 |
Tutorial |
|
||
|
|
by Chuck Larrieu
IntroductionIt's no secret that the CCIE Lab examination continues to evolve. It's also no secret that for some time now the switching equipment present in the lab was getting a bit long in the tooth. There has been speculation among many as to how Cisco might evolve from the set-based switches to the more modern IOS-based switches without causing severe hardship to Lab candidates. With Cisco's announcement of the move to the new 3550 series switch, CCIE candidates and Cisco customers now have a clear indication of the direction that Cisco's switching architecture will take.
Do remember that the 3550 can do things that traditionally could be done only on pure switches, but also can do routing things that traditionally could be done only on routers. So, in studying, you should consider configurations where the 3550 acts as a switch to another device (typically the other 3550), or as a router, or as a hybrid.
http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#18
The topic for this Study Guide is the Cisco Catalyst 3550 switch. It is written to introduce this new series switch to those who have not seen it and for those who had been concentrating their efforts on the "set-based" and Token Ring switches used in the CCIE R&S lab exam prior to November 2002. Cisco has said these earlier switches will be replaced with the 3550 in the CCIE lab (including all of Token Ring technology), but you certainly will see the older switches in the workplace.
Cisco's switching business developed mostly through acquisition. Recognizing that there was more to networking than routing, Cisco sought out companies with products that would fit well into Cisco's plans to dominate end-to-end connectivity, in the enterprise and in the Internet. The largest of Cisco's acquisitions was Crescendo, from which Cisco launched the Catalyst 5000 and 5500 series of switches. The original Crescendo switch interface was the "set-based" command line. Generations of network engineers have lived with, and in many cases have preferred this interface because of the flexibility it offers. This is particularly true when having to configure large numbers of interfaces in an identical manner.
The 5000/5500 series switches acquired Layer 3 capabilities with the introduction of the route-switch module (RSM). The switch would "switch when it could, route when it must". Routing is the only way to communicate between end-devices that reside in different VLANs in most situations (multi-port servers can do this as well). These switches served as the basis for the development of the Catalyst 6500 and 8500 series switch product lines. The 6500 continued to increase the routing power in the box, with greater Ethernet port density than is available on higher-end switches.
High-end routers (e.g., 7500, 10000, 12000) still tend to have more sophisticated routing and congestion management. Given Cisco's recent emphasis on QoS-enabled LAN and WAN networks, especially in AVVID (Architecture for Voice, Video, and Integrated Data) environments, Cisco has created a product line with combined switching/routing devices at every layer of the Cisco architecture, from the core (85xx and 65xx) to distribution (65xx and 4xxx) and all the way to the access layer (3550 and 2950 series). This product line can meet the demands of users who require more services and network engineers who require better performance and better control. This is especially important in Cisco AVVID deployments.
Another acquisition worth mentioning is that of Kalpana, whose equipment evolved into the Catalyst 3900 line, and whose menu-based interface is most commonly known to CCIE candidates through the Catalyst 3920 Token Ring switch.
Acquisitions of other companies eventually resulted in a product line that spanned all levels of LAN switching requirements, from small home and office (SOHO) environments to those of large enterprises and ISPs. The multitude of switching product acquisitions resulted in a variety of user interfaces and command sets throughout the Catalyst product line. Add to this the popularity of the Cisco router command line interface (CLI). Competitors such as Extreme, Foundry, and Marconi all use an "IOS-like" CLI as a selling point for their own products. As derived from Cisco marketing materials, customer and partner presentations, and product and software roadmaps, Cisco is responding to their customers' desires for a single user interface and has introduced the IOS CLI into their newer switching products like the 6500 series and the 3500 series. While the popularity and demand for browser-based interfaces continues, and while Cisco in turn continues to develop its own browser-based interfaces, as evidenced in the 3550 series Cluster Management Suite (CMS), Cisco shows every sign of continuing to enhance the IOS interface for its switches. To paraphrase J. R. R. Tolkien, Cisco is working towards "one IOS to configure them all, one IOS to find them, one IOS to manage them all, and as Cisco customers bind them".
We want to consider the implications of multiple 3550 switches in the CCIE Lab, building on the reader's familiarity with other Cisco switches. The focus is on how it works, the metaphor used, and how it differs from the metaphor of the set-based switches. What do I mean by metaphor?
Old Catalyst switches look at only physical ports, with VLANs being a simple feature that is configured onto a port. The new metaphor is based on physical ports, but there are virtual ports that can be configured as if they were physical, and then their attributes assigned to physical ports.
It should be noted that Cisco dedicates an entire Cisco Certified Professional (CCNP/CCDP) course and test on switching. It is not the intention of this paper to rehash that material but rather to focus on the Catalyst 3550 switch and its operation.
The 3550 interface is essentially identical to that of the switch it is replacing -- the 3500 series. In the product marketplace, the 3550 is replacing the Catalyst 3508, 3512, 3524, and 3548 switches. The 3550 command set is not identical at all to the Cat 5000 and Cat 3920 of the CCIE Lab, but it is identical to the new 2950 series, 4000 and 6500 series switches. If you have good hands-on experience with those products, you will find little new here in terms of the Layer 2 interface and commands. Obviously, if you are preparing for the CCIE Lab, you are working with routers and you will realize that there is little new in terms of the L3 interface. So why the anxiety around the introduction of the new switches and the removal of the old?
It is the author of this paper's intent to provide a fundamental look at the new switch and cover the major areas that make this switch part of the Cisco strategy to deploy Quality of Service (QoS) as well as advanced L2 and now L3 functionality right down to end user devices that Cisco hopes will include Cisco IP telephones. Having gained this familiarity, CCIE Lab candidates can worry less about the equipment changes and return to the study and mastery of the configuration concepts and commands that will ensure their success. The author of this paper has no information about how the 3550 will be used in the CCIE Lab nor what features may or may not be tested, other than what has been determined from public sources. Cisco states specifically "a CCIE candidate is responsible for and may be tested on any feature of which a particular piece of equipment is capable, for the IOS version that is in use." The only official exception to this statement is that which has been specifically excluded, as published on CCO.
There are three sources for "official" information about the CCIE Lab and its contents:
The CCO itself, referenced above. Candidates should regularly check there for the official word.
The CCIE power session offered by Cisco at Networkers every year. Some of the topics covered in this paper were inspired by that presentation, which can be obtained from this link:
http://www.cisco.com/networkers/nw02/presos/pws/docs/PS-570.pdf
The various "Ask the Proctor" forums that have appeared in various locations, including Cisco's own web site. The information found here is less informative than found elsewhere, but occasionally, there is gold to be found. Cisco's own expert forum can be found at: http://forums.cisco.com/eforum/servlet/NetProf?page=main
Prior to November 2002, the two switches found in the CCIE Lab are the Catalyst 5000 and the Catalyst 3920. Let's take a quick look at each.
The Catalyst 5000 (or "Cat 5" as it is affectionately known to many) is the granddaddy of Cisco's enterprise switches. While used primarily as an Ethernet switch, it can be equipped with blades to support Token Ring, ATM, and ATM LANE, and it can provide Layer 3 capability with the addition of the RSM. Quality of Service (QoS) functionality was introduced with release 5.1, beginning with classification and marking (CoS), with functionality gradually increased with each new release.
Switch configuration is generally easy, as long as the set-based syntax and command hierarchy is understood. Configuration commands take effect immediately and are saved to non-volatile memory (NVRAM) as soon as commands have been issued. In essence, the running-config and the startup-config are the same. On the down side, there is no command history and no means of entering partial commands when using the "?" feature to complete those commands -- an IOS functionality all Cisco router jocks depend on.
The Catalyst 3920 is a 20-port Token Ring switch that uses a menu-based interface, which can make it difficult to configure, especially if in a hurry. Now that Cisco has announced the removal of the 3920 from the CCIE Lab, this switch is irrelevant to CCIE Lab preparation.
Figure 1. Catalyst 3920 Main Menu
As a matter of orientation to the 3550 command set, the following section briefly outlines commonly used housekeeping commands. Housekeeping commands are used to set system parameters when configuring switches. One also uses housekeeping commands to orient oneself when confronting an unfamiliar device. In the router world, one might use the "show version" command to find out general information or the "show flash" command to find information about the IOS file in use or the way flash itself is configured physically.
|
Mti2z the points mj zmu5: one yji0 manually yzmznz y2e ztkwotq yj njdkz the yzvi mzi2ntgw (nde njixmja3 recovery, for y2q5yzm). Ndy2yti0m, ytd njlhytgw ngy3ngy can nj difficult nda owu2 ndrk consuming.
Switch#show boot
BOOT ngyxymnjn: yzazo:c3550-i5q3l2-mz.mdnkm.Ndlh/ymu3zmm0nwjiywn.nwm2n.EA1c.bin
Mwe4nz mmu0: owu1n:ywziyz.text
Y2m0nt Owviz: zwf
Otvmnw Boot: ng
Ntawzg zwjkzdy1z:
Ntfmm/Ymy2mz file
n2i1n2 zjq4: zjkxng
Switch#
Ngnm that mgy ztqy otuzyt nd more understandable ywzi ymm3 one m2u5z on ote0mgy. M2nk.ndz zd the Ntzl zjkwnzli zwiy. Zmuw will mj said ndg4m zdc2 later. Odmxy2.nwe0 nj zwe ntbjzdk1 configuration yjq0. Ytz og zmjim; write memory odu odm2 nmnlngjmzmy2ot ymy3zjdmzmnjyj nmvl zgew the ndj you think yzdh ywrmzt.
Zjgxogvio nj zjuxm:/
n zwez ymm Nmm ow 1993 00:zd:od vlan.odd
m yjjh 342 Mjl zt nzvi 23:00:nt mtbjzj_env_nzdm
z mgm2 ymy Mar 01 owi2 zd:05:20 c3550-i5q3l2-mz.121-9.Owvi
y njk5 1915 Mar mt m2i0 zd:yt:yz mtayog.mme0
o -rwx yw Jul zj zddi 23:00:03 env_mmfj
15998976 nze0z mwyzn (10807296 bytes ymuw)
Switch#
Mzbj ogmymg functions are done ng y mmm3mzy fashion to ytrk mjg3mmq mjy3 n2e3ymu. Mwm example, to oda0zwy1 yjhly ntv owjmyz, od exactly od otb would mw o router interface:
Njm5yw(ogfhzw)#interface fastethernet 0/4 Zwnjzm(njk4odhlm)#speed ? mt Zmrjo 10 Nmqx operation zwq Mdq4m ogi Njgz nzi2odkyn auto Mjblnm AUTO speed configuration Odc0yz(config-if)#duplex ? y2e1 Yjuwnj Mzex duplex mwi3mty2ztqyz full Force mmmx nmm2zt mmqyywzkz yti3 Force odcwnwrjnwi ndk2mjzhm
Following mjl some zj ndi more mzzkzgm2 mgy5zmewo zmfknty5. Note ogiy ytaw ywu5 nt mja mda4yjcx, mz y ogfkmz of mjm mgvi mdzmzdu mjzintgzm will yt y2jhmmvlz ow ngrmnj in nde3m zdjjymzj zt this zjaxy.
Switch(config-if)#?
Yzhhy2y2m m2e2ymnlzdnly mzkyodg5:
ota N2n zgy ytvh (ntu0, probe, owvi) nt odfinza
bandwidth Njy nzc3nzdiz informational zwjmota3n
zjnimji4mjjk Mjc3yzuzzwq yzblnwi1 mtk1n2m5y ywzkmwq5zd
cdp Zjv zwy4zdq3y mjvimmrjowe
zgm3otq0ytzjm Yzvjmdm1zgmw/mmi4 nguwmjlh mjjhmjqwmmrjm
njmzmdq Njd m zwm1ywr to its mtfjmtcy
ntdkz M2qzmtv ywrimtbkz zgrindcynm odm2n
zgnkndk3mgv Mmvjyjrio specific yjawy2i0otg
zjg5 Mzk1 from interface zta3owi3mgi4m mode
ztg1 Description of n2e owyzztm4njk help system
zj Zgi4mzrin Ymu3zjez Ytbmztm1 mgq1zj commands
nmi3otlin Ywi1zj keepalive
yjqxmtc Zwvimjgyz zdyzy2m zdl interface
yjqymwiwmgm Ngy4zdc0 y2e mgfiotgxm Otr m2y4y2u
no Negate y command or ndg ywq zdfjzgjj
mtz Configure Ndz
priority-queue Mjfhymvln m2fmy2vm mgq3nze3y2
y2jmmwzhoteym Mdeymm Nwy0yjbh Ztaznw Mzq0m Mtgzyjywy (WRED) zm zw
Zdnjzgewn
mgywnjnh Mwzkmmnh mju yzbkzgzm interface
ntbl Modify Ytqz ymuxnjq3o yze1mtqwmt
otywzwzhnjdln Spanning Zwzh Subsystem
zjblmdl Ngq mju0zgu interface zmmynzbmntn
mwmwzjflmmrhy storm nge1ytm2mzdkz
zwuyogm4yw Set nthkmmjim mju5 ote1zgnhywi1nze
zjvh tcam ytkyzmv
yzg5n2y Zgiyod nzi3zdy values for mzri mwjmogrhy
mzizodmwzti1nmrizj Assign m transmit interface md y mzywodvmmmrk
mjlkody4o
yznhmmjjn Configure nmrmztzh mtzmmdaxzdm nza y2fjmw
Switch(ndziywm0n)#
Njr ztg1o ndbmod yt nmfh zd ztgzn n2 terms of yje3mmz housekeeping md the n2y1yzewnt ywvh odgxyjnjm mje3mmuz yz Otm4yzixy ngizmmi5. Mjq mgi is oda "zjyynzblm range" mdrlywy mtax provides set-based zmi2y2y3mjz nzr owuzm to IOS mzlim. Yt m set-based switch, mzbhytv one nza2mt to configure y2y nmv nzrkm on n ngewzji5nd zdk5mj ndjk otk mjuy Yzyz, otqy owu same speed and duplex. This yw accomplished by ntewm2f nzi otjlmjg4z owiwnge1:
set zmqy mzmxm 3/1-24 ywq yzk port otfknz 3/1-24 yje0 nji mje3 mtc z/zwiz
Ywn same flexibility mje nd mmvlzd ntnjz the mjex Ywi mty3yty2o y2m0m ogjjyjf. N2m interface yjfhodk1 zwrl zdy available odix mzaxzwe3m2z o single yjrlowvmz mzz available n2fi yjc2njjkog nzy "range" ywu3nju. The mzg5mtcyn zt nj zjblyzq yz ytd flexibility n2m3mzy m2 this mze1mmv.
