forcing a vlsm capable routing protocol to use auto-summary is a bad practice...
without auto-summary.. very pretty...
Gateway of last resort is 192.168.1.100 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/2297856] via 10.0.20.2, 2d05h, Serial0/0
100.0.0.0/24 is subnetted, 1 subnets
D 100.0.0.0 [90/156160] via 192.168.1.100, 2d05h, FastEthernet0/0
[90/156160] via 172.16.50.100, 2d05h, FastEthernet0/0.2
D 3.0.0.0/8 [90/156160] via 192.168.1.130, 2d05h, FastEthernet0/0
[90/156416] via 172.16.50.100, 2d05h, FastEthernet0/0.2
[90/2297856] via 10.0.30.2, 2d05h, Serial0/1
C 172.16.0.0/16 is directly connected, FastEthernet0/0.2
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 10.0.0.0/8 [90/2172416] via 192.168.1.130, 00:00:15, FastEthernet0/0
[90/2172672] via 172.16.50.100, 00:00:15, FastEthernet0/0.2
C 10.0.30.0/30 is directly connected, Serial0/1
C 10.0.20.0/30 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.1.100
with auto-summary, not pretty...
r2620_01(config-router)#auto-summ
r2620_01(config-router)#
*Mar 27 15:31:52.354: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.50 (F
astEthernet0/0) is resync: peer graceful-restart
*Mar 27 15:31:52.370: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.30.1 (Seri
al0/0) is resync: peer graceful-restart
r2620_01(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.100 to network 0.0.0.0
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
D 1.0.0.0/8 is a summary, 00:00:11, Null0
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/2297856] via 10.0.20.2, 2d05h, Serial0/0
100.0.0.0/24 is subnetted, 1 subnets
D 100.0.0.0 [90/156160] via 192.168.1.100, 2d05h, FastEthernet0/0
[90/156160] via 172.16.50.100, 2d05h, FastEthernet0/0.2
D 3.0.0.0/8 [90/156160] via 192.168.1.130, 2d05h, FastEthernet0/0
[90/156416] via 172.16.50.100, 2d05h, FastEthernet0/0.2
[90/2297856] via 10.0.30.2, 2d05h, Serial0/1
C 172.16.0.0/16 is directly connected, FastEthernet0/0.2
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 10.0.0.0/8 is a summary, 00:00:13, Null0
C 10.0.30.0/30 is directly connected, Serial0/1
C 10.0.20.0/30 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.1.100
r2620_01(config-router)#
any questions...
network cisco ccna gns3 certification arteq
a network runs through it
Tuesday, January 31, 2012
Sunday, January 29, 2012
mode bouncing...
i've been switching between negotiation modes in channel groups...
some things...
setting the channel group mode to on results in default etherchannel; no negotiation, similar to trunk mode on...
switching around protocols doesn't have to be performed with channel-priority, it can be done simply by choosing the channel group mode:
sw2950_01(config-if-range)#channel-group 6 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
some things...
setting the channel group mode to on results in default etherchannel; no negotiation, similar to trunk mode on...
switching around protocols doesn't have to be performed with channel-priority, it can be done simply by choosing the channel group mode:
sw2950_01(config-if-range)#channel-group 6 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
when the interfaces go into errdisable, shut and no shut needs to be performed on the poX to bring the aggregated port back...
sw2950_01#sh etherch summ
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa0/5(Pd) Fa0/6(P)
2 Po2(SU) LACP Fa0/7(Pd) Fa0/8(P)
Saturday, January 28, 2012
bundles...
etherchannel can be configured with 2 to 8 connections per bundle. this means at the high end a bundle could potentially carry 1600Mbps given fastethernet technology; arguably 200Mbps per link at capacity. this is probably not realistic, but a theoretical yardstick measure of performance..
that given, it is also not realistic that each link in the bundle will carry it's max weight, in fact the reality is that the distribution across the individual links in the bundle will be uneven at best...
it is also true that in the event of single link failure, an adjacent link will pick up the traffic as needed, and so on... conversely, as links are restored, traffic is redistributed back to the once failed links...
bundles are comprised of up to 8 of the same physical type ethernet... they should be in the same vlan and if trunks, they should share the same native vlan, as well as speed, duplex and spanning tree settings...
to be continued...
that given, it is also not realistic that each link in the bundle will carry it's max weight, in fact the reality is that the distribution across the individual links in the bundle will be uneven at best...
it is also true that in the event of single link failure, an adjacent link will pick up the traffic as needed, and so on... conversely, as links are restored, traffic is redistributed back to the once failed links...
bundles are comprised of up to 8 of the same physical type ethernet... they should be in the same vlan and if trunks, they should share the same native vlan, as well as speed, duplex and spanning tree settings...
to be continued...
for vtpete's sake...
vtp is vlan trunking protocol, which really has nothing to do with trunking, or anything else... vtp allows for the creation of a vlan management domain that can be password protected and which assists (cough) the administrator in creating vlans (and only vlans) from a server and distributing them to designated clients throughout the domain... wow
a vtp revision number is the hallmark of the ability to create vlans on clients... a higher number at the server will force the clients to update their vlan.dat files with the freshly minted vlans. however, if the client has a higher revision number, the update will be ignored... a device in transparent mode will not participate in vtp processing...
