Tag Archives: etherchannel

Implementing Cisco Switched Networks Chapter 2 Review

Posted on by
Reply

This is my review and notes of Chapter 2 of “Implementing Cisco Switched Networks Foundation Learning Guide”.

Implementing-Cisco-IP-Switched-Networks-SWITCH-Foundation-Learning-Guide-Froom-CCIE-No-EB9781587141645

Chapter 2

Chapter is a pretty good refresher for a lot of things around VLANs. Having not used Cisco switches for a while, the show commands are a pretty helpful reminder of some available commands other vendors may not have. The chapter also somewhat applies some of the models discussed in chapter 1 in terms of the VLAN implementation around PPDIOO.

Later the chapter covers Private VLANs and EtherChannel. Personally felt the Private VLAN explanation was too confusing and instead resorted to an explanation from How to Master CCNP Switch.

In terms of the CCNP exam, probably need to know:
– Understand VLAN configuration and show commands
– Correct trunking configuration
– Different modes of DTP. Possibly some VTP.
– Private VLANs
– EtherChannel

Covers:
– End to End VLAN, and Local VLAN models
– VLAN configuration and show commands
– Trunking – briefly ISL, which doesn’t matter, and 802.1Q
– DTP – Dynamic Trunking Protocol
– VTP – VLAN Trunking Protocol
– Private VLANs
– EtherChannel covering PAgp, LACP, and includes load balancing techniques.

VLAN Models

End to End VLAN
– Each VLAN spans the network geographically.
– Users are grouped into each VLAN regardless of physical location
– As users move througout the campus, the VLAN membership of that user remains the same (probably through 802.1x)
– Users are typically associated with a given VLAN for network management reason hence why they are kept in the same VLAN.
→ Switches typically use VTP in server/client mode.

Local VLAN – Choice for Campus Enterprise Architechture.
– VLANs are configured for each floor or building
→ In other words, local VLANs are created with physical boundries in mind rather than the job function of the user.
– Generally local VLANs exist between the access and distribution levels.
– Traffic is routed at Distribution and Core to reach other destinations on the network.
– Usual reccommendation is max of 3 VLANs per access layer switch.
→ VTP configured in transparent mode as no vlans should be advertised to other switches, nor need to be created on any other switches.

=> A network that consists of entirely locla VLANs can benefit from increased convergence times offered via routing protocols, instead of spanning-tree for layer 2 networks.

Helpful VLAN configuration commands:

Switchport mode host
– This is a macro for enabling spanning-tree PortFast and disabling etherchannel on a per port basis.

Show vlan
Show vlan br
Show vlan id X
Show vlan name X
– Pretty helpful generic vlan command

Show run int fa0/0
Display current config on a particular port

Show interfaces
Show int fa0/0 switchport
– Switchport characteristics
– Private VLAN and trunking info

Show mac-address-table interface __ vlan __
– Displays MAC address table info for specified interface in specified vlan.
– Very helpful in determining if attached devices are sending packets to the correct VLAN.

DTP – Dynamic Trunking Protocol
– Cisco proprietary point-to-point protocol for switches to negotiate trunk links

Modes:
Access – Port is permanently configured for nontrucking.
Trunk – Port is permanently configured for trunking.
– Other End of link needs to be trunk/dynamic desirable, or dynamic auto.
Nonegotiate – Puts port in permanent trunking mode BUT port will not send out DTP frames.
– Other end of link needs to be either trunk or nonegotiate.
Dynamic Desirable – Interface activel attempts to convert the link to a trunk link.
– Trunk forms if neighbor interface is set to trunk/desirable, or auto
Dynamic Auto – Interface willing to convert the link to a trunk link.
– Trunk only form if neighbor set to desirable or trunk.

Trunking verification commands
Show run int X
Show int X switchport
Show int X trunk

VTP – VLAN Trunking Protocol
– Cisco proprietary protocol that is used to synchronise and distribution VLAN databases throughout a switched network.
– Cisco switches transmit VTP info only on trunk links.
– VTP info is multicast.

VTP Modes and operation
Client
– Can’t create,change, or delete VLANs
– Forwards advertisements to other switches
– Synchronizes VLAN config with latest info received from other switches in management domain.
– Does not save VLAN config in NVRAM.

Server
– Creates, modifies, and deletes VLANs.
– Sends and forwards advertisements to other switches.
– Synchronizes VLAN config with latest info received from other switches in VTP domain
– Saves VLAN config in NVRAM.

Transparent
– Creates, deletes, and modifies VLANs only from and on the local switch
– Fowards VTP advertisements received from other switches in same VTP domain.
– Saves VLAN config in NVRAM.

There’s a bit more to VTP such as importance of sequence number etc but this isn’t stuff I feel I personally need notes on.

VTP Pruning
– Probably one of the main advantages to using VTP.
– VTP pruning uses VLAN advertisements to determine when a trunk connection is flooding traffic over trunk links needlessly. By default, a trunk connection carries traffic for all VLANs in the VTP management domain.
– VTP pruning increases available bandwidth by restricting flooded traffic to those turnk links that the traffic must use to access the appropriate network devices.

VTP has 3 versions. Version 2 is most commonly used.

If all switches in a domain are capable of running VTP version 2, enable VTP version 2 on one VTP server. The VTP server propogates the version number to the other VTP version 2 capable switches in the VTP domain.

