24. Global Technology Services
IBM Confidential
OSI Layers
Basic Network Training24
•Provides connectivity and path selection between two host
•Provides Logical address
•No error correction, best effort delivery.
34. Global Technology Services
IBM Confidential
IP Address
An IP address has 32 bits divided into four octets
To make the address easier to read, people use decimal numbers to
represent the binary digits
- Example: 192.168.1.1
Dotted decimal notation
- When binary IP addresses are written in decimal format
Basic Network Training34
38. Global Technology Services
IBM Confidential
MAC Address VS IP Address
MAC address
- Identifies a specific NIC in a computer on a network
- Each MAC address is unique
- TCP/IP networks can use MAC addresses in communication
- Network devices cannot efficiently route traffic using MAC addresses because they:
• Are not grouped logically
• Cannot be modified
• Do not give information about physical or logical network configuration
IP addressing
- Devised for use on large networks
- IP addresses have a hierarchical structure and do provide logical groupings
- IP address identifies both a network and a host
Basic Network Training38
39. Global Technology Services
IBM Confidential
IP Classes
Class A
- Reserved for governments and large corporations throughout the world
- Each Class A address supports 16,777,214 hosts
Class B
- Addresses are assigned to large- and medium-sized companies
- Each Class B address supports 65,534 hosts
• Class C
– Addresses are assigned to groups that do not meet the qualifications to obtain Class
A or B addresses
– Each Class C address supports 254 hosts
• Class D
– Addresses (also known as multicast addresses) are reserved for multicasting
– Multicasting is the sending of a stream of data (usually audio and video) to multiple
computers simultaneously
Class E
- Addresses are reserved for research, testing, and experimentation
- The Class E range starts where Class D leaves off
Basic Network Training39
40. Global Technology Services
IBM Confidential
IP Address Classes
Basic Network Training40
IP addresses are divided into classes to define the large,
medium, and small networks.
Class A addresses are assigned to larger networks.
Class B addresses are used for medium-sized networks,
Class C for small networks,
Class Dfor Multicasting
Class Efor Experimental purposes
45. Global Technology Services
IBM Confidential
IP address types
Basic Network Training45
• IP address could be one of three categories
Network address
Host address
Broadcast address
46. Global Technology Services
IBM Confidential
Network / Broadcast Addresses
Basic Network Training46
- Network address :
the first IP address in it which all host part bits = 0
- Broadcast address:
the last IP address in the network which all host part bits = 1
no. of host bits
- other addresses are host addresses = 2 - 2
- Here are some examples:
Class Network Address Broadcast Address
A 12.0.0.0 12.255.255.255
B 172.16.0.0 172.16.255.255
C 192.168.1.0 192.168.1.255
47. Global Technology Services
IBM Confidential
Network Addressing
IP addresses identify both the network and the host
- The division between the two is not specific to a certain number of octets
Subnet mask
- Indicates how much of the IP address represents the network or subnet
Standard (default) subnet masks:
- Class A subnet mask is 255.0.0.0
- Class B subnet mask is 255.255.0.0
- Class C subnet mask is 255.255.255.0
Basic Network Training47
48. Global Technology Services
IBM ConfidentialBasic Network Training48
Subnet Mask
- 32 bit mask ( 1’s followed by 0’s )
- Used by routers and hosts to determine the number of
network- significant bits ( identified by 1’s )
and host- significant bits in an IP address (identified by 0’s)
- example :
Class Network Address Default subnet mask
A 12.0.0.0 255.0.0.0 or /8
B 172.16.0.0 255.255.0.0 or /16
C 192.168.0.0 255.255.255.0 or /24
50. Global Technology Services
IBM Confidential
Network Addressing
TCP/IP hosts use the combination of the IP address and the subnet mask
- To determine if other addresses are local or remote
- The binary AND operation is used to perform the calculation
Subnetting
- Manipulation of the subnet mask to get more network numbers
Basic Network Training50
52. Global Technology Services
IBM Confidential
Subnetting
- Subnetting a network means to use the subnet mask to divide the
network and break a large network up into smaller, more efficient and
manageable segments, or subnets.