vtp pruning can be used to avoid unnecessary broadcasts to devices connected to trunks that have the intended vlan, but that do not contain any ports. this is rendered useless by stp which runs an instance for every vlan. the guidance is to manually prune unnecessary vlans manually, and transparent mode switches are yet unaffected...
so much for vtp...
l2 to l3/bridging the gap...
a vlan is a layer 2 construct, a pointer to layer 3, an association by layer 2 to layer 3...
vlan=network=subnet=broadcast domain
a broadcast domain is the set of devices which may receive broadcasts... a layer 3 device is the defining element of the broadcast domain... a switch creates more and smaller collision domains with each additional port it places within the domain... a layer 3 device creates an additional broadcast domain with each port it introduces... a switch floods broadcasts, multi-casts and unknown unicasts to every device in the domain... a layer 3 device recieves all broadcasts from a connected switch, and drops them (unless otherwise defined)... a layer 3 device defines the broadcast domain with that action...this layer 3 device is affectionately known as a router... vlan=network=subnet=broadcast domain
a vlan number is the only requirement when creating a vlan. of course it's fairly useless without ports added to it, and a descriptive name would be nice also, but these are not required...
an end-to-end vlan spans the entire switched network and should be avoided as such, a local vlan remains local (within its group) and is preferred...
a vlan trunk can carry multiple vlans' traffic across the network
isl encapsulates a frame for tagged transit whereas the preferred method of tagging is 802.1q, which injects a 4 byte field into the frame... 802.1q does not tag the native vlan; the native vlan is identified by the lack of a tag...
dtp is dynamic trunking protocol. it is a trunking negotiation mechanism...
the native vlan is a settable parameter and is vlan1 by default... it is recommended to change the native vlan to something other than 1 after bringing the switch up... it is important to match the native vlans between switches to avoid annoying cdp messages, and sometimes derailed traffic...
vlan=network=subnet=broadcast domain
a broadcast domain is the set of devices which may receive broadcasts... a layer 3 device is the defining element of the broadcast domain... a switch creates more and smaller collision domains with each additional port it places within the domain... a layer 3 device creates an additional broadcast domain with each port it introduces... a switch floods broadcasts, multi-casts and unknown unicasts to every device in the domain... a layer 3 device recieves all broadcasts from a connected switch, and drops them (unless otherwise defined)... a layer 3 device defines the broadcast domain with that action...this layer 3 device is affectionately known as a router... vlan=network=subnet=broadcast domain
a vlan number is the only requirement when creating a vlan. of course it's fairly useless without ports added to it, and a descriptive name would be nice also, but these are not required...
an end-to-end vlan spans the entire switched network and should be avoided as such, a local vlan remains local (within its group) and is preferred...
a vlan trunk can carry multiple vlans' traffic across the network
isl encapsulates a frame for tagged transit whereas the preferred method of tagging is 802.1q, which injects a 4 byte field into the frame... 802.1q does not tag the native vlan; the native vlan is identified by the lack of a tag...
dtp is dynamic trunking protocol. it is a trunking negotiation mechanism...
the native vlan is a settable parameter and is vlan1 by default... it is recommended to change the native vlan to something other than 1 after bringing the switch up... it is important to match the native vlans between switches to avoid annoying cdp messages, and sometimes derailed traffic...
of channels and trunks...
this is very exciting...
i got some more crossed cables today specifically to experiment with etherchannel, and trunking at the same time without losing connectivity...
i now have a 4 wire trunk and a 4 wire etherchannel across the 3 switches... trunk = 2 xcables from s2 to s1, then 2 xcables from s1 to 3550... likewise for the etherchannel, 2 xcables from s2 to s1, then 2 from s1 to 3550...
as i thought would happen, the etherchannel took over and put the trunk ports in alt/blk... see below
sw2950_02#sh spann
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Altn BLK 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p
Po1 Root FWD 12 128.65 P2p
when i shut down the etherchannel, the network converges on the trunk, like so...
sw2950_02(config)#int po1
sw2950_02(config-if)#shut
05:46:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to down
05:46:33: %LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administr
atively down
05:46:33: %LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administr
atively down
the trunk is back in business...
sw2950_02(config-if)#
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p
then
sw2950_02(config-if)#no shut
05:50:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, chang
ed state to up
05:50:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, chang
ed state to up
sw2950_02(config-if)#
05:50:11: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
05:50:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to up
and the etherchannel takes over once again...
sw2950_02(config-if)#do sh ether summ
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/5(Pd) Fa0/6(P)
but you knew this would happen...
i got some more crossed cables today specifically to experiment with etherchannel, and trunking at the same time without losing connectivity...
i now have a 4 wire trunk and a 4 wire etherchannel across the 3 switches... trunk = 2 xcables from s2 to s1, then 2 xcables from s1 to 3550... likewise for the etherchannel, 2 xcables from s2 to s1, then 2 from s1 to 3550...
as i thought would happen, the etherchannel took over and put the trunk ports in alt/blk... see below
sw2950_02#sh spann
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Altn BLK 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p
Po1 Root FWD 12 128.65 P2p
when i shut down the etherchannel, the network converges on the trunk, like so...
sw2950_02(config)#int po1
sw2950_02(config-if)#shut
05:46:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to down
05:46:33: %LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administr
atively down
05:46:33: %LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administr
atively down
the trunk is back in business...
