Cisco CCNP Training Course – Day 7 – SWITCH

Lets Jump straight in…

Covered is

  • MST Config
  • Etherchannel
  • Spanning-Tree
  • BPDU Guard, Filter, Loop Guard, Root Guard, UDLD
  • Uplink Fast, Backbone Fast
  • HSRP
MST Config
(config)#spanning-tree mode mst
(config)#spanning-tree mst configuration
(config-mst)#name (value)
(config-mst)#revision (value)
(config-mst)#instance (value) vlan (value) (Eg. 1-3, 1,3,5 or 1-3,5,7)
(config-mst)#end (applies the configuration)
(config)#spanning-tree mst (instance No.) root (primary/secondary)

To see the configuration, whilst in spanning-tree mode mst;

(config-mst)#show pending
(config-mst)#show current

To see the config when in global configuration mode;

(config)#show spanning-tree mst configuration

The instance numbers need to be the same on all switches for them to co-operate in this version of spanning tree.

Etherchannel

Up to 8 ports bundled into 1 channel with 6 channels per switch.

Cisco proprietary – PAgP – Port Aggregation Protocol

  • Modes;
    • On
    • Desirable
    • Auto

IEEE – LACP – Link Aggregation Control Protocol

  • Modes;
    • On
    • Active
    • Passive

All links on both sides of the switch need to be the same speed and duplex.

Layer 2 Port Channel  Configuration

(config)#interface range (int-int)
(config-line)#switchport trunk encapsulation dot1q
(config-line)#switchport mode trunk
(config-line)#channel-protocol (LACP/PAgP)
(config-line)#channel-group (value) mode (on, auto, desirable, non-silent, passive, active)
(config-line)#exit
(config)#interface port-channel (value)
(config-line)#switchport trunk encapsulation dot1q
(config-line)#switchport mode trunk
(config-line)#switchport trunk allowed vlan (add) (value)
(config-line)#no shut

It is recommended that vlan configuration and anything else is set at the port channel, and not on the individual interfaces taking part in the port channel. This is to help remove human error, if there is a difference between configurations at a interface and/or port channel level, this is will cause the bundle to fail, or for at least one port in the bundle to error.

Layer 3 Port Channel Configuration

(config)#interface range (int-int)
(config-line)#no switchport
(config-line)#channel-protocol (LACP/PAgP)
(config-line)#channel-group (value) mode (on, auto, desirable, non-silent, passive, active)
(config-line)#exit
(config)#interface port-channel (value)
(config-line)#switchport trunk encapsulation dot1q
(config-line)#ip address (IP address) (subnet)
(config-line)#no shut
(config-line)#exit
(config)#ip routing
Spanning-tree – Exhanced features for Stability

1. BPDU Guard – Prevents problems related to switches accidentally being connected to PortFast-enabled ports. (For Access Ports)

2. BDPU Filter – Prevents BPDUs from being transmitted from PortFast-enabled interfaces. (For Access Ports)

3. Root Guard – When activated stops any higher BPDUs from creating instability. When root guard is configured on an interface, it forces the port to always remain a designated interface, never allowing it to transition to a root port.

If a root guard-enabled port receives a higher BPDU, it immediately moves the port to a root-inconsistent STP state (practically the same as the listening state) and does not forward any traffic out that port.

When the root guard protected port stops receiving the higher BPDUs, it automatically unblocks the port and then proceeds through the normal listening, learning, and finally forwarding states. This is done without any intervention for an end user. (For Trunk Ports)

4. Loop Guard – When activated avoids sudden instability that can lead to loops, such as port flapping. (For Trunk Ports)

5. UDLD – Uni-Directional Link Detection – This feature when activated, allows to detect such uni-directional link. UDLD sends UDLD protocol packets to its neighbor switch – 15 seconds being thedefault. The neighbor is then expected to echo packet the packets before a timer expires. If the originating switch does not hear a reply before the timer expires, it shuts down the port. (For Trunk Ports)

BPDU Guard Config

Global Mode

(config)#spanning-tree port-fast default
(config)#spanning-tree port-fast bpduguard default

Effects every port that is negoiated as a access port and where the portfast is activated, then BPDU Guard will be activated too.

Interface Mode

(config)#interface (value)
(config-line)#switchport mode access
(config-line)#spanning-tree bpduguard enable
BPDU Filter Config

Global Mode

(config)#spanning-tree portfast default
(config)#spanning-tree portfast bpdufilter default

Interface recieving a BPDU Filter will remove the interface out of portfast & allow the BPDU packet to go through

Interface Mode

(config)#interface (value)
(config-line)#switchport mode access
(config-line)#spanning-tree bpdufilter enable

Stops the BPDU packet from the recieving switch without shutting down the interface.

Root Guard
(config)#interface (value)
(config-line)#spanning-tree guard root
Loop Guard

Global Mode

(config)#spanning-tree loopguard default

Interface Mode

(config)#inteface (value)
(config-line)#spanning-tree guard loop
UDLD

Global Mode

(config)#udld enable

This enables the feature on all fibre links

Interface Mode

(config)#interface (value)
(config-line)#udld port (Agressive)

By using the “Agressive” argument, tries to re-establish the connection 8 times, after that it puts the port into an err-disabled state.

Uplink Fast

Used to speed up the convergence of STP process on trunks when a direct link failure is dectected.

Uplink Fast

With uplink fast on SW3, if the failure was a direct link fail that is connected to SW4 and if uplink fast is active on SW4, then the blocked port directly converges to a Foward state (Root Port Role)

Backbone Fast

Backbone Fast

Alters the convergence process by reducing the convergence time delay. When SW4 detects a indirect link failure and if backbone fast is configured it will only bypass the 20 seconds Max Age timer.

This will reduce the transition time frame 50 seconds to 30 seconds for the port to become a root port.

First Hop Reduancy Protocol

Creating a virtual floating IP.

1. HSRP – Hop Standby Routing Protocol (Cisco)

2. VRRP – Virtual Route Redundancy Protocol (IEEE)

3. GLBP – Gateway Load Balancing Protocol (Cisco)

HSRP

Group ID = between 1 – 255

States;

  • Init
  • Listen
  • Speak
  • Stanby
  • Active

Uses a virtual MAC Address on each group.

0000:0C07:AEXX

XX = Group ID in Hexidecimal

Priority = Default 100, if same priority tie, then highest IP wins, that switch will be chosen as Active.

Once the virtual IP has failed over, doesnt failback to the currently failed switch when it is back online.*

* Unless the “preempt” command is used.

Configuration on first switch;

(config)#interface vlaen (value)
(config-line)#standby (value) ip (ip address) (subnet)
(config-line)#standby (value) priority (value)
(config-line)#standby (value) preempt

Configuration on second switch;

(config)#interface vlan (value)
(config-line)#standby (value) ip (ip address) (subnet)
(config-line)#standby (value) priority (value)
(config-line)#standby (value) preempt

Note: The standby IP is the same on both switches.

And thats it for today.

I’ll cover off the last bits of HRSP on day 8.

Dean (Linkedin)

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.