- Subnetting is done by taking part of host bits then add it to
the network part
Network part Host part
Subnet bits
Network part Host part
IP address
53. Global Technology Services
IBM Confidential
Subnetting Example
Divide network 192.168.1.0/24 into 4 subnets
Solution: 4 subnets need 2 bits
192.168.1 . 0
192.168.1 . 0000 0000 to 0011 1111
192.168.1 . 0100 0000 to 0111 1111
192.168.1 . 1000 0000 to 1011 1111
192.168.1 . 1100 0000 to 1111 1111
subnet mask is 255.255.255.192 or /26
The first subnet is 192.168.1.0/26
The second subnet is 192.168.1.64/26
The third subnet is 192.168.1.128/26
The fourth subnet is 192.168.1.192/26
0 - 63
64 - 127
128 - 191
192 - 255
54. Global Technology Services
IBM Confidential
Divide network 192.168.1.0/24 into 4 subnets
Solution :
- 4 subnets need 2 bits
- subnet mask = 255.255.255.192
- interesting octet is 192
- hop count = 256 – 192 = 64
- The first subnet is 192.168.1.0/26
- The second subnet is 192.168.1.64/26
- The third subnet is 192.168.1.128/26
- The fourth subnet is 192.168.1.192/26
55. Global Technology Services
IBM Confidential
Determine if this IP is network address or host address or
broadcast address
172.16.5.0/23
Solution :
- subnet mask = 255.255.254.0
- interesting octet is 254
- hop count = 256 – 254 = 2
- The first subnet is 172.16.0.0/23
- The second subnet is 172.16.2.0/23
- The third subnet is 172.16.4.0/23
- The fourth subnet is 172.16.6.0/23
So 172.16.5.0/23 is a host address
172.16.5.0/23
56. Global Technology Services
IBM Confidential
- Which IP address should be assigned to PC B ?
A . 192.168.5.5
B . 192.168.5.32
C . 192.168.5.40
D . 192.168.5.63
E . 192.168.5.75
192.168.5.33/27
?
A
B
Answer : C
57. Global Technology Services
IBM Confidential
57
- Given the choices below, which address
represents a unicast address?
Answer : E
A . 224.1.5.2
B . FFFF. FFFF. FFFF.
C . 192.168.24.59/30
D . 255.255.255.255
E . 172.31.128.255/18
58. Global Technology Services
IBM Confidential
IPv4 VS IPv6
IP version 4 (IPv4)
- The version of IP currently deployed on most systems today
IP version 6 (IPv6)
- Originally designed to address the eventual depletion of IPv4 addresses
CIDR has slowed the exhaustion of IPv4 address space and made the move
to IPv6 less urgent
- However, CIDR is destined to become obsolete because it is based on IPv4
Network address translation (NAT)
- Another technique developed in part to slow the depletion of IPv4 addresses
- Allows a single IP address to provide connectivity for many hosts
NAT is CPU intensive and expensive
- Some protocols do not work well with NAT, such as the IP Security Protocol (IPSec)
IPv4 does not provide security in itself
- Has led to security issues with DNS and ARP
Basic Network Training58
59. Global Technology Services
IBM Confidential
IPv4 VS IPv6
Security concerns were factored into the design of IPv6
IPv4 networks rely on broadcasting
- Inefficient because many hosts unnecessarily see and partially process traffic not
ultimately destined for them
IPv6 does away completely with broadcasting and replaces it with multicasting
IPv6 addresses are 128 bits compared with IPv4’s 32-bit structure
IPv6 addresses are expressed as hexadecimal numbers
- Example: 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB
IPv6 can be subnetted
- CIDR notation is also used with IPv6
• Example: 2001:702:21:: /48
Organizations requesting an IPv6 address may be assigned a /64 prefix
- Minimum subnet with space for over a billion hosts
Basic Network Training59
60. Global Technology Services
IBM Confidential
Transitioning to IPv6
Dual stack
- Involves enabling IPv6 on all routers, switches, and end nodes but not disabling
IPv4
- Both version 4 and version 6 stacks run at the same time
Tunneling
- Encapsulates IPv6 traffic inside IPv4 packets
- Done when portions of a network are running IPv6 and other network areas have not
been upgraded yet
- Greatest concern: security
Basic Network Training60
61. Global Technology Services
IBM Confidential
Getting an Interface Address from a DHCP Server
• No manual IP address is configured on the interface.
