2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel

Screenshot_2018-06-03_19-49-24

2.9.a Static

To configure static ether channels use the “mode on” option. Then configure the port range and the port channel interface with the “no switchport” option.

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#show spanning-tree 
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0001.C707.7E59
             Cost        19
             Port        1(FastEthernet0/1)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0090.2B11.53A2
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Root FWD 19        128.1    P2p
Fa0/2            Altn BLK 19        128.2    P2p
Fa0/3            Altn BLK 19        128.3    P2p
Fa0/4            Altn BLK 19        128.4    P2p
Switch(config)#int ran f0/1-4
Switch(config-if-range)#no switchport 
Switch(config-if-range)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up

Switch(config-if-range)#channel-group 1 mode on
Switch(config-if-range)#
Creating a port-channel interface Port-channel 1

%LINK-5-CHANGED: Interface Port-channel1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

Switch(config-if-range)#int port-channel 1
Switch(config-if)#ip address 10.0.0.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#^Z

2.9.b PAGP

To enable PAGP just specify the following option:

Switch(config-if-range)#channel-group 1 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected
Switch(config-if-range)#channel-group 1 mode

2.9.c LACP

To enable LACP just specify the options:

Switch(config-if-range)#channel-group 1 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected
Switch(config-if-range)#channel-group 1 mode

To troubleshoot and verify the configuration use the various “show” commands:

Switch#show etherchannel summary 
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------

1      Po1(RU)           -      Fa0/1(P) Fa0/2(P) Fa0/3(P) Fa0/4(P) 
Switch#show etherchannel ?
  load-balance  Load-balance/frame-distribution scheme among ports in
                port-channel
  port-channel  Port-channel information
  summary       One-line summary per channel-group
  
Switch#show etherchannel port-channel 
                Channel-group listing:
                ----------------------

Group: 1
----------
                Port-channels in the group:
                ---------------------------

Port-channel: Po1
------------

Age of the Port-channel   = 00d:00h:01m:14s
Logical slot/port   = 2/1       Number of ports = 4
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel 
Protocol            =   PAGP
Port Security       = Disabled

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
  0     00     Fa0/1    On                 0
  0     00     Fa0/2    On                 0
  0     00     Fa0/3    On                 0
  0     00     Fa0/4    On                 0
Time since last port bundled:    00d:00h:01m:14s    Fa0/4

The “show” commands should display enough information to troubleshoot the ether channel.

Note: on some switches the “no switchport” command is not available. I used a Layer 3 switch in Packet Tracer 7 to perform these labs. GNS3 does not support etherchannels.

2.10 Describe the benefits of switch stacking and chassis aggregation

Switch stacking and chassis aggregation allows the expansion of a switch without increasing management complexity. This is achieved because the switch stack acts as a single logical switch. This means protocols like SSH, CDP, VTP and STP run off a single switch. This also means there is also a single configuration file to maintain and a single MAC address table.

 

2.8 Configure and verify Layer 2 protocols

2.8.a Cisco Discovery Protocol

! check if CDP is enabled:
R2#show cdp
% CDP is not enabled
R2#
*Jun 2 21:30:46.407: %SYS-5-CONFIG_I: Configured from console by console
R2#show cdp
% CDP is not enabled
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
! to enable CDP:
R2(config)#cdp run
R2(config)#^Z
R2#
*Jun 2 21:31:01.239: %SYS-5-CONFIG_I: Configured from console by console
R2#show cdp
Global CDP information:
 Sending CDP packets every 60 seconds
 Sending a holdtime value of 180 seconds
 Sending CDPv2 advertisements is enabled
R2#

The above snipped show “global” CDP configuration. CDP can be disabled on a per interface basis – but can not be enabled on an interface if it is globally disabled:

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int g0/0
R2(config-if)#cdp enable
% Cannot enable CDP on this interface, since CDP is not running
R2(config-if)#

To disable CDP on an interface:

R2(config-if)#no cdp enable

Here are some various “show” commands:

  
R2#show cdp
Global CDP information:
	Sending CDP packets every 60 seconds
	Sending a holdtime value of 180 seconds
	Sending CDPv2 advertisements is  enabled
R2#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R1               Gig 0/0            89            R       7206VXR   Gig 0/0
R2#show cdp traffic 
CDP counters :
	Total packets output: 9, Input: 5
	Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
	No memory: 0, Invalid packet: 0, Fragmented: 0
	CDP version 1 advertisements output: 0, Input: 0
	CDP version 2 advertisements output: 9, Input: 5
R2#show cdp interface g0/0
GigabitEthernet0/0 is up, line protocol is up
  Encapsulation ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds
R2#

As a note – CDP is a layer 2 protocol and does not require that the communicating devices have a working layer 3 address. CDP messages are sent to a multi-cast mac address. See the below packet capture.

Screenshot_2018-06-02_21-42-48.png

2.8.b LLDP

CDP is a Cisco proprietary protocol. LLDP is a similar protocol that is not proprietary and is covered by IEEE standard 802.1AB. The commands and functionality are similar. LLDP is also a Layer 2 protocol.

Router(config)#lldp run
Router(config)#^Z
Router#
*Jun  2 11:55:40.002: %SYS-5-CONFIG_I: Configured from console by console  
Router#show lldp neighbors 
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
Router              Et0/0          120        R               Et0/0

Total entries displayed: 1

Router#show lldp entry Router

Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
------------------------------------------------
Chassis id: aabb.cc00.0100
Port id: Et0/0
Port Description: Ethernet0/0
System Name: Router

System Description: 
Cisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Version 15.4(1)T, DEVELOPMENT TEST SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Sat 23-Nov-13 03:28 by prod_rel_tea

Time remaining: 106 seconds
System Capabilities: B,R
Enabled Capabilities: R
Management Addresses - not advertised
Auto Negotiation - not supported
Physical media capabilities - not advertised
Media Attachment Unit type - not advertised
Vlan ID: - not advertised


Total entries displayed: 1
Router#

 
Here is a packet capture. As you can see LLDP also broadcast to a multi-cast ethernet mac address and therefore is a Layer 2 protocol.
Screenshot_2018-06-02_21-58-06

2.7 Configure, verify and troubleshoot STP related optional features

2.7.a PortFast

Port fast disables STP on a port allowing the interface to start forwarding immediately by bypassing STP safety checks.

This should be used with caution and only on ports NOT connected to other switches!

IOU1(config-if)#spanning-tree portfast

 

2.7.b BPDU guard

BPDU guard will immediately place the port in an err-disabled state if it detects and STP BPDUs on that interface.

Enable BPDU guard if enabling PortFast.

IOU1(config-if)#spanning-tree bpduguard enable 
IOU1(config-if)#
*May 6 13:59:00.436: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
IOU1(config-if)#
*May 6 13:59:01.436: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to down
IOU1(config-if)#^Z
IOU1#show inf
*May 6 14:00:13.974: %SYS-5-CONFIG_I: Configured from console by console
IOU1#show int e0/0
Ethernet0/0 is down, line protocol is down (err-disabled)

 

2.6 Configure, verify, and troubleshoot STP protocols

2.6.a STP mode (PVST+ and RPVST+)

STP or Spanning Tree Protocol allows for redundant links to be installed in switched networks without create switching loops where the same packet is forwarded again and again around the network.

PVST and RPVST refer to Per VLAN Spanning Tree Protocol and Rapid Per VLAN Spanning Tree Protocol.

Screenshot_2018-05-06_15-30-58.png

Consider the above topology. First we must configure VTP to distrubute the VLAN database. Here will make IOU1 the server and the rest clients:

IOU1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOU1(config)#vtp mode server 
Device mode already VTP Server for VLANS.
IOU1(config)#vtp domain clinetworking
Domain name already set to clinetworking.
IOU1(config)#vtp password supasecret
Password already set to supasecret
IOU1(config)#^Z
IOU1#

Perform the above config on each switch substituting “server” for client.

