don't hate me because my diagram is beautiful..
1. erase start, reload
2. set up hostnames, passwords, consoles, vty's, ip addresses, all dot1q trunks
3. put the service timestamps in datetime format
4. make a ping macro from dls1 so you can ping them all
dls1(config)#macro global apply mping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.102, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
dls1(config)#
5. make dls1 the vtp server (ver2) name it lab, and build the vlans to save time
dls1#sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gi0/1, Gi0/2
100 100 active
200 200 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
dls1#
6. put the hosts in vlan 100 on als1, in vlan 200 on als2 as per the diagram
als2#sh vtp status
VTP Version : 2
Configuration Revision : 18
Maximum VLANs supported locally : 128
Number of existing VLANs : 7
VTP Operating Mode : Client
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x0E 0x4D 0x22 0x33 0x69 0x59 0xD8 0x0E
Configuration last modified by 172.16.1.1 at 5-5-12 10:05:37
als2#sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/13, Fa0/14
100 100 active
200 200 active Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
als2#
where is f0/7 - 12?
7. make sure stp is old school. make vlan 1 and 100 primary on dls1 and vlan 200 secondary. reverse this on dls2
dls2#sh spann
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 000f.8ffe.0980
Cost 19
Port 11 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address 000b.5fc9.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/11 Root FWD 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 24676
Address 000f.8ffe.0980
Cost 19
Port 11 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28772 (priority 28672 sys-id-ext 100)
Address 000b.5fc9.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/11 Root FWD 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
VLAN0200
Spanning tree enabled protocol ieee
Root ID Priority 24776
Address 000b.5fc9.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24776 (priority 24576 sys-id-ext 200)
Address 000b.5fc9.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
dls2#
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 000f.8ffe.0980
Cost 19
Port 11 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address 000b.5fc9.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/11 Root FWD 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 24676
Address 000f.8ffe.0980
Cost 19
Port 11 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28772 (priority 28672 sys-id-ext 100)
Address 000b.5fc9.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/11 Root FWD 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
VLAN0200
Spanning tree enabled protocol ieee
Root ID Priority 24776
Address 000b.5fc9.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24776 (priority 24576 sys-id-ext 200)
Address 000b.5fc9.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
dls2#
name 4 ways you can tell vlan 200 is the root on dls2?
know that root guard protects a root port from receiving superior bpdu's (preventing it from becoming root), but will allow that connected port to participate in stp...
see below...
als1(config)#int rang f0/7 - 8
als1(config-if-range)#spann guard root
als1(config-if-range)#
May 5 18:40:04: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthe.
May 5 18:40:04: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthe.
May 5 18:40:04: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/7 on.
als1(config-if-range)#end
als1#
May 5 18:41:03: %SYS-5-CONFIG_I: Configured from console by vty2 (172.16.1.102)
als1#sh spann incon
Name Interface Inconsistency
-------------------- ---------------------- ------------------
VLAN0001 FastEthernet0/7 Root Inconsistent
VLAN0001 FastEthernet0/8 Root Inconsistent
VLAN0100 FastEthernet0/7 Root Inconsistent
VLAN0100 FastEthernet0/8 Root Inconsistent
VLAN0200 FastEthernet0/7 Root Inconsistent
VLAN0200 FastEthernet0/8 Root Inconsistent
Number of inconsistent ports (segments) in the system : 6
als1#sh spann
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 000f.8ffe.0980
Cost 38
Port 9 (FastEthernet0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0009.b73f.ce80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BKN*19 128.7 P2p *ROOT_Inc
Fa0/8 Desg BKN*19 128.8 P2p *ROOT_Inc
Fa0/9 Root FWD 19 128.9 P2p
Fa0/10 Altn BLK 19 128.10 P2p
Fa0/11 Altn BLK 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
Fa0/13 Desg FWD 19 128.13 P2p
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 24676
Address 000f.8ffe.0980
Cost 38
Port 9 (FastEthernet0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 0009.b73f.ce80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BKN*19 128.7 P2p *ROOT_Inc
Fa0/8 Desg BKN*19 128.8 P2p *ROOT_Inc
Fa0/9 Root FWD 19 128.9 P2p
Fa0/10 Altn BLK 19 128.10 P2p
Fa0/11 Altn BLK 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
Fa0/15 Desg FWD 19 128.15 Edge P2p
VLAN0200
Spanning tree enabled protocol ieee
Root ID Priority 24776
Address 000b.5fc9.0000
Cost 19
Port 9 (FastEthernet0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 0009.b73f.ce80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BKN*19 128.7 P2p *ROOT_Inc
Fa0/8 Desg BKN*19 128.8 P2p *ROOT_Inc
Fa0/9 Root FWD 19 128.9 P2p
Fa0/10 Altn BLK 19 128.10 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
als1#
als1(config-if-range)#spann guard root
als1(config-if-range)#
May 5 18:40:04: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthe.
