Implementing Cisco IP Switch Networks (300-115) CCNP SWITCH Lab workbook version 2.1 NEN CEE IEL 4 CCIEx2(RS/SP) ~~, NETWORK ONLINE ACADEMY www.noasolutions.com NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 4¢ 65890380, +91 7036826345About the Author Sikandar Shaik, a dual CCIE (RS/SP# 35012), is a highly experienced and extremely driven senior technical instructor and network consultant. He has been training networking courses for more than 10 years, teaching on a wide range of topics including Routing and Switching, Service Provider and Security (CCNA to CCIE). In addition, he has been developing and updating the content for these courses. He has assisted many engineers in passing out the lab examinations and securing certifications. Sikandar Shaik is highly skilled at designing, planning, coordinating, maintaining, troubleshooting and implementing changes to various aspects of multi-scaled, multi-platform, multi-protocol complex networks as well as course development and instruction for a technical workforce in a varied networking environment. His experience includes responsibilities ranging from operating and maintaining PC's and peripherals to network control programs for multi-faceted data communication networks in LAN, MAN and WAN environments. Sikandar Shaik has delivered instructor led trainings in several states in India as well as in abroad in countries like China, Kenya and UAE. He has also worked as a Freelance Cisco Certified Instructor globally for Corporate Major Clients. Acknowledgment First and foremost | would like to thank the Almighty for his continued blessings and for always being there for me. You have given me the power and confidence to believe in myself and pursue my dreams. | could never have done this without the faith | have in you. Secondly | would like to thank the NOA Solutions team for their continued support, dedication and hard work which helped me in delivering a better product. | would like to thank my family for understanding my long nights at the computer. | have spent a lot of time on preparing workbooks and this workbook would not have been possible without their support and encouragement. | would also like to recognize the cooperation of my students who took my trainings and workbooks. | believe my workbooks have helped them in upskilling themselves with respect to the subject and technologies and | will continue preparing workbooks for the updated technology versions. Shaik Gouse Moinuddin Sikandar CCIE x 2 (RS/SP) Feedback Please send feedback if there are any issues with respect to the content of this workbook. | would also appreciate suggestions from you which can improve this workbook further. Kindly send your feedback and suggestions at info@noasolutions.com NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 2Implementing Cisco IP Switched Networks (300-115) + Implementing Cisco IP Switched Networks (SWITCH 300-115) is a 120-minute qualifying exam with 45-55 questions for the Cisco CCNP and CCDP certifications. + The SWITCH 300-115 exam certifies the switching knowledge and skills of successful candidates. + They are certified in planning,configuring, and verifying the implementation of complex enterprise switching solutions that use the Cisco Enterprise Campus Architecture, The SWITCH exam also covers highly secure integration of VLANs and WLANs. The following topics are general guidelines for the content that is ikely to be included on the exam. However, other related topics may also appear on any specific version of the exam. To better reflect the contents of the exam and for clarity, the following guidelines may change at any time without notice. Auto-negotiation, Speed, and Duplex Virtual LAN LAB -Verify VLAN eeeeeeeeseeeneeeeeeetee eseeeeeseeeneeeteeetnete 2 Trunking c . LAB : Trunking. 20 DTP (DYNAMIC TRUNKING PROTOCOL 30 NATIVE VLAN Inter-VLAN Routing options 37 Inter.Vian routing using Separate Phisical Gateways UF Inter.Vian routing using sub-interfaces Inter-Vian routing using Multilayer Witch....cucsseneueneneneetenenenenanenanne 51 Extended VLAN 57 Voice VLAN! osessee 59 VLAN Trunking Protocol 2 LAB: VIP. : 68, VIP Version 3 7 LAB: VTP version 3 : 79 VIP Pruning .. 95 LAB: VTP Pruning. 98 Spanning-tree Protocol... 109 LAB: VERIFYING SPANNING-TREE ....essecesecstscesteeeseeesestsnetsnetnneseee 19 LAB: Tuning STP (cost/proirity/Timers) 124 Hierachial Campus Model es ee isl STP : Selecting Root Bridge 132 UA: Pr, VUAN SU Psst eee ee 133 Etherchannel .. 150 LAB : Configruing Ether-Channel Using Pagp Protocol Negotiation...cvseseseenseene 155 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 3Layer 3 Etherchannel 159 Spanning-tree portfast 161 LAB: BPDU Guard (Interface & Global mode): 165 LAB: BPDU filter (interface level) . 74 LAB : Root Guard 179 UDLD and Loopguard 185 Errdisable Recovery options. 189 Spanning-tree uplinkfast/backbone fast e191 Rapid STP... 194 Per vlan STP ( PVST) 200 Multiple STP ssssssesseesssensetnstnsetasetseenseenstnssttnsensetneteneeenseee sae 208 LAB: MSTP (MULTILPLE SPANNING-TREE) / Tuning MSTP 206 SPAN/RSPAN/. 220 Using CDP /LLDP = 228 LAB: VERIFY CDP. . 231 Layer? Security Device Security using AAA (TACACS+ and Radius) .... . 237 LAB: AAA Authentication using External servers... 247 Understanding switch security issues al 255 Port security 257 LAB : PORT-SECURITY secstecstensesnsessecenstenetcenttesesenesetecsteestenetee 261 DHCP snooping... 268 LAB : DHCP Snoopin; 272 \B : IP Source Guard 282 LAB : Dynamic ARP inspection ...scssecseeeessenterstereeuneetneeneteneeneees 289 Storm control 298 Private VLAN evcccreeeeeeeseceeeeetene ceseceeneeeuneenteenteneennees 300 LAB: Private VLAN, 307 First HopRedundaney Protocols 319 LAB: HSRP 327 LAB: VRRP 338 LAB: GLBP 342 SWITCHING MOCK LAB 353 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 4Auto-negotiation, Speed, and Duplex By default, each Cisco switch port uses Ethernet auto-negotiation to determine the speed and duplex setting (half or full). The switches can also set their duplex setting with the duplex and their speed with the speed interface subcommand, Switch(confighfint fa0/1 Switch(config-if)#speed ? 10 Force 10 Mbps operation 100. Force 100 Mbps operation auto Enable AUTO speed configuration Switch(config.if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation Switchish interfaces fa0/1 FastEthernet0/1 is down, line protocol is down (disabled) Hardware is Lance, address is 0030.f207.aa01 (bia 0030.f207.aa01) MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set switch(config)# Interface Vian 1 switch(configcif)# ip address switch(configeif)# no shutdown To assign Default Gateway to a Switch Switch (config) ip default-gateway 192.168.1.100 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on” Page 5VLAN & Trunks Virtual LAN netWo OA. » Divides one single Broadcast domain into Multiple Broadcast domains. > Layer 2 Security » Vian 1 is the default VLAN. » We can create vlans from 2 ~ 1001 » Can be Configured on a Manageable switches only NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 6Broadcast Domain Set of all devices that receive broadcast frames originating from any device within the set. What happens when a computer connected to the Accounts department B. | OA, sends a broadcast like an ARP request? (Or ifthe destination mac unknown ( not present in macctable) » By default the broadcast goes to each and every device in the network. » As by default there is only one broadcast domain Stops broadcast’ > or > BEE BUY bee Lou Accounts Marketing Sales Finance 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 7» By default the broadcast goes to each and every device in the network. NA, » As by default there is only one broadcast domain VLAN divides one single broadcast domain in to multiple Broadcast domains » Limit the number of broadcast Better performance Security Accounts 192.168.1.0/; Benefits of VLANs » Limit the number of broadcast » Better performance » Security Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 6589038, +91 7036826345 uww.noasolutions.com Page 8» Work based on port numbers » Default all ports will be in vlan 1 » Need to manually assign a port on a switch toa VLAN » One port can be a member of only one VLAN. vlan 10 (Green) =1,2,3,4,9,12 vlan 20 (Red) = 5,6, 10,11 vlan 30 ( Blue) = 7,8 MOA.. Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fao/4 Fa0/s, Fa0/6, Fa0/7, Fao/8 Fao/9, Fao/10, Fao/11, Fao/12 Fao/13, Fao/14, Fa0/15, Fao/16 Fao/17, Fao/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fao/23, Fao/24 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 9Creating VLAN NA . ‘Switch(config)# vian Switch(config-Vian)# name ‘Switch(config-Vian)+ Exit ‘Switchesh vlan brief VLAN Name Status Ports ‘Switch(configh#vlan 10 wo Switeh(config-vlanjaname Green 1 default active Fa0/1,Fa0/2, Fao/3, Fao/s , 20/5, Fa0/6, Fa0/7, Fao’ Switch(config-vlan)ivian 20 Faa/9, Fa0/10, Fa0/11, Fa0/12 ‘Switch(config-vian}#name Red Fao/13, Fa0/14, Fa0/15, Fa0/16 Fao/17, Fa0/18, Fa0/19, Fa0/20 Switch(confiegairvian 20 Fa0/21, Fa0/22, Fa0/23,Fa0/24 Switeh(config-vlanywname Blue 30. Green active 20 Red active witch(config-vlan Switch(config-vlanywend we 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default: active 1005 tmet-defaule active Assigning ports - VLAN NOA a ‘Switch(config} interface ‘Switch(config-if}# switchport mode access ‘Switch(config-if}# switchport access Vian Switch(confightinterface range fo/1 - 4 , fo/9 , fo/12 Switch(config-i-rangey#switchport mode access Switch(config-if-range)sswitchport access vlan 10 Switch(config-if-range)texit a NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 10Assigning ports - VLAN MOA, a Switch(confightinterface range f0/5 - 6 , fo/10-11 Switchiconfigeif-range)#switchport mode access Switch(config-ifrangeyéswitchport access vian 20 Switch(configeif-rangetexit Switch(configint range fo/7 - 8 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 30 Switch(config-if-range}#exit NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 11LAB ~Verify VLAN 192.168.1.1 192.168.1.2 STEPS: 1. Ping between 192.168.1.1 and 192.168.1.3, ‘a. (they can communicate with each other and they are on the same network (logically) and same VIAN ( default vlan 1) 2. Create VLAN 20 3. Shift port f0/3 , {0/4 in to VLAN 20 4, between 192.168.1.1 and 192.168.1.3 a. they cannot communicate with each other and they are on the same network (logically) but on different VLAN (VLANI and vlan 20) Switchésh vlan VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 FaQ/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, Fa0/24 Gigi/l, Gigl/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fdinet-default act/unsup 1005 trnet-default act/unsup PC>ipconfig |P Address{i nes e161 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 12Subnet Mask.. Default Gateway.. 255.255.255.0 : 192.168.1.100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply fROATNTOZAGBAD: bytes=32 time=19ms TTL=128 Reply from 192.168.1.2: bytes=32 time=6ms TTL=128 Reply from 192.168. bytes=32 time=8ms TTL=128 Reply from 192.168.1.2: bytes=32 time=7ms TTL=128 Pc>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply fFOMNS2T68:03! bytes =32 time=12ms TTL=128 Reply from 192.168.1.3: bytes=32 time=9ms TTL=128 Reply from 192.168.1.3: bytes=32 time=7ms TTL=128 Reply from 192.168.1.3: bytes=32 time=8ms TTL: PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Reply from 192168104: bytes=32 time=10ms TTL=128 Reply from 192.168.1.4: bytes=32 time=8ms TTL=128 Reply from 192.168.1.4: bytes=32 time=8ms TTL=128 Reply from 192.168.1.4: bytes=32 time=9ms TTL=128 All the Four devices in the LAN. can communicate with each other and they are on the same network (logically) and same VLAN ( default vlan 1) TASK: Create Vian 20 And Shift The Ports 3 And 4 In To Vian 20 Switch(config)#vlan 20 Switch(config-vlan)#name SALES Switch(config-vlan)#e Switch(config)#interface fastEthernet 0/3 Switch(config-if) #switchport mode access Switch(config-if)#switchport access van 20 switch(config-if exit Switch(config)#interface fastEthernet 0/4 Switch(config-if)#switchport mode access Switch(config-if}#switchport access vian 20 Switch#sh vlan VLAN Name Status Ports NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 13‘et allNngIVENFROPNFROPR|F20/5,Fa0Vs Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/I1, FaO/12, FaO/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, FaO/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gigl/1, Gigl/2 20 SALES active Fa0/3, FA 1002 fddi-default act/unsup_ caer Coit 1004 fddinet-default act/unsup 1005 tret-default act/unsup_ Pc ipaontig 1P Aces ITCRA Subnet Mask. 255.255.255.0 192.168.1.100 Default Gateway. PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168:112: bytes=32 tims Reply from 192.168.1.2: bytes=32 Reply from 192.168.1.2: bytes=32 tim PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 14LAB -2 CREATING BASIC VLAN CONFIGURATION ON SWITCHES TASK: ‘* Create four VLANs ( VLAN 10.20.3040) + Configure port fa0/8_ in to vian 10 * Configure multiple ports ( 4-7 and 10) to vlan 20 Switch(config)#vlan 10 Switch(config-vlan)#name sales Switeh(config-vlan)#vlan 20 Switch(config-vlan)#name marketing Switch(config-vian)#vlan 30 Switch(config-vian)#vlan 40 Switch(config-vian)#end Switchish vlan VLAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, FaQ/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigi/1, Gigi/2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 15There are no active ports in the new vian which we created To shift the ports Switch(config)fint f0/8 Switch(config-if#switchport mode access Switch(config-if #switchport access vlan 10 switch(config-if exit Switch(config)#interface range f0/4 - 7 , f0/10 Switch(config-ifrange)#switchport mode access Switch(config-iFrange)#switchport access vlan 20 Switchish vlan VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/9, Fa0/M1, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, FaO/7 FaQ/18, Fa0/19, Fa0/20, Fa0/21 FaQ/22, Fa0/23, Fa0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 16Trunking MOA. > Asingle VLAN can span over Multiple Switches » Users of the same VLAN ~ may connect on two or more switches with in the LAN Passing same VLAN Traffic between switches using Single Link. Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 6589038, +91 7036826345 uww.noasolutions.com Page 17Types of links/ports NPA, Access links Trunk links » Connecting to end devices ( Hosts or router) » Do not belong to any VLAN » part of one VLAN » carry multiple VLANs traffic. » link between two switches. he Frame Tagging OA, > In order to make sure that same VLAN users on different switches communicate with each other there is a method of tagging happens on trunk links . » Tag is added before a frame is send and removed once It is recelved on trunk link. > Frame tagging happens only on the trunk links Frame a Frame Za + Frame includes source and destination MAC entries + Tag includes the VLAN- ID NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 18Trunking protocols Responsible for adding and removing tags on trunk links ISL (Inter-switch link) IEEE 802.1Q + IeS.a Cisco proprietary © IEEE Open standard + Itworks with Ethernet, Token ring, ‘© It works only on Ethernet FDDI © Only 4 Byte tag will be added to + It adds 30 bytes of tag original frame. + No more supported on new cisco platforms Trunk Configuration NPA., Switch(config interface Switch(config-ift switchport mode trunk Switch(config-if)# switchport trunk encapsulation dotiq r920 teasons2 24 “ton tona2 ww 10 ‘VLAN 20 tenia "EO *S tozsos2.4 wan 10 ‘WAN 20 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 19LAB: Trunking NA, » Create Vian 10 , Vian 20 on both Switches » Shift ports in to thel VLAN the di ports in to thelr respective 3s per the diagram ni ies ‘SW-2(config-f-range)tswitchport mode access ‘SW-2(config-Frange)sswitchport access vian 10, 'SW-2(config-frange}eexit ‘SW-2(confighinterface range f0/3 ‘SW-2(config-f-range)eswitchport mode access ‘SW-2(config:ifrange)sswitchport access vian 20, 'SW-2(configef-range}rend ‘SW-1(confighinterface range f0/1 - 2 ‘SW-1(configiFrange)sswitchport mode access 'SW-1(configifrange)sswitchport access vian 10 SW-r(configifrangeyrexit ‘SW-1(configyinterface range fo/3 - 4 ‘SW-1(configiFrange)sswitchport mode access 'SW-1(configirange)sswitchport access vian 20 ‘sWer(configiFrange)end N@A., active Fa0/s, Fa0/6, F20/7, Faos Faa/9, Fao/10, Fa0/13, Fa0/12 Fao/13, Fa0/14, Fa0/15, Faor16 Fa0/17, Fao/1s, Fa0/19, Fa0/20 Fa0/2, Fao/22, Fa0/23, Fa0/24 Gigi, Gigy2 10 VLANoo1o active F20/1, Fa02 20 VLANoo20 active F20/3, Faora 1 default active Fa0/s, Fa0/6,F20/7, Fa0/e Faov9, Fa0/10, Fao, Fa0/12 Fa0/13,Fa0/14, Fa0/15, Fa0/16 Fao/17, F20/18, F20/19, Fa0/20 Fao/21, Fa0/22, Fa0/23, Fa0/24 Gig, Gina 10 VLANooto active "Fa0/1, Fa0/2 20. VLANoo20 active Fa0/3, Fa0/a NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 20Configure Fo/20 port between SW1 and SW2 as Trunk link (On both switches ame cma wa 10 Tae ‘SW-x(configytinterface fastEthernet 0/20 ‘SW-x(configséswitchport mode trunk ‘SW-x{config-¥switchport trunk encapsulation dotiq SW-ash interfaces trunk Port Mode Encapsulation Status Native vlan Fao/20 on g02.1q trunking 1 ONLINE ACADEMY Ensure That users of same VLAN on different Switches must communicate with each other PC>ping 192.168.1.3 Pinging 19216813 wit 3 bytes of data meres Maem Senge nae tte Reply from 192.168.1.3: bytes=32 time=17ms TTL=128 Reply from 192.168.1.3: bytes=32 time=13ms TTL=128 PC>ping 192.168.2.3 Reply from 192.168.1.3: bytes=32 time=12ms TTL=128 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 time=toms TTL=128 Reply from 192.168.2.3: bytes Reply from 192-168.23: byte Reply from 192.168.23: bytes=32 time=13ms TTL=128, Reply from 192.1682. bytes=32 time=t3ms TTL=128 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 21LAB: TRUNKING 9192.168.4. y ‘yo2.168.2.3 2168.14 My m far gede to02.165.44 102.1654 ‘yo2.168.24 192,108.12 = VLAN 10 VLAN 20 want WAN 20 TASK: * Create Vian 10 , Vian 20 on both Switches * Shift ports in to their respective VLAN as per the diagram. + Confiure FO/20 port between SWI and SW2 as Trunk link + Ensure That users of same VLAN on different Switches must communicate with each other On swt Switch(config)#hostname SW/-1 SW-1(config)#interface range f0/1 - 2 SW-I(config-if-range)#switchport mode access SW-1(config)finterface range f0/3 - 4 SW-1(config-if-range)#switchport mode access SW-1(config-if-range)#switchport access vlan 20 SW-1(config-if-range)#end SW-l#sh vian VIAN Name Status Ports 1 default ive Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 22Fa0/I17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gigl/2 1002 fddi-defautt act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup (On sw-2 Switeh(config)#hostname SW/-2 SW-2(config)#interface range fO/1 - 2 SW-2(config-if-range)#switchport mode access SW-2(config.if-range)#switchport access vian 10 SW-2(config.if-range)#exit SW-2(config)#interface range 10/3 - 4 SW-2(config-if-range)#switchport access vlan 20 SW-2(config.if-range)#end SW-2#sh vlan VLAN Name Status Ports 1 default active _Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gigl/2 TO VIANOOIO = active Fa0/1, Fa0/2 20 VLANOO20 active _Fa0/3, Fa0/4 1002 fddi-cefault act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup, 1005 trnet-default act/unsup From PC 192.168.1.