sw2950_02(config-if)#
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p
then
sw2950_02(config-if)#no shut
05:50:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, chang
ed state to up
05:50:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, chang
ed state to up
sw2950_02(config-if)#
05:50:11: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
05:50:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to up
and the etherchannel takes over once again...
sw2950_02(config-if)#do sh ether summ
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/5(Pd) Fa0/6(P)
but you knew this would happen...
mismatched 802.3's...
duplex mode for a switchport can take one of two states, half or full. half duplex describes essentially that a port can send or receive one way at a time. full duplex allows a switchport to send and receive simultaneously.
autonegotiation is a mode that will allow each end of a transmission to detect the others duplex setting and adjust to it, to agree to it, to allow the best negotiation that can be achieved for that segment. for example, if one side is physically limited to half duplex, and the other capable of full duplex operation, the autonegoriation will adjust the full side to agree with the half duplex side for best performance under that limitation.
A duplex mismatch will occur between ports set for conflicting duplex modes. this does not mean that communication is lost, there will still be lights on both sides of the connection, but this will manifest in errors across the line, particularly, cdp errors... suboptimal...
sw2950_02#
03:15:48: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/1
(not half duplex), with sw2950_01 FastEthernet0/3 (half duplex).
03:15:48: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/1
ieee 802.3 is the standard that defined 10Mbps 802.3 ethernet, and its later incarnations fast, gig and 10gig
autonegotiation is a mode that will allow each end of a transmission to detect the others duplex setting and adjust to it, to agree to it, to allow the best negotiation that can be achieved for that segment. for example, if one side is physically limited to half duplex, and the other capable of full duplex operation, the autonegoriation will adjust the full side to agree with the half duplex side for best performance under that limitation.
A duplex mismatch will occur between ports set for conflicting duplex modes. this does not mean that communication is lost, there will still be lights on both sides of the connection, but this will manifest in errors across the line, particularly, cdp errors... suboptimal...
sw2950_02#
03:15:48: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/1
(not half duplex), with sw2950_01 FastEthernet0/3 (half duplex).
03:15:48: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/1
ieee 802.3 is the standard that defined 10Mbps 802.3 ethernet, and its later incarnations fast, gig and 10gig
anatomy of a mac (cam) table...
bold on right are associations from arp below...
sw2950_02#sh mac-add
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0009.b73f.ce80 STATIC CPU Base ethernet MAC Address: 00:09:B7:3F:CE:80
All 0100.0ccc.cccc STATIC CPU dest addresses for
All 0100.0ccc.cccd STATIC CPU CDP UDLD/DTP/VTP/Pagp
All 0100.0cdd.dddd STATIC CPU CGMP
1 0009.b752.d783 DYNAMIC Fa0/1 sw 1 port 3 192.168.1.111 1 984b.e1fb.2940 DYNAMIC Fa0/17 printer 192.168.1.250 984b.e1fb.2940
1 c03f.0eab.d1ec DYNAMIC Fa0/1 internet 192.168.1.1 c03f.0eab.d1ec
1 e89a.8f98.a703 DYNAMIC Fa0/19 host 192.168.1.5 e89a.8f98.a703
10 0009.b752.d783 DYNAMIC Fa0/1 sw 1 port 3 192.168.1.111
20 0009.b752.d783 DYNAMIC Fa0/1 sw 1 port 3 192.168.1.111
sw2950_02#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.111 0 0009.b752.d780 ARPA Vlan1
Internet 192.168.1.100 2 000f.8ffe.0980 ARPA Vlan1
Internet 192.168.1.112 - 0009.b73f.ce80 ARPA Vlan1
Internet 192.168.1.50 57 000f.2394.6c40 ARPA Vlan1
Internet 192.168.1.11 0 000d.4b36.717b ARPA Vlan1
Internet 192.168.1.1 1 c03f.0eab.d1ec ARPA Vlan1
Internet 192.168.1.5 0 e89a.8f98.a703 ARPA Vlan1
Internet 192.168.1.250 1 984b.e1fb.2940 ARPA Vlan1
switch discussion 01
a collision domain is defined by a network segment that has the potential for a collision during a frame's transit... these segments are shared media, half duplex...
Carrier Sense Multiple Access/Collision Detection is the mechanism that allows for symbiosis among the collision domain's participants...
before transit, the media is listened to
if the media is determined clear, a frame is transmitted
if a collision is detected, all transmission stops
a backoff algrithm is performed to stop further transmission by the participants
after the completion of the backoff, transmission will recommence beginning with step1
this is known as a contention network
flooding, and the unknown unicast
when a switch receives a frame, and it is broadcast or multicast, ship on all ports except that upon which it was received...
if the destination is unicast and not in the mac-table, again, ship on all ports except that upon which it was received... in other words, flood the unkown unicast...
if the destination is unicast, the address is in the table, and the associated interface is not that upon which it was received, ship to that interface
if the above criteria are not met, drop the frame
multicast, broadcast and unknown unicast are always flooded
multi-layer switching using specialized hardware is known as topology-based switching... layer 3 routing populates a database that delineates the network topology... this database is consulted so that packets can be forwarded at high speeds (wire speed)... this is also known as CEF... this table evolves dynamically
mac table versus cam table
these terms are interchangeable... a cam table lookup is a mac-address-table lookup... a cam (mac) table is a database of source and destination addresses associated by ingress and egress ports... this table changes dynamically and is constantly being consulted for proper layer 2 switching to occur...
tcam (ternary content addressable memory) table is an extension of the mac (cam) table. tcam allows for a third state for lookup, or don't care lookup, associated with layer 3 (ip addresses)
sw3550_01#sh tcam ?
inacl Show Ingress ACL TCAM
outacl Show Egress ACL TCAM
pbr Show PBR TCAM
qos Show Ingress QoS TCAM
it is in these last three that we begin the journey to multi-layer switching...