• The router operates as a DHCP client.
• The ISP provides DHCP information.
Basic Network Training61
69. Global Technology Services
IBM Confidential
Function of LAN
• Data and applications
• Share resources
• Provide communication path to other networks
Basic Network Training69
89. Global Technology Services
IBM Confidential
Catalyst 2960 LED Indicators
Basic Network Training89
1 SYST LED 5 Speed LED
2 RPS LED 6 PoE LED1
3 Status LED 7 Mode button
4 Duplex LED 8 Port LEDs
115. Global Technology Services
IBM Confidential
VLAN
• VLAN introduction
• LAN VS. VLAN
• Two Subnets, One Switch, No VLANs
• Traditional Solution: Multiple Switches
• Broadcast domains with VLANs
• VLAN Operation
• Configuration
• LAB
116. Global Technology Services
IBM Confidential
VLAN introduction
vlan
10
Default
vlan 1
Default
vlan 1
• VLANs provide segmentation based on broadcast domains.
• VLAN = Subnet
• VLANs can logically segment switched networks based on:
Physical location (Example: Building)
Organization (Example: Marketing)
Function (Example: Staff)
117. Global Technology Services
IBM Confidential
• VLANs are created to provide segmentation services traditionally
provided by physical routers in LAN configurations.
• VLANs address scalability, security, and network management.
Without
VLANs
10.3.0.0/16
10.2.0.0/16
10.1.0.0/16
One link per VLAN or a single VLAN
Trunk (later)
With
VLANs
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
VLAN introduction
119. Global Technology Services
IBM Confidential
Two Subnets, One Switch, No VLANs
• Layer 2 Broadcasts
What happens when 10.1.0.10 sends an ARP Request for
10.1.0.30?
10.1.0.10/16
DG: 10.1.0.1
10.2.0.20/16
DG: 10.2.0.1
10.1.0.30/16
DG: 10.1.0.1
10.2.0.40/16
DG: 10.2.0.1
120. Global Technology Services
IBM Confidential
Two Subnets, One Switch, No VLANs
• Layer 2 Broadcasts
Switch floods it out all ports.
All hosts receive broadcast, even those on a different subnet.
Layer 2 broadcast should be isolated to only that network.
Note: If the switch supports VLANs, by default all ports belong to
the same VLAN and it floods it out all ports that belong to the same
VLAN as the incoming port (coming).
10.1.0.10/16
DG: 10.1.0.1
10.2.0.20/16
DG: 10.2.0.1
10.1.0.30/16
DG: 10.1.0.1
10.2.0.40/16
DG: 10.2.0.1
121. Global Technology Services
IBM Confidential
Two Subnets, One Switch, No VLANs
• Layer 2 Unknown Unicasts
This is the same for unknown unicasts.
10.1.0.10/16
DG: 10.1.0.1
10.2.0.20/16
DG: 10.2.0.1
10.1.0.30/16
DG: 10.1.0.1
10.2.0.40/16
DG: 10.2.0.1
122. Global Technology Services
IBM Confidential
Traditional Solution: Multiple Switches
• The traditional solution is have devices on the same subnet connected
to the same switch.
• This provides broadcast and unknown unicast segmentation, but is
also less scalable.
10.1.0.10/16
DG: 10.1.0.1
10.2.0.20/16
DG: 10.2.0.1
10.1.0.30/16
DG: 10.1.0.1
10.2.0.40/16
DG: 10.2.0.1
Fa 0/0 Fa 0/1
10.1.0.1/16 10.2.0.1/16
ARP Request
123. Global Technology Services
IBM Confidential
Broadcast domains with VLANs
• A VLAN is a broadcast domain created by one or more switches.
• VLANs are assigned on the switch and correspond with the host IP
address.