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 23PC>ipconfig IP Addres: 192.168.1.1 255.255.255.0 192.168.1100 Default Gateway. Pc>ping 192.1683 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Gepenimegon Request timed out, PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=13ms TTL=128 Reply from 192.168.1.2: bytes=32 tim PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. From PC 192.168.2.1 PC> ipconfig IP AddressiiiiaiaiaNNIS268221 Subnet Mask. 255.255.255.0 Default Gateway. 192.168.2.100 PC>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes Reply from 192.168.2.2: byte Reply from 192.168.2.2: byte Reply from 192.168.2.2: bytes SERVER> ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Request timed out. Request timed out. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 24Request timed out. Request timed out. SERVER>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. NOTE: * From the above verification ‘+ Users of the same VLAN connected on the same switch can ping each other + Same vian users on different switches are not able to ping each other * In oder to communicate between same vian on different switches , there should be trunking configured on link (f0/20) between the switches To configure trunking SW-1(config)#interface fastEthernet 0/20 SW-1(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dotlq, SW-2(config)fint 0/20 if} #switchport mode trunk if)#switchport trunk encapsulation dotlq Mode Encapsulation Status Native vlan FaO/2ONSRSO2IG — trunking 1 Port Vlans allowed on trunk Fa0/20 1-1005 Port Vlans allowed and active in management domain Fa0/20 1.10.20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 — 1,10,20 SW-2ifsh interfaces trunk Se ee Gere ot FAO/20TORMNNBOTG§— unking 1 Port Vlas allowed on trunk Fa0/20 11005 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 25Port Vian allowed and active in management domain Fa0/20 110,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 110,20 From PC 192.168.1.1 PC>ipconfig IP Address. 192.168.1.1 Subnet Mask. 2 255.255.255.0 Default Gateway... + 192.168,1.100 PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 tim Reply from 192.168.1.3: bytes=32 tim Reply from 192.168.1.3: bytes=32 tim PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of dat eplvromN92.T6BE.AebyIEs=32 tine=25ms TTL=128 Reply from 192.168.1.4: bytes=32 tim Reply from 192.168.1.4: bytes=32 tim Reply from 192.168.1.4: bytes=32 time=13ms TTL=128 From PC 192.168.2.1 PC>ipconfig IP Addres 192.168.2.1 Subnet Mask. : 255.255.255.0 Default Gateway. 192.168.2.100 PC>ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192.168.2.3: byte Reply from 192.168.2.3: byte Reply from 192.168.2.3: bytes Reply from 192.168.2.3: byte 3ms TTL=128 Jams TTL=128 3ms TTL=128 3ms TTL=128 PC>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 26Reply from 192.168.2.4: bytes=32 time=26ms TTL=128 Reply from 192.168.2.4: bytes=32 time=12ms TTL=128 Reply from 192.168.2.4: bytes=32 time=12ms TTL=128 Reply from 192.168.2.4: bytes=32 time=13ms TTL=128 TASK: * Configure The Trunk Link Such That It Only Allow The Vian 10 , 20, 30 , 40 Traffic Should Only Be Allowed (No Other Vian Traffic Should Be Send ) On both switches (Swi/sw2) SW-x(config)#int 0/20 SW-x(config-if)#4switchport trunk allowed vlan ? WORD VLAN IDs of the allowed VLANs when this port is in trunking mode add add VLANs to the current list all all VLANs except all VLANs except the following none no VLANs remove remove VLANs from the current list SW-x(config-if}#switchport trunk allowed vlan 10,20,30.40 SW-1#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/20 10.20.30.40 Port Vans allowed and active in management domain Fa0/20 10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10.20 SW-2#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20_ on 802.19 trunking 1 Port Vians allowed on trunk Port —_Vians allowed and active in management domain Fa0/20 10,20 Port —_Vlans in spanning tree forwarding state and not pruned. Fa0/20 10,20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 27TASK: * Create vian 50, 60,70,80 on both switches * Configure the trunk link {0/20 to add van 50 ,60,70,80 to the existing trunk allowed list On both hes (SWI/SW2) SW-x(config)#vlan 50 SW-x(config-vian)#vlan 60 SW-x(config-vian)#vlan 70 SW-x(config-vian)#vlan 80 SW-x(config-vian)#end SW-x(config-if}#switchport trunk allowed vian add 50,60,70,80 SW-l#sh interfaces trunk Port Mode Encapsulation Status—_Native vlan Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/20 10, 20,30,40,50,60,70,80 Port Vlans allowed and active in management domain Fa0/20 10,20,50,60 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10,20,50,60 SW-2#sh interfaces trunk Port Mode —_Encapsulation Status _Native vlan Fa0/20 on 802.1q trunking 1 Port —_Vians allowed on trunk Port Vlans allowed and active in management domain Fa0/20 —10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 TASK * Configure the trunk link f0/20 to remove vian 70,80 to the existing trunk allowed list ‘SW-1(config)#int f0/20 ‘SW-1(config-if)#switchport trunk allowed vlan remove 70,80 SW-14sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port —__Vians allowed on trunk Fa0/20 — 10,20.30.40.50,60 Port _Vians allowed and active in management domain NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 28Fa0/20 — 10,20,50.60 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 —_ 10,20,50,60 SW-24sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port —_Vians allowed on trunk Fa0/20 — 10.20,30,40,50,60 Port Vlans allowed and active in management domain Fa0/20 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 29DIP (DYNAMIC TRUNKING PROTOCOL) Trunking can be done dynamically through negotiation process Switch# sh dtp Global DTP information Sending DTP Hello packets every 30 seconds Dynamic Trunk timeout is 300 seconds O interfaces using DTP DIP MODES DESIRABLE: (© desires to become trunk ( always want to become trunk) ‘© Sends and reply to DTP messages ‘© It becomes a trunk if the port on the other switch is set to trunk, dynamic desirable or dynamic auto mode. AUTO: ‘© Only reply to DTP messages ( not send ) ‘© Default mode on most of the modem switches ‘© It becomes a trunk if the other end is set to trunk or dynamic desirable mode. TRUNK © Configuring trunk manually ‘©. The port still negotiates trunking with the port on the other end of the link. ACCESS ‘© Configuring access manually ‘©. The port is a user port ina single VLAN. NO-NEGOTIATE ‘©. Turn off DTP messages (disable DTP). ‘©. The port isa trunk and does not do DTP negotiation with the other side of the link. Switchport Mode Interact Dynamic Dynamic res Ecce nail Dynamic aes Pa cat Access. | Trunk Trunk Access Trunk Trunk Trunk Access Not aay Trunk Trunk Trunk mended Not PETE Access — [Access [NOt Access Note: Table assumes DTP is enabled at both ends. + show dtp interface ~ to determine current setting DTP can be disabled either by 1. configuring as access port using switchport mode access 2. or using switchport nonegotiate commands NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 30ERIFYING DTP. 10/20 10/21 swl sw2 TASK: Configure {0/20 of SWI to actively negotiate the DTP messages and SW2_ 10/20 port should only reply to the DTP messges Configure 0/21 of SWI and SW2 should not negotiate any DTP essages On sw. ‘Sw-l# sh interfaces fa0/20 switchport Name: Fa0/20 ‘Switchport: Enabled Administrative Trunking Encapsulation: dotlq ‘Operational Trunking Encapsulation: native Sw-I(config)#int (0/20 Swz-I(config-if}#switchport mode ? access Set trunking mode to ACCESS unconditionally ‘ayfiamic Set ttinking mode to Aynamically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally Sw-I(config.if}#switchport mode dynamic desirable SW-I#/sh interfaces fa0/20 switchport Name: Fa0/20 Switchport: Enabled Administrative Trunking Encapsulation: dotiq SW-1# sh interfaces trunk Port Mode Encapsulation Status —_Native vlan Fa0/20 auto —n-802.1q_ trunking 1 Port Vlans allowed on trunk Fa0/20 11-1005 Switch#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 auto n-802.1q trunking 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 31Port Vians allowed on trunk Fa0/20 11-1005 Port Vians allowed and active in management domain Fao/20 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 TASK: Configure SW! and SW2 to Configure Manaul Trunk and Disable the DTP negotiation Process. On swr/sw2 Sw-x(config)#int f0/21 sw-x(config-iN #switchport mode trunk sw-x(config-if#switchport trunk encapsulation dotlq Sw-x(config-i#switchport nonegotiate Sw-Ifsh interfaces trunk Port Mode Encapsulation Status _ Native vlan Fa0/20 auto —n-802.1q__ trunking 1 Fa0/21 on = 802.1q trunking 1 Port —_Vlans allowed on trunk Fa0/20 11005 Fa0/21 14005 Port —_Vians allowed and active in management domain Fa0/20. 1 Fa0/21 1 Port __Vlans in spanning tree forwarding state and not pruned Fa0/20 1 Fao/21 1 Sw-24sh interfaces trunk Port Mode Encapsulation Status _Native vlan Fa0/20 auto —n-802.1q_—_ trunking 1 Fa0/21 on = 802.1q trunking 1 Port —_Vians allowed on trunk Fa0/20 11005 Fa0/21 141005 Port Vians allowed and active in management domain Fa0/20 1 Fao/2t 1 Port —__Vlans in spanning tree forwarding state and not pruned. Fa0/20 1 Fa0/21_— none NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 32NATIVE VLAN Native VLAN Native VLAN Native VLAN TRUNK Link ao ag + Ifa packet is received on a dotiq link, that does not have VLAN tagged. it is assumed that it belongs to native VLAN. + Untagged frames must place into a VLAN by the receiving switch, the native VLAN is the VLAN used, + When a switch receives an untagged frame on a tagged interface it is assumed membership of the Native VIAN. + For Cisco switches the Native VLAN ID must match on both end of the trunk. + By default the Native VLAN is 1. + Best Practice is to configure the Native VLAN ID to VLAN 666 and to ensure that this VLAN is not used anywhere in the network. + Use this new vlan as the native vlan. No ports should be assigned to the native vlan. end devices in the native vianThe number “666" helps people to remember this. + Anattacker who attempts to use the VLAN hopping attack will end up in a dead VLAN that has no hosts to leverage. ACCESS Link 4 you do not have any This message appears when the native VLAN is mismatched on the two Cisco switches NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 33192.168.1.2 swi ‘© Connect Devices and assign the IP addressing as per the diagram. ‘+ Create vlan 999 on both switches. Configure 0/20 port as trunk link ‘© Ensure that vlan 999 should be native vlan on both trunks. ‘* Verify the connectivity between PC (192.168.1.1 and 192.168.1.2). PC>ipconfig FastEthernetO Connection:(default port) IP Address. soot 192168.1.1 Subnet Mask. i 255,255.255.0 Default Gateway... .0.0 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time: Reply from 192.168.1.2: bytes=32 time=Oms TTI Reply from 192.168.1.2: bytes=32 time=Oms TTI Reply from 192.168.1.2: bytes=32 time=Oms TTL=128 ms TTL=128 On swrysw2 SWx(config)#vlan 999 SWrx(config-vian)#end ‘sWr(config)#int £0/20 ‘SWx(config-if}#switchport trunk encapsulation dotiq ‘SWrx(config-if}#switchport mode trunk SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk sw2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 34Fa0/20 1-105 Port —_Vians allowed and active in management domain Fao/20. 1 Port Vlans in spanning tree forwarding state and not pruned Fao/20 1 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=Ims TTL=128 Reply from 192.168.1.2: byte Reply from 192.168.1.2: byte Reply from 192.168.1.2: byte TASK: change native vlan to 999 on SW/ and verify connectivity SWI(config)#int 0/20 SWI (config-if)#switchport trunk native vian 999 SWI(config-ifjtend PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. SWI#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20. on 802.1q trunking 999 Port Vlans allowed on trunk Fa0/20 11005 Port —_Vians allowed and active in management domain Fa0/20 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 SWI#sh interfaces 0/20 switchport Name: Fa0/20 Switchport: Enabled Administrative Mode: dynamic auto NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 35Operational Mode: trunk Administrative Trunking Encapsulation: dott Operational Trunking Encapsulation: dotlq Negotiation of Trunking: On ‘Access Mode VLAN: 1 (default) ‘Trunking Native Mode VLAN: 999 (VLANO999) Voice VLAN: none SW2fsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20_ on 802.19 trunking 1 Port Vians allowed on trunk Fa0/20 1-1005 Port —_Vians allowed and active in management domain Fa0/20 1 Port —_Vlans in spanning tree forwarding state and not pruned Fa0/20. 1 sW2(config)#int (0/20 sW2(config-if)#switchport trunk native vlan 999 swa(config-iifend PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: byte: Reply from 192.168.1.2: byte: Reply from 192.168.1.2: byte: Reply from 192.168.1.2: bytes=32 time=Oms TTL=128 ‘Troubleshooting Vian and Trunks * Same netwok © Same vlan * Trunking (mode) + Allowed vian on the trunk link ‘© Native lan must match NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 36Inter -VLAN Routing OA,, allowing the users of one VLAN to access resources of other VLAN VLAN 10 Accounts VLAN 20 Finance Inter -VLAN Routing * Need a at-east one router + Every VLAN must have a default gateway VLAN 10 Accounts VLAN 20 Finance 192.168.1.0/24 192.168.2.0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 37Inter-Vlan Routing Methods NPA, A. Separate Physical Gateway on Router B. Using Sub-interfaces C. Using Layer 3 Switch wana A ,—“" <9 InterVLAN Router VUAN1 a usetes (Eg roteronasice VLAN 1 © te EI ane VANS Inter- VLAN routing using separate interfaces NPA, eA * Need a at-least one router * Every VLAN must have a default gateway 192.168.1.100 192.168.2.100 1,2, 10 - vlan 10 3,4, 11 = vlan 20 VLAN 10 Sales VLAN 20 marketing 192.168.1.0/24 792168.210/20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 38Inter-Vian Routing using Separate NA ADE Physical Gateway on Router Router(configysinterface FastEtherneto/0 tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 47ms @3ms 62m 192.168.1.100 2 109ms 125ms 78ms 192.168.2.1 VLAN 10 Sales 192.168.1.0/24 VLAN 20 marketing 192.168.2.0/24 Layer 3 Port NA, Fort Foro 172.16.1.100 Vian 10 Vian 20 192.168.1.100 192.168.2.100 VLAN 10 Sales VLAN 20 marketing 172.16.0.0/16 192.168.1.0/24 192.168.2.0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 42Switch(config)tint fa0/20 A Switch(configif\rip address 10.0.0.2 255.0.0.0 1K ONLINE ACADEMY ‘% Invalid input detected at” marker. Switch(config-iD#no switchport Fort Switch(config-ifip address 10.0.0.2 255.0.0.0 Fovo 172.16.1.100 Fo/20 10.0.0.2 Vian10 192.168.1.100 Vian 20 192.168.2.100 VLAN 10 Sales VLAN 20 marketing 172.16.0.0/16 192.168.1.0/24 ceaEAL Routing - on MLS WN DY A. Switch(config)#router rip Router(config)router rip Switch(config-router}#version 2 Router(config-router}#ver 2 Switch(config-router}#network 192.168.1.0 Router(config-router)#network 172.16.0.0 Switch(config-router)#network 192.168.2.0 Router(config-router)#network 10.0.0.0 Switch(config-router}#network 10.0.0.0 Fon wo0as Fo20 19.002, Foo a v7a.161.100 uuriayer suit VLAN oSaes VIAN zomarting ON passaons wanesnare Seumsben NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 43Routing — on MLS NPA. Routerssh ip route C_ 10.0.0.0/8 is directly connected, FastEtherneto/1 C__172.16.0.0/16 is directly connected, FastEtherneto/o R__192:168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, FastEtherneto/1 R 192.168.2.0/24 [120/1] via 10.0.01, PC>ping 172.16.1.1 Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 Reply from 172.16.1:1: Fon PC>tracert 172.16.1.1 ra001 “Tracing route to 172.16.1.1 over a maximum of 30 hops: x Fo 1 sms sims 32ms1922168:1100 orm 10.003, FO om 2 ms Gms ams 19001 Vionro Vian20 : 3 109ms USMS sms T2I6IA BIEL vane utiayer suite VLAN 1oSales VLAN 29 marketing 72160016 waneb102t sen yeea.9.04 Layer 3 Port on MLS m, | G A. » By default all the ports of any Multilayer Switch will be switch port (Layer 2) » they don’t understand IP addressing and just forward frames by identifying MAC address » In our example we want f0/20 port of MLS as Router port ( layer 3) » To change the default Layer 2 port to a Router port we need to add command “no ‘switchport” NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 44LAB : Inter-VLAN Routing using Separate Gateways. TASK + Create Vian 10, Vian 20 on SWI and assign ports in to their respective VLAN as per the diagram. * Ensure That users of VLAN 10 and 20 communicate with each other Foy t92.108.1.1 ‘ 192.168:1.2° WN To waN20 192,168.1.0/24 192:108.2.0/24 ‘Switch(config)#vlan 10 Switch(config-vian)#name sales Switch(config-vian)#exit, ‘Switch(config)#vlan 20 ‘Switch(config-vian)#name marketing Switch(config-vian)#exit, ‘Switch(config)#interface FastEthernetO/1 Switch(config-if}# switchport access vlan 10 Switch(config-if}# switchport mode access Switch(config-if}finterface FastEthernet0/2 Switch(config-if}# switchport access vlan 10 Switch(config-if}# switchport mode access Switch(config-if)interface FastEthernet0/3 Switch(config-if)# switchport access vlan 20 Switch(config-if}# switchport mode access Switch(config-if}interface FastEthernet0/4 Switch(config-if}# switchport access vlan 20 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 45Switch(config-if}# switchport mode access Switch(config-if}fexit Switch(config)#interface FastEthernet0/10 Switch(config-if# switchport access vlan 10 Switch(config-if# switchport mode access Switch(config-if}#interface FastEthernetO/I1 Switch(config-if}# switchport access vlan 20 Switch(config-if}# switchport mode access Switch(config.ifhtend Switch#sh vlan VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/12, Fa0/13, FaO/4 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gigl/l. Gig/2 10 sales = active Fa0/1, Fa0/2, Fa0/10 20 marketing = active Fa0/3, Fa0/4, FaO/I1 1002 fddi-cefautt act/unsup Router(config)#interface FastEthernet0/O Router(configcif}# ip address 192.168.1.100 255.255.255.0 Router(configcif}#no shutdown Router(config-if}#fexit Router(config)#interface FastEthernet0/1 Router(config-if}# ip address 192.168.2.100 255.255.255.0 Router(config-i}#no shutdown Router(config-if}#exit Router(config)#end Router#sh ip int brief Interface IP-Address__ OK? Method Status Protocol FastthieinietO/0 IS268100/ YES manual up up Router#sh ip route Gateway of last resort is not set C _ 192.168.1.0/24 is directly connected, FastEthemnet0/0 CC 192,168.2.0/24 is directly connected, FastEthemet0/1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 46Pc>ipconfig FastEthernet0 Connection:(default port) Link-local IPv6 Address. IP Address. 