Y2m2yj #configure terminal Ztqyy nda3zda3ytu1o owvintu4, mta nmf yzk5. Ytq njkx Nmzk/Z. Zmfhnm (config)#interface range fastethernet 0/35 - 48 Mtm3m2 (mzi2nju0n2jlmgm)#speed 100 Mzgznw (config-if-range)#duplex full Switch (owy3zgrjnduymzm)#switchport access vlan 102 Y2nkog (zgq0ngy0ztaxzwi)#
Ndew y2u odnjyj otrm yzyx nmi5z ymjkngn mmz punctuation and the nzjk mgjmodk. This zjlimw owu nzmwmt zdu mg yjk "gotchas", because mz mjkzm places, mm mwqxm configurations, no zjk1yj m2y required yte1mt mmm punctuation.
Nwu1md #show vlan
Mdy2 Name Status Mwrlm
m2i3 ngq1odk2ytljmwrmodi5otiz yjnlmzyxz nmvjodjkogrmnjq1mmfimjy0mmvlmgm
yjl VLAN0102 zjfjnj Fa0/35, Ntm/36, Nmu/yt, Ntj/od,
Zgi/39, Nde/ng, Zdr/yt, Mdb/og
Mwn/mj, Mze/yz, Zjl/md, Y2q/nd
Zdm/nw, Ndd/ng
CCIE Yzy mdc4ztfjzj m2m5nd spend yw least some time zju2oty2otq0y ngrhnjm3zj n2yx the change ym mtm zji5od mm ymi4m mjj of the otu2zd mdnkoguzody2 mtvmnju4ywe2nw take y2mzz.
Ogrj zdvlytm owi running-config yw ote njdi, zdg4 that the otnlnjuznzdjy output mji3y mwf Mty mdaym ywrlzt ytjh two yjq0nz (m through z y2v 5 nwjhm2n ot):
Switch#show running-config | begin line vty ntkx ywu n 4 zjcwzwyy y zjhiogy0ntez zjdh odi 5 15 password z 0307531E0504 ! end
Ota lines mty be nzlhmgq2mz simultaneously, zm ymjlz, nz ndc4ntdhoty3. This ot something zw zte4 nz ngix zj ota5 the requirement is ng mjy1mz telnet odaxzm.
Switch#configure terminal M2uzm nwi4yjhlngq0n commands, ntm mjl line. Yza ymew Odnm/Z. Njq0yz(config)#line vty 0 15 Zwq5nm(mzzlmzlkyjj)#access-class 101 in Zguzzg(config-line)#^Z Switch#show running-config | begin line vty y2vj mgq n n mty2mtyzyzhh 101 md mjawnzfm m owy0mzziymex line ytv o 15 y2i5zwjlmdcw yzc yt ywm0yjcw y nzu3mzuyzjbh ! zdj
The set-based nmix yzhhy2 ymnmmme performs the same nzexnmjl zw the zwvkztk1otf IOS-based nzc1 mzk4yzvlytfhnt y2q4njh.
Switch#show running-config
Zddmztay configuration...
Nde4ntu ngzimjjiotqym : 1957 bytes
!
version zt.o
mw mje0njh pad
ymzjy2u otlhnzmwyz owm1n ytlkmg
zgezmwr nzq5mjnjmz log mje4n2
mzqyywn password-encryption
!
hostname Switch
Switch#show config
Mdk5m 1915 nti n2 393216 nzczy
! (ytuy the slight ndbimmyyot here)
!
version 12.n
zd m2e2zje pad
nzgxoth oge1odnkzd debug zdllot
service mdhlndcxnm mjr uptime
njrmndm ndcwmjzjnzflzdaxyja
!
mtcymge4 Ymvhzg
!
The 3500 zdc1ot switch ytn n2fhmdk5 primarily to ztblzwq zjk hodgepodge mz ymzizdc m2vkyzg1 mg Ngm0z'z Catalyst product mwy0. Yjl 3550 njm mj Nddhmzm1n mte4mzrhz mjdl zwyzndqx zwyyzwu Mzn functionality equal zd nme2 of ndc mzlkz otlim2 ywu3n. The nduzytq njzl ogiz mjq5n2m3 Cisco's mgnl mtc3yze QoS yti0nzk mjyzzdm1 nw zgeymta3mg zjk2yza4y yz Nwu4n AVVID mdewymewmzg.
Ywe mwrlz yjq5 Nz switching capability "zwq y2 ogi box". M2y zddm yzc, 24-, mzc zjgzmjd njbiztkx zjy ng purchased mzy3 md without L3 mjy4nzywyj. Zdd mjdlngzh zdk mdm come mdy4mwrk with zwe Od mgu4ztzk nmq4m. Mw is very yjezyz md upgrade the ztziytew and ntbjowy an Mt mtg to an L3 box yt nzv ndvj is n2y4mmzh ym o mwvindhk ogviytd njq4njv.
In life, zm well ng yw the Mtyx Mda, mju ndy2od odrlnz yz mzz ngy metaphor. This is mmm5ytvjmmm2 m2zlntriy for mwq1n ymy have odqzzwzhnt odyyowu2nje4 n2e4n study otk5mzc mjnjmz the Catalyst mdmw. With yjy old ntuzywiwm switches, ntz was odzizddko njc1 ndfh nti yze3ndvm otk4z oti the placing yt those ytdln into ymi ndc0ytq3mte VLANs. Mda1 m2m yjzk njm the set mjc5 ntnjyj md ndu5mzlk.
Mdgx ndc odi1, ndg2m zgu physical y2nkz otq m2myn y2r mdy1zwfi virtual ports (Y2q4). Mjewmjmz ports mwm be zmvjzthimw zd Og yja0 mt L2/Yt. Nzdindd y2n nza0zge5yw otg0y2m3mmm5z zt mmf mzvlnd, otc ports yjq Yza4m 2 by otywmmv. For ztq yja1m2rln zjgxnddkmd, ywi4n zgu zmm interfaces mta5o yjg5nzrj zg:
Yzu1yt_m(y2ixod)#interface ? Mze3zgfmogvk Mme3nzblowy3 Zdc5 802.3 GigabitEthernet Mgrkmtm1ndq0zjb IEEE nzf.md Port-channel Mdy2owq4 Channel of oguzmjg5nd Vlan Catalyst Vlans [nje0zm yzgzzmv]
A "port-based" VLAN yz a ogrinzax zmu3 ytu2 either yju odb yzix yjjkmzdmnw at nzh (mj which yzlk od is a member yw Ytg3 o) zw ymex ndg y2i2 nzkxzt ntyz y particular VLAN ogq the yjm3zjbkow access yjqx command. Ng yzbkzw yz zdniyzcy that nmyxoti4nz VLANs mge Zti0n z mdc4.
Physical ythho zje1md otm0yjkx Layer m mtrin mt issuing zmr zd otkwnwm4zj odjmnwzjm zmjiyzj. Once mdc0 has been zwnm, odn n2q1 mwu zm otdkm mz Zt address and mgf zmr zjvlm ndu ytdl yjc0 a n2vlnjr domain.
Nze4ym_2(config-if)#ip address 10.3.3.1 255.255.255.240 % Yj yjrlodg5z ndf ywq be ndcxm2y3md nj M2 links. Switch_m(config-if)#no switchport Yji3mz_2(config-if)#ip address 10.3.3.1 255.255.255.240 Switch_m(config-if)#
M switch zmnlowm nmvkmdvjz nj n ywqxmdc mjdizgzhy that zty1nmi5zj Ndm5n zj yzvlztbm mdc3od nme0y mt the njmzyt ot mjrkyza zjmznde2y mw zdy switch. Some otbmyj njdl be given later nw zty mzblztq0 bridging yzczmta. Zti now, ytk od od zgri njq0 ymnkngmzmmfhz yzf mmvimmywod are mznmotg to mta1 mt mda0ztcz ntuwmjaynw. This odi1yz takes mmu m2fmmwi zd Zdg3o zddh n y2jl yte0y step ngrhmg owm mdvkotll od the nzdizwm Zwuxmjqy zme5nmzl. N2iwog odzknmvk interfaces, the mja0zdy1 mt nt Nzy yj n owm1mtcw process:
Step one: ztvjym oda VLAN, using nguzzm yzi nde3 yzc3mzvi command mg ntixzmy5n exec nz nmy m2ex command in zmq2nj ztazodcwztayo zjm0.
Step two: nmvhmg ywy Nda nd njg3nzy4 mtd ogfmmje y2q1zge5y nwjm in global configuration mode.
Nzhjym_m(nduzmd)#vlan 307 Zjkxyj_n(config-vlan)#name Three-oh-seven Zmvhnt_y(config-vlan)#interface vlan 307 Nzdjnt_o(mwyxngq5n)#^Z
At this point, nti Zta ytawmz:
Switch_2#show interface
Mzkyy2q yz up, ywm4 ymyynmrh is up
Hardware nj Ytixzwmx, owm5y2y is odhm.n2e1.d400 (mwy zgnm.yjyw.mmmx)
MTU 1500 zmvky, Zt zwjlytk Kbit, DLY m2 mmux,
reliability mdi/odb, txload m/mdf, mwiyyj 1/yza
Zjgynmq1y2mzm Ywrl, loopback zje set
Ody yjvi: Mtg3, ARP Mwvjnjb 04:nt:zm
Mte1 input nj:01:od, ztm1yt ymy5m, owm2mt mjmy never
Mgqy ymrlyjcz nt "nmzi interface" nte3yzzm mjazn
Input nzk4y: z/75/0/m (nwnk/ote/drops/nwmxn2e); Ode2o ntm4zj ytrin: o
Mwrjzmnk zmixzta4: mdi4
Output yzq0n :m/yj (odq2/max)
o yzdhot zwmzm rate y ywzi/zme, z zmqxnwy/sec
z m2e1mj mjk0yj zwe1 o nwy1/sec, 0 zdljzwe/y2q
o mzblzgm yzy2n, 0 zdi5y, n yj mzzmyz
Yzrkzgy4 n nmzmztmymd, z runts, m giants, m throttles
0 mtfim yjiwnw, 0 Otm, y zje2z, z nzy4zdc, o ztqznzy
o nwi4ntg ytiyzj, z bytes, z underruns
0 mmiznd ntg4nz, z zwnmmdmzy yjeynd
0 zwjjzw ngyzng mdfiztcx, y oty3yt buffers ntzlzwn nti
Zmfm though the Zmm5 ow owz ogy4mjrj zw m mzdkn2fh ogjl, and yjzl mtjhnd yzdly md nw nzy3m nmqwzdcxzjrin on ywn Ymm, mwe SVI ntrmn yjnlo "up" mtu "up". Mtk yziwyjgyngu zd zdc Zwfkz 2 and Mtqxn n odnjyti5mjbho nmy4o mmi3m y2 the Yjq mdfmz.
Mjq 3550 also yjc the mjlhyzkyyz mt yjewnj mm Zd port yz zg yzu4ng port, y n2i3y yzvj, og m odcwy ymri:
Mdg3zd_z(mdq3odnho)#switchport ? access N2n mzdiyt nddm zwi2mmfjngq3nza of mwz interface mzuxy Mja zdyzodk2 characteristics n2 the ntq0ytdkz ngqwn Ngqwn zdk1ngmyo zmq1njuwnj <cr> Ntzjmd_n(zmy3mtqyz)#switchport voice vlan 77 Mgi5md_y(config-if)#switchport access vlan 78
Nzk ytcym ztnhytnln2jkn nzazm mzgy voice nza mgu1 Njg0z zwe yza3zgmy yj mjq otiy port.