Private VLANs

I found the implementing switch chapter pretty confusing on this subject, and instead looked at How to Master CCNP Switch. From the brief look I’ve had at this book, I think it’s pretty good, and avoids a lot of the waffle that you find in the Cisco press books. If I had more time before my exam, I would have liked to read this book in more detail. Anywho on to private VLANs!

A private VLAN is simply a vlan that has limited communication with other ports on the switch, depending on configuration.

A private VLAN always has one primary VLAN. Within the primary VLAN you will find the promiscuous port.

Secondary VLANs can always communicate with the promiscuous port but they can never communicate with other secondary VLANs.

Private VLANs can also be carried over 802.1Q trunk links. Configuration is basically the same on the other switch. You only need to add the vlans to the trunk link.

Private VLAN port types:

Isolated
Complete layer 2 separation from other ports within the same private VLAN, except promiscuous ports.

Promiscuous
– Can communicate with all ports within the private VLAN, including community and isoldate ports.
– Only part of 1 primary VLAN, but each promiscuous port can map to more than one secuary private VLAN.
– Promiscuous ports are generally router ports, backup or shared servers, or VLAN interfaces.

Community
– Community ports communicates among themselves and with their promiscuous ports.
– Isolated at layer 2 from other interfaces in other communities, or in isolated ports within their private VLAN.

Private VLAN configuration

Using an example borrowed from Renés Mastering CCNP Switch book:

Firstly configure the switch to VTP mode transparent.

– Primary VLAN of 500
– Secondary Community VLAN is 501
– Secondary Isolated VLAN is 502

####### Configuring Primary VLAN and Secondary Community VLAN ########
S1(config)#vtp mode transparent
S1(config)#vlan 501
S1(config-vlan)#private-vlan community
S1(config-vlan)#vlan 500
S1(config-vlan)#private-vlan primary
S1(config-vlan)#private-vlan association add 501

##### Assigning private vlan, along with primary to switch ports ##########
S1(config)#interface range fa0/1 – 2
S1(config-if)#switchport mode private-vlan host
S1(config-if)#switchport private-vlan host-association 500 501

##### Configuring Promiscuous port #####
S1(config)#interface fa0/24
S1(config-if)#switchport mode private-vlan promiscuous
S1(config-if)#switchport private-vlan mapping 500 501

####### Configuring Isolated VLAN ########
S1(config)#vlan 502
S1(config-vlan)#private-vlan isolated
S1(config-vlan)#vlan 500
S1(config-vlan)#private-vlan primary
S1(config-vlan)#private-vlan assocation add 502

##### Assigning private vlan, along with primary to switch ports ##########
S1(config)#interface range fa0/3 – 4
S1(config-if)#switchport mode private-vlan host
S1(config-if)#switchport private-vlan host-association 500 502

##### Configuring Promiscuous port #####
S1(config)#interface fa0/24
S1(config-if)#switchport mode private-vlan promiscuous
S1(config-if)#switchport private-vlan mapping 500 502

##### Verification #####
S1#show interfaces fa0/1 switchport
S1#show interfaces fa0/24 switchport
S1#show vlan private-vlan
S1#show vlan private-vlan type

Cisco Port Protect Feature
– Very simple version of private-vlans for lower end switches
– Traffic can only flow between a protected and unprotected port
– If two ports are port protected, they can not communicate with eachother.
EtherChannel – Pagp and LACP

Apologies if this section lacks more detail. It’s not an area I personally need many notes on.

PAgP – Port Aggregation Protocol
– Cisco Propritary
– Packets sent every 30 seconds. PagP checks for config consistency and manages link additions and failures between two switches.

Modes

Auto
– Default
– Passive state in which the ports respond to PagP packets that it receives but does not initiate PagP negotiation.

Desirable
– Active negotiating state

On
– Forces interface to channel without PagP
– Does not exchange PagP packets.
– Other side also needs to be configured with ‘on’.

Non-silent
– If a switch is connected to a PAgP capable partner, add this keyword on when configuring auto or desirable. If you do not specify this, silent is assumed. Silent is for connections to file servers or wireshark (why??)

So if doing PAgP, make sure to also add ‘non-silent’

LACP – Link Aggregation Control Protocol
Basically identical to PAgP but IEEE open version.

Modes

Passive
– Default
– Passive negotiating state (responds to LACP packets, but doesn’t initiate EtherChannel).

Active
– Active negotiating state
– Will form EtherChannel with partner as Active or Passive

On
– Forces interface to channel without PAgP or LACP.

Additional Parameters

System priority – Each switch running LACP must have a system priority. This is automatic, but user can also manually configure. Switch uses MAC address and system priority to form the system ID.

Port priority – Same as above. Switch uses the port priority to decide which ports to put in standby mode when a hardware limitation prevents all compatible ports from aggregating.

Administrative key – As above, auto but can be manually done. Defines the capability of a port to aggregate with other ports e.g. physical port characterisitcs incl speed/duplex etc.

EtherChannel Load Balancing Options

One thing people often get wrong when it comes to EtherChannel or aggregator links, is they think that because they have two 1gbit links in an aggregator, that they now have 2gbit of bandwidth for any of their traffic. This is only slightly true, as aggregators use a load balancing technique to ‘balance’ traffic over the two links. Depending on source/destination traffic that flows through the link, you may or may not maximise available bandwidth. See below on different balancing techniques.

Cisco offers:
Src-mac
dst-mac
src-dst-mac
src-ip
src-dst-ip
src-port
dst-port
src-dst-port

Use “Show etherchannel load-balance” to see what mode is in effect. ‘Conf t > port-channel load-balance’ to change it.