Took a couple of days off to get our house ready to sell. I am hoping the brownie point that I earned from the with go a long way!
On section 23 of 39 but there are quite a few long sections coming up which make up about 50% of the estimated time of the course. Slowly but surely I will get there!!
Section 23: DHCP – Dynamic Host Configuration Protocol
- Beside forwarding DHCP requests, I am not really sure why this is even a section… Do people really use their routers as a DHCP server?
- DHCP Server Configuration Commands
- (config#ip dhcp excluded-addess [IP address start range] [IP address end]
- (config)#ip dncp pool [text description]
- (dhcp-config)#network [network address] [network subnet]
- dhcp-config)#default-router 10.10.10.1
- (dhcp-config)#dns-server 10.10.20.10
- DHCP Server Verification Commands
- show ip dhcp pool
- Details fo the DHCP
- show ip dhcp binding
- DHCP client informaiton assignment
- show ip dhcp pool
- External DHCP Server
- DHCP ip helper-address Commands, set on a interface hosting the subment.
- (config)#interface f0/1
- (config-if)#ip helper-address [DHCP IP address]
- DHCP ip helper-address Commands, set on a interface hosting the subment.
- Cisco Router as a DHCP Client
- Used in case that the router needs to pull IP address from ISP
- Config commands
- (config)#interface f0/0
- (config-if)#ip address dhcp
- (config-if)#no sutdown
- Verification Commands
- #show dhcp lease
Section 24: HSRP – Hot Standby Router Protocol
- Backup routes will be given a higher AD (administration Distance) as this is backup and not load balancing
- FHRP: First Hop Redundancy Protocols
- Use VIP (Virtual IP) and MAC address to allow for automated gateway failover.
- Devices use the VIP as the gateway
- Protocols
- HSRP – Hot Standby Router Protocol:
- Cisco proprietary
- Deployed in active/standby pair
- Default is version 1
- Version 2 introduces minor improvements
- Both routers must be running the same version
- VRRP – Virtual Router Redundancy Protocol
- Open standard
- Deployed in active/standby (Similar to HSRP)
- GLBP – Gateway Load Balancing Protocol
- Cisco proprietary
- Supports active active load balancing acrossmultiple routers
- HSRP – Hot Standby Router Protocol:
- Virtual IP and MAC addresses will be configured on the same interface on the routers that are used for standard traffic.
- On device will be elected as the HSRP active router and the other will be come the standby reouter
- The active router will respond to ARP requests and will own the virtual IP and MAC address
- All traffic will go to the active router
- If the standby router stops receiving hellos from the active router it will take on the responsibility of the IP and MAC addresses beconing the primary router.
- The higher IP address with win election to be active if priority the same or left at default (100). The higher priority will become active
- If pre-emption is enable (disabled by default), when primary router comes back online the active router will be transfered back to the the higher priority router.
- Leaving pre-emption disabled may be more stable in the case a router is flapping
- Commands Example
- First Router
- (config)#interface g0/1
- (config-if)#ip address 10.10.10.2 255.255.255.0
- (config-if)#no shutdown
- (config-if)#standby 1 ip 10.10.10.1
- Second Rtouer
- (config)#interface g0/1
- (config-if)#ip address 10.10.10.3 255.255.255.0
- (config-if)#no shutdown
- (config-if)#standby 1 ip 10.10.10.1
- First Router
- Verification Command
- #show standby
- Priority, Pre-emption and version Commands examples
- (config)#interdace g0/1
- (config-if)#ip address 10.10.10.2 255.255.255.0
- (config-if)#no shutdown
- (config-if)#standby 1 ip 10.10.10.1
- (config-if)#standby 1 pritory 110
- (config-if)#standby 1 preempt
- (config-if)#standby version 2
- Active/Active
- You can have an active/active HSRP for separate different IP subnets. For the same IP subnet, it will be active/passive.