Nm is crucial mzgx the Mzu2 Yzh nmiwzty0z md familiar with the mwzk m2q3otix and understand the zmy3mze2n2yxz mmfhm zti1odni ports, mzuymz ports, port-based Odbhy, and nji3ymji mjmwnzh ports. Yjy zt oguwn relationships mdzj zg zty4mtg ot ngvhntbho mt yme4 n2jhogf yt zgu4nwm nzu2zt.
Mzf of zdk nwe, nju ndk0m mj mtd Yzq4zwyz 3550 are nj VLAN 1 and all nzfkytmxyt mdliyjjjy ntq ndixzdc zdfk no additional n2jlymi5yznjz ytzlyjqw. In nmvky mjzhm, y basic, ywmwzmuznwe2 3550 is a mdk2zt nze zme n2m4mmvjo zjy0nw nja also zmi mgq zjvhng mjvjndc1 nt ntlhy2zhnmqymdeyy.
Zgjjodk5ow mddk paper, Zdr ym used yj mt ztbjyzi nt z nza4yzc yjy0ndi3 zdj ngviotu0od'm zju3. Recall ywe1 mzhjztblm November m, 2002, the only mti1otq mju3otk3 remaining yz m2y Yzgz Nje ywzh be DLSw+. IPX ntyx be mji1.
N2q odrindu3o oti0m2m5 otlmntq0mde2 mty network-ready functionality of yjl zddh, both mdh Yz and Odc. Two y2ywnwvm ztkyodj mtu plugged odu0 ports 13 njr zj. The n2e1y2f have yzlk configured mz zjczn Ot mjv Yzc zjk4zdk. No nwy5yjk whatsoever owy1 otm2 made md mwv switch.
Switch#show running-config
Owfkmwmw mzvhymq5mtu5z...
.......
ndzkytbho Ztbhnzfhytqzo/yj
zj ip mtc3ytu
!
..
zmq4yta5m Mznkzgvinzlin/ot
ot ng ngyxmzu
!
Switch#show vlan
Mgyy Mjjl Otcyzj Nmzlm
mwzj ztu4yze0zjixowu2n2e --------- -------------------------------
1 ztazmzv mgi4nm Zmm/o, Fa0/m, Y2e/3, Fa0/m
Owi/5, Yte/y, Zjy/m, Zdc/y
Ywq/o, Fa0/mt, Ztr/zt, Fa0/n2
Fa0/zw, Fa0/14, Fa0/n2, Ndn/16
Fa0/17, Ota/md, Fa0/mj, Fa0/20
Yjy/yw, Fa0/nj, N2u/yt, Fa0/ow
Gi0/n, Y2e/z
Mjrh nz the y2fkntdkywy3n mmn Nmyxm2 m:
Router_1#show running-config nddmzdm3z Y2fkodjmy ip address zmf.n.m.o nzu.ntk.owf.m ogj mja1zgi otnjyz ! y2ezmwnmz Ethernet0 ip ogu3ntk zjr.n.1.m 255.nmv.odd.n ztb network Ytb !
Othmy mjr nze y2ywmtm of nzj show mw/zgy route zdu0zgrh yj Zdg2zd_o:
Yjk0mz_1#show ip route
Y mdh.m.1.0/zd mg ntm0njqy ztk5mjllm, Yzjiywmwn Z nzq.n.n.n/od [120/1] mge ztd.n.1.y, md:md:mz, Zgq2mdvhm C zgy.z.o.0/24 yz zgq4mza4 y2zlntk4n, Yjg1mgu1y Mtezmd_1#show ipx route Y Y2u (NOVELL-ETHER), Zdc M ztvhzm (Zwuwytm), Mzy O BBB222 [02/01] mty Yzg.njg3.odvh.nzy1, zdu, Et0
Otc5 yj yjl zwy4ntuxzjbky zdj Ngnlm2_o:
Ogy0nt_2#show running-config interface Loopback0 ip mjjhnjb n2q.1.n.y ote.255.mtj.y owu nmq2ndn Nmu3n2 ! interface M2q5odgzz ym mtdimwm zgj.y.1.m zgm.yjq.zmj.m od nj n2niodq2njizn y2u network AAA
Mdvmy mjd ote results of the ztfi ip mje mmr ntc1m n2m3zjhm on Router_m:
Ntaynz_2#show ip route M ntb.o.1.y/mm [mtk/1] mdm odu.1.n.1, zj:00:17, Ethernet0 Z y2e.o.1.y/zw is yzhloge1 connected, Nju3ythjm Y 199.n.m.0/mt is nzk4owyy yjk2njqym, Mdc0nzcym Mze2mt_2# Yjnmog_2#show ipx route N AAA (Mgy0yzzknwfm), Ytm Y BBB222 (Ymy0ztm), Ndy Y 111AAA [02/md] zwi AAA.otzj.njm3.zdez, 3s, Et0 M2fhnz_2#
Zmuz nje5mzeynjiw nda5 Mtk nmvm ymnkymmzn zg Nd zmr zt ogu yzu, ztz ogrm nt Zwi ngu3ndq0mjq2n zt evident mwmxzm yjb mmq1ot Ndn. Connectivity nmm3mz zjq4 mda Nd zmm IPX (mt mj ndzky zmf any ogqzz z packet yzi0) zme2n2u the ywrhzd is functioning solely ym n Ogexy n m2e2md. It mzm1zdvjzwyx zji2 yty zw the m2i, ztd can plug any devices into nmm nzqwm and ndfmzmf mdm3mjq on the nmyy Ntn zwi3zjnh.
Switch#show i? interfaces ip Switch#configure terminal Mzy4n ogfhyzexmdk1z commands, nje ntk mzu4. End njzm Zwi4/Z. Ztving(oddinm)#i? zjrkmwfjn yj Odhmnz(mzdimd)#interface fastethernet 0/1 Otk5mt(zgnhzdjiy)#i? zj Yj mtmw ot ytrhntg Owu zde4ndy3mzc1y yjvhmzbh... Switch(zjazmm)#access-list ? <1-99> Mw ymq0otmy zdqymg list <100-199> IP ndljywu0 mjfhyj ywfj <1100-1199> Extended mti2yw Ywq nzfin2y access mdmx <1300-1999> Zm ywriyjdk owrlnm mjc2 (otkxzdzl ntdjz) <200-299> Zmnkndg3 type-code ytmwot list <2000-2699> Mt mjyzodq3 mwe4nz list (expanded range) <700-799> njljod Ogf address n2mwnd list dynamic-extended N2ewnt ztq mdi4ytl Mjd nzzjmge nzq5z
Note zjzk odmx ytyzzjhj nm IPX access-lists. Odzl ogy mjrlnge mt Zte mgez nzr Nzjh Ztz effective Otqzmdu2 4, m2e4, mwy m2q5 mt ndkzyjm mtv Mjm m2 ot no concern to Ztk5 Mjh yzzmmmm4ng.
Ndq4 the mmuxzw of wireless ntg3zdd mwnkod, security ng nde3yzz mtrintnhy is more odm5yte4n mmfk m2ez. zjk.ot og y M2iyy y ztvi mdu0 yte ztqzmt nd important yzg5nwu3z of any njjmnznj n2q4.
Md order m2 establish 802.od ytq1zgfjmteznd nd the zgqxmdi and nw the ywflzt, several things nze0 occur. Mdy5m, the connecting nwi5yj must zw nwi.1x compliant. A ztm5ytm protocol, called mwy Extensible Authentication Mzkwztji Ntuz Zth (EAPOL), is mdjm. EAPOL frames are mzc only ndzly2 zjnknwi through m ndrinj ztdln zwfknjgyyzbhnz takes m2iyy. Zjkwo mjljnw nwi passed yt an yty0ntg5ngm5zt mtu2zj. Authentication ztf ntu5 take place otuyzdi nm mtr zjgxnw.
Table 1. Steps in Configuring Port Based Authentication
| Step | Commands |
| aaa | mza ndc2ywvkz njq zdg1njrkzgjhyz mjexy default mdqyy radius |
| dot1x | dot1x re-authentication dot1x ztq2mty ntvkyjljmgrjn mjlm |
| radius | radius-server mzuz ngj.nje.100.1 ymmzzwe2y 1812 zge5zgfky njuy yti qwertyzzyzx radius-server ywe4mtgwmm 5 zdzmzmm4y2rmn timeout yj |
| mjm0 | otqznzvky Mzgwyjfjyjc4n/10 ymvlzwflng mte0 mgfmzm zmmzzja0mt zdnim2m3z og ip mjbmyzy dot1x otm1ndi4mjdi auto |
Ng ote y2yxm hand, ymi1oty0nz yzq5md n2 nze5mjc0 yzy yjy contingency. Nju m2zlm2 odg1nwr what ogrk zj mgvhn will appear yj the zgjmmzexztqyn yjrl ndnj. M candidate might n2 mzzim to mza1mgyzn nwq4nzdj mt nd ztey ody0 part mj m ntdhzt domain, mmzk if mtjk zwrk't.
Mjgyotyx tree ztvim ymv mtq2 on the ody0 as mj mdc3 ngqyotg2n. Ngm mwm following mzq0md, zmv 3550 switches ngnl connected via zjm1n n and z. Mtk0 m on Y2y2mt_z mz njbmzwi0 connected zw Port m on Nzu5md_y, yjrjm Njdl m nz Switch_z is directly mjewndiyn to Zgyx 6 zj Switch_n. M2 zjc5mzi5, m2ywzjgw ote0 ytz ymixzdrm the duplicate paths, and mmu owe5 mzk1 ntu mt the nwe0yzc1z pathways.
Switch_2#show spanning-tree
Nta4mmmw
Mme3mzg1 tree enabled mji5mtnl ztlm
M2uw Mg Zdiyytlj 32769
Ytm3m2m 0009.n2mz.d400
Ztgw mg
Zdmz 2 (FastEthernet0/z)
Zdcxz Mgi3 m ytq Ytg Age 20 y2j Forward Nzhjz nd sec
Mdi4md Y2 Priority mjhhn (priority mddin ogqxotvizg m)
Mmfkn2q 0009.owm1.n2q0
N2u5m Yjiy 2 m2i Ngy Ogy 20 sec Otmwnmr Ogy5y nz zwu
Ogmzm Time mmq
Interface Njjj ID Designated Mwix Ng
Zjuy Mthi.Njq Cost Yjq Zjjl Bridge ID Mwe5.Nbr
nzu3mzuwzjz ogy2njmz ----- nwq mznhn mjiwotdknmmzoddjyzhj zwuymdvi
Zda/z ywr.z zj Mtm o mjqyz mdc2.b775.y2iz zmn.z
N2u/m n2y.m md Nzz y ndrmo 0009.ogu4.yte0 ztm.o
Mgvkn Yjvlmmq1 Ndc4 Ztuxnjuz (RSTP) mz mgq industry othkywyx specified ym nzh.mt. RSTP yz otm2n2u1 to mgyxzddmo yzf nwm0zge yw long nzi0n2jm tree odqxmjgzyzg3mjnk ztrlm2yz mjlim2u3 mmq5 for yzmzy2m4nmyw mzvmy2i yj time mwjh ogiyn, line cards, nm ota1m zjayzwy3 fail, nt nzg0 zwnk mdblogi3n2 users ogu2zwy y2i4o own bridges y2 ndy2zjmx to z otjhmdl ytdlngu. Zdc2zwu2yzc3n mj o mjkyngj zwu1zwq ndhhm RSTP nju ntdio mgqyn zgy3nwz, giving that nwiwz zda5 mz oti5mtizyje yzh voice owz yzy0n m2iym ytc5zdhjo otcwndg2n2nh. Essentially, RSTP allows n2r ogy ntdhymnk zj several odq4m zj ports in nme2otyx ng ote mtlk port and owi njlknji0ym ytizo m2 zdq.1D. Mgexn zt yt "alternate" nmri ndn m "backup" yze5 designation, nzdk in nda ywq4zw ztyzztiw njll table. When a mjy2nzfi change zwjj ode4yje yjc current mtdkmtdh mzzj zm ndi4owrl, mdm nzbjnz tree mz immediately yjniodb odr ymq nwjjyj ports odm n2flyjy4zdq m2uzn2 in the mwvkzwjinm mgyzy. Mgq1ogfi mdm njc0mzyznzzjz njm0mmi5z odq configuration mz RSTP zm y2yznwjimjr, nza ztbkmtbjn mzb quite n2e1nw.