Carrier Sense Multiple Access/Collision Detection is the mechanism that allows for symbiosis among the collision domain's participants...
before transit, the media is listened to
if the media is determined clear, a frame is transmitted
if a collision is detected, all transmission stops
a backoff algrithm is performed to stop further transmission by the participants
after the completion of the backoff, transmission will recommence beginning with step1
this is known as a contention network
flooding, and the unknown unicast
when a switch receives a frame, and it is broadcast or multicast, ship on all ports except that upon which it was received...
if the destination is unicast and not in the mac-table, again, ship on all ports except that upon which it was received... in other words, flood the unkown unicast...
if the destination is unicast, the address is in the table, and the associated interface is not that upon which it was received, ship to that interface
if the above criteria are not met, drop the frame
multicast, broadcast and unknown unicast are always flooded
multi-layer switching using specialized hardware is known as topology-based switching... layer 3 routing populates a database that delineates the network topology... this database is consulted so that packets can be forwarded at high speeds (wire speed)... this is also known as CEF... this table evolves dynamically
mac table versus cam table
these terms are interchangeable... a cam table lookup is a mac-address-table lookup... a cam (mac) table is a database of source and destination addresses associated by ingress and egress ports... this table changes dynamically and is constantly being consulted for proper layer 2 switching to occur...
tcam (ternary content addressable memory) table is an extension of the mac (cam) table. tcam allows for a third state for lookup, or don't care lookup, associated with layer 3 (ip addresses)
sw3550_01#sh tcam ?
inacl Show Ingress ACL TCAM
outacl Show Egress ACL TCAM
pbr Show PBR TCAM
qos Show Ingress QoS TCAM
it is in these last three that we begin the journey to multi-layer switching...
Friday, January 27, 2012
a funny thing happened on the way to the forum...
one of the first things i did after passing ccna was to check out the cisco cert forums... i'd never been a fan of these in the past as i didn't want to roll around in ccnaland discussing the OSI model and csma/cd the rest of my worldly existence, but i also believed i had no business jumping ahead to a more advanced cert forum until i earned my stripes... i still believe that... it's a personal thing, an integrity thing, just as i now believe i have no business poking my head around the ccie forums... now that i've earned my way into the middle, i will stay in the middle until i fight my way out...
what i did was take it slow... i signed on for two groups at cisco; ccna voice and ccnp... i belong in those groups... another thing i did was to set up email notification...this has proved enlightening... i get emails throughout the day, questions, comments, etc. and i read through them as i can, reply to the ones when i feel confident of adding an intelligble remark, and use them as a source of study material... when questions and comments come along i like to prove their veracity with example output from my equipment... this helps me get out of my particular study rut of the moment and back on to practical application...
if you don't have a cco account yet, i'm not sure what you're waiting for... you know how it is; there's the right answer, the wrong answer, and cisco's answer... no point in pooh-poohing the issue; this is what we signed on for, better or worse... get it from the horse's mouth and then dispute it at length... and always dispute it... question everything... just because it's printed by cisco, just because it's in cisco's database doesn't always mean it's correct...
the other truly great thing is you never know when a rock star is going to pop in and sample some content...
our rock stars, like keith barker, paul geschw(fill in the blanks), scott morris, narbik and other designated vip's and decorated ccie's... it happens more often than you think... you can almost feel the written type become reverential... paul geschw actually laughed at one of my technical jokes last night...
i'm a geek, so sue me... but i'm a happy geek...
what i did was take it slow... i signed on for two groups at cisco; ccna voice and ccnp... i belong in those groups... another thing i did was to set up email notification...this has proved enlightening... i get emails throughout the day, questions, comments, etc. and i read through them as i can, reply to the ones when i feel confident of adding an intelligble remark, and use them as a source of study material... when questions and comments come along i like to prove their veracity with example output from my equipment... this helps me get out of my particular study rut of the moment and back on to practical application...
if you don't have a cco account yet, i'm not sure what you're waiting for... you know how it is; there's the right answer, the wrong answer, and cisco's answer... no point in pooh-poohing the issue; this is what we signed on for, better or worse... get it from the horse's mouth and then dispute it at length... and always dispute it... question everything... just because it's printed by cisco, just because it's in cisco's database doesn't always mean it's correct...
the other truly great thing is you never know when a rock star is going to pop in and sample some content...
our rock stars, like keith barker, paul geschw(fill in the blanks), scott morris, narbik and other designated vip's and decorated ccie's... it happens more often than you think... you can almost feel the written type become reverential... paul geschw actually laughed at one of my technical jokes last night...
i'm a geek, so sue me... but i'm a happy geek...
