Task
You are the administrator at ComputerNetworkingNotes.com. company have two department sales and management. You have given three pc for sales and three pc in management. You created two VLAN. VLAN 10 for sales and VLAN20 for management. For backup purpose you have interconnected switch with one extra connection. You have one router for intera VLAN communications.
Let's start configuration first assign IP address to all pc's
To assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above
To assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above
VLAN Trunking Protocol
Configure VTP Server
We will first create a VTP Server so it can automatically propagate VLAN information to other switch. Double click on Switch1 and select CLI. Set hostname to S1 and create VTP domain name example and set password to vinita ( Remember password is case sensitive ).
Switch 1
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain example
Changing VTP domain name from NULL to example
S1(config)#vtp password vinita
Setting device VLAN database password to vinita
Configure VTP clients
Once you have created a VTP domain. Configure remaining Switch to Client mode.
Switch 2
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain example
Changing VTP domain name from NULL to example
S2(config)#vtp password vinita
Setting device VLAN database password to vinita
S2(config)#
Switch 3
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S3
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain example
Changing VTP domain name from NULL to example
S3(config)#vtp password vinita
Setting device VLAN database password to vinita
S3(config)#
Dynamic Trunking Protocol
Configure DTP port
All Switch ports remain by default in access mode. Access port can not transfer the trunk frame. Change mode to trunk on all the port those are used to interconnect the switches
Switch 1
S1(config)#interface fastEthernet 0/24
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,
changed state to up
S1(config-if)#exit
S1(config)#interface gigabitEthernet 1/1
S1(config-if)#switchport mode trunk
S1(config-if)#exit
S1(config)#interface gigabitEthernet 1/2
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,
changed state to up
S1(config-if)#exit
S1(config)#
Switch 2
S2(config)#interface gigabitEthernet 1/1
S2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to up
S2(config-if)#exit
S2(config)#interface gigabitEthernet 1/2
S2(config-if)#switchport mode trunk
S2(config-if)#exit
S2(config)#interface fastEthernet 0/23
S2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to up
S2(config-if)#exit
S2(config)#interface fastEthernet 0/24
S2(config-if)#switchport mode trunk
S2(config-if)#exit
Switch 3
S3(config)#interface fastEthernet 0/24
S3(config-if)#switchport mode trunk
S3(config-if)#exit
S3(config)#interface gigabitEthernet 1/1
S3(config-if)#switchport mode trunk
S3(config-if)#exit
Virtual LAN (VLAN)
Create VLAN
After VTP server configuration its time to organize VLAN. We need only to create VLAN on VTP server and reset will be done by VTP Server automatically.
Switch 1
S1(config)#vlan 10
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#exit
S1(config)#
As we have already configure VTP server in our network so we don't need to create VLAN on S2 or S3. We need only to associate VLAN with port.
Assign VLAN membership
Switch 1
S1(config)#interface fastEthernet 0/1
S1(config-if)#switchport access vlan 10
S1(config-if)#interface fastEthernet 0/2
S1(config-if)#switchport access vlan 20
Switch 2
S2(config)#interface fastEthernet 0/1
S2(config-if)#switchport access vlan 10
S2(config-if)#interface fastEthernet 0/2
S2(config-if)#switchport access vlan 20
Switch 3
S3(config)#interface fastEthernet 0/1
S3(config-if)#switchport access vlan 10
S3(config-if)#interface fastEthernet 0/2
S3(config-if)#switchport access vlan 20
Now we have two working vlan. To test connectivity do ping form 10.0.0.2 to 10.0.0.3 and 10.0.0.4. if you get successfully replay then you have successfully created VLAN and VTP server.
Spanning-Tree Protocol
In this configuration STP will block these ports F0/24 of S1 , F0/23 and F0/24 of S2 and F0/24 of S3 to avoid loop at layer to two. Verify those ports blocked due to STP functions
Verify STP ports
Switch 2
S2#show spanning-tree active
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0002.174D.7794
Cost 4
Port 26(GigabitEthernet1/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.FF08.82E1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ---------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
Gi1/1 Desg FWD 4 128.25 P2p
Gi1/2 Root FWD 4 128.26 P2p
[Output is omitted]
S2#
You can test STP protocols status on S1 and S3 also withshow spanning-tree active command
Router on Stick
At this point of configuration you have two successfully running VLAN but they will not connect each other. To make intra VLAN communications we need to configure router . To do this double click on router and select CLI.
Configure intra VLAN
Router
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fastEthernet 0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 10.0.0.1 255.0.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 20.0.0.1 255.0.0.0
Router(config-subif)#exit
To test connectivity between different vlan do ping form any pc to all reaming pc. it should be ping successfully. If you have error download this configured topology and cross check that where you have committed mistake.