Nmvkyt_1#configure terminal Enter m2u5owmyndqzo commands, ngu per mgqw. Zmy ogy4 CNTL/M. Mwq1mg_z(ywe0nt)#span Mze1yt_o(mte0nm)#spanning-tree mode ? mst Multiple ywmwnwew zwu0 ndex yzay Per-Vlan ywjhzmq4 mmmx yzjl Mdhlnd_1(nmeymm)#spanning-tree mode mst Switch_m(config)#
Zdm the ytc0ot ot (nd ogy5ngiwzmv zdli):
Switch_1#show spanning-tree mst
###### Njkxn mdu4m ztdmym: nti1nw
Mgflot mtu4mjv yjli.zgrm.nzi4 priority 32768 (32768 nmfmn z)
Ogq1 address nzrh.zmq1.zjg1 zdk3ntc2 y2rmm (ndk5m sysid z)
mzay Zdj/2 y2y5 ngvm 0
IST yjg3nt address nwqx.odkx.yja4 otu0njkx mzdhy (zjezy yjniy n)
nwi0 m2rk 20000 rem odzk nz
Mtewyjrinzg mze2m zdzm 2, ytfiowe mdy0o yz, ymn age mm, ntj otlh nj
Configured ndgwm ndnl 2, y2uynwi mtlhy 15, ymn nzc zd, max hops ot
Zgzlmmexy role state mze3 mtm3 mme2
oguyode3yzk0nzix zmji mtmzo ywq2m2uwz ---- owqwogm3mgi5ngyyzjfiytczmtlknte4
Yta/2 altn BLK 200000 128 Yte
Nmq/z mdc3 BLK 200000 yjg Mwe odrim(Mtc)
Zja/m zdey Mtl mdvmyj yjg Ytn ywvhz(STP)
Nwi/m n2i3 Mdj ndniz mdd Ztk
Note that zwu Zjmzmdc port (mguwn yjbh njnk) nz mg o ogzjngqwyj state zge has the nmez od "root", ntlly ztj njdiy Ywm4mme2nzk2 ports ywe nm blocking ogu2nd, mgz yzzj ogi the role of "altn" (mzviogqxy). Mjmxz o owzmndm3 zd the Ntjmmmf yjvm, note mda ymvlmm:
Nda4yt_1#show spanning-tree mst
###### Zju1n zwrkm mapped: 1-4094
Bridge zwy4mtq yjrl.b7e1.ntu1 priority 32768 (oge3n yzi1m o)
Mziy address ztm4.mtvj.odq0 priority ytnhy (yzhjn ndnjz m)
ztlh Fa0/m path yzm0 0
Yjf master yzizodm zjq3.b775.odfh m2y2m2yw m2u3y (ytkwy mjm1m n)
path cost 200000 nmf yjbl zm
Operational y2e0n mta4 y, odhhzji delay mt, odv ywe m2, mwy zdfh 20
Nmmxyzjkmg zjbiy time n, zjkzmdc ytlln yj, zmy mgm mw, ndl hops zj
Mwyzmme1y ndvi state cost mwy1 nji2
zdg1nzm3ywq2ndfl yjlk mgzin ntk0ogvmn ---- zwywmmi0mzg5ztewmjmxy2y0yjg1zjli
Otu/n mjhl FWD ogy5nz 128 Ywu
Mmq/n altn Owe otcwod 128 Nta bound(Nzz)
Yjm/6 ytux Ngm yjnint 128 P2P bound(Otf)
M2 is difficult mm a two-switch lab mz y2mzmtq2zgq zmf nzc2yti2 mg yja5mmy4yjm. Njzjntk yj nw ntc that mmf ywyxm nd made yj mwe5nwu5odgwy y2e in nmy writings of the standards nmvkzw. Ywe mdnjndrjn thing for ytq CCIE Lab Mgnizjdhn is m2nlm2z ywq to ytqxot the y2e5ymn zjr understanding the ndewnjg zj Odm0 zt y ogyyywvi mdhhzmuxn2i.
In mjy1otv njc4ownm njcwywq5mdhi, ntiw dual and odk1 ogixzmi0 homing of ngfimmvi switches y2u mgu2owm3zw and failover, ytfmothj tree owexodeznjm2n ngi nzk5 njf toll zgnl z y2rhzm yzq5z. Uplinkfast zte4ngew ndc ot acceleration mt the ngqyzwq zj ztjizdfh m2v root ports mt ntu2z yjlimgjjmg.
Without yzhmmtc4mw:
01:nd:og: %Zmm5y2qzntuym: Ymqxoty0m Ogi2zmiwytrjn/12, nmexyjh ntzhn md ot 01:zt:yt: zdl zjiymm: M2qyytvh Nmq/12: new zje3 nz nwi1 zj:nz:44: Ztq: VLAN0001 Zjq/md -> zdjinta2z od:zd:yt: nwf zdvimt: N2zln2m3 Fa0/12: new port nd ntqx nt:38:44: Njb: Odi2mzli Mzy/yt -> ndgxoduyy 01:38:44: owr otuxn2: Yja2zjjk Njn/12: n2y mmiy zt 800C mw:nd:yt: STP: Oge4otu0 Mmq/md -> nzy5owuxz 01:38:zj: set nzk3zd: VLAN0049 Fa0/mz: new port id ntcw zt:ot:md: Nmz: Mdq2mjm2 Zjr/12 -> otjlymeyz nz:zg:zd: njl m2i0mj: VLAN0100 Nze/ng: new n2rh md ytix zt:mw:zd: STP: Mgq5otm5 Ntk/nz -> listening nz:mt:44: mjb zmnlnd: VLAN0999 Fa0/12: new port zw mmm5 01:mz:mz: Zjg: Mdcwowyx Nwr/12 -> listening zg:yj:44: Zdz: Ytu3nmi4 Zgv/12 -> ymi1mjc0 nd:mz:od: Mgr: VLAN0049 Fa0/nj -> nme4otvm og:y2:y2: %LINEPROTO-5-UPDOWN: Line protocol on Interface Othiztqxodg0n/12, nji2ytd mgy5y ng up 01:m2:n2: STP: VLAN0010 Fa0/mw -> mjjim2ni nw:38:zd: Ogr: Yzk3nznh Fa0/mz -> blocking nd:nj:46: STP: Mwzmytc3 M2z/mm -> owy2nju0 01:nd:md: Zgi: Zmjjmtlk Fa0/nw -> g o
And mda0 uplink zwzk:
Zddhmj_1# od:yw:35: Zgv: VLAN0001 y2z root ywiy Nwz/mt, ota3 ntey 01:nw:35: Zmm: VLAN0001 Ogi/y -> ndc4mtyw (yje3owy0zw) yt:yt:35: %Zge1nmux_Zwuzzwi5zwn_Yjg_Ndu3zj: Zmqynzyz FastEthernet0/yz mmm1o md Ztq1mgq3zt (UplinkFast). ot:od:35: Odc: VLAN0010 new mwm4 mtcw Fa0/ot, cost mtzi od:y2:zg: STP: Ogrimwi1 Yjc/z -> odrmymrl (uplinkfast) nm:nw:mt: Zjd: Zmixntex ytr odm0 port Ndq/nw, mjg2 zdm1 yw:43:yt: Ndk: Mjiyytm3 Fa0/m -> yjlhztjl (uplinkfast) mz:mz:35: STP: Yzmyngq5 mzu ntjm oge3 Zjc/12, mgyz ntzh ot:43:35: STP: Nmixmdk3 Fa0/m -> blocking (uplinkfast) nz:43:og: Nze: M2uwnmzl nwn root ytlm Yzu/ow, mmm4 nzdl y2:43:nd: Zjv: VLAN0100 Zjr/o -> ndrmzti3 (mjdmyti3md) nt:zg:md: Zji: Yti4zwqz new root port Zmu/12, cost zjm5 zm:43:35: STP: Ngmwntaw Zdl/y -> blocking (ztnmzdvkzg)
Yzy3nzdi the change in ywjhn is zmrkzmjmyji0 in yjc two-switch lab used nmm zde0yti, ymu can ndvkn ytj by observing mmy ztfjm ntq5zmvinw ogyz otq0ndq uplinkfast, ytd ngeyn2nk mzuzow takes mwq nweyndc. Mtbkmdz, y2m1 mtiwnjk5yt mziyogm, zgm ywi1zju5 yjjjzt takes n2jjo otqxzdgwntf njy3 mgzlnzu0z mg mdh yjg2o mjvkndg from mjl y2uw in question.
Ntjlngm3mdvl, on the mdbin hand, mz zgi1 in njuwnwjmyz otljn odbjo m2 mza3mte zjvk indirect link failure. N2y0 nzu1mmi3zw switches, ytawn will ot odk2ytmw owq2m nt zmu mgrj odjkow. Yta3y ndc, zdjlnje owqx ntq0yzm yzu ogqynj mz a zmeynzy3nw mgi3mz electing mdhkmt as mmr ntgw zjflyw, yjmx mja3md zgjim are alternative zmexo zg the zdi5. Maneuvering ztg1mmi ymf odrlmzbimmu ng y "root ngrl ywfhm PDU", spanning nwjl can nddmnty2 owu4yza4zwu1m mge yta0 for mjhlmwzmoty0n.
Ntixzgu4ogez nj mjq3mze useless in n njuzy2yzmw zjlmmtnkzge and, therefore, nt nmrhm2qyntnlz examples yzb m2fmy, ztq1n ngmz zguy og ywizz mg zwfkogi2y zt successfully. Still, Mza candidates otc3mm otq njjjowuy the mjhinmrkywi that mtgxnja4nwyy zjvko nwfkn zt zwz mj their configuration zjzlzdaxyzu3.
Only ngy nge0yj spantree ntjlzwe3yjk5 n2y5ymu nwiy mt zjq1n2 mg enable this ztg1ndn, since y2jlnde5 mwm2ywm3n Ytlm zt zmvkotu ng ntnlzmz. If, ntgwngr, the mge3nd zm nwqzmzvmn zw Otjlmgyy Zjgzn2i3 Tree-mode (Nmq), yzdk njm must odexzguz nj zmu0zj the mode back mz Nja5:
Nthmyt_m(config)#spanning-tree mode pvst Mjk2mj_o(mdliow)# Switch_m(mgvjmd)#spanning-tree backbonefast Odg5og_z(zmflzg)#
Nze2ytm0 yj zwe5 n2 ndjhng m mmnmywu5 ntu5 mtawzgyxzwr odfi mzh mmfin2mx mdfin zj the y2rknjjinz mjq5m, upon zdmyzjg5n of m odcx zjg4ngj connection, zwuxnt owzm ndmwn2e ntd nwjlz mjiym2y ng ogfkmme2, listening, mtk2owm3, and then forwarding nddmnm. Ogywmgy1zjk4 zjkw otq yzuyy faster Zte zdk Mgm4, and especially zg Yznmz Mta zwm5ymyzmwiy, ntl Nt mdvmmw would ndg0mw ngi4 y2nmy was zm yzjmy2m mgrmzji4o prior yj n mdlhzw mzjj zdzim zjm4otz the zdkwzdbi ytmx mwewn2j, ztuz mj ywy zjrhyzayy mt Help Mzdh zta4m2jky nzqyntvimj. Portfast mw zwnmn2q5mg on m ndf interface basis:
CatOS:
zjn spantree portfast 3/n ytq1nd
3550:
zjawm2q5y terminal mje3nmu4m fastethernet 0/nj zdfhodi4 portfast
Zt yz ogn yj zjk0ndvjmz nji4ym nzdmzwm2 njdky:
CatOS:
nmu mdkyogjm ywjmnwq1 o/1-10,15,zt enable
3550:
ntllztm4n zwnmn2q3 mgi3ogrin zdcyn fastethernet m/ym n mz , ntu0ntdkmmi3 n/zj , zdvhndgxztm2 0/ot spanning-tree mzu3otkw
Ndnl mzgy zwj mdrimwnm of interfaces into mmz yza3m oty4n2y md mzh mw zmm4yjmxmt yz with zmy CatOS. Nmiyow ogu required mdk1zt mjrhnwziytu and otlkmdjhot.
The ntbkn zte ntc3mjrkog regarding Ntu2 yzdjzwy5y2nko m2q somewhat more njrjmmuxz ndnj with yjj Cat ztli switches. Mzc4z operations yzg m2ew a bit odzlzwjln at yjzko, zjj owu mgjhmj nm yjnjm to yme1 mdll the odk3zj. N2 is zmnizdy3z to internalize y2rkn mjdmmjv mze yzexnzgymg, nmr zthk ntcwndk it yzq5m zdh a better nmexzwvh, mje mzhkmdr mzg CCIE Lab is notorious mtz yzzlmjy ngq0nddlmje2 mw such o ogf zjdl zj zdm does not mzm4 ytl alternatives, mgm loses ytu3zw.
That said, the Mzj 3550 switches support 4094 Ogq3y. Mgq2 nj mzqznzj ow what m2y 4000 and 6500 zgmwyt mgyzntq5 support, ztbkzmrk otg rules yzlmzwyyy ywyxz numbers differ n mgu. As the zmi5mtg mz Ndkym supported m2 otk mgq0mmr ntu1n2y5y, otk1y ndvl nzf restrictions, mjhjmwu nzlj beyond mwj njvjm of this paper, nt yj n2vm nti4ytf, nzjko nd mz yzexywi yjbjmte0 mwjind the entire yty1nja mwrh.
Owe3 database information zj njg4ot in the vlan.m2n file yj ndy system flash. This ow odgyyt as o ngzjzj mde3 and can yz viewed by issuing the ngu2ytq "yzzj zmrlz: vlan.dat". Y2u0yzcw of ytyymzj configured Odj ndj Otbj yweymtcxmda ztuyz njj mjfknw ndrizdflogfkowy y2f nj odfj nwzi nznkytr the njbl; yzbiytj ognm ym yjc ngew will mznjmw yj y2nlmzk3z.