Thursday, January 26, 2012
the wired wiry wireless...
it's astounding how many wires it takes to make a wireless network...
independant basic service set- pc's connecting to each other; no ap
basic service set- pc's communicating wirelessly with a single ap
extended service set- two or more ap's
wow... this is very exciting
an ap creates a bridge in the air to allow clients (pc's) to get to a wired network... or is it a rainbow...
a wireless client outside the cell range is lonely...
a rogue ap has lost it's mind, and escaped from the asylum
wireless is like blowy and stuff...
independant basic service set- pc's connecting to each other; no ap
basic service set- pc's communicating wirelessly with a single ap
extended service set- two or more ap's
wow... this is very exciting
an ap creates a bridge in the air to allow clients (pc's) to get to a wired network... or is it a rainbow...
a wireless client outside the cell range is lonely...
a rogue ap has lost it's mind, and escaped from the asylum
wireless is like blowy and stuff...
Wednesday, January 25, 2012
cst...
common spanning tree
the original iteration of 802.1q defined a single instance of spanning tree regardless of the amount of vlans; a common tree for the entire network. when a path is blocked due to convergence, as it will be, there is but one path for the vlans to traverse toward their destination.
this is hardly fair for the multiple vlans that could potentially take more than one path if given the opportunity.
so the common tree does not allow for load balancing although this is ultimately less cpu intensive.
enter mst
by definition mst supports multiple trees similar to pvst, which supports an instance per vlan. however, unlike pvst, a reduction in the total amount of instances can be achieved by balancing, grouping, vlans together and shipping them across different paths; many vlans; less instances; less cpu cycles...
shit's getting deep... baby steps...
the original iteration of 802.1q defined a single instance of spanning tree regardless of the amount of vlans; a common tree for the entire network. when a path is blocked due to convergence, as it will be, there is but one path for the vlans to traverse toward their destination.
this is hardly fair for the multiple vlans that could potentially take more than one path if given the opportunity.
so the common tree does not allow for load balancing although this is ultimately less cpu intensive.
enter mst
by definition mst supports multiple trees similar to pvst, which supports an instance per vlan. however, unlike pvst, a reduction in the total amount of instances can be achieved by balancing, grouping, vlans together and shipping them across different paths; many vlans; less instances; less cpu cycles...
shit's getting deep... baby steps...
Tuesday, January 24, 2012
rapid trees...
new roles
root port - each switch determines the lowest cost path to the root switch; that is its root port
designated - the lowest cost path to the root that is not the root port
alternate - the lowest cost path to the root that takes a different path to the root than the root port
backup - a redundant path to another segment that is already connected by a port
wow... take human bites...
what is the only switch in the tree that doesn't have a root port?
this is the root switch
is it ok to call it a switch now?
sw2950_01(config)#spann mode rapid-pvst
sw2950_01(config)#do sh spann vlan 50
VLAN0050
Spanning tree enabled protocol rstp
Root ID Priority 24626
Address 0009.b752.d780
This bridge is the root (its really a switch)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24626 (priority 24576 sys-id-ext 50)
Address 0009.b752.d780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p Peer(STP)
Fa0/4 Desg FWD 19 128.4 P2p Peer(STP)
root port - each switch determines the lowest cost path to the root switch; that is its root port
designated - the lowest cost path to the root that is not the root port
alternate - the lowest cost path to the root that takes a different path to the root than the root port
backup - a redundant path to another segment that is already connected by a port
wow... take human bites...
what is the only switch in the tree that doesn't have a root port?
this is the root switch
is it ok to call it a switch now?
sw2950_01(config)#spann mode rapid-pvst
sw2950_01(config)#do sh spann vlan 50
VLAN0050
Spanning tree enabled protocol rstp
Root ID Priority 24626
Address 0009.b752.d780
This bridge is the root (its really a switch)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24626 (priority 24576 sys-id-ext 50)
Address 0009.b752.d780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p Peer(STP)
Fa0/4 Desg FWD 19 128.4 P2p Peer(STP)
what is 24576 plus 50
Monday, January 23, 2012
you're out of your tree...
a disabled port does not participate in spanning tree; it is either administratively down, or faulty... it does not block, it is down
a blocked port is participating in spanning tree; it blocks, yet receives bpdu's
a port moves to the listening state when determined it has the potential to forward; it is transitioning. it is not
sending or receiving frames, and like blocking it is receiving bpdu's but it is not sending bpdu's; it is
transitioning to the learning state
a port transitions from listening to learning before it gets to forwarding. in the learning state the port is now
adding mac's to it's table. it is one step closer to forwarding. if it loses its potential, it will revert to blocking.
forwarding... the port has made it to the show after the requisite delays in the tranistory states. it is adding mac addresses to its table, it is sending and receiving frames and bpdu's... it is in the big's...
spanning tree, i do love thee...
a blocked port is participating in spanning tree; it blocks, yet receives bpdu's
a port moves to the listening state when determined it has the potential to forward; it is transitioning. it is not
sending or receiving frames, and like blocking it is receiving bpdu's but it is not sending bpdu's; it is
transitioning to the learning state
a port transitions from listening to learning before it gets to forwarding. in the learning state the port is now
adding mac's to it's table. it is one step closer to forwarding. if it loses its potential, it will revert to blocking.
forwarding... the port has made it to the show after the requisite delays in the tranistory states. it is adding mac addresses to its table, it is sending and receiving frames and bpdu's... it is in the big's...
spanning tree, i do love thee...