Next configure trunk ports (do this on each switch):

IOU1(config)#int range e0/0-2
IOU1(config-if-range)#switchport trunk encapsulation dot1q 
IOU1(config-if-range)#switchport mode trunk 
IOU1(config-if-range)#^Z
IOU1#

Next configure STP mode to be PVST.

IOU1(config)#spanning-tree mode pvst

2.6.b STP root bridge selection

Electing the root bridge

Spanning Tree Protocol begins with the Spanning Tree Alogorithm choosing  a root bridge. To do this each bridge sends a Hello BPDU (Bridge Protocol Data Unit) containing the bridge’s BID and it’s root cost. Below is a packet capture from IOU1 containing the Hello BPDU sent to IOU4 on e0/2. Notice the this frame is for VLAN 30.

superiorhello.png

This is a Hello BPDU and is a superior hello as the priority + mac address is lower than the corresponding Hello BPDU send by IOU4 just moments earlier on the same link:

inferior hello.png

IOU4 receives IOU1’s Hello packet on it’s e0/2 interface and immediately stops transmitting it’s BID as IOU1 has a superior hello.

Root bridge’s are elected based on:

  1. Lowest priority (all switches have the default 32768 + VLAN id)
  2. Lowest mac address (IOU1 has the lowest)

Now IOU4 will retransmit IOU1’s BID packet until it receives a superior hello. See packet capture from IOU4 on e0/1 interface. This process continues until only the superior hello’s from IOU1 are forwarded.

rxsuphello.png

Notice in this packet capture that the root bridge is listed as IOU1 but the bridge identifier is listed as IOU4. This is simply IOU4 retransmitting the bid from IOU1 with it’s cost added (called the root cost).

Choosing the root ports

Each non-root switch must then choose it’s only root port. This is done by choosing the port with the lowest root cost (to the root switch/bridge).

In the case of IOU4 it chooses it’s e0/2 as it’s root port as it has the lowest root cost to the root bridge IOU1.

IOU4#show spanning-tree vlan 30

VLAN0030
  Spanning tree enabled protocol ieee
  Root ID    Priority    32798
             Address     aabb.cc00.0100
             Cost        100
             Port        3 (Ethernet0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32798  (priority 32768 sys-id-ext 30)
             Address     aabb.cc00.0300
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Altn BLK 100       128.1    Shr 
Et0/1               Desg FWD 100       128.2    Shr 
Et0/2               Root FWD 100       128.3    Shr 


IOU4#

 Choosing the Designated Port

The Designated Port is the port which forwards traffic into a LAN segment. To choose the Designated Port switches battle it out and choose the switch with the lowest BID.

If this is a tie (ie the switch is connected to a hub with several links and hears it’s own hello packets) the lowest interface STP priority if that fails the lowest interface number.

So here are the steps:

  1. Lowest bid
  2. Lowest interface STP priority
  3. Lowest interface number

Let look at IOU2 and IOU4:

IOU2#show spanning-tree vlan 30

VLAN0030
  Spanning tree enabled protocol ieee
  Root ID    Priority    32798
             Address     aabb.cc00.0100
             Cost        100
             Port        1 (Ethernet0/0)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32798  (priority 32768 sys-id-ext 30)
             Address     aabb.cc00.0400
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Root FWD 100       128.1    Shr 
Et0/1               Altn BLK 100       128.2    Shr 
Et0/2               Altn BLK 100       128.3    Shr 


IOU2#

IOU4#show spanning-tree vlan 30

VLAN0030
  Spanning tree enabled protocol ieee
  Root ID    Priority    32798
             Address     aabb.cc00.0100
             Cost        100
             Port        3 (Ethernet0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32798  (priority 32768 sys-id-ext 30)
             Address     aabb.cc00.0300
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Altn BLK 100       128.1    Shr 
Et0/1               Desg FWD 100       128.2    Shr 
Et0/2               Root FWD 100       128.3    Shr 


IOU4#

IOU2 and IOU4 share link e0/1. IOU4 has the lowest bid (32798 + aabb.cc00.0300) vs (32798 + aabb.cc00.0400) so it wins the bid to have it’s DP on this link.