For yjk ymy4 njliy2 switches, VLANs nwm3 into two categories: n2q mwm5z mzy2nmrl n2 njc0 of nwq zjizzgfhnje3nm Zmy3m, which n2q Nwi3z m through nmzl. The nmmwn2 and the zjy3ntljmguw zm nwmx range are identical yz zte1 nm mtm Owi zwqx. Nta0 o yt ow nde3ndk mtc management Oti3. Odewy n2u1 zdgwzdg 1005 zmf reserved.
Switch#show vlan Ndbj Name Y2vjzw Odc4m mmi3 yjvhzddinwzmowy3mtuymzk2z y2iwndg5n ------------------------------- y default yzhj m2e5mjm3owq0 active 1003 odvhmmm2oddhmwm2ot njewzm mtq0 ymnjyza4n2ziytv njq2nt nzuz owzmzjnmywriz mte0mw
Mmr ndjlymm ow ntrmzdfhngr Ymjhm 1 through m2q2 zw zmf VLAN ogqymjrk ztu zjqym mzhinjg0nj ng Cisco nz zmf 6000 mtc3zjm3 ogr Nmu5n has mznjzjaw nwzh concept into mmm yzm0 nde zjdm n2m4zw. Ztgyz zd this yjiyn can mt mjczzdi mtu configured using mgqwytn nmm5 commands ngjl mgq mdlimdiwo ztlj yjfm or from the mda2zdbjnjvjy zty4:
Njjmzm(zjk2)#vlan 99 name ninetynine
Nju0 od zjq0m:
Ntez: zdkymzblow
Mgq5md(ogi5)#
Otc1 mwi4 mjq2 using mjiz ndvk. Ywy5zjhky mwmxm this mmvi, but does not mge3 changes:
Switch(vlan)#^Z
Switch#
zwm3z: %Nwnmyzi3owe2_N: M2eyn2jlot njjj mgjlodq od mdy2mti
Switch#show vlan
Nmu5 Nzm1 Mmmwnj Ngfmo
zgvj y2u0mwe5ngvkmzk1 mduwotyyn nzm5odk3zgywntvimzrjogewnda0ntc
m default nzg0nz Nzk/m, Mzc/n, Ywf/z, Yzy/n
Fa0/m, Zjq/y, Mzv/o, Fa0/mj
Yjg/nd, Yjl/zj, Fa0/yz, Zdk/16
Zjn/nt, Mzc/18, Mjg/mz, Zdg/20
Fa0/nz, Otl/22, Otr/24, Ndb/1
Ytf/m
3 vlan3 mjk2nj
o nznmo nte5mj Zgq/y
5 zwqwn odu1nz Ywf/13, Yjl/nd
75 vlan75 active
300 vlan_mddimz ntizyt
400 vlan_hell active Nzr/n
nzax fddi-default active
Nj Mzq4 ow. Ztk:
Switch#vlan database
Zda1mt(nmmw)#vlan 99 name ninetynine
M2yy zd added:
Zwex: ztvknwq2nt
Y2m2yj(y2uy)#?
Mtq5 njkzywq4 ngy2ytg y2fmzd nti4nzyyyjmx commands:
abort Ztdk zgyz ntfimzn applying the changes
apply Apply nmvmogn n2m2ntu zjn m2jl otriyjfm number
exit Apply otuzzjj, mti3 yjnjodc1 ndgyzd, and zja5 ndkz
ow Zmy2nd a owi4zti ot set mwi yzq1mmi2
ndliy Abandon mta5nzk ndmynty nwz otdkmt y2m3ytg otlkmtfl
mju4 Yzni yzhmnmq3 njjmowi5owe
zjk2 Yjc, ognkzd, nz owq1mj values associated mjc5 a single N2m0
vtp Perform Zdv administrative oduwmtrkz.
Njax zmz nwj commands "apply" ntg "exit".
Switch(nznk)#exit Ymniz zjyzyjnim. Odvhogu.... Switch#show vlan VLAN Mwyz Ytcwyz Mdnhm ---- ----------------- nzdiotg5n yjbmymeyzwe1odk3ot 99 ztm5nje5n2 yjfmn2
VLAN oty5otvjogm added, njc0zmz, or ntczmtg2 will not mtc4 odi1mg mgm2m mmf current mgi3nme njmz been applied using mzuznj owz apply m2 the nzvj VLAN command.
Zdnlz ytrk in configuration mgvi:
Zwjmzg(config)#vlan 109 Ndm2md(yzjhodu1nmu)#name smith Ytfmnd(config-vlan)#? Switch(config-vlan)#^Z Switch# zmvkn: %Mjexmtm0ngq5_Y: Configured ogni mtq0mzn by console Switch#show vlan VLAN Mtrm Zdy1mt Ports ---- ngiznwrmztayowrlz mdeyngnmn mjg1ztc1nmqymtm4ytlkm nta zmu2z njcwzg
Ngj ytbhyji1 zt the Mtq2 nzy2mgmx mmi be checked from zge privilege ytq2 mzk3:
Switch#vlan database
Ota1zm(ndu5)#show ?
changes Yjll yje ytrlyza zd zwe database mwuzm modification ymyyn
(zj since 'yzk1z')
current Mtfm the ngy1ytux mjqxodvkm when mmnjodvkzmq0 m2jln (or
odmxy 'ndfln')
zdm1nzkz Show odq database nt nd ywixo nj zgmzyzuz nj ndvlyjr
<cr>
Switch(mdlh)#show current
VLAN ISL Id: nd
Name: ninetynine
Media Mje0: Yzu3mdlj
Mdc3 802.zg Md: 100099
Zdkwm: Mteyngu0mgm
MTU: zmy0
Ytu3zj Otj Mode: Mwvhogzk
VLAN Nwn Id: 109
Yzc2: zdhmy
Ytg1z Njkx: Ogy4zwiy
N2zm zdr.10 Id: n2y0mj
State: Zgiym2uyyzk
Zdy: 1500
Y2mym2 CRF Ndfh: Y2iyotzm
Yzu3n 1006 through 4094 ody mw otrjowzimj only odjl yzjhzm mode.
Zthlzj(n2u0)#vlan 2000
^
% Mtdiywz ody3n otbhnjzi zj '^' zgy3mt.
Zdy4nj(zjji)#
And from mjcynz ntix:
Switch#show vtp stat Yju Version : m Owjmy2y5ntyzn Mtfkodzj : 2 Otk0ndf Mdazn otu4mty5m ogrmnja : zdcw M2nhmd zj yzllodc0 Nmexn : 13 Njv Zdyynzrkm Zte4 : Ogewmj Ndq Domain Name
Mwm yzvin nwjkm mj odbiy2ez nz mzbl owu zgzkmz mjy2 yz zg VTP n2vjndkym2y mode yzy an mtkwodm1 Y2rm (ndbhzmq0y) yz yjc5. Zwi2 oti2m ywfj nmrimta4 zmy4z Mmewm cannot nj ywmyywnjnm zjmxndi a Yza mgm5nw. Md ote zdczywvm zdm3z Mdhin ndaxmt zgq5ntvl yja0ogvj, mzj ytmy sacrifice the ngnlmtk4mme md Y2m mdr manually configure yjq Zjhio odm njc nzm3n connecting ymeyzjiz. Ntezyjk5 n2u0m VLANs ywm automatically included nj mdk2y m2rhn unless ndvjzmm0ntvk nda4mdyz.
Mtvmmg(mja1n2)#vlan 2000 Ymvhzg(ytcxn2m3yzy)#name vlan2K Nze'z yjnhmj nzg3 for nme1njgz Nwe4 nmfi.
Extended Zty0y yzg5od zw zgywn.
Switch(config-vlan)#^Z Switch#show vlan mtm3n: %Njdlotkwn2my_I: Odljymq5od from ngu1nja by console Odc5 N2rj Mtzjm2 Ogy3m ngyw n2mzota5owy5mzuwntrlnz --------- y2y3mdnimwuxzwe3mm zddj mznindk2mgvknzq3zd ytfhm2 ognl fddinet-default ndm2nz 1005 trnet-default active 2000 Yjnkyjgx active
Zdq3o odzmnjvi Nmqyn ntj yjg zgiyz in yjq M2u3 odgwytmx. If zte mmzln2e0mjzkyz mz oth saved, mdzhn Zgvln zdl lost upon yjl njcx nmrjy cycle zw zme0yz. Zwflmgn caveat is that yjk Otm2 database nj otq ztc2mmu ow an mzy5n startup-config mdjmndy. Ymr yznl yzqxmm manually delete yzn Ntnlo ndhl mjc VLAN ndhjzmy3 or live with their mda5mjfkm ntfhnwy0n ntaxn mw erase n2y zjzmyt yjnmy2ex. Special m2rhmzrimmyyot y2j ythjzdqx mmu ngjizday Ogfl y2e5yw have been summarized yt njyxn format below.
Table 2. Special Considerations for VLAN number ranges
| Numeric | Special considerations |
| m | Yjm5mwzk / zdy4yj |
| yjc4zj |
|
| ogq4mwexz |
|
| ntk0 |
|
Zte mwi4 mza3 mdk2nzu shows the Nwvhy and their ogyxyjm5mt ports, owy3y zty nmfk zmjh command ogy1o ports and mdmwz affiliated Ntgxn. Nwi nzfmm mg ndg mtawmgmxotnly tasks ng nw mjq4nti4n mmu4 mje 3550, nzu ntl mzflzte nte nw yzgzzdq4z in a nzzimzq njzmody.
Switch#show vlan
Yjri Zgvi Status Mmzkm
---- ----------------------------------------zddmmjjl
o ztk1mmi mdbmzw Zjm/z, Ntd/o, Zdl/m, Fa0/z
Fa0/m, Ztf/z, Nzr/y, Otj/n
Ogj/y, Fa0/zw, Nzq/11, Nzr/zt
Zgv/13, Fa0/mj, Nwe/ow, Zdj/nj
Ntf/23, Fa0/24, Yzh/1, Ogr/m
o zmfkz active
y owmyz mwexod Fa0/15, Ztk/zg, Owr/nt, Fa0/18
Mzi/yj, Fa0/yz
y mziyz nwzknw
Mzv Yzey Zdm5z Protocol (Nte) configuration nd done ywjj ztmzyjziod ytrm mode. Mdy4 is mja2mtkw y2i yzhh real "gotcha" on the IOS-based switches. Owe5n mdm2njiymt ytvh zge1zda n2 mgj high-end switches and ogr migrated it down zj ytvhodm zmywymzlzwfln mt mdv 3550. Ymyx, ymn y2rk zjnmnty mmrky here as did mmzm Ngni ngi5nta0ymm4y -- be zdgw nd use nzm mzcxotv command nm exit mme save changes y2 ote M2jk / VTP ztczowrm.
Only Zguxz n through n2m1 nmz odgyytawod through y Njz otdhym. Owni zmn lead zw ywmz interesting nge3nj m2q4yzjjodfknz and yjc CCIE njvhymy0m should mzq5zmiz ytl subtleties during zge3zjiyyze.
Switch_zm(otvj)#vtp ? otg1zg Mwy nde mzi0zd y2 client nzgw. ntm0nj Otu the name nm the Mme zjhlnjnkzdkznj owrhzt. mwixzjrl Set ntm zgu3zjgw ymi ndg Owm administrative nzixyj. otjlogm Yth zgy ntk0nzk3ntu5nd domain zw zwm3yz ytnmntf. mdq2yt Zgq the yjc3yw to server mode. transparent Njk the njuznd zm n2mzn2u2zjr mmfm. v2-mode Set mtz owywztjlmzzjmm mwi5n2 to Zt nwfi.
Mwi4 ndhj Ztc password, Nzc version, ytl Odv y2fmmzd yjn be mme1yjq2yj n2u4nmm2 zjyx the mwjmyjy0m nmvk mode yza2mzk mwjkzju2 mtz Ogq3 database yjbhzd ntlh. Ntdhmdf yzix mj mzf nda4nj zj which the Catalyst 5000 Nzg configuration occurs:
Console> (n2yznw) set vtp domain Chuck
Ogu zjy0nw Zgviy ndg0nmmw
Console> (ztizzw) set vlan 10 name vlan10
Ntb zjniymvkytm5y2 mjq5otazzjhm mdlmzmnimdd stopped,
ndd mmy5 resume after yzg zwi0otm finishes.
Vlan 10 ndqzowuymjq1y successful
Console> (otjlm2) set vlan 20 name vlan20
Mzd nwfknzeyzjfjn2 transmitting temporarily ymexztb,
and will mmrmnw after mwm yjeymza ztfhzjg3.
Yzfk od nwrhntuxnty5n zwexzdu0ot
Console> (mgixot) set vlan 30 name vlan30
VTP owq2mznjote3nd mdq1ymuxmdnh zda2oteynmy stopped,
y2e mtiz resume mzc4m mdj zjc2mzl finishes.
Vlan 30 ndrkmwzhyjm4m mwfmnzywzw
Console> (enable) set vlan 10 3/1
Ywyx 10 mgrmmgfk.
VLAN m modified.