• Each switch port can be assigned to a different VLAN.
10.1.0.10/16
DG: 10.1.0.1
10.2.0.20/16
DG: 10.2.0.1
10.1.0.30/16
DG: 10.1.0.1
10.2.0.40/16
DG: 10.2.0.1
Port 1 VLAN
10
Port 9 VLAN
10
Port 12
VLAN 20
Port 4 VLAN
20
124. Global Technology Services
IBM Confidential
Broadcast domains with VLANs
• Ports assigned to the same VLAN share the same broadcast domain.
• Ports in different VLANs do not share the same broadcast domain.
10.1.0.10/16
DG: 10.1.0.1
10.2.0.20/16
DG: 10.2.0.1
10.1.0.30/16
DG: 10.1.0.1
10.2.0.40/16
DG: 10.2.0.1
Port 1 VLAN
10
Port 9 VLAN
10
Port 12
VLAN 20
Port 4 VLAN
20
ARP Request
126. Global Technology Services
IBM Confidential
Configuration : Static VLANSConfiguration : Static VLANS
• Static membership VLANs are called port-based and port-centric
membership VLANs.
• This is the most common method of assigning ports to VLANs.
• As a device enters the network, it automatically assumes the VLAN
membership of the port to which it is attached.
• There is a default VLAN, on Cisco switches that is VLAN 1.
VLAN 10
Configured
Default
VLAN 1
Default
VLAN 1
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan 10
127. Global Technology Services
IBM Confidential
Configuration : Ranges of VLANsConfiguration : Ranges of VLANs
• This command does not work on all 2900 switches, such as the 2900
Series XL.
• This format of this command may vary somewhat on various 2900
switches.
vlan 3
Switch(config)#interface range fastethernet 0/8 - 12
Switch(config-if)#switchport access vlan 3
Switch(config-if)#switchport mode access
Switch(config-if)#exit
128. Global Technology Services
IBM Confidential
Configuration : Verifying VLANs – show vlanConfiguration : Verifying VLANs – show vlan
129. Global Technology Services
IBM Confidential
Configuration : Verifying VLANs – show vlan briefConfiguration : Verifying VLANs – show vlan brief
130. Global Technology Services
IBM Confidential
Configuration : Deleting VLANsConfiguration : Deleting VLANs
Switch(config-if)#no switchport access vlan vlan_number
• This command will reset the interface to VLAN 1.
• VLAN 1 cannot be removed from the switch.
131. Global Technology Services
IBM Confidential
LAB1LAB1
Test Ping
192.168.0.1/24 192.168.0.2/24
Port 1-3
VLAN 10
192.168.0.3/24
User1 User2 User3
User1
User2 User3
Port 4-6
VLAN 10
Port 7-9
VLAN 20
132. Global Technology Services
IBM Confidential
LAB2LAB2
Test Ping
192.168.0.1/24 192.168.0.2/24
Port 1-3
VLAN 10
192.168.0.3/24
User1 User2 User3
User1
User2 User3
Port 4-6
VLAN 20
Port 7-9
VLAN 20
134. Global Technology Services
IBM Confidential
VLAN Operation (No Trunking)
• Can VLANs span across multiple switches?
•Which VLAN can?
•Which VLAN can not?
• What is Benefit of Trunking?
1 2 3 1 2 3
135. Global Technology Services
IBM Confidential
VLAN Operation (Trunking)
• Each logical VLAN is like a separate physical bridge.
• VLANs can span across multiple switches.
• Trunks carry traffic for multiple VLANs.
• Trunks use special encapsulation to distinguish between
different VLANs.
1 2 3 1 2 3
136. Global Technology Services
IBM Confidential
Trunking / Tagging
• VLAN Tagging is used when a single link needs to carry traffic for
more than one VLAN.
No VLAN Tagging
VLAN Tagging
137. Global Technology Services
IBM Confidential
Trunking / Tagging
• There are two major methods of frame tagging, Cisco proprietary Inter-Switch Link (ISL) and IEEE
802.1Q.