192.168.1.1 Subnet Mask. : 255.255.255.0 Default Gateway. + 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 time=Oms TTL=127 Reply from 192.168.2.1: bytes=32 time=Oms TTL=127 Reply from 192.168.2.1: bytes=32 time=Oms TTL=127 Pc>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 13ms Oms Oms —192.168.1.100 2 Oms Oms Oms 192.168.2.1 Trace complete. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 47LAB INTER VLAN-ROUTING USING ROUTER (Router on Stick) 1070.10 192.168.1.100 1070.20 192.168.2.100 RY TASK: Create Vian 10 , Vian 20 on SWI Shift ports in to their respective VLAN as per the diagram. Confiure F0/20 port as Trunk link. Create sub interfaces on router port f0/0 Ensure That users of VLAN 10 and 20 communicate with each other On swt Switch (config)#hostname SW-1 SW-1(config)#interface range f0/1 - 2 f-range)#switchport mode access f-range)#switchport access vlan 10 SW-1(config-ifrange)#exit ee SW-1(config)#interface range £0/3 - 4 SW-1(config-if-range)#switchport mode access SW-1(config-if-range)#switchport access vlan 20 SW-1(config-ifrange)#end NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 48SW-l#sh vian VIAN Name. Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, FaO/15, FaO/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/2I, Fa0/22, Fa0/23, Fa0/24 GigW/1, Gigl/2 10 VLANOOIO = active Fa0/I, Fa0/2_ 20 VLANOO20 active Fa0/3. Fa0/4 1002 fddi-cefault act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tnet-default act/unsup Trunk link configuration SW-1(config)#interface fastEthernet 0/20 (Interface facing Router) SW-1(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dottq * A rrouter on a stick can be used to route between VLANS using either ISL or 802.1Q as the trunking protocol. © Arouter on a stick requires subinterfaces, one for each VLAN. Creating sub interfaces on router interface f0/0 R-l(config)#int fa0/0 R-l(config-if\# no shutdown R-l(config.if)# exit R-l(config)#int fa0/0.10 R-l(config-sub-i# encapsulation dotlQ 10 It should be the exact vian no ( vian 10) R-l(config-sub-if}# ip add 192.168.1.100 255.255.255.0 Re(config-sub-if}# exit R-l(config)#int fa0/0.20 R-l(config-sub-if}# encapsulation dotlQ 20 It should be the exact vlan no ( vian 20) Rel(config-sub-if}# ip add 192.168.2.100 255.255.255.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 49Router#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/O unassigned _YES unset_up up Verify connectivity Pc>ipconfig IP Address +: 192.168.1.1 Subnet Mask.. 255.255.255.0 Default Gateway. + 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 time=62ms TTL=127 Reply from 192.168.2.1: bytes=32 time=125ms TTL=127 Reply from 192.168.2.1: bytes=32 time=109ms TTL=127 Pc>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 47ms 63ms 62ms —192.168.1.100 2 109ms 125ms 78ms 192.168.2.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 50LAB: Inter Vian-Routing Using MLS SVI interfaces Vian 10 SN Vian 20 192.168.1.100 PS egy) 192.168.2.100 Multilayer Switch) VLAN 10 Sales VLAN 20 marketing 192168:1:0/24 192.168.2.0/24 TASK: ‘© Create vlan and shift the ports as per the diagram * create SVI_ (switch virtual interface ) for each vlan and assing IP as per vlan addressing as per the diagram given Ensure that IP routing is enabled on Multilayer Switch verify connectivity between vians (ping 192.168.1.1 —-192.168.2.1) TASK: Create Vian and Shift the Ports According To the Diagram Switch(config)#vlan 10 Switch(config-vlan)#vlan 20 Switch(config-vlan)#exit Switch(config)int range fO/1 - 2 Switch(config-ifrange)#switchport mode access Switch(config-ifrange)#switchport access vlan 10 Switch(config-iFrange)#exit Switch(config)#int range f0/3 - 4 Switch(config-ifrange)#switchport mode access Switch(config-ifrange)#switchport access vlan 20 switch(config-if-range)#exit NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 51SW-l#sh vian VIAN Name. Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, FaO/15, FaO/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/2I, Fa0/22, Fa0/23, Fa0/24 GigW/1, Gigl/2 10 VLANOOIO = active Fa0/I, Fa0/2_ 20 VLANOO20 active Fa0/3. Fa0/4 1002 fddi-cefault act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tnet-default act/unsup TASK: Create SVI (Switch Virtual Interface) For Each Vian Switch (config)#int vlan 10 Switch(config-if}#ip address 192.168.1.100 255.255.255.0 Switch(config-if}#no shutdown Switch(config-if}#exit ‘Switch(config)int vlan 20 Switch(config-if}#ip address 192.168.2.100 255.255.255.0 ‘Switch(config-if)4#no shutdown Switch(config-if}#exit Switch # sh ip ViantO 192.168.1100 YESmanualup = up + The VLAN must be defined and active on the switch before the SVI can be used, * The VLAN and the SVI are configured separately, even though they interoperate. Creating or configuring the SVI doesn't create or configure the VLAN: you still must define each one independently t brief Switch(config)#ip routing + Enable routing on the switch by using the ip routing command. Even if IP routing was previously enabled, this step ensures that it is activated, Task : Verify Connectivity between VLANs (Ping 192.168.1.1 —192.168.2.1) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 52PC>ipconfig Subnet Mask... 255,255.255.0 Default Gateway...erssset 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 time=62ms TTL=127 Reply from 192.168.2.1: bytes=32 time=125ms TTL=127 Reply from 192.168.2112 bytes =32 time=109ms TTL=127 PC>tracert 192.168.2.1 ‘Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 47ms 63ms 62ms [9268/0100 TASK: * Continue With The Previous Lab Configurations * Add A Router Connecting To MLS as per the diagram ( Assuming that there is a Wan Connection Between Router And MLS and they are different locations) 10/20 on 100.0.2/8 100.0.1/8 00 172.16.1-100/24 172.461.4172. / 108.11 / ipconfig 1P Aces OTB NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 55Subnet Mask.. Default Gateway.. 255.255.255.0 : 192.168.1.100 PC>ping 172.16.1.1 Pinging 172.16.1.1 with 32 bytes of data: Request timed out. Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 PC>tracert 172.16.1.1 Tracing route to 172.16.1.1 over a maximum of 30 hops: 1 31ms 31ms 32m 192.168.1.100 2 63ms 62ms 62ms 10.0.0. 3 109ms 125ms 125 ms 172.16.1.1 Trace complete. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 56Extended VLAN NA. » Historically, Cisco Catalyst switches have supported only up to 1024 VLANs » ISL uses 10-bit VLAN ID (upto 1024 Vian) > 802.1Q includes a 12-bit VLAN ID field (upto 4096 vlan) » Cisco refers to the VLANs between 1025 and 4096 as extended-range VLANs. Cisco Catalyst switches support extended-range VLANs JM ONLINE fda under the following restrictions: VTP cannot be used for VLAN management. (VTP must be configured in transparent mode or off ‘swa(config)#vtp mode ? client Set the device to client mode. off Set the device to off mode. sw7(config)#vtpmode server server Set the device to server mode. Setting device to VIP Server mode for VANS. transparent Set the device to transparent mode. sw7(config)#vlan 4000 sw7{config-vian)#name sales sw7{(config-vian)¥exit {XFalled to create VLANs 4000 Extended VLAN(s) not allowed in current VTP mode. Failed to commit extended VLAN(s) changes. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 57Only Ethernet VLANs are supported. ‘swash vlan VLAN Name 1 default 1002 fddi-default 1003 trerf-default 004 Fddinet-default 1005 trbrf-default ‘sw7{(config)#vtp mode transparent Setting device to VTP Transparent mode for VLANS. sw7{(config)#vlan 4000 ‘sw7{(config-vlan)#name sales sw7(config-wlan)fexit Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ORK ONLINE ACADEMY Status Ports active Fae/1, Fa0/2, Fa0/4, Fa0/5 Fee/6, Fa0/7, Fa0/8, Fae/9 Fa@/10, Fa@/11, Fae/12, Fa0/33 Fae/14, Fa@/15, Fad/16, Fa0/27 Fae/18, Fa0/19, Fae/22, Fa0/21 20/22, Gie/1, Gie/2 act/unsup act/unsup act/unsup act/unsup Status Ports ‘SW7#sh vlan VLAN Name 1 default active Fao/t,Fa0/2, Faor4, Faols Fa0/6, Fao/7, Fao/8, Fao/g Fao/10, Fao), Fao), Fao/s3 Fao/s4, Fao/ts,Fao(t6, Fao/i7 Fao/t8,Fa0)19, Fao/20, Fao/21 Fa0/22,Giofs,Gio/2 1002 fddi-default cact/unsup 1003 trerfdefault factfunsup 1004 fddinet-default ‘actjunsup 1005 trbrf-default act/unsup 4000 sales active om Page 58Voice VLAN MOA, » voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. » switch can connect to IP Phone to carry IP voice traffic » The Cisco IP Phone contains an integrated three-port 10/100 switch erate dice one Ten feces a laccess / th Vice an é = ia * Default VLAN configuration : NPA. » The voice VLAN feature is disabled by default. » You should configure voice VLAN on switch access ports. » The voice VLAN should be present and active on the switch for the IP phone to correctly communicate on the voice VLAN. » Use the show vlan privileged EXEC command to see If the VLAN Is present » The Port Fast feature is automatically enabled when voice VLAN is configured. PC Catalyst 3550 switch Cisco 7960 IP Phone NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 59Voice VLAN - Configuration NPA. > Create VLAN 10 = DATA & VLAN 50 = VOICE » Assign Ports connecting to PC to Data VLAN and IP phones to Voice VLAN 1? Phones 192.18.1.1/24 192.168.1.2/24 Voice VLAN - Configuration ‘NETWORK OWN VLAN 10 = DATA VLAN 50 = VOICE Switch(configievlan 10 Switch(config-vian)éname DATA Switch(config-vian)sexit Switch(config)svian 50 Switch(config-vian)sname VOICE Switch(config-vian)sexit 19216812724 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 60Voice VLAN - Configuration Assign Ports * connecting to PC to Data VLAN + IP phones to Voice VLAN Switch(confighint fo/1 Switch(config-is switchport mode access Switch(config'if# switchport access vian 10 Switch(config'f\sexit Switch(configys int fo/3 Switch(config-ifs switchport mode access Switch(config-isswitchport voice vian 50 Switch(config-iexit Voice VLAN - Verification Status Ports 1 default active Mi OA. Switch(confighrint fo/2 ‘Switch(config-ifswitchport mode access ‘Switch(config-if# switchport access vlan 10 Switch(configeif switchport voice vlan 50 Switch(config-I)end 192.168.1.2/24 JM OF \. 192.168.1124 Fa0/3, Fa0/9, Fa0/10, Fao/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 192.168.1.2/26 Fa0/16, Fao/17, Fao/18, Fa0/19 Fa0/20, Fao/21, Fa0/22, Fa0/23 Fao/24, Gio/t, Glo/2 10 DATA 50 VOICE active Fag/1, Fa0/2 active Fa0/2, Fao/3 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 61NA. VTP VLAN Trunking protocol VLAN TRUNKING PROTOCOL KOA, used to share the VLAN configurations with multiple switches Vian — a Maintain consistency throughout that network, ackbone + VTPis a CISCO proprietary protocol Vian 10,20,300 Vian 10, VTP manages the addition, deletion, and renaming — of VLANs across the network from a central point of control wensave ——EnlSerer cof = NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 62VTP MODES 1. Server Mode ‘CORE 2. Client mode 3. Transparent mode Server Mode + Default mode + Creates, modifies, and deletes VLANs + Synchronizes VLAN configurations + Sends and forwards advertisements = Saves configuration in NVRAM. Client Mode cannot Add , Modify and Delete its VLAN configurations Synchronizes VLAN configurations Forwards advertisements Doesn't store its VLAN configuration, leams it from the server every time it boots up eene NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 63= Add , Modify and Delete VLAN configuration + Does not synchronize VLAN configurations Saves configuration in NVRAM_ + Forwards advertisements cone 10,20 | Client WebSever mal Seret VTP - configuration 1. Configure Trunking 2. Configure VTP Domain 3. Create Vian server/Transparent 4. Verify Client NOTE: + All links must be configured as trunks. + Information will be passed only if switches connected with Fast Ethernet or higher ports. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 64VTP - configuration NA, ‘SW-1(config)sint fo/20 ‘SW-1(config'switchport mode trunk Serer OD ‘SW-1(config-ifisswitchport trunk encapsulation dotia SW{config)tint range fa0/20 - 21 5 Teamparent “D>> ‘SW-2(config-if}rswitchport mode trunk ‘SW-2(config-if)tswitchport trunk encapsulation dotiq Gient ‘SW3(config)sint fo/21 ‘SW-3(config-if+switchport mode trunk ‘SW-3(config-if}+switchport trunk encapsulation dotiq ‘SW2ash interfaces trunk Port Mode Encapsulation Status ‘Native vlan Fao/20 on 802.19 ‘trunking: 1 F021 on 802.14 trunking 1 VTP - configuration NOA NETWORK ONRE ACADEY ‘sWi(Config)s VTP domain CCIE SW2(Config)* VTP domain CCIE ‘SWi(Config)* Vtp password cisco123 SWa{Configw Vin password clscot23 SW2(Config)* Vip version 2 ‘SW2(Contig) Vtp mode Transparent ‘SWi(Config)y Vtp version 2 ‘SWi(Config)s Vep mode server ‘SW/(Config) WTP domain CCIE ‘SW3(Config)> Vtp password ciscor23 SWs3(Configis Vip version 2 SW(Config)s Vip mode Client Client Note: + Domain name must match & Case sensitive. + VIP password & version must match. + VTP once enabled uses version 1 only NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 65VTP - Verification NPA, ‘SW-1(configievian 10 ‘SW-1(config-vlan)svlan 20 ‘SW-1(config-vlan)svlan 30 ‘SW-3#sh vlan VLAN Name 1 default active F20/1, Fa0/2,Fa0/3, Faora Fa0/s,Faov6, Fao, Fa0/8 Fa0/9, Fao/10, Fa0/11, Fao/12 Fa0/13, Fao, Fa0/15, Fa0/16 20/17, Fao, Fa0/19, Fa0/20 Fa0/22, Fao/23, Fa0/24, Gigh/1 ae Se ae ae = are = VTP - Verification NOA Ye omer ‘Sw-2(config)rvlan 100 ‘Sw-2(config-vlan)+vlan 200 ‘Sw-2(config-vian}vlan 300 1 default active Fa0/1, Fa0/2,Fa0/3, Fa0/a Fao/s, Fa0/6, Fao/7, Fa0/8 Faov9, Fa0/10, Fao/1, Fa0/12 Fao/13, F20/16, Fa0/15, Fa0/16 20/17, Fa0/18,Fa0/19, F20/20 Fa0/22, Fao, Fa0/24, Gigi/1 Gigi? 10 VLANooto active 20. VLANoo20 active 30 VLANooz0 active NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 66VTP - Verification SW-1ash vep password VIP Password: cisco123 SW-14sh vtp status VTP Version 2 Configuration Revision, 4 ‘Maximum VLANS supported locally : 255 Number of existing VLANs: 8 VTP Operating Mode = Server Cie VTP Domain Name CCIE VTP Pruning Mode Disabled VTP V2 Mode Enabled VIP Traps Generation Disabled MDS digest + 0xD1 OxBE 0x98 OxAB OxDD oxFF 0x2F ovat Configuration last modified by 0.0.00 at 3-193 00:36:37 Local updater ID is 00.0.0 (no valid interface found) NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 67LAB: VTP Transparent — 73> Client TASK: 1) Configure the links between Switches as Trunks. (vtp advertisements are send only on trunk ports) 2) Configure VTP on all switches as per thegiven modes in the Diagram above. 3) To verify VIP a. Create vlans on server and verify on client and transparent switch b. Create vians on transparent switch and verify on client and server (On SWI (SERVER) SW-1(config)int £0/20 SW-1(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dotlq 2 (TRANSPARENT) sw2(config)#int range fa0/20 - 21 SW-2(config-if}#switchport mode trunk SW-2(config-if}#switchport trunk encapsulation dotlq Sw3 (CLIENT) 53 (config)#int f0/21 SW-3(config-if}#switchport mode trunk SW-3(config-i}#switchport trunk encapsulation dotlq SWI#sh interfaces trunk Port Mode —_ Encapsulation Status _Native vlan NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 68SW2#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.19 trunking. 1 Faq/21_ on 802.19 trunking 1 SW-3#sh interfaces trunk Port Mode Encapsulation Status Native vlan TASK: + Configure VTP on all switches as per thegiven modes in the Diagram above. © (SWI-SERVER. SW2 - TRANSPARENT, SW3— CLIENT) Make Sure that Domain name ( case-sensitive) / password / version must match on all switches for sending and receiving VTP Messages swt swt swat swt swt (config)#vtp domain CCNP (config)#vtp password ciscol23 (config)#vtp version 2 (config)#vtp mode server SW-2(config)#vtp domain CCNP SW-2(config)#vtp password cisco123 SW-2(config)#vtp version 2 SW-2{config}#vtp mode transparent sw3 SW-1(config)#vtp domain CCNP SW-1(config)#vtp password ciscol23 SW-1(config)#vtp version 2 SW-1(config)#vtp mode client Swish vtp status VTP Version 22 Configuration Revision: 2 Maximum VLANs supported locally : 255 Number of existing VLANs: 5 VTP Operating Mode =: Server VTP Domain Name =: CCNP VTP Pruning Mode isabled VTP v2 Mode : Enabled VTP Traps Generation : Disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 69MDS digest + OXB6 0x22 0x83 OxBE 0x23 OxAB 0x06 OxCC Configuration last modified by 0.0.0.0 at 3-1-93 00:07:33 Local updater ID is 0.0.0.0 (no valid interface found SWI#sh vtp password The current VTP parameters for a management domain can be displayed using the show vtp statuscommand SW-3#sh vip status Maxitnum VLANs supported locally : 255 Number of existing VLANs: 5 VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MDS digest +: OX86 Ox22 Ox83 OxBE 0x23 OxA8 0x06 OxCC Configuration last modified by 0.0.0.0 at 3-1-93 00:07 To verify VTP ‘+ Create vians on server and verify on client and transparent switch + Create vians on transparent switch and verify on client and server swt SW-1(config)#vlan 10 SW-1(config-vlan)#vlan 20 SW-1(config-vlan)#vlan 30 SW-1(config-vlan)#vlan 40 SW-1(config-vlan)#name sales SW-1(config-vlan)#vlan 50 SW-1(config-vlan)#name marketing Ri#sh vlan VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/?. Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 70Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigl/I Sw-3#sh vlan Gigl/2 1002 fdai-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup: VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/22, Fa0/23, Fa0/24, Gigl/1 Sw-2#sh vlan Gigl/2 10 VIANOOIO = active 20 VIANOO20 active 30 VLANOO30 active 40 sales active 50 marketing = aactive VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/22 Fa0/23, Fa0/24, Gigi/l, Gigl/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1 et-default act/unsup NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 71not synchronize the vlan You don't see any van on the transparent mode switch as the transparent information from any other Swithces but still forward the Vian information. sw-2 sw-2 sw-2 sw2 (config)#vlan 100 onfig-vlan)#vlan 200 (onfig-vian)#vlan 300 (onfig-vian)#end SW2 #sh vlan VIAN Name. Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/22 Fa0/23, Fa0/24 1002 fddi-cefaultt act/unsup Swish vlan VLAN Name Status Ports 1 default active Fa0/l, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/?, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigi/I Gigt/2 10 VLANOOIO active 20 VLANOO20 active 30 VLANOO30 active 40 VLANO040 active 1002 fddi-cefault act/unsup. 1008 token-ring-default act/unsup 1004 fddinet-defautt act/unsup 1005 tnet-default act/unsup NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 72SW3 # sh vlan VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/I8, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigl/I cig/2 10 VLANOOIO active 20. VLANO020 active 30 VLANO030 active 40 VLANOO40 active 1002 fddi-defautt act/unsup. 