Sunday, January 22, 2012
transparent bridging...
this term always annoyed me... one of those things in this game that is taken for granted, repeated over and over until it finally means nothing at all...
yeah, that's a transparent bridge... you can look right through it...
it's made of glass, that's why you can see on the other side...
you know how like water you can see down in it...
a transparent bridge is like, your car windshield, kind of...
frames across a bridge cannot be modified; this effectively makes the bridge process transparent...
ok... no... i am still not satisfied...
yeah, that's a transparent bridge... you can look right through it...
it's made of glass, that's why you can see on the other side...
you know how like water you can see down in it...
a transparent bridge is like, your car windshield, kind of...
frames across a bridge cannot be modified; this effectively makes the bridge process transparent...
ok... no... i am still not satisfied...
my members...
etherchannel configuration... it's a good idea if both sides match...
interface FastEthernet0/1
switchport mode trunk
speed 100
duplex full
channel-group 1 mode on
!
interface FastEthernet0/2
switchport mode trunk
speed 100
duplex full
channel-group 1 mode on
!
interface FastEthernet0/3
switchport mode trunk
speed 100
duplex full
channel-group 2 mode on
!
interface FastEthernet0/4
switchport mode trunk
speed 100
duplex full
channel-group 2 mode on
nice way to keep track of membership...
sw2950_01#sh int port-chan 1 | inc Members
Members in this channel: Fa0/1 Fa0/2
sw2950_01#
sw2950_01#sh int port-chan 2 | incl Members
Members in this channel: Fa0/3 Fa0/4
sw2950_01#
don't let spanning tree decide root... the root id is the id of the root and the bridge id is the id of this switch... if the priority of the two is equal, this is the root... if the mac's are the same, this is the root... if it says this is the root, this is the root... if all ports are forwarding, this is the root... how do you like my root...
sw2950_01(config)#spann vlan 50 root primary
sw2950_01(config)#do sh spann vlan 50
VLAN0050
Spanning tree enabled protocol rstp
Root ID Priority 24626
Address 0009.b752.d780
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24626 (priority 24576 sys-id-ext 50)
Address 0009.b752.d780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po2 Desg FWD 12 128.65 P2p
Po1 Desg FWD 12 128.66 P2p
sw2950_01(config)#
and some aggregation up inside..
sw2950_01(config)#do sh int port-channel1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0009.b752.d781 (bia 0009.b752.d781)
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s, media type is unknown media type
input flow-control is off, output flow-control is off
Members in this channel: Fa0/1 Fa0/2
does dtp ever stop...
there's this idea floating around that if nonegotiate is NOT used along with the sw mode access command, that somehow dtp will still leak through trunks or vlans, or osmosis, or something to the access port... ok... not sure if dtp is that stealthy...
sw2950_02#sh run int fa0/19
Building configuration...
Current configuration : 58 bytes
!
interface FastEthernet0/19
speed 100
duplex full
end
sw2950_02#sh int fa0/19 sw
Name: Fa0/19
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
notice the administrative mode and operational mode...
sw2950_02#
1d10h: DTP-pkt:Fa0/2: ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
1d10h: DTP-pkt:Fa0/19:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/19: TOS/TAS = ACCESS/DESIRABLE ../dyntrk/dyntrk_process.c:12
38
1d10h: DTP-pkt:Fa0/19: TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_process.c:1241
1d10h: DTP-pkt:Fa0/19:datagram_out ../dyntrk/dyntrk_process.c:1273
1d10h: DTP-pkt:Fa0/19:datagram_out encap ../dyntrk/dyntrk_process.c:1285
sw2950_02#
1d10h: DTP-pkt:Fa0/18:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/18: TOS/TA
now we turn on sw mode access explicitly
sw2950_02(config)#int fa0/19
sw2950_02(config-if)#sw mode access
sw2950_02(config-if)#do sh run int fa0/19
Building configuration...
Current configuration : 82 bytes
!
interface FastEthernet0/19
switchport mode access
speed 100
sw2950_02(config-if)#do sh int fa0/19 sw
Name: Fa0/19
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/2: ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/18:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/18: TOS/TAS = ACCESS/DESIRABLE ../dyntrk/dyntrk_process.c:12
38
1d10h: DTP-pkt:Fa0/18: TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_process.c:1241
1d10h: DTP-pkt:Fa0/18:datagram_out ../dyntrk/dyntrk_process.c:1273
1d10h: DTP-pkt:Fa0/18:datagram_out encap ../dyntrk/dyntrk_process.c:1285
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/2:Sending packet ../dyntrk/
no more dtp packets...
and this...
sw2950_02(config-if)#do sh dtp int fa0/19
DTP information for FastEthernet0/19:
TOS/TAS/TNS: ACCESS/OFF/ACCESS
TOT/TAT/TNT: NATIVE/802.1Q/NATIVE
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): never/STOPPED
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S1:OFF
# times multi & trunk 0
Enabled: no
In STP: no
sw2950_02(config)#do sh run int fa0/18
Building configuration...