• ISL used to be the most common, but is now being replaced by 802.1Q frame tagging. ISL
Increases the frame header overhead by 30 bytes.
• Cisco recommends using 802.1Q. This type of encapsulation adds only 4 bytes to the Ethernet
header
141. Global Technology Services
IBM Confidential
Configuration : TrunkingConfiguration : Trunking
• These commands will be explained in the following slides.
Note: On many
switches, the
switchport trunk
encapsulation
command must be
done BEFORE the
switchport mode
trunk command.
142. Global Technology Services
IBM Confidential
Configuration : TrunkingConfiguration : Trunking
• This command configures VLAN tagging on an interface if the switch
supports multiple trunking protocols.
• The two options are:
– dot1q – IEEE 802.1Q
– isl – ISL
• The tagging must be the same on both ends.
Switch (config-if)#switchport trunk encapsulation [dot1q|isl]
143. Global Technology Services
IBM Confidential
Configuration : TrunkingConfiguration : Trunking
An access port means that the port (interface) can only belong to a single
VLAN.
• Access ports are used when:
– Only a single device is connected to the port
– Multiple devices (hub) are connected to the port, all belonging to
the same VLAN
– Another switch is connected to this interface, but this link is only
carrying a single VLAN (non-trunk link).
• Trunk ports are used when:
– Another switch is connected to this interface, and this link is
carrying multiple VLANa (trunk link).
Switch(config-if) #switchport mode [access|trunk]
144. Global Technology Services
IBM Confidential
LAB1LAB1
192.168.10.1/24 192.168.20.1/24
Port 1-3
VLAN 10
192.168.30.1/24
Group 1 Group 2
User1 User2 User3
Trunk
Port 4-6
VLAN 20
Port 7-9
VLAN 30
Port 1-3
VLAN 10
Port 4-6
VLAN 20
Port 7-9
VLAN 30
Port 10-12
Trunk
192.168.10.2/24 192.168.20.2/24 192.168.30.2/24
User1 User2 User3
Allow
All VLAN
Port 10-12
Trunk
Allow
All VLAN
145. Global Technology Services
IBM Confidential
LAB2LAB2
192.168.10.1/24 192.168.20.1/24
Port 1-3
VLAN 10
192.168.30.1/24
Group 1 Group 2
User1 User2 User3
Trunk
Port 4-6
VLAN 20
Port 7-9
VLAN 30
Port 1-3
VLAN 10
Port 4-6
VLAN 20
Port 7-9
VLAN 30
Port 10-12
Trunk
192.168.10.2/24 192.168.20.2/24 192.168.30.2/24
User1 User2 User3
Allow
VLAN
10&20
Port 10-12
Trunk
Allow
VLAN
10&20
146. Global Technology Services
IBM Confidential
LAB3LAB3
192.168.10.1/24 192.168.20.1/24
Port 1-3
VLAN 10
192.168.30.1/24
Group 1 Group 2
User1 User2 User3
Trunk
Port 4-6
VLAN 20
Port 7-9
VLAN 30
Port 1-3
VLAN 10
Port 4-6
VLAN 20
Port 7-9
VLAN 30
Port 10-12
Trunk
192.168.10.2/24 192.168.20.2/24 192.168.30.2/24
User1 User2 User3
Allow
VLAN
10&30
Port 10-12
Trunk
Allow
VLAN
20&30
147. Global Technology Services
IBM Confidential
VLAN Trunking Protocol (VTP)
• VLAN Management Challenge
• What is VTP?
• VTP Overview
• Benefits of VTP
• VTP Mode
• VTP Operation
• Three types of VTP messages
• VTP Configuration
• Verifying VTP
• Adding a switch to an existing VTP domain
• LAB
148. Global Technology Services
IBM Confidential
VLAN Management Challenge
It is not difficult to add new VLAN for a small network
149. Global Technology Services
IBM Confidential
VLAN Management Challenge
It is not easy to add a new VLAN to all of switches
150. Global Technology Services
IBM Confidential
What is VTP?
VTP allows a network manager to configure a switch so that it will
propagate VLAN configurations to other switches in the network.