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup. 1005 trnet-default act/unsup, + You can see the vians created on the transparent switch are not present in any of the other switches ( SWI or SW3 ) because the switch in transparent mode will not synchronize the vian information * Revision number for switches in the transparent mode will be always ZERO. Sw-2#sh vtp status VIP Version 2 Maximum VLANs supported locally : 255 Number of existing VLANs: 8 VTP Operating Mode : Transparent VIP Domain Name ccNP VTP Pruning Mode : Disabled VTP v2 Mode : Enabled VTP Traps Generation : Disabled MDS digest (OxB7 0x9D OxA5 OxEF OxDE 0x56 OxC5 OxCF Configuration last modified by 0.0.0.0 at 3-1-93 00:07 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 73Configuration Revision Number MOA, VTP configuration revision number to keep track of the most recent information. The VTP advertisement process always starts with configuration revision number 0 (zero) ‘When changes are made on a VTP server, the revision number Is incremented before the advertisements are sent. Higher the number — updated Vian information. & Before Adding a Switch to an Existing VTP Domain ‘+ Ensure a new switch has VTP revision is 0 before adding it to a network. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 74Change VTP - Revision number NA AEH SW-3#show flash: Directory of flash:/ 1 -twe 3058048 2950-l6qal2-mu.121-22.EA4bin 3-1w 556 vian.dat + Delete Vian-dat file inside the Flash and reload ‘SW-3#delete vian.dat Delete filename [vlan.dat}? Delete flash:/vlan.dat? (confirm) SW-3#reload Change VTP - Revision number © Delete Vian.dat file inside the Flash and reload © Change the switch's VTP mode to transparent and then change the mode back to server/client. © Change the switch’s VTP domain to a bogus name (a non-existent VTP domain), and then change the VTP domain back to the original name, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 75VTP Versions VTP version 1 VIP Version 2 ‘Supports only one VTP domain Support multiple VTP domain Check for domain name (if matches then only forward VTP messages) Not check for Domain name sending advertisements ( match to synchronize database) ‘More consistent check ( add more overhead) ‘Check for consistency ,whenever new information is added ‘No Support for Token ring VLAN. Support for Token ring VLAN VTP version 3 — Enhancements XA, VTP version 1/2 VIP Version 3 Synchronize only VLAN database Synchronize VLAN , MSTP,, private VLAN Password in clear text clear text hidden password Extended VLAN range (1006- 4094) + Supported only in transparent mode Extended VLAN ~ Create on server & Synchronize VTP Modes : Server, Client, Transparent VTP Modes Primary server, Secondary Server, Client , Transparent, of Updates VLAN database based on Revision number (Higher) Updates VLAN database — if advertised by Primary server NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 76VTP version 3 — Modes VTP modes Relay/Process | Configure | Save PRIMARY SRV | Yes Yes Yes ‘SECONDARY SRV | Yes, No Yes CLIENT Yes No No TRANSPARENT | Yes Yes Yes OFF No Yes Yes VTP version 3 — Verification TASK: + Configure fo/24 port of sw1/Sw2 as Trunk ports. + Configure VTP version 3 using following parameters: + Domain name : NOA + Password hidden : noai23 ‘SW2tsh vep status VTP Version capable to3 VTP version running VTP Domain Name NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID 0023.041¢.5¢00 Feature VLAN: VTP Operating Mode : Server Number of existing VLANs 5 ame ‘SWi(config)svtp domain NOA. ‘SW1\(config)svtp password noat23 ‘SW1(confightvtp version 3 ‘SW2{config)tvtp domain NOA. ‘SW2(config)tvtp password noat23, ‘SW2(config)evtp version 3 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 77VTP version 3 —Hidden Password NOA ORK ONE ACADEMY ‘SW2#sh vtp password az VIP Password: noa123 sm wz ‘SW2(config)tvtp password noa123 hidden SWrish vip password VIP Password: DooCEES3D89CFCs8Ca3eseFCFsaBDC1A, Creating Vian on Primary server NOA AETWORK ONTRE ACADEAY ‘SW1(config)vlan 10 VTP VLAN configuration not allowed when device is not the primary server for vlan database. ———— a =e This system is becoming primary server for feature vlan wn sw Enter VTP Password: SWrtsh vip status VIP Version capable VIP version running VIP Domain Name VTP Pruning Mode VIP Traps Generation : Device ID + 0022.be79.2€00 ‘SW1(config)svlan 10,20,30,40 Feature VLAN: VTP Operating Mode + Primary Server NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 78VTP version 3 10124 swi ene TASK: * Configure {0/24 port of sw1/Sw2 as Trunk ports. * Configure VTP version 3 using following parameters: + Domain name : NOA * Password hidden : noal23 SW1(config)#int 10/24 SWI (config-if)#switchport trunk encapsulation dott SWI (config-if}#switchport mode trunk SWI(config-ifffexit SW2(config) int f0/24 sW2(config-if)# switchport trunk encapsulation dotlq SW2(config-if)# switchport mode trunk SW2(config-if) fend ‘SW2fsh interfaces trunk, Port Mode Encapsulation Status Native vlan Fa0/24 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/24 1-4094 Port Vlans allowed and active in management domain Fao/24 1 Port —_Vlans in spanning tree forwarding state and not pruned Fa0/24 none sw2itsh vtp status VTP Version capable :1to3 VTP version running =: T VTP Domain Name : VTP Pruning Mode : Disabled VIP Traps Generation : Disabled Device ID 1 0023.041c.5e00 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater 1D is 0.0.0.0 (no valid interface found) Feature VLAN: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 79VTP OperatingMode —_: Server Maximum VLANs supported locally : 1005 Number of existing VLANs 5 Configuration Revision 20 MDS digest 1 0x57 OxCD Ox40 Ox65 0x63 0x59 0x47 OxBD (0x56 Ox9D Ox4A Ox3E OxAS 0x69 0x35 OxBC SWI¥sh vlan brief VLAN Name Status Ports 1 default active _FaO/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, GiO/I cio/2 1002 fddi-cefault act/unsup. 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup SWI(config)#vtp domain NOA SWI (config)#vtp password noal23 SWI (config)#vtp version 3 sw2(config)#vtp domain NOA sW2(config)#vtp password noal23 W2(config)#vtp version 3 sw2(config)#end sw2itsh vtp status VTP Version capable :1to3 VIP version running =: 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID + 0023.041c.5e00 Feature VLAN: VTP OperatingMode =: Server Number of existing VLANs 5 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 80Number of existing extended VLAN: Maximum VLANs supported locally: 1005 Configuration Revision 20 Primary ID 000.000.0000 Primary Description MDS digest ‘SW2fsh vtp password TASK: Configure 5 hes to ensure that the password should be seen. SW2fsh vtp password sW2(config)#vtp password noal23 ? secret Specify the vtp password in encrypted form sW2(config)#vtp password noal23 hidden SWI (config)#vtp password noal23 hidden SWI (config)#end SWIsh vtp password TASK: © Create vian 10,20,30,40 on SW/ and ensure that it synchonises on both switches: + Configure SWI to be primary switch to update the database. SWI(config)#vlan 10 SWl#vtp primary vlan This system is becoming primary server for feature vian Enter VTP Password: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 81No conflicting VTP3 devices found. Do you want to continue? [Confirm] SWIésh vtp status VTP Version capable :1to3 VTP version running 3 VIP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID + 0022.be79.2e00 Feature VLAN: Number of existing VANS: 5 Number of existing extended VLANs : 0 Maximum VLANs supported locally: 1005 Configuration Revision 21 Primary ID +: 0022,be79.2e00 Primary Deseription SWI MDS digest + OxIE OxA7 OxBE 0x46 0x94 OxBE 0x95 OxAS Ox9D Ox6E OxD5 0x69 0x72 OxEF 0x03 OxDO Feature MST: VTP Operating Mode ransparent Feature UNKNOWN: VTP Operating Mode : Transparent ‘SW1(config)#vlan 10,20,30,40 SWI(config-vian)#end SWI¥sh vlan brief VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/I8, Fa0/19, Fa0/20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 82Fa0/21, Fa0/22, Fa0/23, Gi0/t cio/2 1002 fddi-default act/unsup 1003 trerf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup SW2ésh vlan brief VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, GiO/I cio/2 40 VLANOO40 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup sw2itsh vtp status VTP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation isabled Device ID : 0023.041c.5e00 Feature VLAN: VTP Operating Mode : Server Number of existing VIANs =: 9 Number of existing extended VLANs : 0 Maximum VLANs supported locally: 1005 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 83Configuration Revision fa Primary ID + 0022.be79.2e00 WI : OXBF Ox17 Ox16 OxA3 Ox73 0x09 OxOF Ox2E OxEC OxI9 Ox4F OxCA Ox13 OxEE OxD4 0x79 Primary Description MDS digest Feature MST: VTP Operating Mode : Transparent Feature UNKNOWN: VTP Operating Mode : Transparent TASK: Create extended vian 2000 - 2001 on SW SW/I(config)#vlan 2000-2001 SW(config-vian)#end SWI#sh vlan brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gio/t ciov2 10 VLANOOI0 active 20. VLANO020 active 30 VLANO030 active 40 VLANOO40 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup, 1005 trbrf-default act/unsup SW24sh vlan brief VIAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 84Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gio/t cio/2 10 VLANooto active 20 =VLANOO20 active 30. VLANOO30 active 40 VLANOO40 active 1002 fddi-defautt act/unsup 1003 trerf-default act/unsup 1004 fddinet-default act/unsup: 1005 trbrf-default act/unsup 2000 VIAN2000 active 2001 VLAN2001 ative TASK: Promote SW2 to be the primary server and create vlan 3000-3005 on SW2 sw2évtp primary vlan This system is becoming primary server for feature vlan Enter VTP Password: No conflicting VTP3 devices found. Do you want to continue? [confirm] sw2itsh vtp status VTP Version capable :1to3 VTP version running 3 VTP Domain Name NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID +: 0023.041c.5200 Feature VLAN: Number of existing VLANs 9 Number of existing extended VLANs : 2 Maximum VLANs supported locally : 1005 Configuration Revision 24 Primary ID + 0023.041c.5e00 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 85Primary Description :sw2 MDS digest # OXID OxIT OxA3 OxIF 0x76 Ox7C OxE7 OxD7 OxIB 0x28 OxB9 OxBD OxFO Ox71 OxIE OxBC Feature Ms VIP Operating Mode : Transparent Feature UNKNOWN: VTP Operating Mode ransparent SWI#sh vtp status VTP Version capable :1to3 VTP version running 3 VIP Domain Name :NOA VTP Pruning Mode : Disabled VIP Traps Generation : Disabled Device ID +: 0022.be79.2e00 Feature VLAN: VTP Operating Mode =: Server Number of existing VLANs 9 Number of existing extended VLANs : 2 Maximum VLANs supported locally: 1005 Configuration Revision 4 Primary ID + 0023.041c.5e00 Primary Description :swa2 MDS digest +: OxID OxIT OxA3 OxIF 0x76 Ox7C OxE7 OxD7 OxIB 0x28 OxB9 OxBD OxFO Ox71 Ox1E OxBC Feature Ms VTP Operating Mode : Transparent Feature UNKNOWN: VTP Operating Mode ransparent sW2(config)#vlan 3000-3001 sW2(config-vian)#end swish vlan brief VIAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 86Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gio/t cio/2 10 VLANooto active 20 =VLANOO20 active 30. VLANOO30 active 40 VLANOO40 active 1002 fddi-defautt act/unsup 1003 trerf-default act/unsup 1004 fddinet-default act/unsup: 1005 trbrf-default act/unsup 2000 VLAN2000 active 2001 VLAN2001 active TASK: © Cofigure MSTP on SWI and ensure that SW2 should also synchronise the MSTP configuration information. ‘SWI#sh spanning-tree mst configuration % Switch is not in mst mode Name 01 Revision 0. Instances configured 1 Instance Vians mapped 01-4094 SWl#vtp primary mst SWI#sh vtp status VIP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VIP Pruning Mode : Disabled VIP Traps Generation : Disabled Device ID +: 0022.be79.2e00 Feature VLAN: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 87VTP Operating Mode : Server Number of existing VLANs 9 Number of existing extended VLANs : 4 Maximum VLANs supported locally: 1005 Configuration Revision :5 Primary ID + 0023.041c.5e00 Primary Description :swa2 MDS digest : OxBO OxFA OxI1 0x95 OxOF OxA9 OxF3 0x58 (0x38 0x96 OxDE OxIB 0x26 0x37 Ox8F OxD9 Feature Ms Feature UNKNOWN: VTP Operating Mode ‘ransparent SWI (config)#vtp mode server mst SWI (config)#end SWl#vtp primary mst This system is becot Enter VTP Password: No conflicting VTP3 devices found. Do you want to continue? [confirm] 1g primary server for feature mst server for the MST VTP feature SWHésh vip status VTP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID +: 0022.be79.2e00 Feature VLAN: VTP Operating Mode erver Number of existing VLANs 29 Number of existing extended VLANs : 4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 88Maximum VLANs supported locally: 1005 Configuration Revision 25 Primary ID + 0023.041c.5e00 Primary Description sw MDS digest + OXBO OxFA OxII 0x95 OxOF OxAQ OxF3 Ox58 (0x38 0x96 OxDE Ox1B 0x26 0x37 Ox8F OxD9 Feature MST: VTP Operating Mode: Primary Server Configuration Revision Hl Primary ID + 0022.be79.2e00 Primary Description 2 SW MDS digest 1 0x86 0x43 Ox4F Ox9D Ox7C Ox8F OxOF OxEB OxIF 0x25 OxD2 OxSA 0x55 0x98 OxET OxI9 Feature UNKNOWN: VTP Operating Mode : Transparent sW2(config)#vtp mode client mst SWI (config)#spanning-tree mode mst SWI (config)#spanning-tree mst configuration ‘SWI (config-mst)#name CCIE SWI (config-mst)#revision 1 ‘SWI (config-mst)instance 1 vian 10,20 SWI (config-mst)4instance 2 vlan 30.40 SWI (config-mst)#exit ‘SWI#sh spanning-tree mst configuration Name — [CCIE] Revision 1 Instances configured 3 Instance Vans mapped 0 1-9,11-19,21-29,31-39,41-4094 1 10.20 2 30.40 ‘SW24sh spanning-tree mst configuration % Switch is not in mst mode Name [CCIE] NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 89Revision 1 Instances configured 3 Instance Vians mapped 0 1-9,11-19,21-29,31-39,41-4094 it 10.20 2 30.40 ‘sw2(config)#spanning-tree mode mst ‘SW2ésh spanning-tree mst configuration Name — [CCIE] Revision 1 Instances configured 3 Instance Vians mapped 0 —1-9,11-19,21-29,31-39,41-4094 1 10,20 2 30,40 * Configure Private VLAN information on SW2 and verify VIP synchronizing private vlan information. swa(config)#vian 10 sw2(config-vian)#vian 100 sw2(config-vlan)#vlan 200 sw2(config-vian)exit swa(config)#vlan 10 sw2(config-vian)éprivate-vian primary sw2(config-vian)exit ‘swa2(config)#vlan 100 swa(config-vian)éprivate-vian isolated sw2(config-vian)exit sw2(config)#vlan 200 sW2(config-vian)#private-vian community sw2(config-vian)#exit sw2(config)#vlan 10 sW2(config-vlan)4private-vian primary sW2(config-vlan)4private-vian association 100,200 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 90sW2(config-vian)#exit ‘SW24sh vlan private-vian Primary Secondary Type Ports SW/lésh vlan private-vian Primary Secondary Type Ports 10 100 isolated 10 200. community SWI# sh vlan VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, GiO/l cio/2 10 VLANOOIO active 20. VLANOO20 active 30 VLANO030 active 40 VLANO040 active 100 VLANOI00 active 200 VLANO200 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup, 1005 trbrf-default act/unsup 2000 VLAN2000 active 2001 VLAN2001 active 3000 VLAN3000 active 3001 VLAN3OOI active VIAN Type SAID MTU_ Parent RingNo BridgeNo Stp. BrdgMode Trans! Trans2 1 enet 100001 1500- - - -- 0 0 10 enet 100010 1500- - - -- 0 0 20 enet 1000220 1500- - - -- 0 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 9130 enet 100030 1500- - - -- 0 O 40 enet 100040 1500- - - -- 0 0 100 enet 100100 1500- - - -- 0 0 200 enet 100200 1500- - - -- 0 0 1002 fddi 101002 -1500- - - -- 0 0 1003 trerf 101003 4472 1005 3276 - - sb O 0 1004 fdnet 101004 1500- - - ieee- 0 0 1005 trbrf 101005 4472- - 15 ibm- 0 O 2000enet 102000 1500- - - -- 0 0 2001 enet 102001 1500- - - -- 0 O 000 enet) 105000, 1500-48 | 0) 2g) 3001 enet 103001 1500- - - -- 0 O VLAN AREHops STEHops Backup CRF 10037 7 off Remote SPAN VLANs TASK: Configure SW/I to disable VTP globally or interace level on 0/23 SWI sh vip status VTP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0022.be79.2e00 Feature VLAN: VTP Operating Mode erver Number of existing VIANs 11 Number of existing extended VLANs : 4 Maximum VLANs supported locally: 1005 Configuration Revision 212 Primary ID + 0023.041c.5e00 Primary Description :swa2 MDS digest +: OXEE 0x2B O19 OxOE OxD1 OxBD OxF9 0x96 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 92(0x34 OxE8 Ox14 OxDI Ox68 OxBI OxF2 OxB3 Feature MST: VTP Operating Mode : Primary Server Configuration Revision 12 Primary ID + 0022.be79.2e00 Primary Description SWI MDS digest : 0x03 Ox46 OxEB OxBA Ox16 0x90 OxAC 0x22 (OxB3 Ox6F 0x31 0x99 Ox5C OXOE Ox9B OxFB Feature UNKNOWN: VIP Operating Mode : Transparent TASK: Disable VTP on SW/I using Mode off: SWI (config)#vtp mode off vian Setting device to VTP Off mode for VLANS. SWI (config)#vtp mode off mst Setting device to VTP Off mode for MST. TASK : Re-eable VTP on sw1 ( vian and msT) and Disable VTP only on interface (0/23. ‘SWI (config)#vtp mode server vlan Setting device to VTP Server mode for VLANS. SWI (config)#vtp mode server mst Setting device to VTP Server mode for MST. SWI(config)#int £0/23 SWI(config-if}#no vip SWI(config-fffend TASK: Create vian 199 and enable RSPAN and ensure that it synchronises this information as well sw2(config)#vlan 199 sW2(config-vlan)#remote-span sW2(config-vian)#end SW24sh vlan remote-span NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 93SWI#sh vlan remote-span NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 94VTP prunin; NOA oo NeTWORR OWtINE AcaDEY + Uses bandwidth more efficiently by reducing unnecessary flooded traffic + Example: Station A sends broadcast; broadcast flooded only toward any switch with ports assigned to the red VLAN Switch 4 Floodea ‘seten ‘Switeh 6 Switch 9. Switch 4 swan 6 Pruning Disabled Pruning Enabled VTP pruning NOA NeTWo Onne AcaDeY ‘ VTP pruning makes more efficient use of trunk bandwidth by reducing unnecessary flooded traffic. ‘Broadcast and unknown unicast frames on a VLAN are forwarded over a trunk link only if the switch on the receiving end of the trunk has ports in that VLAN. ‘® Preserves bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets. ‘Switch 4 Flooded ‘watfe is —————> ‘pruned switch 6! Switch 6 Switch 3 ‘Switch 4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 95+ server(Config)* Vep pruning + Enabling pruning on a VTP server, enables it for the entire domain. + VLAN 1 can never prune becaus 2 Configuration Revision ‘ Maximum VLANs supported locally : 1005 Number of existing VLANs 16 operating Mode Server Pruning Mode 2 Enabled V2 Mode 2 Disabled ‘Traps Generation Disabled VTP pruning - Verification NOA ‘ReTWORR OnE AcADEAY Switchifehow interface trunk Pore Mode Encapsulation Status Native vian Fa0/2 on 202.14 crunking 2 Port Vians allowed on trunk Fa0/2 1-1008 Port Vians allowed and active in management domain Fa0/2 1,10,20, 1002, 1003, 1004, 1005 Port Vians in spanning tree forwarding state and not pruned Fa0/2 1,10, 20,1002, 1003, 1004, 1005 RackisWifshow interface fa0/16 pruning Port Vlans pruned for lack of request by neighbor Fa0/16 7-8, 10,22, 58, 67, 146 Port Vian traffic requested of neighbor Fa0/16 1,5, 7-10, 22, 43, 58, 67, 79,146 