on
trunk connections to dynamically remove VLANs not active between the two
switches. It requires all of the switches to be in server mode
·
In this tutorial I
will demonstrate that how can you
·
Configure
Access or Trunk links
·
Create
VLAN
·
Assign
VLAN membership
·
Configure
Intra VLAN routing
·
Configure
VTP Server
·
Make
VTP Clients
·
Show
STP Static
·
Configure
DTP port
To complete these lab
either create a topology as shown in figure or download this file and load it
in packet tracer
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Task
You are the
administrator at ComputerNetworkingNotes.com. company have two
department sales and management. You have given three pc for sales and three pc
in management. You created two VLAN. VLAN 10 for sales and VLAN20 for
management. For backup purpose you have interconnected switch with one extra
connection. You have one router for intera VLAN communications.
Let's
start configuration first assign IP address to all pc's
To assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above
To assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above
VLAN Trunking Protocol
Configure
VTP Server
We will first create a
VTP Server so it can automatically propagate VLAN information to other switch.
Double click on Switch1 and select CLI. Set hostname to S1 and create VTP
domain name example and set password to vinita ( Remember password is case
sensitive ).
Switch
1
Switch>enable
Switch#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
Switch(config)#hostname
S1
S1(config)#vtp
mode server
Device
mode already VTP SERVER.
S1(config)#vtp
domain example
Changing
VTP domain name from NULL to example
S1(config)#vtp
password vinita
Setting
device VLAN database password to vinita
Configure
VTP clients
Once you have created
a VTP domain. Configure remaining Switch to Client mode.
Switch
2
Switch>enable
Switch#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
Switch(config)#hostname
S2
S2(config)#vtp
mode client
Setting
device to VTP CLIENT mode.
S2(config)#vtp
domain example
Changing
VTP domain name from NULL to example
S2(config)#vtp
password vinita
Setting
device VLAN database password to vinita
S2(config)#
Switch
3
Switch>enable
Switch#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
Switch(config)#hostname
S3
S3(config)#vtp
mode client
Setting
device to VTP CLIENT mode.
S3(config)#vtp
domain example
Changing
VTP domain name from NULL to example
S3(config)#vtp
password vinita
Setting
device VLAN database password to vinita
S3(config)#
Dynamic Trunking Protocol
Configure
DTP port
All Switch ports
remain by default in access mode. Access port can not transfer the trunk frame.
Change mode to trunk on all the port those are used to interconnect the
switches
Switch
1
S1(config)#interface
fastEthernet 0/24
S1(config-if)#switchport
mode trunk
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/24,
changed
state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/24,
changed
state to up
S1(config-if)#exit
S1(config)#interface
gigabitEthernet 1/1
S1(config-if)#switchport
mode trunk
S1(config-if)#exit
S1(config)#interface
gigabitEthernet 1/2
S1(config-if)#switchport
mode trunk
%LINEPROTO-5-UPDOWN:
Line protocol on Interface GigabitEthernet1/2,
changed
state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface GigabitEthernet1/2,
changed
state to up
S1(config-if)#exit
S1(config)#
Switch
2
S2(config)#interface
gigabitEthernet 1/1
S2(config-if)#switchport
mode trunk
%LINEPROTO-5-UPDOWN:
Line protocol on Interface GigabitEthernet1/1,
changed
state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface GigabitEthernet1/1,
changed
state to up
S2(config-if)#exit
S2(config)#interface
gigabitEthernet 1/2
S2(config-if)#switchport
mode trunk
S2(config-if)#exit
S2(config)#interface
fastEthernet 0/23
S2(config-if)#switchport
mode trunk
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/23,
changed
state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/23,
changed
state to up
S2(config-if)#exit
S2(config)#interface
fastEthernet 0/24
S2(config-if)#switchport
mode trunk
S2(config-if)#exit
Switch
3
S3(config)#interface
fastEthernet 0/24
S3(config-if)#switchport
mode trunk
S3(config-if)#exit
S3(config)#interface
gigabitEthernet 1/1
S3(config-if)#switchport
mode trunk
S3(config-if)#exit
Virtual LAN (VLAN)
Create
VLAN
After VTP server
configuration its time to organize VLAN. We need only to create VLAN on VTP
server and reset will be done by VTP Server automatically.