The switch can be configured in the role of a VTP server or a VTP
client.
VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005).
Extended-range VLANs (IDs greater than 1005) are not supported
by VTP.
151. Global Technology Services
IBM Confidential
VTP Overview
VTP allows a network manager to makes changes on a switch that
is configured as a VTP server.
Basically, the VTP server distributes and synchronizes VLAN
information to VTP-enabled switches throughout the switched
network, which minimizes the problems caused by incorrect
configurations and configuration inconsistencies.
VTP stores VLAN configurations in the VLAN database called
vlan.dat.
152. Global Technology Services
IBM Confidential
• Forwards
advertisements
• Synchronizes
• Not saved in
NVRAM
• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Sends/forwards
advertisements
• Synchronizes
• Saved in NVRAM
• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Forwards
advertisements
• Does not
synchronize
• Saved in NVRAM
VTP Modes
153. Global Technology Services
IBM Confidential
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
VTP Operation
154. Global Technology Services
IBM Confidential
Three types of VTP messages
• By default, server and client Catalyst switches issue summary
advertisements every five minutes.
155. Global Technology Services
IBM Confidential
Configuration : Domain and PasswordConfiguration : Domain and Password
• The domain name can be between 1 and 32 characters.
• The optional password must be between 8 and 64 characters long.
• If the switch being installed is the first switch in the network, the
management domain will need to be created.
• However, if the network has other switches running VTP, then the new
switch will join an existing management domain.
• Caution: The domain name and password are case sensitive.
156. Global Technology Services
IBM Confidential
Configuration : (Secure Mode)Configuration : (Secure Mode)
• By default, management domains are set to a nonsecure mode,
meaning that the switches interact without using a password.
• Adding a password automatically sets the management domain to
secure mode.
• The same password must be configured on every switch in the
management domain to use secure mode.
158. Global Technology Services
IBM Confidential
Configuration : Creating VLANsConfiguration : Creating VLANs
Create the VLAN:
Switch#vlan database
Switch(vlan)#vlan vlan_number
Switch(vlan)#name vlan_name
Switch(vlan)#exit
Configuration : Delete the VLAN From DatabaseConfiguration : Delete the VLAN From Database
Create the VLAN:
Switch#vlan database
Switch(vlan)#no vlan vlan_number
Switch(vlan)#exit
159. Global Technology Services
IBM Confidential
Configuration : VerifyingConfiguration : Verifying
• This command is used to display statistics about advertisements sent
and received on the switch.
160. Global Technology Services
IBM Confidential
Configuration : Erasing VLAN informationConfiguration : Erasing VLAN information
• VLAN information is kept in the vlan.dat file.
• The file is not erased when erasing the startup-config.
• To remove all VLAN information, use the command above and reload
the switch.
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch#erase startup-config
Switch#reload
161. Global Technology Services
IBM Confidential
Configuration : Adding a switch to an existing VTP domainConfiguration : Adding a switch to an existing VTP domain
• Use caution when inserting a new switch into an existing domain.
• In order to prepare a switch to enter an existing VTP domain, perform
the following steps.
• Delete the VLAN database, erase the startup configuration, and power
cycle the switch.
• This will avoid potential problems resulting from residual VLAN
configurations or adding a switch with a higher VTP configuration
revision number that could result in the propagation of incorrect VLAN
information.
• From the privileged mode, issue the delete vlan.dat and erase startup-
config commands, then power cycle the switch.
162. Global Technology Services
IBM Confidential
LAB1LAB1
Group 1 Group 2
Port 10
Trunk
Port 10
Trunk
Switch1 Switch2
VTP Mode : Server
VTP Domain Name : Basicnetwork
VTP Password : Basicnetwork
VLAN :
VLAN 10 Name V10
VLAN 20 Name V20
VTP Mode : Client
164. Global Technology Services
IBM Confidential
• Provides a loop-free redundant network topology by
placing certain ports in the blocking state.