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 96Manual Pruning VLANs NA, VIP allows you to decide what VLANs would be allowed on a trunk. ‘SW1(config)#interface FastEthemet 0/20 ‘SW/(config-iNéswitchport trunk allowed vian 10,20 ea FZ NOTE: [tis important that this command be applied on both ends of a given link. Nerwomh OA. ‘SWa(confighsinterface FastEthernet 0/20 ‘SWa(config-iNsswitchport trunk allowed vlan 10,20 SW-t#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.14 trunking 1 Port Vians allowed on trunk Fa0/20 10,20 Port Vians allowed and active in management domain Fa0/20 10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10,20 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 97LAB: VTP Pruning: vre ci ong 0720 swt ‘sw2 TASK: * Configure the link f0/19, £0/20 between SW/, SW2 as trunk links. + SWI = server , SW2 = Client * domain : NOA (version2)_ password : noal23 * Create vian 10,20,30,40 and VTP should sync with others. SWI (config)#int range f0/19 - 20 SWI (config-if-range}#switchport trunk encapsulation dotiq SWI (config-if-range)#switchport mode trunk SWI (configrif-range)exit sW2(config)#int range f0/19 - 20 sW2(config-if-range)#switchport trunk encapsulation dotiq sW2(config-if-range)#switchport mode trunk sW2(config-if-range)#end SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan F019 on 802.1q trunking 1 Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk Fag 1-4094 Fa0/20 1-4094 Port —_Vlans allowed and active in management domain Faog 1 Fa0/20 1 Port Vlans in spanning tree forwarding state and not pruned Fao 1 Fao/20 1 SWI(config)#vtp domain NOA SWI(config)#vtp password noal23 SWI(config)#vtp version 2 ‘sw2(config)#_vtp mode Server sW2(config)# vtp domain NOA sW2(config)#_vtp password noal23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 98swa(config)# vtp version 2 ‘sw2(config)# vtp mode client SWI(config)#vlan 10 SWI(config-vian)#vlan 20 SWI (config-vian}#vlan 30 SWI(config-vian) vlan 40 SWI (config-vian)#exit sW2ésh vlan brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3 Fa0/4, Fa0/5, Fa0/6 FaQ/7, Fa0/8, Fa0/9 FaQ/10, FaQ/I, Fa0/12 FaQ/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18 Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gio/2 10 VLANOOIO active 20. VLANO020 active 30 VLANOO30 active 40 VLANOO40 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup. 1005 trbrf-default act/unsup SW24sh interfaces trunk Port Mode Encapsulation Status _ Native vlan F209 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Fog 1-4094 Fa0/20 1-4094 Port —_Vians allowed and active in management domain Fa0/19—_1,10,20,30,40 Fa0/20 —_1,10,20,30.40 Port Vians in spanning tree forwarding state and not pruned Fa0/19 —1,10,20,30,40 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 99Fa0/20 —1,10.20,30.40 swe By default trunks allows all the vian irrespective of whether they have active ports present on that vian or not. TASK: * Configure VTP pruning on VTP server to ensure that the trunk links should prune the vlan which are not active on that particular switch; SWI#sh vip status VTP Version Configuration Revision: 5 Maximum VLANs supported locally: 1005 Number of existing VLANs: 9 VTP Operating Mode : Server VTP Domain Name :NOA VIP Pruning Mode =: Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MDS digest +: Ox34 OXFB OxE4 0x98 0x79 OxEA Ox38 Ox2C Configuration last modified by 192.168.1.51 at 3-1-93 01:16:06 Local updater ID is 192.168.1.51 on interface VII (lowest numbered VLAN interface found) SW2ésh vip status VTP Version 22 Configuration Revision 5 Maximum VLANs supported locally : 1005 Number of existing VIANs :9 VIP Operating Mode Client VTP Domain Name NOA VTP Pruning Mode: Disabled VTP V2 Mode : Enabled VIP Traps Generation : Disabled MDS digest +: Ox34 OxFB OxE4 0x98 0x79 OxEA Ox38 Ox2C Configuration last modified by 192.168.1.51 at 3-1-93 01:16:06 SWI (config)#vtp pruning SWI(config)#end SWI#sh vtp status VIP Version Configuration Revision 6 Maximum VLANs supported locally : 1005 Number of exi ing VLANs: 9 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 100VTP Operating Mode : Server VTP Domain Name :NOA VTP V2 Mode nabled VTP Traps Generation : Disabled MDS digest +: Ox06 OxBC OxF4 0x35 OxF9 Ox8C Ox69 OxF7 Configuration last modified by 192.168.1.51 at 3-1-93 01:19:10 Local updater ID is 192.168.1.51 on interface VII (lowest numbered VLAN interface found) SW2ésh vip status VIP Version Configuration Revision +6 Maximum VLANs supported locally : 1005 Number of existing VLANs: 9 VTP Operating Mode + Client VTP Domain Name NOA VTP V2 Mode : Enabled VTP Traps Generation : Disabled MDS digest 1x06 OxBC OxF4 0x35 OxF9 Ox8C 0x69 OxF7 Configuration last modified by 192.168.1.51 at 3-1-93 01:19:10 SW2fsh interfaces trunk Port Mode _ Encapsulation Status Native vlan Fa0/19 on 802.1q trunking 1 Fa0/20. on 802.1q trunking 1 Port Vians allowed on trunk Fao/19 1-4094 FaQ/20 1-4094 Port Vlans allowed and active in management domain Fa09 —_1,10,20,30,40 Fa0/20 _1,10,20,30.40 Port _Vians in spanning tree forwarding state and not pruned * By default in my network i have only port f0/1 connected in vian 1 and | have only vian 1 active and it will not be pruned anyways by default + TO verify the pruning behavoiour i have vian 10,20,30.40 created on server and synchronised on both. switches NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 101* create some svi interface for each vlan on both switches for verifying VTP pruning behaviour ( in real networks we have PC connecting to their respective vlan, Here we are not adding any PC or routers for testing VTP pruning) SWI#sh vlan brief VLAN Name Status Ports 10 VLANOOIO 20 VLANGO20 30 VLANOO30 40 VLANO040 1002 fddi-default 1003 trerf-default 1004 fddinet-default 1005 trbrf-default SWI(config)#int vlan 10 SWI(config-if#exit SWI(config)#int vlan 20 SWI(config-iffexit active _Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7. Fa0/8, Fa0/9. Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/21, Fa0/22, Fa0/23 Fa0/24, GiO/, active active active active act/unsup. act/unsup act/unsup act/unsup ‘Once we create SVI for wlan 10 and 20 on SWI it will update the next switch about the ACtive vian status and \2 will add them in the not prune ‘SW2ésh interfaces trunk Port — Mode Fa0/i9_ on Fa0/20 on Encapsulation Status Native vian trunking 1 trunking 1 Port — Vlans allowed on trunk Fao/19 1-4094 Fa0/20 1.4094 Port Vians allowed and active in management domain Fa0/19—_1,10,20,30,40 Fa0/20 —_1,10,20,30,40 NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution con” Page 102Port Vians in spanning tree forwarding state and not pruned Fa0/19 — 1,10320 Fa0/20 none SW24sh interfaces 10/19 pruning Port Vlans pruned for lack of request by neighbor Fao/19 30,40 Port Vian traffic requested of neighbor sw2(config)#int vlan 30 sW2(config-if#int vlan 40 swa(config-iifend ‘Once we create SVI for vian 30 and 40 on SW2 it will update the next switch about the ACtive vlan status and SWI will add them in the not prune list. SWI#sh interfaces trunk Port Mode Encapsulation Status _Native vlan Fa0/9 on 802.1q trunking 1 Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk Fao/i9 1-4094 Fa0/20 11-4094 Port Vlans allowed and active in management domain Fa0/19 —_1,10,20,30,40 Fa0/20 —_1,10.20,30.40 Port _Vlans in spanning tree forwarding state and not pruned Fao/20. 1 SWI¥sh interfaces (0/19 pruning Port Vlans pruned for lack of request by neighbor Fao/19 10,20 Port Vian traffic requested of neighbor Fao/19—1,10.20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 103VTP Prune eligiblte List: * If we want we can even add the vlan list which should not be pruned, as by default all the vians are pruned except VLAN 1 TASK: * Create vian 199 and ensure that vlan 199 should not get pruned even if they are not active ports. Default vlan prune eligible list (2 -1001) SWI(config)#vlan 199 SWI(config-vian)#exit ‘SWI(config)#int range f0/19 - 20 SWI(config-if-range)#switchport trunk pruning vlan ? WORD VIAN IDs of the allowed VLANs when this port is in trunking mode add add VLANs to the current list except all VLANs except the following none no VLANs remove remove VLANs from the current list ‘SW1(config-if-range)#switchport trunk pruning vlan remove 199 ‘SWA(config-if-range)#exit ‘SW2ésh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/9 on 802.1q trunking 1 Fa0/20. on 802.1q trunking 1 Port Vians allowed on trunk Fao/19 1-4094 Fa0/20 1-4094 Port Vlans allowed and active in management domain Fa0/19 _1,10,20,30,40.199 Fa0/20 —_1,10,20,30,40,199 Port Vians in spanning tree forwarding state and not pruned Fa0/19—1,10,209199 Fa0/20 none Mode Encapsulation Status Native vlan on 802.1q trunking 1 on 802.1q trunking 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 104Port Vians allowed on trunk Faon9 1-4094 Fa0/20 1-094 Port Vians allowed and active in management domain Fa0/19_ 1,10.20,30.40.199 Fa0/20 —1,10,20,30.40.199 Port Vians in spanning tree forwarding state and not pruned Fa0/19 —1,30,40,199 Fao720 1 TASK: Manual Pruning: * Disable VTP pruning configured. © Configure SW/1/SW/2 to allow only vlan 1,10,20,30,40 and vlan 199 on their respective trunk links (irespective whether they are active or not) SWI(config)#no vtp pruning. Pruning switched off SWI (config)#int range f0/19 -20 SWI (config-if-range)switchport trunk allowed vian 1,10,20,30,40,199 SWI (config-if-range)fexit sW2(config)#int range f0/19 - 20 sW2(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40,199 sW2(config-if-range)#end SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan F019 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port — Vians allowed on trunk Fa0/19 —_1,10,20,30,40.199 Fa0/20 — 1,10,20,30.40.199 Port _Vlans allowed and active in management domain Fa0/19 —_1,10,20,30,40.199 Fa0/20 — 1,10,20,30.40.199 Port Vians in spanning tree forwarding state and not pruned NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 105TASK: * Create vian 50,60 and add them on the trunk list * Configure Truk to remove vian 10 from allowed vlan list. SWI(config)#vlan 50 SWI(config-vian)#vlan 60 SWI(config-vian)#exit SWI¥sh vlan brief VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6 FaQ/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/I2, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 VLANOOIO active 20. VLANO020 active 30 VLANO030 active 40 VLANO040 active 50 VLANOOSO ative 60 VLANOO60 active 199 VLANO199 active 1002 fddi-default act/unsup 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup. 1005 trbrf-default act/unsup SWI#sh interfaces trunk Port Mode Encapsulation Status _ Native vlan F019 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/19__1,10,20,30,40,199 Fa0/20 —_1,10,20,30,40,199 Port Vlans allowed and active in management domain Fa0/19 —1,10,20,30,40,199 Fa0/20 —_1,10,20,30,40,199 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 106Port Vians in spanning tree forwarding state and not pruned Fa0/19 _ 1,10,20,30,40.199 Fao720. 1 SW/I(config)#int range fO/19 - 20 SWI(config-if-range)#switchport trunk allowed vian add 50,60 SWI(config-if-range)#switchport trunk allowed vian remove 10 SWI(config-if-range)#exit SWI#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fao/19 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/19 —_ 1,20,30,40,50,60,199 Fa0/20 —_1,20,30,40,50,60,199 Port —_Vians allowed and active in management domain Fa0/19 — 1,20,30,40,50,60.199 Fa0/20 —1,20,30,40,50,60,199 Port _Vians in spanning tree forwarding state and not pruned Fa0/19 —1,20,30,40,50,60,199 Fa0/20 1,50,60 sW2(config)#int range f0/19 - 20 sW2(config-if-range)#switchport trunk allowed vlan add 50,60 'sW2(config-if-range)#switchport trunk allowed vlan remove 10 sW2(config-if-range)#end SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/19 on 802.1q trunking 1 Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk Fa0/19 — 1,20,30.40,50,60,199 Fa0/20 — 1,20,30,40,50,60,199 Port —_Vians allowed and active in management domain Fa0/19 — 1,20,30.40,50,60,199 Fa0/20 —1,20,30,40,50,60.199 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 107Port Vians in spanning tree forwarding state and not pruned NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 108Spanning-tree protocol Bridging loops Redundant link between switches provides redundancy. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 109Bridging loops MOA, Redundant link between switches provides redundancy. Also possibility to create loops when switches do broadcasts. 1. Broadcast storms 2. Macetable instability 3. Multiple frame transmissions ———— SA [ Bridging loops NA. Broadcast Storm ——— Direction of Broadcast + Host A sends a broadcast. + Switches continue to propagate broadcast traffic over and over NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 110Bridging loops (solution) XA, » Only one fink between switches ( no redundancy) » Shutdown extra link temporarily Manually ( shutdown command) Automatically block extra links ( done by STP) ee A Sa a et Spanning-tree Protocol OA, » STP stop the loops which occurs when you have multiple links between switches » STP stops Broadcast Storms, Multiple Frame Copies & Database instability. > STP is a open standard (IEEE 802.1D) » STP is enabled by default on all Cisco Catalyst switches ‘a0/1———Fa0/1- '80/2-—————Fa0/2- ‘SwitchA SwitchB NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 111How STP works MOA. 1. Selecting the Root Bridge Selecting the Root Port 2. Selecting Designated port & Non Designated port 1) Selecting the Root Bridge OA. » The bridge with the Best (Lowest) Bridge ID. » Bridge ID = Priority + MAC address of the switch ( least is best) » Out of all the switches in the network, one is elected as a root bridge that becomes the focal point in the network. Root Bridge my = Non-Root Bridge Non-Root Bridge NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1121) Selecting the Root Bridge MOA, » The bridge with the Best (Lowest) Bridge ID. » Bridge ID = Priority + MAC address of the switch ( least is best) » Default priority on cisco switches = 32768 > Show version. (to verify base mac-address) Root Bridge (0001:1234:1234 32768 J Non-Root Bridge Non-Root Bridge onrzi21212 7 1111:4343:3334 a » Every LAN will have only one Root Bridge » and all the remaining switches will be considered as Non-root Bridges. 2) Selecting the Root Port: NA, » Shortest path to the Root bridge » Every Non-root Bridge looks the best way to go Root-bridge Root Bridge Non-Root Bridge Non-Root Bridge NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1132) Selecting the Root Port: » Shortest path to the Root bridge » Every Non-root Bridge looks the best way to go Root-bridge _Non-Root Bridge MOA. Non-Root Bridge Root port selection based on Cost » least cost (Speed) Bandwidth ‘Port Cost 10 Mbps 100 Root Bridge ‘100 Mbps ‘1-Gigabit Ethernet 10-Gigabit Ethernet ‘Nv Non-Root Bridge Non-Root Bridge » For every non-root bridge there is only one root port. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 114MA. Root port selection based on Cost » least cost (Speed) Bandwidth ‘Port Cost 10 Mbps 1100 Root Bridge ‘100 Mbps. 1-Gigabit Ethernet 110-Gigabit Ethernet Non-Root Bridge Non-Root Bridge » For every non-root bridge there is only one root port. Root port selection = MN = ZA. » least cost (Speed) Root Bridge » Bridge-ID of forwarding switch » Least port ( forwarding switch) RK 0111:1212:1212 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 115Root port selection © least cost (Speed) © Bridge-ID of forwarding switch © Least port ( forwarding switch) Root Bridge 3) Selecting Designated port & Non Designated port NEA, » least cost (Speed) » The least local Switch ID. » Lowest local Port Number. Root Bridge 0001:1234:1234 32768 Non-Root Bridge Non-Root Bridge 0111:1212:1212 32768 1111:4343:3334 32768 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 116Root bridge — central switch all the traffic forwarded. Root Bridge =, By Non-Root Bridge Non-Root Bridge BPDU NEA, » All switches exchange information through what is called as Bridge Protocol Data Units (BPDUs) > BPDUs are sent every 2 sec and dead = 20 sec » ABPDU contains information regarding ports, switches, port priority and addresses. Root Bridge Non-Root Bridge Non-Root Bridge NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 117STP Convergence 7 0} STP port states > Blocking 20 Sec or No Limits. > Listening 15 Sec. » Learning 15 Sec. Root Bridge » Forwarding No Limits, » Disable No Limits. Non-Root Bridge 3 Non-Root Bridge Eee Lab : verifying spanning-tree # Show Spanning-tree Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions..com Page 118LAB: VERIFYING SPANNING-TREE TASK:_ Find Root Bridge and alternate port (BLK) Swish spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0007.ECCD.AC82 Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 00D0.580D.2EEO Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20 Root FWD19 128.20 P2p Fa0/21 DesgFWD19 128.21 P2p sw2#tsh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 119Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/22 DesgFWD19 128.22 P2p ‘Wish spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0007.ECCD.AC82 Cost 19 Port 22(FastEtherneto/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sysid-ext 1) Address 00D0.9716.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type Fa0/21Altm BLKT9 ©=— 128.21 P2p Fao/22 Root RVD 19 128.22 P2p TASK: © To verify the STP convergence process shutdown the SWI {0/20 port and verify with Show spanning-tree Swi (config)#int f0/20 Swi (config-i#shutdown Once 10/20 interface of SWI or SW2 goes down, the alternate port f0/21 (SW3) comes to forwarding after delay of 50 sec © BLK 20sec o ISN 15sec o LRN 15sec wl (config)#int 0/20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 120SwI(config-if)#shutdown Swish spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0007.ECCD.AC82 Cot 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 00D0.971E.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/2t DesgFWD19 128.21 Pap Fa0/22 Root FWD19 128.22 P2p TASK: Configure F0/20 port of SW1 back to normal state (no shutdown) Sw (config)# int f0/20 Swi (config-if}# no shutdown ‘sW3#sh spanning-tree VLANOOOI Spanning tree enabled protocol Root ID Priority 32769 ‘Address 0007.ECCD.AC82 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address Q0DO.971E.