VLAN VTP Server STP DTP command reference sheet
Switch(config)#vlan 10
|
Creates VLAN 10 and enters VLAN configuration mode for further definitions.
|
Switch(config-vlan)#name Sales
|
Assigns a name to the VLAN. The length of the name can be from 1 to 32 characters.
|
Switch(config-vlan)#exit
|
Applies changes, increases the revision number by 1, and returns to global configuration mode.
|
Switch(config)#interface fastethernet 0/1
|
Moves to interface configuration mode
|
Switch(config-if)#switchport mode access
|
Sets the port to access mode
|
Switch(config-if)#switchport access vlan 10
|
Assigns this port to VLAN 10
|
Switch#show vlan
|
Displays VLAN information
|
Switch#show vlan brief
|
Displays VLAN information in brief
|
Switch#show vlan id 10
|
Displays information about VLAN 10 only
|
Switch#show vlan name sales
|
Displays information about VLAN named sales only
|
Switch#show interfaces vlan x
|
Displays interface characteristics for the specified VLAN
|
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch# |
Removes the entire VLAN database from flash.
Make sure there is no space between the colon (:) and the characters vlan.dat. You can potentially erase the entire contents of the flash with this command if the syntax is not correct. Make sure you read the output from the switch. If you need to cancel, press ctrl+c to escape back to privileged mode: |
Switch(config)#interface fastethernet 0/5
|
Moves to interface configuration mode.
|
Switch(config-if)#no switchport access vlan 5
|
Removes port from VLAN 5 and reassigns it to VLAN 1—the default VLAN.
|
Switch(config-if)#exit
|
Moves to global configuration mode.
|
Switch(config)#no vlan 5
|
Removes VLAN 5 from the VLAN database.
|
Switch#copy running-config startupconfig
|
Saves the configuration in NVRAM
|
Switch(config-if) #switchport mode trunk
|
Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link.
|
Switch(config)#vtp mode server
|
Changes the switch to VTP server mode.
|
Switch(config)#vtp mode client
|
Changes the switch to VTP client mode.
|
Switch(config)#vtp mode transparent
|
Changes the switch to VTP transparent mode.
|
Switch(config)#no vtp mode
|
Returns the switch to the default VTP server mode.
|
Switch(config)#vtp domain domain-name
|
Configures the VTP domain name. The name can be from 1 to 32 characters long.
|
Switch(config)#vtp password password
|
Configures a VTP password
.
|
Switch(config)#vtp pruning
|
Enables VTP pruning
|
Switch#show vtp status
|
Displays general information about VTP configuration
|
Switch#show vtp counters
|
Displays the VTP counters for the switc
|
· 
From our previous article you have learnt basic function of switching. One of them was removing layer 2 loop. In this article we would see how this is done.
The Spanning Tree Protocol (STP) carries out this function. STP is a critical feature; without it many switched networks would completely stop to function. Either accidentally or intentionally in the process of creating a redundant network, the problem arises when we create a looped switched path. A loop can be defined as two or more switches that are interconnected by two or more physical links. Switching loops create three major problems:
· Broadcast storms—Switches must flood broadcasts, so a looped topology will create multiple copies of a single broadcast and perpetually cycle them through the loop.
· MAC table instability—Loops make it appear that a single MAC address is reachable on multiple ports of a switch, and the switch is constantly updating the MAC table.
· Duplicate frames— Because there are multiple paths to a single MAC, it is possible that a frame could be duplicated in order to be flooded out all paths to a single destination MAC.
All these problems are serious and will bring a network to an effective standstill unless prevented
Removing layer-2 loops
Spanning Tree Protocol (STP - 802.1d) The main function of the Spanning Tree Protocol (STP) is to remove layer-2 loops from your topology. For STP to function, the switches need to share information. What they share are bridge protocol data units
Root Port
After the root switch is elected, every other switch in the network needs to choose a single port on itself that it will use to reach the root. This port is called the root port.
The root port is always the link directly connected to the root bridge, or the shortest path to the root bridge. If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link. The lowest-cost port becomes the root port. If multiple links have the same cost, the bridge with the lower advertising bridge ID is used. Since multiple links can be from the same device, the lowest port number will be used.
The root port is always the link directly connected to the root bridge, or the shortest path to the root bridge. If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link. The lowest-cost port becomes the root port. If multiple links have the same cost, the bridge with the lower advertising bridge ID is used. Since multiple links can be from the same device, the lowest port number will be used.