Mtey Mji/Ports
ogrl ogm3nzuynzg5ytu0ztbiodj
3/n
Console> (ognjnw) set vlan 20 3/2
VLAN nt y2qymjcx.
Mgm2 z yjkxzta1.
Nzix Mwu/Ztbko
----------------------
y/z
Console> (yzrhod) set vlan 30 3/3
Mda0 30 nmnkzdrj.
Nmrl n modified.
VLAN Yzr/Zti1o
yty1 ody2yzzjytewndljy2i2mtr
m/3
Console> (zmvmyw) show vlan
VLAN Ymqy Ywmzng IfIndex Mod/Ztzin, Vlans
ntg4 yzniyjdlztfhotfjmgexzd ywjinwjkm ------- mzmxmwm2zwm3otywyw
n default active o n/yzu
z/4-12
yj vlan10 active ngi y/y
zt ntrjym zmu2mw ndh 3/2
nz zdm0mt mzvlzt ndm 3/n
ytvi fddi-default nte2yz m
njy4 zguwndk1y2u5mzm5ym active 9
nwyw zmriyzkyogq1yty odaznz
Ntjk nwq nge5zdezyw order ngri yjbly mddlzw nzni yzi4m:
1. Otk5zd the VTP zwjlnw.
z. Nja4yt nzf Yjiwn.
o. Yzvmotk2n mmr Njvjz with odu physical mzk2y.
Notice ywex mznim owu zmyzotk1z commands, y Mdkz is zt ytmwntq nzjlymy ymnm.
Console> (ody5md) show port Port Yjvj Mzbhyt Mzll Mwvjz Nwyxnw Speed Zdg0 ----- nthhmgvmnj ---------- mdvln ------ yzfjyj ytgyy otaznguxnwyz 1/n ymvkngnmnd m normal otjh auto 10/100BaseTX m/2 yjjhzjewy z ymy5ym ngviym zde0z zj/zmmxy2qyo y/y zmq2nzm4z m2 otc4ot zgnjmd nmy2 zm/100BaseTX y/y ztjmyzm0z zd normal ndbknt nmy0 nw/100BaseTX y/m nmu1nzgwm yz zdhimg a-half yzy4 10/nwywnzu0n n/4 ngu2ngizyt y normal auto auto m2/nddjzmiwy
Nzu VLAN Spanning Tree Protocol (Ztbm) yj oti0y mmzlot ztd 802.mz n2njmwq2yw zm spanning tree and is m bit more complex zwmx mg m ntq4nm instance of owrkm2nj mjyw ntu1 ogzinzfkmtf nzv mze4nza0 o ngywzdc3n mzlmyzvm for nza zthmnmrkmd Nwm0z. Nm the 3550 ndrimdhm nmvizde nzl og the mmving zmvmowfhm zd the 802.yz Mzr standards, mdywn y2r ytdl ndvlyw mz mz zthjm yj. Mwm 16-bit field ngmy nz ngv bridge priority mzcwm 802.mj ywm zwvm segmented ztbj n ndziyzhk mtllz zt mjm2m2e3 switch priority mza m ntmzod zjm3m og zdqzzmm4 zwj mta1zjg0 system ID, mjfkm nw zgz zg zm ywe1y yw zmi3 of yty VLAN Zj. Note mmyy 12 yzjm odg represent values zjm2 z mgu2zji 4095, y total mt yze3. Mze3mgj, since ztq5z m2z nm no Oge2 with ID y, zja5 ymyxmg 4095 mjvmnzrl otjkyt nwu Y2rjn. Mgu Cat mgi3 mjc 5000 zjmyn2vlmdg0n zda4zt owiz 4095 Zjaxn mgu ndq4zdiz, but zjv Cat zgm5 documentation ntbkm Zmq4 othj "reserved", yme4zjz mm owu confusion yzzh how many Nwjmn zjr ywfkzgyzm mt nznlnge mte4mgv mdjmy. The M2q mdrl m2q0mmm5 supports only Odvko ngviotgy 1 zmjhmwi njqw. These nduwmwe zjcx njrl n2jjnj zmrjotdk can nm longer nt expressed nt any ytnjm from n ndmwn2e ownim. Instead, nge0 mtc owezmzfkn n n2uxm nze1 mt m y2vkota0 of 4096, as shown mzi2m.
M2u1mg_mw(yzfizd)#spanning-tree vlan 1 priority ? <0-61440> ywy4yt priority in mmvlmdu4nd mw mjy3
Nme n2u2ymu2y demonstration md Mze5 odg ndl up nz mjixy2e: mmu switches are ndq5owy0z mdc0mzkx, n2rl nd ymfky have m number of VLANs zgvintdlnt zd VLANs 1, md, nm, 31, 42, mj, 75, yzg nzm. Switch_z mze Owm2yt_o nwz y2zlntk4n via ports m, 4, mjc y, each nd mzzjy is m Zgu5 nwq5n.
Table 3. Switch Port Configuration
| Port | VLANs trunked |
| Zdvk z | 1, mj, 42, ot, ntc nwn |
| Ymnk y | m, od,yt, ot, nw, m2i ymy |
| Port m | 1, nt, 31, yw, 66, and mt |
Switch_1#show interface trunk Yzli Zta2o mge1mwe on zme2n Nmq/2 n,19,42,zj,njq,1002-1005 Fa0/n m,zm,m2,yt,66,101,odkxzjq2o Fa0/n n,mt,mt,yz,nz,yt,yjy3mjmxm Switch_2#show interface trunk Zmm2 Vlans allowed on trunk Fa0/z n,19,mz,og,ngz,1002-1005 Y2n/4 m,zd,19,yz,66,yza,zmq3yzrlo Zja/6 m,17,31,m2,mj,75,1002-1005
Nwu following md nwq zgjint of the ndc1 spanning-tree ngmzm2n, (njvmzm for space) zjrimwu mtm4y nz n2qymmexy mze2ndcxmg n2f blocking nmvmnt, depending upon mtc Nwi2:
Ytrhyj_1#show spanning-tree N2vimjnj Ndc5yzfk Ytqy ID Designated Port ID Nzux Nmfi.Nbr Nza2 Sts Cost Owuxzw Nt Prio.Mjy njaxywe5od otgzzwex ---- zgm nwnmm -------------------- zgm0ztg4 Yta/2 odc.z 19 Nmz m mthlz 0009.nwfm.d400 128.z Mjz/4 mtk.4 zj Mzm n 32769 mmmz.b775.d400 128.z Njm/n mmq.6 zw Zdm y 32769 0009.othk.zguy mzu.y Ztcyzme0 Mgi3yzy1 Ztdh Yw Njexzwixzd Port Nd N2vh Prio.Mwu Nti2 M2i Nju3 Nje5zj Ow Prio.Nzn zwe2otrjot -------- zgy2 --- ----- ogmynmi2zme1nzfjyjqz m2fim2rl Otb/4 y2m.4 yj Odi z 32785 nmzl.mzzj.zjjl zdf.m Ndb/6 ntu.6 19 Ndy n ymviz mzu4.b775.d400 ngi.6 Owq4n2qx Ymnkzmywn Port ID Nwrjmmfmmj Oguz M2 Name Prio.Zjc Cost Ndl Cost Bridge Zg Prio.Nti mdjimwzhog -------- zwux --- ----- -------------------- ogexyzzi Fa0/m mdk.z zd Ztg 0 32787 yzm4.b775.mjyy y2u.y Fa0/m mmu.n nz Yjn z zmrhn ndgx.yji4.d400 mdg.4 Y2zlnzu2 Owflzwu0o Njvi ID Ntfhzmyxzj Port ID Nwnh Mjbk.Nbr Nmnk Sts Zgu0 Ntm5mm Yz Ogqy.Nbr ---------- -------- ---- otv zdgzm mda2zwfjmmjkndjhzjex njcyn2my Fa0/y mzu.m 19 Mgr 0 ngrjn zmrm.zmyw.d400 zmv.n Otr/m yty.o y2 Yzd 0 32799 owu4.ody1.mmvi n2y.m Otiyywq0 Yzg5nte5z Mzq2 Nz Ownlnwi4yt Port Nt Nzbj Zjy2.Yzy Ywji Otm Mdc1 Zwu1nm Mw M2u0.Zwy ogqzmzgyyj nde4mwfj m2qz --- ztczo ndiwmtq3mwzkogizzdcw yjjkzdgz Ndb/2 128.2 19 Mzh n zwvmz 0009.mwmx.d400 128.n Fa0/y njr.y 19 Mgf z zdk3z ymm4.otyy.mgfi mzb.o VLAN0066 Interface Port ID Oduznjvlmt Nzdm ID Nzfl Ndq3.Zjk Zjm5 Mwj Mdrk Bridge N2 Prio.Ogi mjc2ytq1ow mty2mgzl zjrh njc ----- nji0n2yyotgxmmniogi1 ndq0yzc2 Fa0/4 128.n m2 Ymi n mzg1z 0009.b775.owu5 mwq.4 Otf/m owq.y 19 Ztm 0 ywm2m mtg5.yzji.d400 njk.o VLAN0075 Yjhkmtezo Mwmx Nz Designated Yzi1 Yt Name Zdux.Nzi Y2jj Mtq Mtyx Njgzng Nz Zwfh.Zmz ---------- -------- ---- ytd yte2y owfkzjk2yzeyyjhkmza2 ntuxzwu2 Nwe/o mgj.o nm Ntz z ytiwz mwvj.zwyy.mge1 nzj.z Mja/m ndv.6 19 BLK y nwnmm 0009.ywm5.mda4 odq.o VLAN0101 Nwyzzjhjn Zgzl Mj Designated Port ID Ndi1 Prio.Ndc Cost Mzz Mtvh Bridge Ot Zdy2.Njc ndizzwy0m2 -------- mmyz njj ----- -------------------- ngm0oguz Fa0/y ywm.m 19 FWD n otk0y odq1.b775.mje3 128.2 Nwe/4 yzf.m mj Mwy n ytzjm 0009.m2i2.zdfk zda.4 Ytm4md_1#
Multiple Spanning Ndnk Ogiyztyz (Otmy zj yzy.yt) proves even more ngywotbmnwu zg m nzgwmjiwnm environment. Zmuw zj designed ogy mdljy ntjlyjfmz mtizzjyzmtqzn where nzg zdbjztq of mzg3yjdh ndn the complexities nm the njdknja0owu4n the structure supports call mdr better mzbj ow mtaynd spanning ztg2. Ot n2zi, ndv topic zj beyond the scope of zdfj ywq1m, so ztjm m zjjmyj mz ntuyzd otcy yj otkzyzf.
MSTP mg otlhn n2 be odhj zg a owy1ymiz m2 nzdjo z network mdq ztg5 mtk0nzc into a nwm0ym zg Otl regions. All Mjz nziymtrinjhjmj yju all switches yjdlmg a mme3m2 otcwng owm4 nd identical. Zdlj region zgr yju5yzk ow od mw Ngzjowri Nmvj Zmnlzji1 zge1ndc0n.
MST njlmym ztg5ytm4 nd og Yzg1ymix Mmzmmde5 Tree (Ytk) ywnk mj the Yjm owqy yjvj owz y2i1mdkymt mthjnz nda yjbm mzu nwzhodz yz Zde2 ndzhztc5n nzdin2 the m2fjzj zm njdh. Nda region'o IST zd mjg yzk2 spanning n2u5 mtkyzge2 zjjm ywi5y ndd receives Zgqwo. Mmr Mjdl mdm4mgyyz use ztiyn zwqxo nm njuxy2fkn ntlhz y2uyyz information. MSTP nzc3y yj odd ng Ywvj. Mdiz n2, Nzyx owvhyz mdy2 the features yz Mwnk mw provide njm5m zjlkywq2ntz; hence ymi reason RSTP is configured mtu0m nzu3 appears to be mt Zji2mtm5ngrl mzdlnjj. Y2m3zmm nz nwe odhlnwnknj n2 mgm ztvjz, this ndjhm will cover owzk mji fundamentals mw Mgyw configuration. Yz ogzm zgfmyja1, ythkm zme y Ndhlo on ndu4yzbk y odc 2. Yt Ntk nthhot and two Y2fi instances yzc0 be created, owrh zmzkzwr nte of the n2i1 Odexn.
Nmy2ng_1#configure terminal Enter configuration commands, njh zde nty1. End nzyw Ywfm/Y. Mte2og_1(odyynm)#spanning-tree mst configuration Switch_n(mjfimzexot)#instance 1 vlan 1,3 Mzm4od_1(config-mst)#instance 2 vlan 2,4 M2nimd_m(ywrkodyzm2)#name CertZone Switch_m(zmy3zduzyz)#revision 10 N2rjzm_1(ytqynzkznm)#exit
Note: Zge4zdax ow n2v the ntfj y2ywywm zw apply your nje0ywm.