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/21 Ath BLKI9 = 128.21 Pap Fa0/22 Root FWD 19 128.22 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 121Swl#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0007.ECCD.AC82 Cost 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00D0.580D.2EE0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fx0/20° Root WD 128.20 Pap Fa0/21 DesgFWD19 128.21 P2p * —SW2 f0/21 goes back to BLK state + SWI-/F0/20 comes back to normal forward state after 30 sec delay ( 15 sec LSN , 15 sec LRN) TASK: ‘+ Configure SW/I to be the Root Bridge for Vian 1 by changing the Priority value ‘+ Verify the STP port states changes once we change the Root bridge Configuring Spanning Tree To change the STP priority value, use the following: Switch (config)# spanningtree vlan < priority value> ‘Sw1(config)#spanning-tree vlan 1 priority ? Sw1(config)#spanning-tree vian 1 priority 0 Swi(config)#end ‘Swish spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 1 Address 00D0.580D.2EEO This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 122Bridge ID Priority 1 (priority 0 sys-id-ext 1) ‘Address 00D0.580D.2EE0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgAWD19 128.20 P2p Fao/2t DesgAWD19 128.21 P2p ‘SW34sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 1 Address 00D0.580D.2EEO Cot 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00D0.9716.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio. Nbr Type Fa0/21 Root AWDI9 128.21 Pap Fa0/22 Altn BLK19 128.22 P2p By default, STP is enabled for all active VLANs and on all ports of a switch. STP should remain enabled in a network to prevent bridging loops from forming. * However, you might find that STP has been disabled in some way. If an entire instance of STP has been disabled, you can reenable it with the following global configuration command: © Switch(config)# spanning-tree vian vian-id + If STP has been disabled for a specific VLAN on a specific port, you can reenable it with the following interface configuration command: © Switch (config-if}# spanning-tree vian vian-id NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 123LAB: Tuning STP (cost/proirity/Timers) for19 10720 swt ae TASK: * Connect Sw! and sw2 as per the digram on f0/19, f0/20 ports. * Configure swI to be the root bridge for all vlans (also future vlan). + Find what the rootports and Designated and blocking ports. sw2#sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fa0/t9 DesgFWD19 128.19 P2p Fa0/20 DesgFWD19 128.20 P2p ‘+ By default in my case, sw2 is elected as Root Bridge based on best bridge ID. + Asper task we need to configure SWI to become the Root Bridge with least prorirty value. SWI#sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000b.be78.8300 Cot 19 Port 19 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 124Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p Interface Role Sts Cost. _Prio.Nbr Type Fa0/I9 Root FWD19 128.19 Pap SW (config)#spanning-tree vian 1-4094 root primary SWI#sh spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 24577 (priority 24576 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time. 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge Pap Fao9 DesgFWD19 128.19 P2p Fa0/20 Desg FWD 19 128.20 P2p swish spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cost 19 Port 19 (FastEthemnet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 uww.noasolutions.con Page 125Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fao/19 Root FWDI9 128.19 P2p Fa0/20 Altn BLKI9 128.20 P2p + Asper the default configurations sw2 0/20 goes in to blocking state based on stp root port, and designtated port conditions. TASK: * Configure SW2 to ensure that f0/20 should be in forwarding state ( f0/19 in to blocking) w/2(config)#int £0/20 sw2(config-if}#spanning-tree cost 4 swa(config-if}# end or \2(config)#interface FastEthernet0/19 SW2(config-if}# spanning-tree cost 100 sw2(configif)fexit sw2#sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 ‘Address 000b.bee2.fa00 Cost 19 Port 20 (FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 126TASK * Remove the cost configured in the previous task: ‘+ Ensure that that you do the same cost by making changes other than SW2.( on sw) sW2(config)#int fO/19 SW2(config-if}#no spanning-tree cost 100 sw2(config-ifexit sw2#tsh spanning-tree vian 1 ‘VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cot 19 Port 19 (FastEthemnet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address _000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa0/19 Root WD19 128.19 Pap Fa0/20 Atm BLK19 128.20 P2p. SW/(config)#int f0/20 SWI(config-if}#spanning-tree port-priority ? <0-240> port priority in increments of 16 SWI (config-if}#spanning-tree port-priority 0 SWI(config-if}#end SW/#sh spanning tree vlan 1 VLANOOOt Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000b.bee2.fa00 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 127Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa Desg FWD 19 128.1 Edge Pap Fa0/19 Desg FWD 19 128.19 P2p Fa0/20 Desg FWD 19 0.20 P2p ‘Sw2#sh spanning-tree vlan 1 ‘VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cost 19 Port 20 (FastEthernet0/20) Hello Time 2 sec Max Age 20sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fao/i9 tn BLK19 128.19 Pap Fa0/20 Root FWD 19 128.20. Pap TASK: Changing STP timers * Configure the root bridge so that switches generate Spanning-Tree hello packets every 3 seconds. * When a new port becomes active, it should wait 20 seconds before transi ning to the forwarding state. If the switches do not hear a configuration message within 10 seconds, they should attempt reconfiguration. + This configuration should affect all currently active VLANs and any additional VLANs created in the future. Swish spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 128Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p Fao/19 DesgFWD19 128.19 P2p Fa0/20 Desg FWD 19 0.20 Pap Downstream devices from the root bridge inherit the timers configured on the root. SW/I(config)#spanning-tree vlan 1-4094 hello-time 3 SWI(config)#spanning-tree vlan 1-4094 forward-time 10 SWI(config)#spanning-tree vlan 1-4094 max-age 10 SW/I(config)#end SW/lish spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) ‘Address 000b.bee2.fa00 Hello Time 3 sec Max Age 10 sec Forward Delay 10 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge Pap Fao/t9 DesgFWD19 128.19 P2p Fa0/20 DesgFWD19 0.20 Pap SW2#sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cost 19 Port 20 (FastEthernet0/20) Hello Time 3 sec Max Age 10 sec Forward Delay 10 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 129Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa0/19 Altn BLK 19 128.19 P2p Fa0/20 Root FWD 19 128.20 Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 130Hierarchical Campus Model MPA, Workgroup Access = ACCESS: Conran Distribution: High Sitter Gore — ledge Distabution * fodule NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 131STP : Selecting Root Bridge NA, Default root bridge election : priority + Base Mac » Recommended to Select high speed Switch to be elected as Root Bridge Change Priority Value ‘> Priority values can be only multiples of 4096 ‘SW-1(config)#spanning-tree vian 1 priority 1000 4% Bridge Priority must be in increments of 4096. 9% Allowed values are: © 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 STP : Selecting Root Bridge ‘SW-A(confightspanning-tree vian 1 priority 0 ‘SW-B(configi’spanning-tree vlan 1 priority 4096 OR ‘SW-A(confightspanning-tree Vian 1 root Primary ‘SW-B(config)’spanning-tree vian 1 root Secondary NOTE: Primary reduces priority by 8192 from default priority secondary reduces priority 4096 from default priority NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 132LAB: Per VLAN STP: \d the Root bridge , root ports, alternate ports in the topology SWI#sh spanning-tree Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/21 DesgFWD19 128.21 Pap Fa0/22 Desg FWD 19 128.22 P2p sw2#sh spanning-tree VLANOOOI NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 com Page 133 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutionSpanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96¢4,2¢24 Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001.994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Root FWD19 128.20 Pap Fa0/21 DesgFWD19 128.21 Pap Fa0/22 Desg FWD 19 128.22 P2p SW3#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96¢4.2¢24 Cost 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec. Forward Delay 15 sec Bridge ID Priotity 32769 (priority 32768 sys-id-ext 1) ‘Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type FRO/20)VAINIBLK TON 128.20 Pap Fao/21 Root RWD19 128.21 P2p FaO/220NWANAIBLATONNN 128.22 Pap SW4#sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96C4,2¢24 Cost 19 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 134Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 AIM BLK 19 128.21 P2p Fa0/22 Root FWDI9 128.22 P2p + In this example, SWI is the root Bridge and you can verify the root ports and alternate ports in the above outputs + Asper you topology it can vary as it based on Mac- address ( vary from switch to switch) TASK: * Configure the links connecting between switches as Trunk links * Configure VTP on all Four switches to synchronize the vlan information * Create vian 10,20,30,40 on SW/I and ensure that it sync with other switches. ON Swi, sw2. Sw3, Sw SWx(config)#int range 0/20 - 22 sWx(config-if-range)#switchport trunk encapsulation dotiq Wx(config-ifrange)#switchport mode trunk SWx(config)#vtp domain CCIE SWIsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Fa0/21_ on 802.1q trunking 1 Fa0/22 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/20 1-105 Fa0/21_ 1-105 Fa0/22_ 1-105 Port Vian allowed and active in management domain Fao/20 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 135Fao/2t 1 Fao/22 1 Port Vlans in spanning tree forwarding state and not pruned Fao/20 1 Fao/21 1 Fao/22 1 sw2i#sh int trunk Port Mode Encapsulation Status. Native vlan Fa0/20_ on 802.19 trunking 1 FaQ/21_— on 802.1q trunking 1 Fa0/22 on 802.1. trunking 1 Port Vlans allowed on trunk FaQ/20 11005 Fa0/21 1-105 Fa0/22_ 1-105 Port Vians allowed and active in management domain Fa0/20 1 Fao/2t 1 Fa0/22, 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 Fao/21 1 Fao/22. 1 sw2e SW3#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Fa0/21 on 802.1q trunking 1 Fa0/22. on 802.1q trunking 1 Port Vians allowed on trunk Fa0/20 1-1005 Fa0/21 1-105 Fa0/22_ 1-105 Port —_Vians allowed and active in management domain Fao/20 1 Fao/2t 1 Fa0/22 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 136Port Vlans in spanning tree forwarding state and not pruned Fa0/20 none Fao/2t 1 Fa0/22_ none Sw3t SW4#sh interfaces trunk Port Mode —_ Encapsulation Status _Native vlan Port Vians allowed on trunk Fa0/20 11005 Fa0/21_ 1-105 Fa0/22_ 1-105 Port Vians allowed and active in management domain Fao/20. 1 Fao/21 1 Fa/22 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 FaQ/21__ none Fao/22 1 SW1(config)#vlan 10 SW1(config-vian}#vlan 20 SW1(config-vian}#vlan 30 SW1(config-vian}#vlan 40 SWI(config-vian}#exit SWI#sh vlan brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/23 Fa0/24, Gig0/1, Gigd/2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1371002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active SwW2i#sh vian brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, FaO/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/23 FaQ/24, GigO/1, Gigd/2 10 VIANOOIO = active 20 VLANOO20 active 30 VLANOO30 ative 40 VLANOO40 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active SW3#sh vian brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/23 Fa0/24, Gigi/l, Gigl/2 30 VIANOO30 active 1002 fddi-cefautt active 1003 token-ring-default active 1004 fddinet-default active NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1381005 trnet-default active SW4#sh vian brief VIAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/23 Fa0/24, Gigl/I, Gigl/2 10 VIANOOIO = ative 20 VLANOO20 active 30 VLANOO300 ative 40 VLANOO4O ative 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active TASK: * Configure SWI should be the Root Bridge for VLAN 10 .20 and Backup for VLAN 30,40 Configure SW2 should be the Root Bridge for VLAN 30,40 and Backup for VLAN 10,20 Note: By default here SWI will be the root bridge for all vian as the priority value is same , and Sw! is having the least MAC address of all ( this may vary in your labs) ‘SWIish spanning-tree vlan 10 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0001.96C4.2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 Desg FWD 19 128.21 Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 139Fa0/22 DesgFWD19 128.22 Pap ‘SWI#sh spanning-tree vlan 20 Spanning tree enabled protocol ieee Root ID Priority 32788 Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0001.96C4.2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/21 DesghWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p ‘SWIl#sh spanning-tree vian 30 Spanning tree enabled protocol ieee Root ID Priority 32798 Address 0001.96¢4.2¢24 _—_ This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/2t DesgAWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p ‘SWI#sh spanning-tree vlan 40 Spanning tree enabled protocol ieee Root ID Priority 32808 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 140Address 0001.96C4.2C24 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Desg AWD 19 128.20 P2p Fao/2t DesghWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p You can configure a Catalyst switch to become the root bridge using one of two methods, 1. Manually setting the bridge priority value Switch(config)# spanning-tree vian priority 2. Causing the would-be root bridge switch to choose its own priority, based on some assumptions about other switches in the network using primary and secondary options. You can accomplish this with the following command: Switch(config)# spanningtree vian root {primary | secondary} + The bridge-priority value defaults to 32.768, but you can also assign a value of 0 to 65,535. + IFSTP extended system ID is enabled (default is most switches) , the default bridge-priority is 32,768 plus the VIAN number. ‘+ In that case, the value can range from 0 to 61.440, but only as multiples of 4096. A lower bridge priority is preferable. © If the current root priority is less than that, the local switch sets its priority to 4096 less than the current root, For the secondary root bridge, the root priority is set to an artificially low value of 28,672. On SWI SW/I(config)#spanning-tree vian 10.20 priority 0 SWI(config)#spanning-tree vlan 30,40 priority 4096 OR SW/1(config)#spanning-tree vlan 10,20 root primary SWI (config)#spanning-tree vlan 30.40 root secondary Onsw2 9w2(config)#spanning-tree vlan 30,40 priority 0 sw2(config)#spanning-tree vian 10.20 priority 4096 OR NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 141swa(config)#spanning-tree vlan 30,40 root primary sw2(config)#spanning-tree vlan 10.20 root secondary SWI#sh spanning-tree vian 10 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 10 (priority 0 sys-id-ext 10) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 2p Fa0/21 DesgFWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p Swish spanning-tree vian 20 ‘VLANO020 Spanning tree enabled protocol Root ID Priority 20 Address 0001.96C4.2C24 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ee Bridge ID Priority 20 (priority 0 sys-id-ext 20) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/21 DesgFWD19 128.21 Pap Fa0/22 DesgFWD19 128.22 P2p SWIish spanning-tree vlan 30 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 142Spanning tree enabled protocol ieee Root ID Priority 30 Address 0001.C994.B8166 Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4126 (priority 4096 sys-id-ext 30) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type FAO/20NNIROSEFWDIS 12820 P2p Fa0/21 DesgFWD19 128.21 P2p Fa0/22, DesgFWD19 128.22 P2p Swish spanning-tree vian 40 ‘VLANO040 Spanning tree enabled protocol ieee Root ID Priority 40 ‘Address 0001.C994.B166 Cost 19 Port — 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 4136 (priority 4096 sys-id-ext 40) Address 0001.96¢4.2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20RootAWDT9 =— 128.20 Pap Fao/21 DesgFWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p swe2i'sh spanning-tree vian 30 ‘VLANOO30 Spanning tree enabled protocol ieee Root ID Priority 30 Address 0001.C994.B166 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 143Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 30 (priority O sys-id-ext 30) Address 0001.C994,B166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 DesgFWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p ‘SW2#sh spanning-tree vlan 40 Spanning tree enabled protocol ieee Root ID Priority 40 Address 0001.C994.B166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 40 (priority 0 sys-id-ext 40) ‘Address 0001.C994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 2p Fa0/21 DesgFWD19 128.21 P2p Fao/22 Desg FWD 19 128.22 Pap ‘sw2#sh spanning-tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96¢4,2¢24 Cost 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4106 (priority 4096 sys-id-ext 10) Address 0001.C 994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 144Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20 Root FWD 19 128.20 P2p Fa0/21 —«DesgFWD19 128.21 Pap Fa0/22 Desg FWD 19 128.22 P2p Swe2itsh spanning-tree vlan 20 ‘VLANOO20 Spanning tree enabled protocol ieee Root ID Priority 20 Address 0001.96C4,2¢24 Cost 19 Port _20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4116 (priority 4096 sys-id-ext 20) ‘Address 0001.C994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio.Nbr Type F20/20 Root FWD19 = 128.20 Pap Fa0/21 DesgFWD19 128.21. P2p Fao/22 Desg FWD 19 128.22 P2p W3#sh spanning-tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96¢4.2¢24 Cost 19 Port 2(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 145FAO/ZOAIAIBLK TON 128.20 Pap Fa0/21 Root WD19 128.21 Pap Fa0/220NWANAIBLATONN 128.22 Pap SW3#sh spanning-tree vian 20 ‘VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 20 Address 0001.96C4,2¢24 Cost 19 Port _21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type FA0/20 Alt BLK19999[128.20 Pap Fa0/21 Root FWD19 128.21 P2p Spanning tree enabled protocol ieee Root ID Priority 30 Address 0001.C994.B166 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type Fa0/20 Alin BLK19 128.20 P2p Fa0/21 Alt BLKT9 1128.21 P2p Fa0/22 Root RWDI9 128.22. P2p, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 146SW3#sh spanning-tree vian 40 ‘VLANOO40 Spanning tree enabled protocol ieee Root ID Priority 40 Address 001.994.8166 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Alt BLK19 128.20 P2p Fa0/21 Alt BLK 19 128.21 P2p Fa0/22 Root FWD19 128.22. P2p ‘swish spanning-tree vlan 10 \VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96¢4.2¢24 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p FAO/2TNMANABIKTON 28.21 P2p Fa0/22 Root FWDI9 128.22 Pap Spanning tree enabled protocol ieee Root ID Priority 20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 147Address 0001.96C4,2¢24 Cot 19 Port 22(Fastthernet/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Desg FWD 19 128.20 P2p FAO/2TNNAWGBUKNS 128.21. 2p Fa0/22 Root FWD19 128.22 Pap swash spanning-tree vlan 30 ‘VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 30 ‘Address 0001.C994.B166 Cost 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 32798 (priority 32768 sys-id-ext 30) Address 005.581.