Switch
1
S1(config)#vlan
10
S1(config-vlan)#exit
S1(config)#vlan
20
S1(config-vlan)#exit
S1(config)#
As we have already
configure VTP server in our network so we don't need to create VLAN on S2 or
S3. We need only to associate VLAN with port.
Assign
VLAN membership
Switch
1
S1(config)#interface
fastEthernet 0/1
S1(config-if)#switchport
access vlan 10
S1(config-if)#interface
fastEthernet 0/2
S1(config-if)#switchport
access vlan 20
Switch
2
S2(config)#interface
fastEthernet 0/1
S2(config-if)#switchport
access vlan 10
S2(config-if)#interface
fastEthernet 0/2
S2(config-if)#switchport
access vlan 20
Switch
3
S3(config)#interface
fastEthernet 0/1
S3(config-if)#switchport
access vlan 10
S3(config-if)#interface
fastEthernet 0/2
S3(config-if)#switchport
access vlan 20
Now we have two
working vlan. To test connectivity do ping form 10.0.0.2 to 10.0.0.3 and
10.0.0.4. if you get successfully replay then you have successfully created
VLAN and VTP server.
Spanning-Tree Protocol
In this configuration
STP will block these ports F0/24 of S1 , F0/23 and F0/24 of S2 and F0/24 of S3
to avoid loop at layer to two. Verify those ports blocked due to STP functions
Verify
STP ports
Switch
2
S2#show
spanning-tree active
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority 32769
Address 0002.174D.7794
Cost 4
Port 26(GigabitEthernet1/2)
Hello Time 2 sec
Max Age 20 sec Forward Delay 15
sec
Bridge ID
Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.FF08.82E1
Hello Time 2 sec
Max Age 20 sec Forward Delay 15
sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
----------------
---- --- --------- -------- ---------------------------
Fa0/1 Desg FWD 19 128.1
P2p
Fa0/2 Desg FWD 19 128.2
P2p
Fa0/23 Desg FWD 19 128.23
P2p
Fa0/24 Altn BLK 19 128.24
P2p
Gi1/1 Desg FWD 4 128.25 P2p
Gi1/2
Root FWD 4 128.26 P2p
[Output
is omitted]
S2#
You can test STP
protocols status on S1 and S3 also with
show spanning-tree active command
show spanning-tree active command
Router on Stick
At this point of
configuration you have two successfully running VLAN but they will not connect
each other. To make intra VLAN communications we need to configure router . To
do this double click on router and select CLI.
Configure
intra VLAN
Router
Router>enable
Router#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
Router(config)#interface
fastEthernet 0/0
Router(config-if)#no
ip address
Router(config-if)#no
shutdown
Router(config-if)#exit
Router(config)#interface
fastEthernet 0/0.10
Router(config-subif)#encapsulation
dot1Q 10
Router(config-subif)#ip
address 10.0.0.1 255.0.0.0
Router(config-subif)#exit
Router(config)#interface
fastEthernet 0/0.20
Router(config-subif)#encapsulation
dot1Q 20
Router(config-subif)#ip
address 20.0.0.1 255.0.0.0
Router(config-subif)#exit
To test connectivity
between different vlan do ping form any pc to all reaming pc. it should be ping
successfully. If you have error download this configured topology and cross
check that where you have committed mistake.
VLAN
VTP Server STP DTP command reference sheet
|
Switch(config)#vlan 10
|
Creates VLAN 10 and enters VLAN configuration mode for further
definitions.
|
|
Switch(config-vlan)#name Sales
|
Assigns a name to the VLAN. The length of the name can be from
1 to 32 characters.
|
|
Switch(config-vlan)#exit
|
Applies changes, increases the revision number by 1, and
returns to global configuration mode.
|
|
Switch(config)#interface fastethernet 0/1
|
Moves to interface configuration mode
|
|
Switch(config-if)#switchport mode access
|
Sets the port to access mode
|
|
Switch(config-if)#switchport access vlan 10
|
Assigns this port to VLAN 10
|
|
Switch#show vlan
|
Displays VLAN information
|
|
Switch#show vlan brief
|
Displays VLAN information in brief
|
|
Switch#show vlan id 10
|
Displays information about VLAN 10 only
|
|
Switch#show vlan name sales
|
Displays information about VLAN named sales only
|
|
Switch#show interfaces vlan x
|
Displays interface characteristics for the specified VLAN
|
|
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch# |
Removes the entire VLAN database from flash.