Root Bridge
Switch with the lowest switch ID is chosen as root. The switch ID is made up of two components:
· The switch's priority, which defaults to 32,768 on Cisco switches (two bytes in length)
· The switch's MAC address (six bytes in length)
All other decisions in the network—such as which port is to be blocked and which port is to be put in forwarding mode—are made from the perspective of this root bridge
BPDUs
Which are sent out as multicast information that only other layer-2 devices are listening to. BPDUs are used to share information, and these are sent out as multicasts every two seconds. The BPDU contains the bridge's or switch's ID, made up of a priority value and the MAC address. BPDUs are used for the election process.
Path Costs
Path costs are calculated from the root switch. A path cost is basically the accumulated port costs from the root switch to other switches in the topology. When the root advertises BPDUs out its interfaces, the default path cost value in the BPDU frame is 0. When a connected switch receives this BPDU, it increments the path cost by the cost of its local incoming port. If the port was a Fast Ethernet port, then the path cost would be figured like this: 0 (the root's path cost) + 19 (the switch's port cost) = 19. This switch, when it advertises BPDUs to switches behind it, will include the updated path cost. As the BPDUs propagate further and further from the root switch, the accumulated path cost values become higher and higher.
Connection Type
|
New Cost Value
|
Old Cost Value
|
10Gb
|
2
|
1
|
1Gb
|
4
|
1
|
100Mb
|
19
|
10
|
10Mb
|
100
|
100
|
Remember that path costs are incremented as a BPDU comes into a port, not when a BPDU is advertised out of a port.
Designated Port A designated port is one that has been determined as having the best (lowest) cost. A designated port will be marked as a forwarding port. Each (LAN) segment also has a single port that is uses to reach the root. This port is called adesignated port
Forwarding port A forwarding port forwards frames.
Blocked port A blocked port is the port that, in order to prevent loops, will not forward frames. However, a blocked port will always listen to frames
Nondesignated port A nondesignated port is one with a higher cost than the designated port. Nondesignated ports are put in blocking mode—they are not forwarding ports.
Port States
Blocking
Ports will go into a blocking state under one of three conditions:
· Election of a root switch (for instance, when you turn on all the switches in a network)
· When a switch receives a BPDU on a port that indicates a better path to the root switch than the port the switch is currently using to reach the root
· If a port is not a root port or a designated port.
A port in a blocked state will remain there for 20 seconds by default during this state; the port is only listening to and processing BPDUs on its interfaces. Any other frames that the switch receives on a blocked port are dropped.
Listening
the port is still listening for BPDUs and double-checking the layer-2 topology. Again, the only traffic that is being processed in this state consists of BPDUs; all other traffic is dropped. default for this value is 15 seconds.
Learning
Port is still listening for and processing BPDUs on the port; however, unlike while in the listening state, the port begins to process user frames. When processing user frames, the switch is examining the source addresses in the frames and updating its CAM table, but the switch is still not forwarding these frames out destination ports. Defaults to 15 seconds
Forwarding
the port will process BPDUs, update its CAM table with frames that it receives, and forward user traffic through the port.
Disabled
A port in a disabled state is not participating in STP.
Convergence
STP convergence has occurred when all root and designated ports are in a forwarding state and all other ports are in a blocking state.
Per-VLAN STP
STP doesn't guarantee an optimized loop-free network. PVST supports one instance of STP per VLAN.
Rapid Spanning Tree Protocol
The 802.1d standard was designed back when waiting for 30 to 50 seconds for layer 2 convergence wasn’t a problem. However, in today’s networks, this can cause serious performance problems for networks that use real-time applications, such as voice over IP (VoIP) or video.
The Rapid Spanning Tree Protocol (RSTP) is an IEEE standard, defined in 802.1w, which is interoperable with 802.1d and an extension to it. With RSTP, there are only three port states:
· discarding (it is basically the grouping of 802.1d’s blocking, listening, and disabled states).
· Learning
· Forwarding
Additional Port Roles
With RSTP, there is still a root switch and there are still root and designated ports, performing the same roles as those in 802.1d. However, RSTP adds two additional port types: alternate ports and backup ports.
These two ports are similar to the ports in a blocking state in 802.1d.
An alternate port is a port that has an alternative path or paths to the root but is currently in a discarding state.
A backup port is a port on a segment that could be used to reach the root switch, but an active port is already designated for the segment.
The best way to look at this is that an alternate port is a secondary, unused root port, and a backup port is a secondary, unused designated port.
RSTP BPDUs
With 802.1w, if a BPDU is not received in three expected hello periods (6 seconds), STP information can be aged out instantly and the switch considers that its neighbor is lost and actions should be taken. This is different from 802.1d, where the switch had to miss the BPDUs from the root—here, if the switch misses three consecutive hellos from a neighbor, actions are immediately taken.
No comments:
Post a Comment