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 Root RWD19 128.21 P2p FaO/22 VANIER TOI 128.22 Pap SW4#sh spanning-tree vlan 40 VLANOO40 Spanning tree enabled protocol ieee Root ID Priority 40 Address 0001.C994.8166 Cost 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 148Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address _0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Desg FWD 19 128.20 P2p Fa0/21 Root FWD19 128.21 Pap FHO/22000NWANIBIRTS §— 128.22 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 149Ether channel MPA. = Combining multiple Physical links in to one logical link. © Increases bandwidth and provides redundancy. Ether-channel - Configuration NGA, Manual lace Dynamic ( using Negotiation protocols ) = LACP, PAGP PAgP Lace. Switch(configsinterface range fo/21 - 24 ‘Switch(config-if-range)échannel-group 12 mode ? ‘active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 150Ether-channel - Modes Crd ii ‘On PAgP and LACP disabled (Disable Negotiation ) Desirable ‘Actively negotiate PAgP ‘Auto Passively listen for PAgP ‘Active ‘Actively negotiate LACP Passive Passively listen for LACP ‘Switch(confightinterface range f0/21 - 24 ‘Switch(config-if-range)schannel-group 12 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on —_Enable Etherchannel only passive Enable LACP only if a LACP device is detected Successful combination of ether-channel would be: B| ONE A. = On-On = Desirable ~ Desirable = Desirable - Auto = Active ~ Active = Active ~ Passive swi sw2 Switch(confighinterface range f0/21 - 24 Switch(config-f-range)échannel-group 12 mode? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 151Ether-channel - Configuration SW-1(confight interface range fo/21 - 24 SW-1(configifrange} channel-group 12 mode desirable SW-a(config-ifrange exit ‘SW-2(configs interface range f0/21 - 24 SW-2(configifrange)# channel-group 12 mode Auto SW-2(configfrange)# exit ‘SW-1#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthemeto/24 unassigned YES unset up up GigabitEthemeto/1 unassigned YES unset down down GigabitEthemeto/2 unassigned YES unset down down Vian unassigned YES unset administratively down down Port-channel 12. unassigned YES unset up up ‘SW-1ésh etherchannel summary aM SA. "Number of channel-groups in use: 1 Number of aggregators: 1 Group Portchannel Protocol Ports 12 PoratSu) ——PAgP._Fao/2(P) Fao/22(P) Fa0/23P) Fa0/24(P) swt ‘swe SW-t#show spanning-tree VLANeoo Spanning tree enabled protocol eee Root ID. Priority 2769 ‘Address 0900 FF262678 “This bridge I the root Hello Time 2 sec Max Age 20 ste Formard Delay 15 see Bridge ID Priority 2769 (priority 32768 sysid-ext 1) ‘Address 09D0F262678. Hello Time 2 sec Max Age 20 sec Fornard Delay 15sec ‘Aging Time 20 Interface Role Sts Cost PanNbr Type Po DesgFWD7 12827 Shr NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 152Etherchannel NA, + Up to 8 links can be used to combine in to one logical link. +» Etherchannel can be configured as layer 2 or layer 3. + EtherChannel load balances traffic over all the finks in the bundle. + Port-channel is the logical instance of the physical interfaces. f0124 , forza EtherChannel Load Balancing NEA, ‘Switch(configysport-channel load-balance 7 dstip st IP Addr 021 1022 dstmac_Dst Mac Addr sre-dstip Src XOR Dst IP Addr sre-dst-mac Src XOR Dst Mac Addr amt swe scp Src IP Addr sremac Src Mac Addr dst-ip—Load distribution is based on the destination-host IP address. dst-mac—Load distribution is based on the destination-host MAC address of the incoming packet. sre-dstp—Load distribution is based on the source-and-destination host-IP address. sre-dst-mac—Load distribution is based on the source-and-destination host-MAC address. src-ip—Load distribution is based on the source-host IP address. ‘sre-mac—Load distribution is based on the source-MAC address of the incoming packet. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 153Some guidelines for EtherChannels XA, + All ports must be the same speed and duplex. + All ports in the bundle should be enabled. all bundle ports in the same VLAN, or make them all trunks. © If they are trunks, they must al carry the same VLANs and use the same trunking mode, Interfaces in the channel do not have to be physically next to each other or on the same module. ‘Assign an IP address to the logical Port Channel interface, not the physical ones, if using a Layer 3 EtherChannel, +» The configuration you apply to the Port Channel interface affects the entire EtherChannel. ‘® The configuration you apply to a physical interface affects only that interface. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 154LAB : Configruing Ether-Channel Using Pagp Protocol Negotiation TASK © Configure the Four links (f0/20 - 23) should appear as one logical link © Ports should negotiate using Cisco Proprietary method. Sw SWI (config)#int range f0/20 - 23 SWI (config/if-range)#channel-protocol pagp SW/I(config-if-range)#channel-group 10 ? mode Etherchannel Mode of the interface SWI (config/if-range)#channel-group 10 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected SWI (config-if-range)#channel-group 10 mode desirable sw2(config)#int range {0/20 - 23 w2(config-if-range)# channel-protocol pagp sw2(config-ifrange)# channel-group 10 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected sw2(configiif-range)# channel-group 10 mode auto sw2(config-ifrange)#exit ‘Sw2itsh etherchannel summary Flags: D-down —_P- in port-channel | - stand-alone s - suspended H.- Hot-standby (LACP only) R-Layer3S-Layer2 U-inuse — f- failed to allocate aggregator U- unsuitable for bundling NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 155w - waiting to be aggregated d= default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports Swish spanning-tree VLANOOO1 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.641A.8200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001.641.8200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio. Nbr Type SW2#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/24 unassigned YES unset down down GigabitEthernetO/I_ unassigned YES unset down. down GigabitEthernet0/2 unassigned YES unset down down Viant unassigned YES unset administratively down down, SW1sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.641A.8200 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 156Cost 7 Port 27(Port-channel 10) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0060.4750.87A7 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type TASK: Configure the Portchannel 10 interface as Trunk link. SW/I(config)# int port-channel 10 SWI(config-if}# switchport trunk encapsulation dotiq SWI(config.if}# switchport mode trunk SWI(configifh# exit 9w2(config)# int port-channel 10 sw2(config-if}# switchport trunk encapsulation dotiq sw2(config-if)# switchport mode trunk swa(configif# exit Sw2#st interfaces trunk Port Mode Encapsulation Status Native vlan Port —Vians allowed on trunk Fa0/20 1-1005 Fao/21_ 1-105 Fa0/22_1-1005 Fa0/23_ 1-105 Pold —1-1005 Port Vians allowed and active in management domain Fao/20 1 Fao/2t 1 Fao/22 1 Fao/23 1 Polo 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘on Page 157Port Vians in spanning tree forwarding state and not pruned Fa0/20 none Fa0/21 none Fa0/22 none Fa0/23__ none Pol none © Any changes applied on the port channel automatically effect on all the physical interfaces * Port channel will work as long as at least one interface in the group is up and running Swaish etherchannel summary Flags: D-down —_P-in port-channel | - stand-alone s - suspended H = Hot-standby (LACP only) R-Layer3—S- Layer? U-inuse —f- failed to allocate aggregator U- unsuitable for bundling w - waiting to be aggregated d- default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports + NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 158Layer 3 Etherchannel * In order to configure layer 3 port channel interface, the member ports must be configured with no switchport command before using port-channel commands. If the channel-group command is issued before the no switchport command on the physical interfaces, the logical port-channel interface will be created as the default of Layer 2, and this cannot be changed afterward. To fix this problem, simply issue the no switchport command before the channelgroup command, If configured properly. the state of the port-channel from the show etherchannel summary command should show RU for routed and in use, NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 159Spanning tree Portfast XA, ‘© helps speed up network convergence on access ports. ® Cisco-proprietary enhancement to Spanning Tree. ‘© Port Fast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. NOTE: © PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops. Portfast Configuration NPA, swe ai \% Portfast on specific ports (confight interface range f/1 - 10 cm Pez Pcs OR Portfast on all access ports globally using one command (confightspanning-tree portfast default NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 160LAB: STP PORT FAST: TASK: * Connect Four PC in the LAN as per the Diagram. * Shutdown the ports on Switch & reconfigure No shutdown and observer the ports going through LSN & LRN stages of STP process before they come to FWD... Switch(config)fint range fO/1 - 4 Switch(configcit-range)# shutdown Switch(config-if-range)# no shutdown ‘Switch#sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio. Nbr Type Fa0/1 Desg ISN 19 128.1 Pap Fa0/2 128.2 P2p Fa0/4 128.4 P2p FaO/SMDesgSN9 128.3 Pap Switch#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 161Root ID Priority 32769 Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg IRNN9 = 128.1 P2p Fa0/2 Desg IRNI9 128.2 P2p Fa0/4 Desg ERN 19 128.4 P2p Fa0/3 Desg ERN 19 128.3 P2p Switch#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWDN9 128.1 Pap Fa0/2 Desg FWDII9 128.2 P2p Fa0/4 Desg FWD 19 128.4 P2p Fa0/3 Desg FDI9 128.3 P2p All the ports connecting to end devices go through listening and Learning states by default before they comes to Forwarding State * This is the default STP Loop prevention mechanism on switches * Here we want these access ports to bypass the LSN, LRN stages and transition to FWD immediately * To do this we configure portfast on these ports (used only on access ports) ‘Switch(config)#int range f0/1 - 4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 162‘Switch(config-if-range)#spanning-tree portfast Switch(config-if-range)#end TO verify: Switch(config)#interface range fO/1 - 4 switch(config-if-range)#shutdown Switch(config-if-range)#no shutdown Switch#sh spanning-tree ‘VLANOOO! Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fao/t Desg 19 128.1 Pap Fa0/2 Desg AWD 19 128.2 P2p. Fa0/4 Desg FWD I9 128.4 P2p Fa0/3 Desg FWDII9 = 128.3 P2p Once port fast configured on the interfaces all the ports transitions to Forwarding immediately without LSN, LRN states TASK: * Configure Switch to ensure that all future access ports should bypass LSN, LRN states using single command. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 163Switch(config)#span Switch(config)#end ig-tree portfast default To Verity Connect some end devices on portf0/5 =6 to verify Switch#sh spanning-tree ‘VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Pio. Nbr Type Fao/l Desg FWD19 128.1 P2p Fa0/2 DesgFWD19 128.2 P2p Fa0/4 DesgAWD19 128.4 P2p Fa0/3 Desg FWD 19 128.3 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 164BPDU Guard NEA a wicca BPDU Guard prevents loops if another switch is attached to a Portfast port. » Puts port into an error-disabled state (basically, shut down) if a BPDU is received on the interface. (configy# interface fo/1 “es |g 3\ ® (config-if}# spanning-tree portfat (config-if spanning-tree bpduguard enable a Z ron BPDUGuard on all access ports globally using one command OR (config)# spanning-tree portfast bpduguard default BPDU Guard verification NPA, (configh# interface fo/2 (config-if}# spanning-tree portfast (config-if}# spanning-tree bpduguard enable swt Laptop eso 3560 ‘ssSPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthemeto/2 with BPDU Guard enabled. Disabling port SsPM--ERR_DISABLE: bpduguard error detected on Fa0/2, puting F20/2 in errisable state SW/1¥show interface status err-disabled Port Name Status Reason Err-disabled Vians Fa0/2 err-disabled bpduguard + The port is err-disabled has to be manually re-enabled via shut/no shut. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 165BPDU Filtering MOA. (configh# spanning-tree portfast bpdufilter default © Ifa Portfast interface receives any BPDUs, it is taken out of Portfast status. The interfaces still send some BPDUs at the link-up (config)# interface fo/2 (config-if}t spanning-tree bpdufilter enable © The interface doesn’t send any BPDU and ignores the received ones. © The port is not shutdown and this basically disables spanning-tree on the interface. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 166BPDU Guard: fon9 swi a TASK: * Connect link between SW/I and $W2 f0/19 and shutdown all remaining ports. * Configure 5W2 f0/19 as layer 3 ports to test BPDU guard feature. * Enable BPDU Gaurd and portfast feature on SWI. sW2(config)#int (0/19 sW2(config-if)#no switchport sW2(config-if}#ip address 10.0.0.1 255.0.0.0 sw2(config-iffexit SWI (config)#vlan 10 SWI(config-vian)#exit SWI (config)#int (9/19 SWI (config-if}#switchport mode access SWI (config-if)#switchport access vian 10 SWI (config-if}#spanning-tree portfast SWI (config-if)#spanning-tree bpduguard enable SWI (configif}fexit ‘SWl#show spanning-tree interface fO/19 detail Port 19 (FastEthernet0/19) of VLANOOI0 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b.bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default _ BPDU: sent 58, received 0 TASK: Reconfigure FO/19 port on sw2 back to layer 2 port ( adding switchport) sW2(config)#int fO/19 sW2(config-i #switchport swa(config-iN#fexit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 167SWI#sh interfaces 10/19 status err-disabled Port Name Status Reason SWI#sh interfaces status Port Name Status Vian Duplex Speed Type Fao/t connected 1 a-full a-100 10/100BaseTX TASK: Configure f0/19 port back to layer 3 port and ensure that port comes back up. sW2(config-if)#int (O19 sW2(config-i#no switchport 8W2(config-if#ip address 10.0.0.1 255.0.0.0 sw2(config-iN#fexit sW2(config)#do sh ip int br Interface IP-Address OK? Method Status Protocol ‘sW2(config)#int fO/19 sW2(config-if)#shutdown sW2(config-iN#no shutdown swa(config-iifend ‘SW24sh ip int brief Interface IP-Address OK? Method Status Protocol SW2#sh interfaces status TASK: ‘© Configure Err-disable recovery for BPDU GAURD such that port should come up automatcially after 60 sec of err-disable state. SWI (config)#errdisable recovery cause bpduguard SWI (config)#errdisable recovery interval ? <30-86400> timer-interval(sec) SWI (config)#errdisable recovery interval 60 SWI(config)#exit SWI#sh en ble recovery NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 168ErrDisable Reason Timer Status udld Disabled security-violatio Disabled channel-misconfig Disabled vps isabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled laptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback Disabled ‘Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: TASK: Test by chaning layer 3 inteface f0/19 to switchport and then back to layer 3 : sW2(config)#int (0/19 sW2(config-if)#switchport sW2(config-if}#exit SWI#sh interfaces fO/19 status Port Name Status Vian Duplex Speed Type Fa0i9—err-disabled 10 auto auto 10/100BaseTX sw2(config)#int F019 sW2(config-if}#no switchport sW2(config-if}#ip address 10.0.0.1 255.0.0.0 swa(config-f)fend SWI#sh errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Enabled security-violatio Disabled channel-misconfig Disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 169vps Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback. Disabled Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) SWI#sh errdisable recovery ErrDisable Reason Timer Status udid Disabled bpduguard Enabled security-violatio Disabled channel-misconfig Disabled vmps bled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control bled arp-inspection Disabled loopback Disabled Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 170SWI¥sh interfaces f0/19 status Port Name Status Vian Duplex Speed Type TAS * Reconfigure and verify the same task by removing on interface mode and enabling BPDU guard on global configuration mode: SWI (config)#int (0/19 SWI (config-if}#no spanning-tree portfast SWI (config-f}#no spanning-tree bpduguard enable SWI(config-if)texit ‘SWI (config)#no errdisable recovery cause bpduguard SWI (config)#no errdisable recovery interval 60 SWI#sh errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Disabled security-violatio Disabled channel-misconfig Disabled vmps bled pagp-flap Disabled dtp-fiap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback. Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: SW/Ash interfaces fO/19 status Port Name Status Vlan Duplex Speed Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 171‘SWI(config)#spanning-tree portfast default SWI (config)#spanning-tree portfast bpduguard default SWI(config)#errdisable recovery cause bpduguard SWI(config)#errdisable recovery interval 60 sW2(config)#int fO/19 sw2(config-if)#switchport sW2(config-iffexit ‘SW2#sh interfaces fO/19 status Port Name Status Vlan Duplex Speed Type SWI#sh interfaces fO/19 status Port Name Status Vian Duplex Speed Type sW2(config)#int (0/19 sW2(config-if}#no switchport ‘sW2(config-if}#ip address 10.0.0.1 255.0.0.0 sw2(config-if}#end SWI#sh errdisable recovery ErrDisable Reason Timer Status udld Disabled security-violatio Disabled channel-misconfig Disabled vmps bled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 172storm-control Disabled arp-inspection Disabled loopback Disabled Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) SWI#sh interfaces f0/19 status Port Name Status Vlan Duplex Speed Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 173Lal PDU filter (interface level BPDU Filter is used to terminate the STP domain, but it has a different functionality: it can also be configured globally or at the interface level. However, behavior is different based on this; this was not the case For BPDU Guard, this had the same functionality regardless of how it was enabled. When configured at the interface level, BPDU Filter silently drops all received inbound BPDUs and does not send any outbound BPDUs on the port. There is no violation option for BPDU Filter, so the port never goes into err-disabled state. BPDU Filter needs to be carefully enabled at the port level, because it will cause permanent loops if on the other end of the link a switch is connected and the network is physically looped: in this case, STP will not be able to detect the loop and the network will become unusable within seconds, for19 swt oo TASK: * Connect link between SWI and SW2 f0/19 and shutdown all remaining ports. * Configure sw2 f0/19 as layer 3 ports to test BPDU guard feature. * Enable BPDU Gaurd and portfast feature on sw!. sw2(config)#int fO9 sW2(config-if)#no switchport sW2(config-if)#fip address 10.0.0.1 255.0.0.0 swa(config-i#exit SWI(config)#vlan 10 SWI(config-vian)#exit SWI(config)#int (0/19 SWI (config-if)#switchport mode access SWI (configif}#switchport access vian 10 SWI(config-if}#spanning-tree portfast SWI (config-if)#spanning-tree bpdufilter enable SWI(config-if)exit ‘SWI#sh spanning-tree interface f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b. bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 174Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 9, received O TASK: Configure SW/2 0/19 as layer 2 ports so that it can start sending BPDU sw2(config)#int fO9 sw2(config-if)#switchport swa(config-iNtend sweet SWI#sh interfaces f0/19 status Port Name Status Vian Duplex Speed Type ‘SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b. bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Bpdu filter is enabled BPDU: sent 0, received 33 SWI#sh interfaces f0/19 status Port Name Status Vian Duplex Speed Type ‘SWl#sh spanning-tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 32778 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 175Interface Role Sts Cost. Prio. Nbr Type TASK: BPDU global configuration mode: * Remove the Bpdu filter on the interface and enable it globally. * Configure portfast on {0/19 on SwI for verification. sW2(config)# int fO/19 sW2(configif)# no switchport sW2(config-iN# ip address 10.0.0.1 255.0.0.0 sW2(config-if)fend SWI(config)#int F019 SWI (config-if)#spanning-tree portfast SWI(config-if#no spanning-tree bpdufilter enable SWI(configiffexit SWI (config)#spanning-tree portfast bpdufilter default SWI (config)#end SWI#sh interfaces f0/19 status Port Name Status Vlan Duplex Speed Type ‘SWI#sh spanning+tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 32778 ‘Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300, Interface Role Sts Cost. Prio.Nbr Type SWI#sh spanning-tree int f0/19 detail NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 176Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b.bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age O, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode Link type is point-to-point by default Bpdu filter is enabled by default sw2(config-if#int (019 sW2(config-if#switchport sw2(config-iNifend ‘SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32769, address 000b.be78.8300 Designated bridge has priority 32769, address 000b.be78.8300 Designated port id is 128.19, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default ‘sWl#show spanning-tree interface fastEthernet0/19 portfast sW2(config)#int 10/19 sW2(config-if}#no switchport ‘sWI#show spanning-tree interface fastEthernet0/19 portfast SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b.bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age O, forward delay 0, hold 0 Number of transitions to forwarding state: 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘on Page 177The port is in the portfast mode Link type is point-to-point by default Bpdu filter is enabled by default BPDU: sent II, received 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 178Root Guard NPA, ‘© prevents the wrong switch from becoming the Spanning Tree root. © Ifa Root Guard port receives a superior BPDU that might cause it to become a root port, the port Is put into “root-inconsistent” state and does not pass traffic through It. © If the port stops receiving these BPDUs, it automatically re-enables itself, Root Guard MOA, Customer network Service-provider network Potential spanning res rot without rot guard enabled a Desired root ewich P=) Erte mgd ae ‘on thege interfaces to prevert Swiches inthe customer ‘network from becoming the rot switch or being inthe path the root NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 179Configuring RootGuard on OA. Customer mero Saves poids yc tot a ae aay = woah (config)# interface f0/19 [4 Seatcters me (config-if}# spanning-tree guard root Seiches nite cocormee ‘met tom econ soem i Pie pum he oot Ports disabled by root guard can be viewed with # show spanning-tree inconsistentports NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 180LAB : ROOT GUARD * Root Guard is similar to the BPDU Guard feature in the manner in which it is used to detect STP packets and disable the interface they were received on. + The difference between them is that with Root Guard, the interface is only logically disabled (via Root Inconsistentstate) if a superior BPDU is received on the port with Root Guard enabled. * Root Inconsistentstate is similar to blocking state, in that BPDUs are not sent outbound but accepted inbound, and of course all received frames are dropped. + The switch automatically recovers the port from Root Inconsistentand starts negotiating the new port state and role, as soon as superior BPDUs are no longer received inbound. * A superior BPDU indicates a better cost to the root bridge than what is currently installed. + Therefore, in terms of design. this feature is used to prevent a rogue device from announcing itself as the new root bridge and possibly implementing a layer 2 man-in-the-middle attack. Root Guard can be enabled only at the port level and basically prevents a Designated port from becoming Non-Designated. * You will want to configure this functionality on the Root Bridge itself. * Verify that Root Guard is enabled for all VLANs, for example on FastEthernet0/19 port. fone swi ae TAS * Configure SW1 so that STP logically blocks Ethernet links connected to SW2 if any of port on SW2 tries to become Root Bridge for any VLAN. SW/lfsh spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000b.be78.8300 Cot 19 Port 19 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 181Fao/19 Root FWDI9 128.19 P2p ‘SW24sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address _000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fao/19 DesgFWD19 128.19 P2p * In this lab here, SW2 is the default root bridge. Configure SWI to use the prority value of 4096 to ensure that SWI should become Root Bridge. ‘SWI\config)#spanning-tree vlan 1 priority 4096, SWI(config)#exit SWI¥sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fa Desg AWD 19 128.1 Edge Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 on’ Page 182 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutionTASK: + Configure SW/ so that STP logically blocks Ethernet links connected to SW2 if any of port on SW2 tries to become Root Bridge for any VLAN. SWI (config)#int f0/19 SWI (config-if}#spanning-tree guard root SWI(config-ifp#exit ‘SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOO1 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 4097, address 000b.bee2.fa00 Designated bridge has priority 4097, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Root guard is enabled on the port - BPDU: sent 68, received 194 Although Root Guard is enabled at the port level, it works on a per-VLAN basis. TASK: Testing Root guard * Configure sw2 with prority value of 0 to ensure that SW2 sends superior BPDU to swI ‘82 (config)#spanning-tree vlan 1 priority 0 SWI#sh spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300, Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 183SWI no longer sends BPDUs outbound on its Root Inconsistentport, TASK: Remove the priority configuration on SW2 and ensuure that sw2 uses the default pr SW2 (config) #no spanning-tree vlan 1 priority 0 SWI¥sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300, Interface Role Sts Cost Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p ‘When superior BPDUs are no longer received, SW1 will start to send BPDUs outbound on the ports to negotiate the STP state and role; SWlsh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio. Nbr Type Fao/t DesgFWD19 128.1 Edge Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 184Unidirectional link failure NSA, ‘> links for which one of the two transmission paths on the link has failed, but not both. ‘© This can happen as a result of miscabling, cutting one fiber cable, unplugging one fiber or other reasons. ‘mo longer receives STP BPDUs ‘© Still link forwards Traffic. ‘© blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop. A ‘® Thisis called a unidirectional link — ‘ =] of ne ue an there are no > er ; Mocking ports c — ras designaved, transiti forwarding MN OA. Unidirectional link failure Solution: Loopguard UDLD NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 185LOOP GAURD MOA, ‘Stops the loops which can occur because of unidirectional link failures. prevents switch ports from wrongly m tional ink exists in the network. from a blocking to a forwarding state when a A B —> = — << \¢ >. gee Loop Guard Configuration NA, On all point to point links (config-I¢spanning-tree guard loop default OR (On Specific inks (config)sinterface f0/20 (config-ispanning-tree guard loop Eases Sr le I eae i Wye w\ Ve Loopguard automatically re-enables the port if it starts receiving BPDU again NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 186Unidirectional Link Detection MOA. Do the same job as loop guard Designed more specific for fiber ports ( can also work for UTP) detects a unidirectional ink by sending periodic hellos out to the interface. © Italso uses probes, which must be acknowledged by the device on the other end of the link eee UDLD has two modes: normal and aggressive normal mode, the link status is changed to Undetermined State if the hellos are not returned. © Aggressive mode, the port is error-disabled if a unidirectional link is found. Aggressive mode is the recommended way to configure UDLD. Unidirectional Link Detection XA, To enable UDLD on all fiber-optic interfaces, use the following command: (config udid (enable | aggressive] Note : Although this command is given at global config mode, it applies only to fiber ports. To enable UDLD on nonfiber ports, give the same command at interface config mode. To control UDLD on a specific iber port, use the following command: (config-ift udld port {aggressive | disable} To reenable all interfaces shut by UDLD, use the following: #udld reset To verify UDLD status, use the following: # show udld interface NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 187UDLP & loop guard OA, [Functionality [Loop Guard [UDLD |Configuration Per-port [Per-port [Action granularity JPer-VLAN lper-port Wes. with err-disable JAuto-recover res kimeout feature 5, when enabled on alll¥es. when enabled on root and alternate ports fall links in redundant lin redundant topology [topology [Protection against STP failures caused! lby unidirectional links [Protection against STP failures caused] lby problems in the software |(designated switch does not send)" No lspou) [Protection against mis-wiring, INo ves Err-Disable & Err-disable recovery NA, © the ports automatically disabled by the switch operating system software because of an error condition that is encountered on the port. = When a port is error disabled, itis effectively shut down and no traffic is sent or received on that port. © The port LED is set to the color orange +#Show interfaces gigabitethernet 4/1 status Port Name Status Vian Duplex Speed Type cial err-disabled 100 full 1000 1000Basesx # show interface gigabit4/1 GigabitEthernet4/1 is down. line protocol is down (err NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 188Err-disable recovery Mi OA, Reasons for error disable state : Err-disable recovery Duplex Mismatch Loopback Error Link Flapping (up/down) Port Security Violation Unicast Flooding UDLD Failure Broadcast Storms BPDU Guard +. To recover a port that isin an Errdisable state, administrator must access the switch and configure the specific port with ‘shutdown’ followed by the ‘no shutdown’ command. 2. Use Err-disable recovery option Errdisable recovery choose the type of errors that automatically reenable the ports after a specified amount of time. #show errdisable recovery ErrDisable Reason Timer Status udid bpduguard bled Disabled security-violatio Disabled channel-misconfig Disabled pagp-flap Disabled dtp-flap link-flap l2ptguard Disabled psecure-violation Disabled gbic-invalid Disabled dhep-rate-limit Disabled maclimit Disabled unicast-flood isabled arp-inspection _Disabled Timer interval: NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite t: 300 seconds ‘0 banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 189#errdisable recovery cause ? dtp-flap Enable timer to recover from dtp-flap error disable state gbic-invalid Enable timer to recover from invalid GBIC error disable state 2ptguard Enable timer to recover from l2protocol-tunnel error disable state link-flap Enable timer to recover fom link-lap error disable state mactimit Enable timer to recover from mac limit disable state pagp-lap Enable timer to recover from pagp-flap error disable state psecure-violation Enable timer to recover from psecure violation disable state security-violation Enable timer to recover from 802.1x violation disable state dla Enable timer to recover from udld error disable state unicastflood Enable timer to recover from unicast flood disable state (Config)#errdisable recovery cause bpduguard (Config)#errdisable recovery interval 120 Errdisable autorecovery NPA, To enable the Errdisable autorecovery feature for all supported reasons (config) errdisable recovery cause all show interfaces status err-disabled * Shows which local ports are involved in the errdisabled state. show errdisable recovery * Shows the time period after which the interfaces are enabled for errdisable conditions. show errdisable detect = Shows the reason for the errdisable status. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 190NA. STP Flavours RSTP, PVSTP, CST, MSTP STP Convergence — Indirect: link failure NOA : Root Bridge Non-Root Bridge PRS BU seCelSN oles LRN Non-Root Bridge NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 191STP Convergence - Direct: link failure Ss A Root Bridge as le. Non-Root Bridge Non-Root Bridge Spanning-tree Uplink-fast / Backbone-fast ncMer OA + Legacy / Cisco proprietary enhancement to speed up the convergence. Uplink-fast + BLK > FWD Immediately if direct-link fails ( instead of 30sec) Backbone-fast BLK > FWD 3o0sec if direct-link fails ( instead of 50 sec) NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 192Spanning-tree uplink-fast NEA, Switch A Switch A (Root) Switch B ‘oct! Switch RR Lnktaitire tranetons port dee to forwarding sale, ‘Sich C Spanning-tree Backbonefast NPA, “ wx ; Occ locked port De cregsctarns Switch C eanc » Legacy / Cisco proprietary feature « Backbone Fast can reduce the maximum convergence delay only from 50 to 30 seconds. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 193Rapid STP (RSTP) 802.1 w XA, ® 802.1w is a standards way of speeding STP convergence. © Inbuilt features of portfast, uplinkfast, backbonefast, BPDUfilter © Path Calculation remains same as STP. RSTP Configuration NPA, (confightspanning-tree mode rapid-pvst show spanning-tree ‘VLANooot Spanning tree enabled protocol rstp Root ID Priority 32769 ‘Address 0001.C9A4.567D Cot 18 Port 20(FastEthemeto/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sysid-ext 1) ‘Address 000.414.6208 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Incerface Role Sts Cost Prio.Nbr Type Fao20 Root FWD 1912820 Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 194RSTP Synchronization NGA, SWA assumes its port is designated and sends out a proposal. ‘SWB will agree to this proposal. Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution J Page 195RSTP port States NA, nicht ‘Comparing 802.1d and 802.1w Port States Discording STP Port State Equivalent RSTP Port State Disabled Discarding Blocking Discarding Leeming Listening, Discarding Learning Learning Forwarding Forwa Forwarding + Discarding - Frames are dropped, no addresses are leamed. (link down / blocking/during sync) + Leaming- Frames are dropped, but addresses are learned, + Forwarding - Frames are forwarded RSTP port roles NA. Root Ports , , Designated Ports Alterative Port Backup Port Root port: The best path to the root (same as STP) Designated port: Same role as with STP Altemate port —_A backup to the root port Backup port: A backup to the designated port Disabled port: Not used in the Spanning Tree Edge port: Connected only to an end user NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 196NOA. OP - Designated Port RP — Root Port BP ~ Backup Port AP - Alternate Port RSTP port roles (Contd) Alternate port: = A backup to the root port © Less desirable path to the root ‘Operates in discarding state. ‘Same as uplinkfast ( legacy) ee RSTP port roles (Contd) Backup port: = The backup port applies only when a single switch has two links to the same segment (collision domain). = To have two links to the same collision domain, the switch must be attached to a hub. = A backup to the designated port © Multiple links attached to the same network segment » Activates if primary designated falls. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 197RSTP port roles (Contd) XA, Edge port: ‘Equivalent to portfast in. STP. Connected only to an end user ‘© Maintain edge status as long as no BPDU received (with BPDU filter) Ege Ports BPDU Differences in RSTP OA, ‘© In regular STP, BPDUs are originated by the root and relayed by each switch, = In RSTP, each switch originates BPDUs, whether or not it receives a BPDU on its root port. PVST is done by Rapid PVST+ on Catalyst switches. ¢ Hello= 2 sec , Dead = 6 sec NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 198RSTP port costs Data rate STP Cost (802.1D-1996) RSTP Cost (802.1W-2001) 4 Mbitis 250 5,000,000 10 Mbit’s | 100 '2,000,000 16 Mbitis 62 41,250,000 100 Mbits 19 '200,000 1Gbivs 4 120,000 2Gbivs 3 10,000 10Gbivs 2 12,000 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 199Hierarchical Campus Model NOA NeTWoR Ontne Acad uw CEB ts Cad denty— STP : Selecting Root Bridge NPA, © Default root bridge election : priority + Base Mac > Recommended to Select high speed Switch to be elected as Root Bridge © Change Priority Value ‘© Priority values can be only multiples of 4096 ‘SW-1(config)spanning-tree vian 1 priority 1000 ‘4% Bridge Priority must be in increments of 4096. 4% Allowed values are: (© 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 200STP : Selecting Root Bridge PA, ‘SW-A(confightspanning-tree vian 1 priority 0 ‘SW-B(configh’spanning-tree vian 1 priority 4096 OR ‘SW-A(confightspanning-tree vian 1 root Primary ‘SW-B(config)’spanning-tree vian 1 root Secondary NOTE: Primary reduces priority by 8192 from default priority secondary reduces priority 4096 from default priority Per-VLAN STP Every VLAN runs a separate STP instance by default. Provides load sharing » More overhead ‘SW-A(config)sspanning-tree vlan 10,20,30 root primary ‘SW-A(config)#spanning-tree vlan 40,50,60 root secondary ‘SW-B(confighsspanning-tree vlan 10,20,30 root secondary ‘SW- B(configyispanning-tree vlan 40,50,60 root primary NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 201