Make sure there is no space between the colon (:) and the characters vlan.dat. You can potentially erase the entire contents of the flash with this command if the syntax is not correct. Make sure you read the output from the switch. If you need to cancel, press ctrl+c to escape back to privileged mode: |
|
Switch(config)#interface fastethernet 0/5
|
Moves to interface configuration mode.
|
|
Switch(config-if)#no switchport access vlan
5
|
Removes port from VLAN 5 and reassigns it to VLAN 1—the
default VLAN.
|
|
Switch(config-if)#exit
|
Moves to global configuration mode.
|
|
Switch(config)#no vlan 5
|
Removes VLAN 5 from the VLAN database.
|
|
Switch#copy running-config startupconfig
|
Saves the configuration in NVRAM
|
|
Switch(config-if) #switchport mode trunk
|
Puts the interface into permanent trunking mode and negotiates
to convert the link into a trunk link.
|
|
Switch(config)#vtp mode server
|
Changes the switch to VTP server mode.
|
|
Switch(config)#vtp mode client
|
Changes the switch to VTP client mode.
|
|
Switch(config)#vtp mode transparent
|
Changes the switch to VTP transparent mode.
|
|
Switch(config)#no vtp mode
|
Returns the switch to the default VTP server mode.
|
|
Switch(config)#vtp domain domain-name
|
Configures the VTP domain name. The name can be from 1 to 32
characters long.
|
|
Switch(config)#vtp password password
|
Configures a VTP password
.
|
|
Switch(config)#vtp pruning
|
Enables VTP pruning
|
|
Switch#show vtp status
|
Displays general information about VTP configuration
|
|
Switch#show vtp counters
|
Displays the VTP counters for the switc
|
·
From our previous
article you have learnt basic function of switching. One of them was removing
layer 2 loop. In this article we would see how this is done.
The Spanning Tree
Protocol (STP) carries out this function. STP is a critical feature; without it
many switched networks would completely stop to function. Either accidentally
or intentionally in the process of creating a redundant network, the problem
arises when we create a looped switched path. A loop can be defined as two or
more switches that are interconnected by two or more physical links. Switching
loops create three major problems:
·
Broadcast storms—Switches must flood
broadcasts, so a looped topology will create multiple copies of a single
broadcast and perpetually cycle them through the loop.
·
MAC table instability—Loops make it appear
that a single MAC address is reachable on multiple ports of a switch, and the
switch is constantly updating the MAC table.
·
Duplicate frames— Because there are
multiple paths to a single MAC, it is possible that a frame could be duplicated
in order to be flooded out all paths to a single destination MAC.
All these problems are
serious and will bring a network to an effective standstill unless prevented
Removing layer-2 loops
Spanning Tree Protocol
(STP - 802.1d) The main function of the Spanning Tree Protocol (STP) is to
remove layer-2 loops from your topology. For STP to function, the switches need
to share information. What they share are bridge protocol data units
Root
Port
After the root switch
is elected, every other switch in the network needs to choose a single port on
itself that it will use to reach the root. This port is called the root
port.
The root port is always the link directly connected to the root bridge, or the shortest path to the root bridge. If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link. The lowest-cost port becomes the root port. If multiple links have the same cost, the bridge with the lower advertising bridge ID is used. Since multiple links can be from the same device, the lowest port number will be used.
The root port is always the link directly connected to the root bridge, or the shortest path to the root bridge. If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link. The lowest-cost port becomes the root port. If multiple links have the same cost, the bridge with the lower advertising bridge ID is used. Since multiple links can be from the same device, the lowest port number will be used.
Root
Bridge
Switch with the lowest
switch ID is chosen as root. The switch ID is made up of two components:
·
The
switch's priority, which defaults to 32,768 on Cisco switches (two bytes in
length)
·
The
switch's MAC address (six bytes in length)
All other decisions in
the network—such as which port is to be blocked and which port is to be put in
forwarding mode—are made from the perspective of this root bridge
BPDUs
Which are sent out as
multicast information that only other layer-2 devices are listening to. BPDUs
are used to share information, and these are sent out as multicasts every two
seconds. The BPDU contains the bridge's or switch's ID, made up of a priority
value and the MAC address. BPDUs are used for the election process.