Section 25: STP – Spanning Tree Protocol
- Layer 2 technology to avoid loop on layer 2 switches.
- Used to prevent looping arp broadcast storms when requests between switches while attempting to populate the ARP table.
- STP physically shuts down interfaces to prevent the broadcast storm.
- If the STP link goes down the switch will detect the outage and change a disabled port to an active forwarding port.
- Switches sends BPDU (bride protocol data units) out all ports when they come online
- Used to detect other switches and potential loops
- A switch will not forward traffic out any port until it is certain it is loop-free.
- Port starts in a ‘Blocking State’
- Will detect if the port forms a potential loop
- When determined no loop the port is changed to a ‘forwarding’ port
- Can take up to 50 seconds
- Bridge ID
- BPDU contains Bride ID which identifies the switch
- Bridge ID is made up of the switch’s unique MAC and a defined Bridge Priority value
- The bridge priority is a number from 0-65535, but is defaulted to 32768
- Root Bridge
- Elected based on the switches’ Bride ID values
- The Switch with the lowest Priority value is preferred
- When the priority is the same the switch with the lowest MAC address will win the election
- The switches build a loop-free forwarding path Tree leading back to the Root Bridge
- Spanning Tree Cost
- Switch calculates its best path towards the Root bridge
- Higher bandwidth links are preferred
- Date Rate – STP Cost
- 4 Mbps – 5,000,000
- 10 Mbps – 2,000,000
- 16 Mbps – 1,250,000
- 100 Mbps – 200,000
- 1 Gbps – 20,000
- 2 Gbps – 10,000
- 10 Gbps – 2,000
- Load Balancing
- STP instance does not load balance
- If a switch has multiple equal-cost paths, it will select eh neighbor with lowest Bridge ID
- If the requesting switch has multiple paths to the same neighbor (two ethernet connection to the same switch) it will select the port with the lowest Port ID
- Designated Ports
- These are ports coming from the root switch
- Root Ports point toward the Root Bridge
- Designated Ports point away from the Root Bridge.
- All ports on the Root Bridge are always Designated ports
- Designated ports can exist on switches that are not the Root Bridge Switch, in these cases, they will be switches that are between the requesting switch and the Root Bridge Switch.
- Root and Designated ports are the most direct paths to and from the root bridge.
- Designated ports are also the lowest cost Bridge ID on links that have been blocked because the are not the most direct paths.
- These are ports coming from the root switch
- Blocking Ports
- Any ports which have not be selected as a Root Port or Designated Port Pair and would be a potential loop
- BPDUs continue to be sent over the link but other traffic is dropped
- STP only blocks ports on one side of the the link
- 7-Steps to determine port types
- Determine the Root Bridge
- Lowest Priority and in case of a tie, the lowest MAC
- All ports on the Root Bridge are Designated Ports
- Determine the Root Ports on the other switches
- Lowest cost to root port based on link cost (lowest wins)
- Ports on the other side of the Root Ports are Designated ports
- On links that are not determined Root or Designated ports, will be determined as Blocking ports
- Determined the block port by highest cost path to root bridge or highest bridge ID
- The port on the other side of the blocking port is Designated Ports.
- Determine the Root Bridge
- Spanning Tree Versions
- IEEE Open Standards
- STP – 802.1D Spanning Tree Protocol
- Uses one Spanning Tree for all VLANs in the LAN
- RSTP – 802.1w Rapid Spanning Tree Protocol
- Imporved convergence time
- MSTP – 802.1s Multiple Spanning Tree Protocol
- Enables grouping and mapping VLANs into different spanning-tree instances for load balancing.
- STP – 802.1D Spanning Tree Protocol
- Cisco Proprietary versions
- PVST+ – Per VLAN Sapnning Tree Plus
- Enhancement to 802.1D
- uses a separate Spanning Tree instance for every VLAN
- Default on Cisco Switches
- RPVST+ – Rapid Per VLAN Spanning Tree Plus
- Enhancement to 802.1w TSPT
- Improved Convergence time over PVST+
- Uses a separate Spanning Tree instance for every VLAN
- Cisco versions do not support grouping multiple VLANs into the same instance, so you must configure each VLAN separately.