Current configuration : 58 bytes
!
interface FastEthernet0/18
speed 100
duplex full
end
sw2950_02(config)#do sh dtp int fa0/18
DTP information for FastEthernet0/18:
TOS/TAS/TNS: ACCESS/DESIRABLE/ACCESS
TOT/TAT/TNT: NATIVE/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 28/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S2:ACCESS
# times multi & trunk 0
Enabled: yes
sw2950_02(config)#do sh int fa0/18 sw
Name: Fa0/18
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
In STP: no
dtp stops when put in access mode explicitly, so i don't know what that guy is talking about with nonegotiate
sw2950_02#sh run int fa0/19
Building configuration...
Current configuration : 58 bytes
!
interface FastEthernet0/19
speed 100
duplex full
end
sw2950_02#sh int fa0/19 sw
Name: Fa0/19
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
notice the administrative mode and operational mode...
sw2950_02#
1d10h: DTP-pkt:Fa0/2: ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
1d10h: DTP-pkt:Fa0/19:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/19: TOS/TAS = ACCESS/DESIRABLE ../dyntrk/dyntrk_process.c:12
38
1d10h: DTP-pkt:Fa0/19: TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_process.c:1241
1d10h: DTP-pkt:Fa0/19:datagram_out ../dyntrk/dyntrk_process.c:1273
1d10h: DTP-pkt:Fa0/19:datagram_out encap ../dyntrk/dyntrk_process.c:1285
sw2950_02#
1d10h: DTP-pkt:Fa0/18:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/18: TOS/TA
now we turn on sw mode access explicitly
sw2950_02(config)#int fa0/19
sw2950_02(config-if)#sw mode access
sw2950_02(config-if)#do sh run int fa0/19
Building configuration...
Current configuration : 82 bytes
!
interface FastEthernet0/19
switchport mode access
speed 100
sw2950_02(config-if)#do sh int fa0/19 sw
Name: Fa0/19
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/2: ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/18:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/18: TOS/TAS = ACCESS/DESIRABLE ../dyntrk/dyntrk_process.c:12
38
1d10h: DTP-pkt:Fa0/18: TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_process.c:1241
1d10h: DTP-pkt:Fa0/18:datagram_out ../dyntrk/dyntrk_process.c:1273
1d10h: DTP-pkt:Fa0/18:datagram_out encap ../dyntrk/dyntrk_process.c:1285
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/2:Sending packet ../dyntrk/
no more dtp packets...
and this...
sw2950_02(config-if)#do sh dtp int fa0/19
DTP information for FastEthernet0/19:
TOS/TAS/TNS: ACCESS/OFF/ACCESS
TOT/TAT/TNT: NATIVE/802.1Q/NATIVE
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): never/STOPPED
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S1:OFF
# times multi & trunk 0
Enabled: no
In STP: no
sw2950_02(config)#do sh run int fa0/18
Building configuration...
Current configuration : 58 bytes
!
interface FastEthernet0/18
speed 100
duplex full
end
sw2950_02(config)#do sh dtp int fa0/18
DTP information for FastEthernet0/18:
TOS/TAS/TNS: ACCESS/DESIRABLE/ACCESS
TOT/TAT/TNT: NATIVE/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 28/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S2:ACCESS
# times multi & trunk 0
Enabled: yes
sw2950_02(config)#do sh int fa0/18 sw
Name: Fa0/18
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
In STP: no
dtp stops when put in access mode explicitly, so i don't know what that guy is talking about with nonegotiate
Saturday, January 21, 2012
he-lans...
vlan tagging and 802.1q
802.1q introduced the concept of the native vlan. the native vlan passes untagged frames
and are recognized as belonging to it as such. other vlans are tagged, thereby
identified, via a two byte tag identifier or TPID which always has a value of 0x8100
(802.1q tag) and another two bytes are used for Tag Control Information (TCI), bringing the total to 4
bytes. the tci contains a 3 bit priority field (PCP, priority code point) to identify class of service
(COS) and a 12 bit VID (vlan identifier). the single bit remaining and sandwiched between
the pcp and vid is the canonical format identifier (allowing compatibility for ethernet and
token ring). this will be set to 0 for ethernet (if it is set to 1, token ring, you are
working on a network from the last century) I actually supported a token ring network in
the 90's and it was great--back then.
802.1q does not encapsulate the frame although some authors refer to it as such. it adds
(injects) this two byte field between the source mac and ether type field. encapsulation
of frames for vlan identification is the purview of that other thing (isl) that cisco
should finally make go away and stop mentioning in cisco press books.
DTP as well as VTP are technologies that also should go away... Are you going to trust your
trunks to discover each other... no... are you going to deploy a new switch without
configuring the proper vlans... no... of course, no... will you save bandwidth and retain
your sanity... yes
even mentioning these things, you can almost see the authors cringing;
"On critical trunk links in a network, manually configuring the trunking mode on both
ends is best so that the link never can be negotiated to any other state."
when is a trunk not critical... good Lord... it's embarrassing...
ethercanal...
etherchannel... there's a lot to it...
sw2950_02#sh etherch 2 ?