Path
Costs
Path costs are
calculated from the root switch. A path cost is basically the accumulated port
costs from the root switch to other switches in the topology. When the root
advertises BPDUs out its interfaces, the default path cost value in the BPDU
frame is 0. When a connected switch receives this BPDU, it increments the path
cost by the cost of its local incoming port. If the port was a Fast Ethernet
port, then the path cost would be figured like this: 0 (the root's path cost) +
19 (the switch's port cost) = 19. This switch, when it advertises BPDUs to
switches behind it, will include the updated path cost. As the BPDUs propagate
further and further from the root switch, the accumulated path cost values
become higher and higher.
|
Connection Type
|
New Cost Value
|
Old Cost Value
|
|
10Gb
|
2
|
1
|
|
1Gb
|
4
|
1
|
|
100Mb
|
19
|
10
|
|
10Mb
|
100
|
100
|
Remember that path
costs are incremented as a BPDU comes into a port, not when a BPDU is
advertised out of a port.
Designated
Port A designated port is
one that has been determined as having the best (lowest) cost. A designated
port will be marked as a forwarding port. Each (LAN) segment also has a single
port that is uses to reach the root. This port is called adesignated
port
Forwarding
port A forwarding port
forwards frames.
Blocked
port A blocked port is the
port that, in order to prevent loops, will not forward frames. However, a
blocked port will always listen to frames
Nondesignated
port A nondesignated port
is one with a higher cost than the designated port. Nondesignated ports are put
in blocking mode—they are not forwarding ports.
Port
States
Blocking
Ports will go into a
blocking state under one of three conditions:
·
Election
of a root switch (for instance, when you turn on all the switches in a network)
·
When
a switch receives a BPDU on a port that indicates a better path to the root
switch than the port the switch is currently using to reach the root
·
If
a port is not a root port or a designated port.
A port in a blocked state
will remain there for 20 seconds by default during this
state; the port is only listening to and processing BPDUs on its interfaces.
Any other frames that the switch receives on a blocked port are dropped.
Listening
the port is still
listening for BPDUs and double-checking the layer-2 topology. Again, the only
traffic that is being processed in this state consists of BPDUs; all other
traffic is dropped. default for this value is 15
seconds.
Learning
Port is still listening
for and processing BPDUs on the port; however, unlike while in the listening
state, the port begins to process user frames. When processing user frames, the
switch is examining the source addresses in the frames and updating its CAM
table, but the switch is still not forwarding these frames out destination
ports. Defaults to 15 seconds
Forwarding
the port will process
BPDUs, update its CAM table with frames that it receives, and forward user
traffic through the port.
Disabled
A port in a disabled
state is not participating in STP.
Convergence
STP convergence has
occurred when all root and designated ports are in a forwarding state and all
other ports are in a blocking state.
Per-VLAN
STP
STP doesn't guarantee
an optimized loop-free network. PVST supports one instance of STP per VLAN.
Rapid Spanning Tree Protocol
The 802.1d standard
was designed back when waiting for 30 to 50 seconds for layer 2 convergence
wasn’t a problem. However, in today’s networks, this can cause serious
performance problems for networks that use real-time applications, such as
voice over IP (VoIP) or video.
The Rapid Spanning
Tree Protocol (RSTP) is an IEEE standard, defined in 802.1w, which is
interoperable with 802.1d and an extension to it. With RSTP, there are only
three port states:
·
discarding
(it is basically the grouping of 802.1d’s blocking, listening, and disabled
states).
·
Learning
·
Forwarding
Additional
Port Roles
With RSTP, there is
still a root switch and there are still root and designated ports, performing
the same roles as those in 802.1d. However, RSTP adds two additional port
types: alternate ports and backup
ports.
These two ports are
similar to the ports in a blocking state in 802.1d.
An
alternate port is a port that has an
alternative path or paths to the root but is currently in a discarding state.
A
backup port is a port on a segment
that could be used to reach the root switch, but an active port is already
designated for the segment.
The best way to look
at this is that an alternate port is a secondary, unused root port, and a
backup port is a secondary, unused designated port.
RSTP
BPDUs
With 802.1w, if a BPDU
is not received in three expected hello periods (6 seconds), STP information
can be aged out instantly and the switch considers that its neighbor is lost
and actions should be taken. This is different from 802.1d, where the switch
had to miss the BPDUs from the root—here, if the switch misses three
consecutive hellos from a neighbor, actions are immediately taken.
No comments:
Post a Comment