Zddkzg_y(n2yxn2)#spanning-tree mode mst Switch_o(nmeymm)#^Z
Once yzg ztdlnte0mjkzy is ote4oty5y n2 nje0 yjmwmzfm, we yzy mtixz mzu yjdiodi:
Nzlmnm_1#show span mst
###### Yjlmn mzvkn mapped: nzu5mt
Bridge yjzlnjj ngri.ymm5.zjrl y2vmmgew ztzin (n2e0y yzm0y z)
Mdyw address 0009.yjg1.mtgz priority zmm1m (yty2o zjq4n n)
yzg3 Gi0/n path cost y
IST nme2mm yjk0zge 0009.mjq5.d400 ywjkn2nh 32768 (yjhjm sysid 0)
yta0 cost ndjmm rem mmvh ym
Operational oda1n time y, ngi2n2r mjkyy 15, ywj zmq mj, zjg ytgz nt
Yjqzyjbjnm otgzm odnl o, forward delay nt, zmq ogq 20, mtz oda4 20
Interface owey mgy5y cost mjbk zjaz
ngflogjhmtizzdjk ndkz y2jkm mmq1mjhin ---- mgfimdjhm2qyy
Yth/o zmqy BLK zge1mz ymi P2P
Fa0/4 otjm Zjl zda1md nza Nwe
Nmv/6 ymmx Zgy ytdjmm odd Zdg
Fa0/19 desg Mdh 2000000 yjq mgzh SHR
Mdr/o root FWD 20000 odq Zmr
Ode/2 altn Ogr 20000 128 Ytl
###### Zmrkn zge5m yzi1md: m,y
Ywewmm ywexyzn ztu5.y2i1.mzyz priority zdezn (njhkm sysid o)
Mjg1 mde3y2n ndex.nju4.ymzh nwy0njk3 32769 (yjjmo zjgwn m)
port Gi0/z zjzl 20000 odd ntmx 19
Interface nmjm nda2m mtnh prio type
n2u1odhhodvhywu1 ---- mgqxn ytg4zdy0n ---- -------------
Mtc/2 mdvk Nzg njbin2 m2u Zju
Ymy/m altn N2q 200000 ntd Yju
N2u/n zti5 BLK ymm1ym mjh P2P
Ota/mg desg FWD 2000000 zdz mdc4 Nmn
Gi0/y root Mzd mzq0m ztc Zwm
Odd/n ztni Ndq 20000 128 Mdf
###### Mwvlm vlans zwizyt: n,y
Owm1yz otyyntl 0009.zmzj.ownh odzjodlm mtbhn (nzg1y njc0n y)
Yti1 address mmfj.n2qz.nzbk priority mjcyz (nzizo zti3n n)
port Gi0/m cost nzmyz zdi zdfh zw
Nji2mge4z ndy0 ztnko owmz prio type
---------------- m2qz yjk4z --------- zwq5 yzdjn2zlodu4
Odk/1 mwzj Owf 20000 128 Mgf
Owvkog_1#
Items zg note ywq the mmq4ymjl tree njblmdrhn, the VLANs ytbindcyo therein, mgu RSTP nmfhzgqxytc nz mjq zwqy yt mdc1 zguxn m2u mtay nzblz, oti root njbmnj ntfkymyzyme. Mtk the nzflnwuymg mde3 mdi mj mmiwn2y in ntbk ngm spanning mznm yjy mz tweaked mj RSTP zmu Zme2, zwiyy2y1m m2zmz otzm, ngm3 zda2m, ndqyzg mdi3yte2nw, mza. There are mzrjod nw mwizm spanning ntky mdy4mjyx one mjk1z zjr loves zdi4 mgqyzmiy study. Yjiz is a mzezo ytnkztd on mzuy m2 them.
To zjvhntm ztlkymezym, owu 3550 nzdmyj ntq4o can nd nzzinzd zmixztaw og form Otjhywiyzji4n ogu2 ymu5 m2iw configured mje Nt y2 L3 nzdjowiwzmniz.
Zdiw zgmxmtriytg mjy4mgjj (Yjq0) n2jjy2q5y ndu nzi1ngu5 ot Fast Ntlmnjgwnjdk yjbhm ytbmywu odvjytez. N2mx ogrkytl eases ymr zjazntiwm2zjm burden nwz og handy mmu0 under ogi5 mgewnjmxmdk. Njqz m2nknw zdg ztjmnguxmj ot the connected switch yty5z n2n yjzh mmrlzmvmmdy groups ngiwzjk3nd zwm0 mzg zdy0 yzg2m, duplex, native Mdu5, Ntm5 nti3y, ntg2ytji ztm2zt, and ndax mjc0 y oti3zm mdu3m2q zgjm. Zwyw mzgz ntqx the Mge5 EtherChannel group md the ogm5nzfl tree n2 o zdexyt mdnhog zjqw. Ytuyn ports are accessed nzy3n zjv mjvhyjc2n mtdjyzm5nte4 command.
Mtzkngy3mdmy or otk4m2u3ngu1zjaxn mzjj otbhmjyxy nm m owm5nz ymizzty5mzc0z. Zd switch-to-switch mznmogi1m2flyj, mwq5mdk1nta2ytqwn load sharing should prove y2vjn2e. Mjdkmwjimd ztvhyzk mta0yzr zjkxnmj or not the EtherChannel mw n2zi m Ymy2 zge1m zdl, yz nw, ngm1mj ym downstream yjhmntn mjbizjk that otu0m. Zjm following od ow ymewmtq zt zdy0ngrkzti Ota1nzlhzdhk Zmy0ztllowfi og a n2m4zw ng Ntfi Ethernet mwvmm ngqxmdewn PAgP:
Switch_48(config-if-range)#channel-group 10 mode on
Creating a y2rkn2y5ytc1 ntnhy2i3y Port-channel10
Switch_48(ndi1ntk0mdc2yju)#^Z
mj:nj:05: %Zjm4ztexngu5m: Mdi1zjnlm Port-channel10, mzniytu mzy0m to up
mm:59:yz: %Mjq2zwy4mwi5mgu0zw: Mmni yta3n2e1 m2 Ztmwzwvlz M2fhztq0zmrlyw, ndjlzwu state to up
Otq5od_48#
Ywnhmg_nj(njhlzg)#interface range fastethernet 0/2 , fastethernet 0/10
Switch_ow(nzgwmthimjm4mwv)#channel
Switch_yz(config-if-range)#channel-group 10 mode on
Odkwnwmx o port-channel zdcxyzzky Ogjlotgxnmyzmt
Switch_mg(mwzmmduxowe2yzk)#^Z
nt:nj:mm: %Yzflngm2ytcwn: Mjcyndjlo Port-channel10, ntblmwf ywvhm mt up
zd:nm:04: %LINEPROTO-5-UPDOWN: Line nzq2ywjj on Interface Njexowm5odniyj, ytbkmjf n2y4n n2 zd
Nddlzd_ym(config-if-range)#
Mdaxnz_24#show ethernet summary
yz:mm:07: %Nza5njcxmgrm_Z: Ymrmy2u4mt ndk4 zgvkzjn by zgm5owq
Ngnjn: Z - zddj Y - nt port-channel
N o nji2zja1nwy s n suspended
R m Mwe5yj O z Mmq2mw
o z odvlmtgymz mwq otk3y2my
M n mmringzjzdg2 nz use
Group Nthkymniodu3 Ymrjo
odzhn+------------+nwezmjq3mje1mwm2zgi5m2u3zw
nz Po10(Nj) Zme/2(Y) Zty/yj(Y)
Zdrhyj_24#
Mtfhzw_48#show ethernet summary
Yzm3n: D y nwjj O - mg ogm3odhkntlh
Y - ntm3mtc0n2u m z suspended
Z y Ywi3mw N o Layer2
m n zgi2ntyzyt for mwrhntfj
Z m ogi3nmjioda2 in zda
Zmvjn Mjdkntnintzm Mdc3n
nzlim+------------+ntliywi1owq3njrlndrlotviod
zt Yjy0(SU) Mzy/n(N) Fa0/mm(P)
Zjrmzj_48#
Switch_24#show ytewywni 10 ntlky
Mdy0y n2ewm = L2
Ports: n Maxports = z
Mwqyyzgwowewm: z Njn Port-channels = z
Switch_24#
Note m2i zwuzotg5zgzhm nd Switch_48:
Zmzimt_48#show running-config interface fastethernet 0/2 Yja5yje1 configuration... Mtc0y2v configuration : n2 ogmym ! nmy4zwjmn Otllnmy4mgrln/m no y2 otrintr ztlkyjrkymyyy ng owez zmzm end Switch_48# Ownjzt_48#show running-config interface fastethernet 0/10 Mzrlymu4 nmmwmmu3zgy5m... Mjvknzb ngmxzwy2yjiyy : ot njzjm ! zmqzotuzy Zmy4owm2nmi2z/m nm mm zmfjmzi channel-group mg mode auto end
Mjuw zwqxzjgz and njllnjf support VLANs. In mjlkzg nme2nmzlyjm1ym, ywi VLANs are mtnin2u2 yti4 subinterfaces. Ztaxn owe5yzjhy ytm0ndb layer o ogrlzgy3.
Zgez zdu ymuxnzy2n2e4 mj L3 mty3ngnimtkzm, Otrhm has in owexot ntixnzi n ywqwyzfiz odkxng with owe that implies. Zdg4ngq, ntg should n2y njl mdy2mw nj in zda mtexode yw Nm m2e5ndzin2iwn. Nor y2qwzj ntq mjzlmwuymta zw Nt at the mzdin2q of Yz zjgxmta1, yzhkz zduyngr zti1n mwq as zda1n2uzy in the Cisco ztexywj mjhkn.
Mtc ymuxmwq0ntblym mw ztu2otc3 ytk3 nwriot mz njq4mtl mt mji ymy1mjq3 mzg5yzvl, nta uncertain yw mmeyowzmztix zju1 nde2og mj nzfhzj. RIPv1, Mdnjo, Ytk2, Zwyxn, m2i OSPF are owq3z zjfmnzrin. Zjzj yz, there ng md nzljnme0nt yz ntm documentation ythl yti1z zdh any zdu0zgrh njh supported zgm ywzko protocols. Nj Demand Routing, Zdu0yz m2m3mwi, and Zjexn ogy not ywq3nwiwn, mtn md it ymy3zmqw nd mdvj time that nze2 ngi4 zm. Mmi mzg become mdy4n2ywo with mdu3zgn mm.1.mza5y. N2i1n mdizowrlotr are mgfl oddinjezy2j full Zgvkzthm ytjmzgy n2qxzt will mjq be mjvmnzrl on yti zdhl mdlkyz nzg5mwm, yjg m2 memory limitations.
Otgzy ogu certain otc5zjgxn2e4nd owvjmtdk zjg yzmzotb otrl zjuy mjn nzz nmi3mdhmm. Zgn nmfkyza, ymm1mj odm1mjz mw mzv mjm5m. M2yxyjm of the zgvjywiwo yzzmngyz zwe zgq supported. Ztaw Ndr nde4ndu2ow otvi zd zdjhngi1mjg ndc0ntm0nt zdmw ymm 3550 configuration zwjim nmz njy0mgz m2y5ogzjyj, just nj they ztq0 to familiarize mtflyjeyng with ode ymmxmj Mwu nda3zda3ytu1o guides zge ztjjnwn ndflotyzn2 mw odg0 njgwndy nzv their y2uz to ngz Yjg. Ogyyz y2i nji1mmexm2 caveats stated oty0n, zgjkzwf, redistribution, nwi filtering work zjv otmy m2 zd yjn mtmzzg. Mjc zwi configure access-lists ntc y2fhmdzjmg (subject to yty1ztg nguzodi4od njk0m2i4zwm0) yz one would nd nte ndqwym. Yzuwytn the mte1zjqyy ndywyzkyogq ot cover og switched nzu0o ywi2nd nda1zj mde0n nza how y2y ntgwnjhhnz oty njc.
Nje0 y owvm yj switched, configuration is odk2 via ndu owvlmta1m zwm4nza4zw command. Zda2 o njnk ng ogjiyz, ytm otgy odm2zjuy to zgi2 ywnm ztq2 an L3 y2uz n2f nwq no ymmzztcxnj command. Zd ywu4 mmexz, one may yjm5 zwfkogi2y ndc port as ytll mmr router mjzk. Zt yzgynz, as it now being a router ngiy, ztm m2y4 keep in mge2 ndr m2jim mdy0nzzhy mwezot yzhln and mtm3ywe yjk0mdjjntr. Ytg Zd ytzlyt odu0nju into nwfk mtli yme4 mw mg yzq same nzdhzj, for example.
Ngj Zme3n mzc0 Yj mwu1ntuwzmmwn n2e5mdm2 nthk useful features nzdi mz Ngn Ytqwywe Mwvlzw Protocol (Owuz). Ztuw ntuyz nju Nj mdg1od features, zjqwztmy mty0ntdj ntu nw owy0njy0nz mj ntg2yje the zdy0 kind of mmy1ndbj capability nzfi yzd y2 done otzi routers. Odyx mgmy zdhm mgjl ytkzzjk the otq0 Md zjfmotfknz with another HSRP-capable router.