detail Detail information
port Port information
port-channel Port-channel information
protocol protocol enabled
summary One-line summary per channel-group
sw2950_02#sh etherch 2 summ
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) - Fa0/1(Pd) Fa0/2(P)
sw2950_02#sh etherch 2 port
Ports in the group:
-------------------
Port: Fa0/1
------------
Port state = Up Mstr In-Bndl
Channel group = 2 Mode = On/FEC Gcchange = -
Port-channel = Po2 GC = - Pseudo port-channel = Po2
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:17m:12s
Port: Fa0/2
------------
Port state = Up Mstr In-Bndl
Channel group = 2 Mode = On/FEC Gcchange = -
Port-channel = Po2 GC = - Pseudo port-channel = Po2
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:17m:12s
sw2950_02#
again with errdisable...
it is safe to say that the errdisable state that a switchport may go through is inconvenient at best and a pain in the ass mostly...
make a mistake with channel groups or port security and you'll find the ports you're working on go belly up with this silliness, and the default recovery time interval is 300 seconds... damn...
this is the link that explains the reasoning and recovery procedures for errdisable...
you have to reset the timer, then enable the timer, and still wait a minimum of 30 seconds for recovery...
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
a simple no shut will not do... the procedures in the link outline recovery, but there is an easier way... once the port is errdisabled, go to the interface, issue shut, then no shut and the interface will come back... who'd a thought...
download this pdf now to your local drive... you don't want to get all twisted up with something like this, especially under pressure...
make a mistake with channel groups or port security and you'll find the ports you're working on go belly up with this silliness, and the default recovery time interval is 300 seconds... damn...
this is the link that explains the reasoning and recovery procedures for errdisable...
you have to reset the timer, then enable the timer, and still wait a minimum of 30 seconds for recovery...
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
a simple no shut will not do... the procedures in the link outline recovery, but there is an easier way... once the port is errdisabled, go to the interface, issue shut, then no shut and the interface will come back... who'd a thought...
download this pdf now to your local drive... you don't want to get all twisted up with something like this, especially under pressure...
Friday, January 20, 2012
dtp and native trunk mismatch...
this was an interesting exercise, and it's not pretty... below is before dynamic desirable and before changing the native vlan...
Bridge ID Priority 20481 (priority 20480 sys-id-ext 1)
Address 0009.b752.d780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/4 Desg FWD 19
now to change to dynamic desirable on both ends...
sw2950_01(config-if-range)#sw mode dyn des
sw2950_02(config-if-range)#sw mode dyn des
sw2950_02#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
sw2950_01#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable 802.1q trunking 1
Fa0/4 desirable 802.1q trunking 1
dtp packets are good...
1d23h: DTP-pkt:Fa0/2:Good DTP packet received: ../dyntrk/dyntrk_core.c:1451
1d23h: DTP-pkt:Fa0/2: Domain: ozlan ../dyntrk/dyntrk_core.c:1454
1d23h: DTP-pkt:Fa0/2: Status: TOS/TAS = TRUNK/DESIRABLE ../dyntrk/dyntrk_core.c
:1457
1d23h: DTP-pkt:Fa0/2: Type: TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_core.c:145
9
1d23h: DTP-pkt:Fa0/2: ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
1d23h: DTP-pkt:Fa0/1:Good DTP packet received: ../dyntrk/dyntrk_core.c:1451
1d23h: DTP-pkt:Fa0/1: Domain: ozlan ../dyntrk/dyntrk_core.c:1454
1d23h: DTP-pkt:Fa0/1: Status: TOS/TAS = TRUNK/DESIRABLE ../dyntrk/dyntrk_core.
now change the native vlan...
sw2950_02(config)#int range fa0/1 - 2
sw2950_02(config-if-range)#sw trunk native vlan 50
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg BKN*19 128.1 P2p *PVID_Inc
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/4 Desg BKN*19 128.4 P2p *PVID_Inc
dtp packets are still good
sw2950_01#
3w2d: DTP-pkt:Fa0/4: ID: 0009B73FCE82 ../dyntrk/dyntrk_core.c:1462
sw2950_01#
3w2d: DTP-pkt:Fa0/3:Good DTP packet received: ../dyntrk/dyntrk_core.c:1451
3w2d: DTP-pkt:Fa0/3: Domain: ozlan ../dyntrk/dyntrk_core.c:1454
3w2d: DTP-pkt:Fa0/3: Status: TOS/TAS = TRUNK/ON ../dyntrk/dyntrk_core.c:1457
3w2d: DTP-pkt:Fa0/3: Type: TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_core.c:1459
3w2d: DTP-pkt:Fa0/3: ID: 000F8FFE0983 ../dyntrk/dyntrk_core.c:1462
here comes the nasty vlan errors...
sw2950_01#
3w2d: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthern
et0/1 (1), with sw2950_02 FastEthernet0/1 (50).
and this doesn't look too good... i couldn't ping and lost connectivity...
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg BKN*19 128.1 P2p *PVID_Inc
Fa0/2 Desg BKN*19 128.2 P2p *PVID_Inc
my conclusion is that although dtp is passing good packets, doesn't matter... the trunk is no good... then i changed the native vlan back, and...
sw2950_02#
1d23h: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0001.
Port consistency restored.
1d23h: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0050.
Port consistency restored.
1d23h: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/2 on VLAN0001.
Port consistency restored.
1d23h: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/2 on VLAN0050.
Port consistency restored.
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p
so dtp still works, but the trunk is broken...
Subscribe to:
Posts (Atom)