Spanning -Tree ProtocolSpanning -Tree Protocol
165. Global Technology Services
IBM Confidential
• One root bridge per network
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused
Spanning -Tree OperationSpanning -Tree Operation
166. Global Technology Services
IBM Confidential
• Bpdu = Bridge Protocol Data Unit
(default = sent every two seconds)
• Root bridge = Bridge with the lowest bridge ID
• Bridge ID =
• In the example, which switch has the lowest bridge ID?
Spanning -Tree Root Bridge SelectionSpanning -Tree Root Bridge Selection
167. Global Technology Services
IBM Confidential
• Spanning-tree transits each port through several different states:
Spanning -Tree Port StatesSpanning -Tree Port States
172. Global Technology Services
IBM Confidential
• Convergence occurs when all the switch and bridge
ports have transitioned to either the forwarding or
the blocking state.
• When the network topology changes, switches and
bridges must recomputed the Spanning-Tree
Protocol, which disrupts user traffic.
Spanning – Tree ConvergenceSpanning – Tree Convergence
173. Global Technology Services
IBM Confidential
Switch#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.96DC.1A62
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32770 sys-id-ext 1)
Address 0010.1116.A3A4
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 Shr
Fa0/2 Root FWD 19 128.3 Shr
Switch(config)#spanning-tree vlan 1 priority 4096
Spanning – Tree StatusSpanning – Tree Status
175. Global Technology Services
IBM Confidential
EtherChannel Overview
• EtherChannel bundles individual Ethernet links into a single logical link
that provides bandwidth up to 1600 Mbps (8 links of Fast Ethernet), 16
Gbps (8 links of Gigabit Ethernet), or 160 Gbps (8 links of 10-Gigabit
Ethernet).
• A Catalyst 4500 series and 2960G switch supports a maximum of 64
EtherChannels. You can form an EtherChannel with up to eight
compatibly configured Ethernet interfaces. All interfaces in each
EtherChannel must be the same speed and must be configured as
either Layer 2 or Layer 3 interfaces.
176. Global Technology Services
IBM Confidential
EtherChannel Overview
• If one of the links within the bundle fails, traffic sent through that link
automatically is moved to an adjacent link.
• Failover occurs in less than a few milliseconds and is transparent to
the end user.
• As more links fail, more traffic is moved to further adjacent links.
Likewise, as links are restored, the load automatically is redistributed
among the active links
177. Global Technology Services
IBM Confidential
Bundling Ports with EtherChannel
Generally, all bundled ports first must belong to the same VLAN. If
used as a trunk, bundled ports must be in trunking mode, have the
same native VLAN, and pass the same set of VLANs. Each of the
ports should have the same speed and duplex settings before being
bundled.
178. Global Technology Services
IBM Confidential
Distributing Traffic in EtherChannel
The algorithm can use source IP address, destination IP address, or a
combination of source and destination IP addresses, source and
destination MAC addresses, or TCP/UDP port numbers. The hash
algorithm computes a binary pattern that selects a link number in the
bundle to carry each frame.
If only one address or port number is hashed, a switch forwards each
frame by using one or more low-order bits of the hash value as an
index into the bundled links. If two addresses or port numbers are
hashed, a switch performs an exclusive-OR (XOR) operation on one or
more loworder bits of the addresses or TCP/UDP port numbers as an
index into the bundled links.
179. Global Technology Services
IBM Confidential
Distributing Traffic in EtherChannel
Sample address bits are shown. The XOR operation produces a 0 bit if
the two input bits are the same (0,0 or 1,1) and a 1 bit if the two input
bits are different (0,1 or 1,0).
180. Global Technology Services
IBM Confidential
EtherChannel Load Balancing
The hashing operation can be performed on either MAC or IP
addresses and can be based solely on source or destination
addresses, or both. Use the following command to configure frame
distribution for all EtherChannel switch links:
Switch(config)# port-channel load-balance method
181. Global Technology Services
IBM Confidential
EtherChannel Negotiation Protocols
EtherChannels can be negotiated between two switches to provide
some dynamic link configuration. Two protocols are available to
negotiate bundled links in Catalyst switches. The Port Aggregation
Protocol (PAgP) is a Cisco-proprietary solution, and the Link Aggregation
Control Protocol (LACP) is standards based.