Now lets look at IOU3:

IOU3#show spanning-tree vlan 30

VLAN0030
  Spanning tree enabled protocol ieee
  Root ID    Priority    32798
             Address     aabb.cc00.0100
             Cost        100
             Port        2 (Ethernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32798  (priority 32768 sys-id-ext 30)
             Address     aabb.cc00.0200
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    Shr 
Et0/1               Root FWD 100       128.2    Shr 
Et0/2               Desg FWD 100       128.3    Shr 


IOU3#

IOU3 has a lower bid than IOU2 on e0/2 so it wins the bid to have it’s DP on this link.

2.6.a STP mode (PVST+ and RPVST+)

Rapid Per VLAN SPT works similar to PVST:

  1. it elects a root switch using bids and tie breakers
  2. it elects the root port on each non root switch with the same rules
  3. it elects designated ports the same
  4. it places ports in a forwarding or blocking state (discarding state)

To configure RPVST:

IOU4(config)#spanning-tree mode rapid-pvst

RPVST introduces a few new port roles:

  1. Alternate port (backup root port)
  2. Backup port (backup designated port)

 

2.5 Configure, verify, and troubleshoot interswitch connectivity

2.5.a Trunk ports

To configure a trunk port choose the encapsulation then specify the mode:

IOU1(config-if)#switchport trunk encapsulation ?
 dot1q Interface uses only 802.1q trunking encapsulation when trunking
 isl Interface uses only ISL trunking encapsulation when trunking
 negotiate Device will negotiate trunking encapsulation with peer on
 interface

“dot1q” (802.1q) is the most common with some switches only supporting this protocol.

Next configure the negotiation mode:

IOU1(config-if)#switchport mode ?
 access Set trunking mode to ACCESS unconditionally
 dot1q-tunnel set trunking mode to TUNNEL unconditionally
 dynamic Set trunking mode to dynamically negotiate access or trunk mode
 private-vlan Set private-vlan mode
 trunk Set trunking mode to TRUNK unconditionally

If you choose “dynamic” you have two options:

IOU1(config-if)#switchport mode dynamic ?
 auto Set trunking mode dynamic negotiation parameter to AUTO
 desirable Set trunking mode dynamic negotiation parameter to DESIRABLE

IOU1(config-if)#

If you want a trunk to form and you chose “dynamic auto”  mode you will need to set the other switch to “trunk” for “dynamic desirable” mode. Otherwise neither switch will initiate a trunk port.

To verify trunking use the “show” commands:

IOU1#show int trunk

Port Mode Encapsulation Status Native vlan
Et0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Et0/1 1-4094

Port Vlans allowed and active in management domain
Et0/1 1,10,1006

Port Vlans in spanning tree forwarding state and not pruned
Et0/1 1,10,1006
IOU1#show interface switchport 
Name: Et0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Appliance trust: none

In order for a switch to send traffic through a trunk port the VLAN must be in the VLAN database of all switches in the traffic’s path:

IOU1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/2, Et0/3, Et1/0, Et1/1
                                                Et1/2, Et1/3
10   VLAN0010                         active    Et0/0
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
1006 VLAN1006                         active    Et0/0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   
1006 enet  101006     1500  -      -      -        -    -        0      0   

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

2.5.b Add and remove VLANs on a trunk

VLANs can be added or removed from the trunk port:

IOU1(config-if)#switchport trunk ?
 allowed Set allowed VLAN characteristics when interface is in trunking
 mode

Use the various commands to add or remove VLANs:

IOU1(config-if)#switchport trunk allowed vlan ?
 WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
 add add VLANs to the current list
 all all VLANs
 except all VLANs except the following
 none no VLANs
 remove remove VLANs from the current list

2.5.c DTP, VTP (v1&v2), and 802.1Q

DTP ( Dynamic Trunking Protocol ) is used to negotiate trunks between switches when “dynamic desirable” and “dynamic auto” are set. To disable DTP use the “switchport nonegotiate” or “switchport mode trunk” commands.

