Administration of Network Infrastructure

at Layer31








The slides are modified from the course: Cisco CCNP SWITCH.
!1
 Contents

1. InterVLAN Routing in Network

Infrastructure
2. DHCP in Network Infrastructure
3. HSRP in Network Infrastructure

!2
1. InterVLAN Routing in
Network Infrastructure

!3
Introduction to Inter-VLAN Routing

•VLANs isolate traffic by design.

•Inter-VLAN router of some sort required.
•Inter-VLAN routing should occur in the distribution layer.
•Multilayer switch is recommended to terminate VLANs.

!4
Inter-VLAN Routing Options

•External router with a separate interface for each VLAN.

•External router trunked to Layer 2 switch (router-on-a-stick).
•Multilayer switch (pictured).

!5
Router-on-a-Stick
•Layer 2 switch linked to ! Type to enter text
router via trunk (in lieu of
using a multilayer switch).
•Router interface, typically
Fast Ethernet, subdivided
into logical subinterfaces,
one per VLAN.

!6
Mostly Used Catalyst Switch Layer 3
Interfaces
! Routed port: A pure Layer 3 interface similar to a routed
port on a Cisco IOS router.
! Switch virtual interface (SVI): A virtual VLAN interface for
inter-VLAN routing. In other words, SVIs are virtual routed
VLAN interfaces.

!7
Mostly Used Catalyst Switch Layer 3
Interfaces

!8
Switch Virtual Interfaces (SVI’s)
Type to enter text

•Configured on multilayer switches, one per VLAN.

•The management interface on an L2 switch is an SVI, but an
L2 switch is limited to one active SVI.
•An SVI associates with an L2 VLAN – a switch must have an
active L2 instance of a VLAN in order for an (L3) SVI to
function.

!9
Routed Ports
•Use the no switchport ! Type to enter text
command to configure a
physical switch port as a
routed port.
•Routed ports are used in
conjunction with SVI’s.
•Routed ports connect point-
to-point (L3) links between
distribution layer and core
layer switches.
•A 48-port L3 switch can be
configured as a 48-port
router.

!10
Path for
Traffic
Forwarding
using SVI

!11
Routed/L3-Switched vs. L2 Switched Design
Type to enter text

•Routing can now be performed at L2 switching speeds by

switching frames/packets using specialized hardware
circuits.
•L3 switches serve as default gateways, terminating VLANs
(one IP subnet per VLAN).

!12
VLANs in Enterprise Campus Design

▪ VLANs used at the access layer should extend no further than their
associated distribution switch.
▪ Traffic is routed from the local VLAN as it is passed from the distribution
layer into the core.
▪ Blocks can contain one to three VLANs each.
▪ STP is limited to access and distribution switches.
▪ DHCP is used to assign IP addresses to users.

!13
Design with VLAN Trunks

▪ Trunks interconnect access layer switches.

▪ Trunks connect access layer switches to distribution layer switches.
▪ Layer 3 links interconnect core and distribution layer switches.
▪ Access layer switches are configured in a spanning-tree, loop-free, V-shaped topology. If
one distribution link fails, HSRP or VRRP provide an alternative default gateway.
▪ Recommended: turn off DTP and manually prune VLANs on trunks.

!14
2. DHCP in Network
Infrastructure

!15
DHCP Overview
! Distribution multilayer ! Type to enter text
switches often act as Layer 3
gateways for clients
connecting to the access
switches on various VLANs.
Therefore, the DHCP service
can be provided directly by
the distribution switches.
! Alternatively, DHCP services
can be concentrated in an
external, dedicated DHCP
server. In that case,
distribution switches need to
redirect the incoming clients
DHCP requests to the
external DHCP server.

!16
DHCP Operation
Type to enter text

! Step 1. The client sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCP server.
! Step 2. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a
domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message. A DHCP
client might receive offers from multiple DHCP servers and can accept any one of the offers; however,
the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a
guarantee that the IP address will be allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address.
! Step 3. The client returns a formal request for the offered IP address to the DHCP server in a
DHCPREQUEST broadcast message.
! Step 4. The DHCP server confirms that the IP address has been allocated to the client by returning a
DHCPACK unicast message to the client.

!17
DHCP Relay
! Use the ip helper-
address command on the
interface which connects to
the subnet containing
devices which request IP
addresses from the DHCP
server.
! On a multilayer switch, the
interface “connecting” to the
relevant subnet is typically
an SVI.

Switch(config)# interface vlan10

Switch(config-if)# ip address 10.1.10.1 255.255.255.0
Switch(config-if)# ip helper-address 10.1.100.1

!18
3. HSRP in Network
Infrastructure

!19
Hot Standby Router Protocol (HSRP)
▪ Cisco-proprietary gateway
redundancy protocol.
▪ Participating routers talk to
each other and agree on a
virtual router with a virtual
IP address which end
systems use as a default
gateway.

!20
Typical HSRP Scenario

!21
HSRP Failover
▪ When active router or links
between routers fail, the
standby router stops seeing
hello messages from active
router. Standby router then
assumes role of forwarding
router.
▪ Because new forwarding
router assumes both IP and
MAC address of virtual
router, end stations see no
disruption in service.

!22
HSRP Operation
▪ HSRP active and standby routers send hello messages to
multicast address 224.0.0.2 UDP port 1985.
▪ Hello messages used to communicated between routers
within HSRP group.
▪ All routers in HSRP group need to be L2-adjacent.
▪ All routers in an HSRP group have specific roles and interact
in specific ways:
• Virtual router
• Active router
• Standby router
• Other routers

!23
HSRP MAC Address

▪ Router A assumes the active role and forwards all frames

addressed to the assigned HSRP MAC address of
0000.0c07.acxx, where xx is the HSRP group identifier.

!24
HSRP States
State Definition

Initial The beginning state. The initial state indicates that HSRP does
not run. This state is entered via a configuration change or
when an interface first comes up.
Listen The router knows the virtual IP address, but the router is neither
the active router nor the standby router. It listens for hello
messages from those routers.
Speak The router sends periodic hello messages and actively
participates in the election of the active or standby router. A
router cannot enter speak state unless the router has the virtual
IP address.
Standby The router is a candidate to become the next active router and
sends periodic hello messages. With the exclusion of transient
conditions, there is, at most, one router in the group in standby
state.
Active The router currently forwards packets that are sent to the group
virtual MAC address. The router sends periodic hello messages.
With the exclusion of transient conditions, there must be, at the
most, one router in the active state in the group.
!25
HSRP State Transition

▪ Router A starts. As it is the first router for standby Group 1 in the subnet, it
transits through the listen and speak states and then becomes the active
router.
▪ Router B starts after Router A. While Router B is in listen state, Router A is
already assuming the standby and then the active role. As there is already
an existing active router, Router B assumes the standby role.
!26
HSRP Active Router and Spanning Tree Topology

▪ In a redundant spanning-tree topology, some links are blocked. The spanning-

tree topology has no awareness about the HSRP configuration. There is no
automatic relationship between the HSRP active router election process and the
Spanning Tree Root Bridge election.
▪ When configuring both spanning tree and HSRP (or any other first hop
redundancy protocol), you must make sure that the active router is the same as
the root bridge for the corresponding VLAN. When the root bridge is different
from the HSRP active router, a suboptimal path can result, as illustrated.

!27
Load Balancing with 2 HSRP Groups

!28
Other Protocols for L3 High Availability
▪ Hot Standby Router Protocol (HSRP)
▪ Virtual Router Redundancy Protocol (VRRP)
▪ Gateway Load Balancing Protocol (GLBP)

!29