- PVST+ – Per VLAN Sapnning Tree Plus
- IEEE Open Standards
- Verification of STP
- Verification Commands
- show spanning-tree vlan
- Include VLAN# at the the end of the command to look at a single VLAN:
- Example: show spanning-tree vlan 1
- Include VLAN# at the the end of the command to look at a single VLAN:
- show mac address-table
- Use this to determine the path of traffic
- show spanning-tree vlan
- Verification Commands
- Manipulate the Root Bridge Election
- Reasons to manipulate the Root Bridge
- Root bridge acts as ta center point of the LAN
- Ensure a pair of high-end core switches are selected as 1st and 2nd most preferred Root bridge
- Lowest MAC address has the chance of being the oldest switch on the network, so make sure that the oldest switch is not the root bridge may want to be reviewed.
- Command
- (config)#spanning-tree vlan 1 root primary
- Set the switch to be the primary switch to STP
- Set priority of 24576
- (config)#spanning-tree vlan 1 root secondary
- set the switch to be the secondary switch for STP
- Set priority of 28672
- (config)#spanning-tree vlan 1 root primary
- Reasons to manipulate the Root Bridge
- STP and HSRP Alignment
- HSRP should be configured to match the STP path
- Ensure that VLAN HSRP and Root Bridge match accordingly.
- Portfast, BPDU Guard and Root Guard
- STP Portfast
- On ports that have a single host, you can turn off STP so the convergence time can be avoided and have the port come up ASAP as opposed to the 50 second wait time.
- Command Examples
- Set a single port for portfast
- (config)# interface f0/10
- config-if# spanning-tree portfast
- Set all port to a default of portfast on
- (config)# spanning-tree portfast default
- If a ‘portfast default’ is configured and a switch is configured using the following example to remove portfast on the interface
- (config)# interface f0/1
- (config-if)# no spanning-tree portfast
- Set a single port for portfast
- BPDU Guard
- Enable BPDU Guard on Portfast ports to guard against un-authorized switches being added.
- This will shutdown the port if a switch is detected.
- Command Example
- Turn on BPDU guard on a single port
- (config)#int f0/10
- (config-if)#spanning-tree portfast
- (config-if)#spanning-tree bpduguard enable
- Set all ports as BPDU default on all ports
- (config)#spanning-tree portfast bpduguard default
- Turn on BPDU guard on a single port
- STP Root Guard
- Prevents an unintended switch from becoming the root bridge
- If the interface receives a superior BPDU it will transition the port to root-inconsistent, it will not forward any traffic over the port and in sense shut the port down
- Set on ports that would not expect a higher priority, and protect from an un-authorized switch trying to take priority of STP root.
- Command
- (config)#int fa0/2
- (config-if)#spanning-tree guard root
- STP Portfast
Section 26: EtherChannel
- Oversubscription
- Recommendation for oversubscription is 20:1 from the access layer to the distribution layer
- 20 PCs connect with 1 Gbps NICs at the access layer, you would require 1Gbps uplink to the distribution layer
- 4:1 ratio is recommended from the distribution layer to the core layer
- These are general rules and should be analyzed on each network and configured as necessary
- Example
- 48 port 1Gbps switch with a pair of 10GBps
- subscription ratio = 2.4:1
- 48/20=2.4
- STP cause a problem as it by defaults disables a single port providing a with on one link and a ratio of 4.8
- Recommendation for oversubscription is 20:1 from the access layer to the distribution layer
- Etherchannel (AKA Port Channel, LAG Link Aggregation, Link bundle)
- Groups multiple physical interfaces into a single logical interface
- STP see the EtherChannel as a single interface, providing all bandwidth
- Traffic is load-balanced across all the links in the EtherChannel
- If the interface goes down all remaining links will remain up.