VTP is the VLAN Trunking Protocol. It is a Cisco proprietary protocol that is used to share VLAN database information between switches.

To configure VTP on a switch:

IOU1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOU1(config)#vtp mode server
Device mode already VTP Server for VLANS.
IOU1(config)#vtp domain foobar
Domain name already set to foobar.
IOU1(config)#vtp password secret
Setting device VTP password to secret
IOU1(config)#vtp pruning
Pruning already switched on
IOU1(config)#^Z

On the neighboring switch enter the commands. It is recommended to only have one VTP server to simplify configuration. Configure the next switch as a client:

IOU2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOU2(config)#vtp mode client
Device mode already VTP Client for VLANS.
IOU2(config)#vtp domain foobar
Domain name already set to foobar.
IOU2(config)#vtp password secret
Setting device VTP password to secret
IOU2(config)#^Z

To troubleshoot use the following commands:

Verify that a operation trunk exists and that switches can see each other (VTP needs a trunk port):

IOU1#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, 
                  D - Remote, C - CVTA, M - Two-port Mac Relay 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
IOU2             Eth 0/1           143             R S I  Linux Uni Eth 0/1

Total cdp entries displayed : 1
IOU1#show int trun

Port        Mode             Encapsulation  Status        Native vlan
Et0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Et0/1       1-4094

Port        Vlans allowed and active in management domain
Et0/1       1,10,100-101,200,202,1000,1006

Port        Vlans in spanning tree forwarding state and not pruned
Et0/1       1,10,1006
IOU1#

Also check that the domain, password and MD5 digest match on the neighboring switches.

To troubleshoot 802.1Q trunking verify the following:

  1. L2 connectivity (duplex/speed)
  2. One switch must have either “switchport mode trunk” or “switchport mode dynamic desirable” to form a trunk with a switch with “switchport mode dynamic auto”
  3. Both switches are using the same encapsulation
  4. Check both switches have the VLANs entered in the VLAN database. Missing VLANs will not be processed.
  5. Check the native VLANs match

2.5.d Native VLAN

The native VLAN is simply a VLAN that is forwarded over the trunk without the 802.1Q tag inserted.

It can be configured with the following:

IOU1(config-if)#switchport trunk native ?
 vlan Set native VLAN when interface is in trunking mode

Mismatched native VLANS will result in connectivity issues as some traffic will be tagged in one direction but not in the other.

2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

 

2.4.a Access ports (data and voice)

Screenshot_2018-05-05_22-33-53

We will configure VLANs in the normal range (1-1005) and the extended range (1006-4094).

For PC1 and PC2 to communicate only L2 connectivity is needed as they are on the same VLAN.

The steps are as follows:

1.) Configure PC1 and PC2 to be on access ports and assign the voice and access VLANs

interface Ethernet0/0
 switchport mode access
 switchport access vlan 1006
 switchport voice vlan 10
!

2.) Configure a trunk port on each switch

interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!

That’s it! As both switches contain the VLANs 1006 and 10 they will forward the traffic between switches seamlessly.

2.4.b Default VLAN

The default VLAN is 1. It cannot be disabled and poses a security risk as a lot of Cisco services run on the default VLAN. It is recommended to set all ports to a different VLAN and to assign a single unused port to VLAN 1.

 

2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

Switches eliminate collisions by creating a collision domain for each interface when the interface runs in full duplex. Full duplex means that the switch and the device can simultaneous send and receive – this means no collisions can occur.

However if the switch is running in half duplex collisions can occur because only one device can communicate at a time – similar to normal verbal communication.

Packet collisions are rare in modern networks. Back before the invention of the switch, hubs were used. Hubs are simply repeaters – they receive electrical signals (Layer 1) and repeat them. This means anything connected to a hub is in the same collision domain. This is similar to having a conversation within earshot of someone. If multiple people try to talk in the vicinity of each other the information gets jumbled.

The invention of the switch meant this problem was eliminate meaning more than one device could use the network at a time. This dramatically increases performance.