182. Global Technology Services
IBM Confidential
As ports are configured to be members of an EtherChannel, the switch
automatically creates a logical port-channel interface. This interface
represents the channel as a whole.
Configuration : EtherChannel ConfigurationConfiguration : EtherChannel Configuration
183. Global Technology Services
IBM Confidential
As ports are configured to be members of an EtherChannel, the switch
automatically creates a logical port-channel interface. This interface
represents the channel as a whole.
Configuration : EtherChannel ConfigurationConfiguration : EtherChannel Configuration
184. Global Technology Services
IBM Confidential
First, verify the EtherChannel state with the show etherchannel
summary command. Each port in the channel is shown, along with
flags indicating the port’s state
Troubleshooting : EtherChannelTroubleshooting : EtherChannel
185. Global Technology Services
IBM Confidential
You can verify the channel
negotiation mode with the
show etherchannel port
command, The local switch is
shown using desirable mode
with PAgP (Desirable-Sl is
desirable silent mode).
Notice that you also can see
the far end’s negotiation
mode under the Partner
Flags heading, as A, or auto
mode.
Troubleshooting : EtherChannelTroubleshooting : EtherChannel
Emphasize: Default VTP mode on the Catalyst switches is server. Be careful when adding new switches into an existing network. This is covered in more detail later.
Emphasize: A looped topology is often desired to provide redundancy, but looped traffic is undesirable. The Spanning-Tree protocol was originally designed for bridges. Today, it is also applied to LAN switches and routers operating as a bridge. Spanning-Tree protocol ensures that all bridged segments are reachable but any points where loops occur will be blocked.
Emphasize: The three general rules when dealing with STP are as follows:
1. One root bridge per network. The root is the bridge with the lowest bridge ID. All the ports on the root bridge are designated ports (forwarding).
2. For every non-root bridge, there is a root port (forwarding). The root port is the port with the lowest accumulated path cost to the root bridge.
3. For every segment, there is only one designated port. The designated port forwards traffic for the segment. The designated port has the lowest accumulated path cost to the root bridge.
Emphasize: By default, the switch with the lowest MAC address will be the root bridge.
Note: The Catalyst switches support an instance of spanning tree per VLAN. Each VLAN will use a unique MAC address for spanning tree purposes. On the Catalyst 1900, the address it uses for spanning tree is the MAC address on the various ports. VLAN is discussed in the next chapter.
The IEEE 802.1d specification specifies for a 16-bit priority field. The Catalyst 1900 switch only supports the 802.1d Spanning-Tree protocol. The default priority on the Catalyst 1900 is 32768 in decimal or 8000 in hex, the midrange value.
BPDU contain the following fields:
Protocol ID version
Message type
Flags
Root ID
Cost of path
Bridge ID
Port ID
Message age
Max age
Hello time
Forward delay
Emphasize: Using the default Spanning-Tree protocol timers setting, the times it takes to go from the blocking state to the forwarding state is 50 sec (20 + 15 + 15).
Emphasize: RPs and DPs are normally in the forwarding state.
There is only one DP per segment.
Emphasize: There are two cost calculation methods. The Catalyst 1900 uses the older method. The new method is designed to accommodate the higher gigabit Ethernet speed.
Note:
Port priority is used to determine which path has preference when path costs are equal (for example, when you have two parallel links connecting two switches together). The default port priority is 128.
The port aggregation protocol and EtherChannels® are not taught in this class.
Fast EtherChannel is supported by the Catalyst 1900 switch.
Layer 2 of 2
Emphasize: Switch X and Y have the same path cost to the root bridge. The DP for the bottom segment is on switch X because switch X has a lower bridge ID than switch Y.
Note: In large networks the effect of reconvergence may cause long periods of instability. During the election of a new root, all ports are blocked, and all learned MAC addresses are aged out so that when forwarding again starts, there is a lot of flooding of unicast traffic until the MAC address tables are repopulated. Also if a preferred root and a backup root are not configured by lowering their default priority, then the final topology of the spanning tree may be very inefficient.