- NIC Teaming
- AKA – Bonding, NIC balancing, Link aggregation
- EtherChannel Load Balancing
- Packet in a single session all go over the same port-channel/link
- If packets were round robined it could cause packets being delivered out of order.
- This means that each session is only allowed 1 gig but there are multiple links for additional connections.
- Packet in a single session all go over the same port-channel/link
- EtherChannel Protocols and Configuration
- LACP – Link Aggregation Control Protocol
- Open standard
- Switches on both sides negotiate the port-channel creation and maintenance
- Most widely used
- Configuration
- Can be set as either Active or Passive
- If both interfaces set to passive the channel will not come up
- Recommended that both sides are set to Active, that way you do not have to worry about which side is active and which is passive.
- Commands
- This creates interface port-channel 1
- (config)#int range f0/23 – 24
- (config-if-range)#channel-group 1 mode active
- Configure the interface setting on the port channel, this is where you would set all other settings such as VLANs, IP, etc…
- (config)#interface port-channel 1
- (config-if)#switchport mode trunk
- This creates interface port-channel 1
- PAgP – Port Aggregation Protocol
- Cisco proprietary
- Switches on both sides negotiate the port-channel creation and maintenance
- Interfaces can be set to desirable or auto
- Will not come up if both are set ‘Auto’ it will not come up
- Recommended that both sides be set as ‘desirable’
- Command Example
- Create PAgP port channel
- (config)#interface range f0/23 – 24
- (config-if-range)#channel-group 1 mode desireable
- Configure port channel, this is where you would set all other settings
- (config)#int port-channel 1
- (config-if)#switchport mode trunk
- Create PAgP port channel
- Static EtherChannel
- Switches do not negotiate the creation and maintenance
- Settings must match on both sides for the port channel to work
- Use is LACP is not supported on both sides
- Command Example
- Create port channel
- (config)#interface range f0/23 – 24
- (config-if-range)#channel-group 1 mode on
- Configure port channel, this is where you would set all other settings
- (config)#int port-channel 1
- (config-if)#switchport mode trunk
- Create port channel
- Command
- Verification
- #show etherchannel summary
- #show spanning-tree vlan 1
- Verification
- Parameters
- Both sides must have matching configs
- Speed and duplex
- Access or Trunk mode
- Native VLAN and allowed VLANs on trunks
- Access VLAN on access ports
- Both sides must have matching configs
- StackWise, VSS, and vPC
- When you have two port-channels set up going between two different switches, spanning tree sees this as two different paths and will shut one of the port-channels down to protect against loops.
- Multi-chassis EtherChannel
- Support a shared EtherChannel from different switches
- Supported on some switches (must be advance level switches that support Multi-chassis EtherChannel)
- STP see a single link from switch that is connected to the two core switches and on those two switches it see a single channel that is shared on two switches.
- The switch that supports Multi-chassis EtherChannel will have one of the following three
- StackWise
- Catalyst switch families 3750, 2850 and 9000
- VSS
- Catalyst switch families 4500 and 6500
- vPC
- Nexus switch family
- StackWise
- Layer 3 EtherChannel
- Command examples
- (config)#interface range GigabitEthernet 1/0/1 – 2
- (config-if-range)#no switchport
- (config-if0range)#channel-group 1 [mode | active | auto |desireable | on | passive]
- (config)#interface port-channel 1
- (config-if)#ip address [ip address] [subnet]
- (config-if)#no shutdown
- This is used more no days as layer 3 switches were much more expensive in the past
- Same as layer two as far as configuration and fast convergence times
- Using layer 3 EtherChannel will affect the end-users default gateway to be the port on the switch since each link between the switches will be a different IP address range.
- Command examples
- LACP – Link Aggregation Control Protocol