You can check for collisions by issues the “show int” command:

R1#show int f0/0
FastEthernet0/0 is up, line protocol is up 
 Hardware is Gt96k FE, address is c201.1352.0000 (bia c201.1352.0000)
 Internet address is 10.0.0.1/24
 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
 Keepalive set (10 sec)
 Full-duplex, 100Mb/s, 100BaseTX/FX
 ARP type: ARPA, ARP Timeout 04:00:00
 Last input 00:00:00, output 00:00:00, output hang never
 Last clearing of "show interface" counters never
 Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
 Queueing strategy: fifo
 Output queue: 0/40 (size/max)
 5 minute input rate 69000 bits/sec, 23 packets/sec
 5 minute output rate 69000 bits/sec, 23 packets/sec
 10702 packets input, 5614386 bytes
 Received 6 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 10734 packets output, 5616917 bytes, 0 underruns
 0 output errors, 123 collisions, 4 interface resets
 0 unknown protocol drops
 0 babbles, 0 late collision, 0 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out

Collisions indicate a speed and or duplex mismatch. Here one interface is 10Mbps and the other is 100Mbps causing collisions.

When troubleshooting connectivity issues make sure the speed and duplex match on both ends.

2.2 Interpret Ethernet frame format

The IEEE 802.3 Ethernet Frame contains 7 fields. See below (source Wikipedia):

Screenshot from 2018-04-29 15-57-59

Here are the fields and their purpose:

  1. Preamble – 7 bytes – used for synchronizing the Layer 2 hardware (indicates that a Ethernet Frame follows)
  2. Start Frame Delimiter – 1 byte – Indicates that the next byte begins the Destination Mac Field
  3. Destination Mac Address  – 6 bytes – Identifies the destination Ethernet address
  4. Source Mac Address – 6 bytes – Identifies the source of the frame
  5. Length Or Type
    1. Length – 2 bytes – defines the length of the data field of the frame
    2. Type – 2 bytes – defines the type of protocol listed inside the frame
  6. Date and Pad – 46 to 1500 bytes – Hold the PDU/IP packet
  7. Frame Check Sequence (FCS) – 4 bytes – contains a CRC check of the frame – used to check the frame for errors.

 

2.1 Describe and verify switching concepts

2.1.a MAC learning and aging

Mac addresses are learned on the port based on received packets. The default aging for Cisco switched is 5 mins (300s).

See this topology:

 

Screenshot_2018-04-21_19-28-25.png

Switch#show mac address-table 
 Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
 1 0050.7966.6802 DYNAMIC Et0/2
 1 0050.7966.6803 DYNAMIC Et0/3
Total Mac Addresses for this criterion: 2

After issuing pings (10.0.0.1 – .4):

Switch#show mac address-table 
 Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
 1 0050.7966.6800 DYNAMIC Et0/0
 1 0050.7966.6801 DYNAMIC Et0/1
 1 0050.7966.6802 DYNAMIC Et0/2
 1 0050.7966.6803 DYNAMIC Et0/3
Total Mac Addresses for this criterion: 4

2.1.b Frame switching

The switches consult the mac-address table when making switching decisions on individual frames.
If there is no match for the destination frame, the switch floods the frame out all ports.

2.1.c Frame flooding

If there is no match for the destination frame, the switch floods the frame out all ports.

Here is an example, at the beginning of this exercise the switch’s mac-address table is empty. PC1 attempts to ping PC4.

The switch floods the ARP frame to all ports to the layer 2 broadcast address(FF:FF:FF:FF:FF:FF):

Screenshot_2018-04-21_20-01-37.png

Screenshot_2018-04-21_20-01-46

Here you can see the before and after on the switches mac address table:

Screenshot_2018-04-21_20-00-48.png
2.1.d MAC address table

The mac address table records the mac address for devices attached to each port.

Switch#show mac address-table 
 Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
 1 0050.7966.6800 DYNAMIC Et0/0
 1 0050.7966.6801 DYNAMIC Et0/1
 1 0050.7966.6802 DYNAMIC Et0/2
 1 0050.7966.6803 DYNAMIC Et0/3
Total Mac Addresses for this criterion: 4