May 5 18:40:04: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthe.
May 5 18:40:04: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/7 on.
als1(config-if-range)#end
als1#
May 5 18:41:03: %SYS-5-CONFIG_I: Configured from console by vty2 (172.16.1.102)
als1#sh spann incon
Name Interface Inconsistency
-------------------- ---------------------- ------------------
VLAN0001 FastEthernet0/7 Root Inconsistent
VLAN0001 FastEthernet0/8 Root Inconsistent
VLAN0100 FastEthernet0/7 Root Inconsistent
VLAN0100 FastEthernet0/8 Root Inconsistent
VLAN0200 FastEthernet0/7 Root Inconsistent
VLAN0200 FastEthernet0/8 Root Inconsistent
Number of inconsistent ports (segments) in the system : 6
als1#sh spann
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 000f.8ffe.0980
Cost 38
Port 9 (FastEthernet0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0009.b73f.ce80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BKN*19 128.7 P2p *ROOT_Inc
Fa0/8 Desg BKN*19 128.8 P2p *ROOT_Inc
Fa0/9 Root FWD 19 128.9 P2p
Fa0/10 Altn BLK 19 128.10 P2p
Fa0/11 Altn BLK 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
Fa0/13 Desg FWD 19 128.13 P2p
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 24676
Address 000f.8ffe.0980
Cost 38
Port 9 (FastEthernet0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 0009.b73f.ce80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BKN*19 128.7 P2p *ROOT_Inc
Fa0/8 Desg BKN*19 128.8 P2p *ROOT_Inc
Fa0/9 Root FWD 19 128.9 P2p
Fa0/10 Altn BLK 19 128.10 P2p
Fa0/11 Altn BLK 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
Fa0/15 Desg FWD 19 128.15 Edge P2p
VLAN0200
Spanning tree enabled protocol ieee
Root ID Priority 24776
Address 000b.5fc9.0000
Cost 19
Port 9 (FastEthernet0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 0009.b73f.ce80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BKN*19 128.7 P2p *ROOT_Inc
Fa0/8 Desg BKN*19 128.8 P2p *ROOT_Inc
Fa0/9 Root FWD 19 128.9 P2p
Fa0/10 Altn BLK 19 128.10 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
als1#
note that f0/7 and 8 are inconsistent, but still designated...
als1(config-if-range)#no spann guard root
als1(config-if-range)#
May 5 18:46:55: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port FastEth.
May 5 18:46:55: %SPANTREE-2-ROOTGUARD_UNBLOCK: Root guard unblocking port FastEthernet0/.
May 5 18:46:55: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port FastEth.
als1(config-if-range)#
als1(config-if-range)#
May 5 18:46:55: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port FastEth.
May 5 18:46:55: %SPANTREE-2-ROOTGUARD_UNBLOCK: Root guard unblocking port FastEthernet0/.
May 5 18:46:55: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port FastEth.
als1(config-if-range)#
this is very disruptive, and i would avoid this... i don't care what non-root switch ports are root... i'd be more concerned with clearly delineating the root switch only...
again, for testing, it is important to know what root guard is... if you can figure out a vital reason to use this crap, please let me know...
bpdu guard on the other hand, will disallow a portfast enabled port from receiving bpdu's... a portfast port could recieve bpdu's from a rogue switch or ap... in that event, the port will be errdisabled
8. enable portfast on access ports for als1 and als2
9. globally enable bpduguard and verify
als1(config)#spann portfast bpduguard default
als1(config)#do sh spann summ
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 3 0 0 4 7
VLAN0100 3 0 0 4 7
VLAN0200 3 0 0 3 6
---------------------- -------- --------- -------- ---------- ----------
3 vlans 9 0 0 11 20
als1(config)#do sh spann summ
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 3 0 0 4 7
VLAN0100 3 0 0 4 7
VLAN0200 3 0 0 3 6
---------------------- -------- --------- -------- ---------- ----------
3 vlans 9 0 0 11 20
storm control is a good feature for trunking... simple enough... in a l2 network broadcasts can become unmanageable... thresholds can be set... my best practice would be to contain broadcasts at 20 %
10. set broadcast storm control on trunk ports and verify
als1(config)#int rang f0/7 - 12
als1(config-if-range)#storm-con broad lev 20
als1(config-if-range)#do sh run int f0/12
Building configuration...
Current configuration : 142 bytes
!
interface FastEthernet0/12
switchport mode trunk
speed 100
duplex full
storm-control broadcast level 20.00 
i really like your lab, arteq...
No comments:
Post a Comment