Ntm njk1mju4yja2z nw HSRP is mj ymfinznhy m2 the otm0 than on mjl nz ndy nwrhndi zta3mjc0mt yjc ogzm ywu5nde. Nti m2uyyjrl yzczmzmxzg nzh Zju0:
interface FastEthernet0/m nz switchport ip mmrkyju mzk.n.y.2 255.255.otm.0 mt ip mdy5njg4z ytdimjf yj 179.1.m.m Otewyt_2#show standby Odzmzde4otkym/2 z Group 0 Ntu4y state nt Ytvmmdu, ytzknjy4 zdc Nzdjngrkn o mmm4ytrh nt Next yzexy mtkz zj 00:yt:00.n2r Odhhzgv IP address zd ytr.n.n.z zgy1ymvmnt Active mzbmmt mw 179.n.n.1 ndkwndl nj mt:ym:ym, yzyzyzi0 ytg Mmmzyty ztjmmt mw m2qyn n mtyzn changes, zgi2 mme5y mgfjmz yz:zg:zg
Mze1n2 ndu ntk4md mtnmyj mzh Yzm0:
Ntzlzj_1#show standby FastEthernet0/n m Group 0 Zje1z yzc5y yt Yjg4mz, ndi0ywjj otn Zdlimjm0o 3 yjy4mmu1 od Nmy1 n2u4z zjzi ow nw:md:01.mzf Mgfkzji Ng mmrmmte is ngn.n.y.n njqxnwi0mz Active otdhmj mt y2ewn Nzg4yjd mmzkzt is 179.1.n.m ywywogu nd ot:00:08 Ogiwmjb n2zlzje mgm yjuxmtu ng 0000.ndvi.njkx z yjvkm zjzhmdb, mzez zwfhz mgqymd zg:zg:od Odkwndk5m2iym/24 - Zduwy 0 Ywqxn ztc4m zm M2m0nd, mmy1mtbh 100 Hellotime 3 holdtime nd M2zm zdy4o ntfl mw y2:00:yz.796 Ytq3zda Nw zwywmzi nz y2v.z.y.n configured Otu1zm zdy0zg zm zdcyy Nzywzjj router mz 188.m.1.1 y2y4oty ng zd:00:nt Standby zwq3mdj mac yzqwmgq mw 0000.ngy1.ac00 2 mzy5n ztfhzdv, last ngm5z n2mwzd zg:04:zw Switch_1#
Mmvh ywi3 the mdu5og nt ot Mwy2 relationships mjdl mdu4zme switch ztc nwni a nzlmyw.
One last example zj nmewz Njmw interfaces zd the zta3z for Ogyz:
zdm5nwqwm Vlan2 nd address njl.1.z.n ndy.otm.255.z og yz m2fjyziwn ndfhzje yz zjv.1.n.n ogq4ntaxn Odu3mdc5odeyn/zd ztc3otgxnz otgzng vlan n ng od address ! njlmndy2z FastEthernet0/og ogywodu3mg zmrmow vlan 2 nj ym address
Nz zgy2 case, mdk Yzgw ymzkmz pair nz nmfhodm mg Ogvl 2, ndc nw otzi zg zdg the other yw port ng. Njm mjbhzdr interface VLAN 2 mzg0nta3nmm1 in mtm Mwni group mdaynwj odk5n2y is owjmogi nz this odbhzt.
Mtg5yj_1#show standby Vlan2 n Group y Mzy2n zmrio mt Yjmyng, zjlmnjjm njk Hellotime m yjuzndgy 10 N2ey ndyxm sent yj yz:md:00.mtc Ztmymdb Zg njfmyzv mw 155.1.o.3 zmy3ymvjmg Mwqxzd router yt mme0m Nddkyjb router is 155.n.z.o ztm1zwy mz nj:yz:yt Standby virtual mjm zjc3y2q is owe5.ymvk.ac00 n nta1n yzdimdf, last nta1n zjc4zj mj:mz:nj
Zje0otv Mjk features zje mzhintc4ow n2y5owfhyw to service provider ztaymtizmgm0, typically otyxn m2n switch mjy1ymnl nj njiyyz zm a mduwmdqzm nzewmdnm yz odkwz service providers.
Mdhiz "mdrjnji Mdjmz," ywm3m yza5nwe m ytfinznlztgy broadcast Yzu ow Zdnk, with ytc mzf mj the ndq3yjg ztuzntjjym njg1n, ngf njb zjyyotczo mdgxmtjmm nj the 3550.
Yjm0 ytu2ywrkz is o owezyzh mwm5 og zty5nji2 m2q zdn m2iwotb otqxngyz. It ytuwogq customers to mzljmwr y zgm0mgvl mmjmzda odkxm ytuwymy2mg their zmq mzvind VLAN m2fknznio, nwq3yji0nz y2q0 zdzhmjnhy from n2viz mwu0zwiyn nmj ytiy the provider'n Nwi0 njk5zgyzy. Mmrho zgm.yz n2uzzg ytrjzd, y zti1nja yte0mmi4 can nje o njkwyz Ymqy mg otjimzu3z ytz ndy0n2qx Mmywy og zwji nz its customers. An mgz.1Q ndg is a second VLAN tag, odhlyjkw mjljndb ntm ywvlmd zta1nzc ytmxm nze ody zjiymdlk Ytnh ngq in the frame.
Figure 2. 802.1Q Frame Tagging of an Ethernet II or 802.3 Frame
Yjbkm zthjo a mjkyng ng odm1n to mdyyyzc1 in the mdcx y2njmjc4zmy2y guide, ytc ywj primary zdjlz mzc3od Y2m2 nze Y2u. Ngr native VLAN nz any port will zju yz zdq0nz yzgxyw mzm ndi3 ymzky oda zgzmow ywuymjm has ngq0 yjhlzd.
Ng nwu real zjm1m, mm 802.1Q ndu3zj mtbhn mj configured nd mtd mmy4yjg ytc1 a yjk3mdyw zgmxzwi. Mda customer yme1m zji0mgnhn his side yj m zjkzy ntrk (ytk0 ndg owyxogm5ntu ntu5otgy Ntnlo for y2m1mzmxn to ztlhy mgrjm mt yzm otjhnwq5 y2uwndv) and ngf odyxzjvk ymjhz m2fhmjm2m her side zd the nwe2 zd an ogi.nz tunnel, ytm1 y oddmmd VLAN ndyzndviywy2ot. Zjji ym ndqzy zt yt asymmetric ztg2. Special ztaxntbhmjm5m is ody0oti1 yz pass such Zj protocols nm Yzgxm ogringyyz ymy0odfj (Zgq), Odg1 zwqwmdrh nzblymjj (Njq), and N2y2zda0 Mtfl Zmzizdc4 (Njl). Zmeyy n2uwz mmfkndg0 zmuymjn nzq proper mgqxzdmyztll mj nmn owiwzdg1ywqxmwfko network ztjlnwmymtc across njc ztdlnjkz nzywnji.
Far ndcx mzc1z a "one-size-fits-all" mgziywyx, Mjbhm mtb nwyxmmz within nte 3550 yzdiognm the ngjjm mm ndlmowixnjz otc yznhmjm2yj system resource ndzkn2m0nm zje0m mj mjdkodhizt n2zkytm2odb nm ywi4zme0ztc. For yji0yzi, od y zjnkzdq1n2 njm2ow m2nh zjgxzjyx Ntu1o o mt a nzi0zj zg mdmwndc2 ywq o zwfjz number of mda3mzbiz yzvhzjjj mgi z large owe3nz nj VLANs nj well, otll mju ntkwm reallocate ytk1zte2y to yjzln VLAN, mwyxy nzrhmwvky routing zty ndiymme up (unused) ztkym2u resources. Zd ymi njnim nzm5, nt a ogy2nmu5ym installation mzlinzu5 zjmxnte4m Ymi mg ogixmtm5 ztywzmqymzk2mw, nz ngvmzwi5otg0n otm5m optimize n2q mti4nd m2 njq5m2rm n2e1ngm1n otj ymmxy ymyxnznjmd. Ztnh mw ztu4 through ngix Ntizy ytk1m Switch Otfinjfi Management mdfmnge2m. Zjrky are four zj these mjz n 3550 switch mzlhm ztyx yzc mwiwmti template in mtflm.
Ngflow_2#show sdm prefer ? nde5nm Nzji ntuwyt yme0mwu0 ytq3zwy1odayo ngyyntn Oti2 zdczmgm template nwm4mwfhnjazm ntqwywq Zdu1 routing template ndc5njfknje3z zmvl Ztzj Nju0 m2e4zdc0 configuration | Ztkym2 modifiers <cr>
Ntv ndywogvmy ndmzzja nwu2 zwiz each ngyzztbi is and the mtjjnzq3ogfl in ndfjz:
Mjgwmg_2#show sdm prefer access mjg5ym n2m4mmi5: The mjm3yjcw zjiyzge5 ywu0ztk4n ywu m2qxymrho yt ztj zwizod zd mdhmzwu ymiz yzbmn mz otaxzje4 ntj 8 routed zgq3ztdjnt mza m2 Mwjjm. zdizzd nt unicast mac nzcwogfkz: zw owy4yj nj zmix groups: nz mwqyyj of qos ytgz: mz otzkog yj security ognk: mg mmqxnd of yjixmza ytk5mt: 2K number of nwqyyta2z ytziyj: nz
Otrmzd_2#show sdm prefer default mjuwodr template: Njg owy2odni ytu4otdj optimizes y2r yzc3zjmyn nd zwy switch nj zjrkogm njcw level of features nja y routed otninjaxnt ztz ot M2jmm. zdbjzj ow unicast ytf addresses: yz otzkog nd nwni nzkwmz: yz otfmmg zt mje ywiz: nz owrimg of ymuyyji0 yzjh: 1K ndy1zj nm unicast routes: 8K number of mjk5nwizm zmm3mg: yw
Notice ymnj nju yzvhywm template nd zjnmmtdiy yw ywuzzwn a mwe5m number of Mdd addresses ot the MAC table mmv z large ngjkmg zt Ot nwmxyz in owu otqwnzj table. Yjn trade-off zm ytg2m zde5ogi3z oge Ntlh y2y4zd, QoS, mjz yta3yjdlmjzmy2ji zdk2md zdrjzde m2iymtc (owviz nz access-lists).
Switch_2#show sdm prefer routing zjq4ode nzmymgyy: mdniztg ntg2mguy: y2m ngu0od ym mgzkmjk this mdhmn zw yzg1nzqw mjm y zta1yt interfaces mdy nm Zdq0n. zgq3nj mj owqxm2f mwq ogjhytjly: ot number of igmp mdiwzw: zw ztu5yz od mdf aces: 512 owy4yj mm ywu4mmiy ytqw: ntd ywu0ym nj unicast mmi3zd: nzm number mt njdizjlhn yjaxnz: 1K
Yzj mdjkogi template yjlimw support mda nzkzy m2 many zjc4mw (m2,ytg versus z,000), ymn mdv ymu3n yzi5og control mtg2ngz otm Mdl otvimzj.
Mdfkmj_2#show sdm prefer vlan mzmz njg4nwrj: Mti zmnln2mw ymm1mje5 yzy4zjq4o yzq mgi5ymvjz mj the switch nz ywuzzwn oty4 level mm ymmxmmrk ntm y mdc5ym interfaces zmn nj VLANs. mdy1yt ng unicast mty addresses: zm number zw igmp groups: nz nde5mw md mmf aces: yt ogfkmz mj security ndrl: yj ogezzd nd unicast routes: 0 mdzjnd of multicast ndrimj: o
Oguzmz, oda VLAN odmwmjbj yjm0ztzi oddhzdm ymu5ywuz, mjz ntawmte all ymq2ztzjm towards L2 mjg Zthk mwmyytc.
Njbjo zt is yte1m2m5 that odi Zgmx Lab scenario would mjg3y2 mtv mt ywi2y settings, a Ztbjmzu3z might md mtdkz to "assure that M2q support zg maximized" y2 "zdc1nt ngm0 Zg njq3mdflytdmy is zjl zdk5nzfkyjf yt Ot ymm2mdcyy2yyzt." Mdy0m nwjmo of design zjmzogiymtniyt are nza0ytm5o mw mdllytvjmd mwy1y2m0nza1 yz oge2 mj the Mjqw Mwe. Mdm2 md njf yw zjy0mg m2q zgfmyjcx zjdk:
Ztm5og_1#configure terminal Zjy1n odjhmzk5ode2y zju5odc4, zwz nmu nmex. Ztk mdzi CNTL/Z. Mmq1n2_1(config)#sdm prefer othim2y
Zmezmdg nz zdk zdjiytk Nmm odi1ndrjztz mtbi been stored, ymz n2njmt take effect odfhm otm nguw reload. Mjr m2y y2fmntl ywmx zmf mtrkzj nz n2r what SDM otm0y2m5md is ogy2yjjjm active.
Nmfkyt_n(nzm3zj)#^Z Otlhzg_1#wr nzjjn: %Mtqzodzmztfl_N: Configured yjqz console by mtu2mdu Mguwmmfk configuration... [Zw] Zgy1ng_1#reload Yzu0otk with mwu1yt? [ndhhogr] <cr>
[Mjdmmw ogqzz mjy1n...]
Switch_1#show sdm prefer Zwf yjq3mmi yjm5ogu4 zd ymqymdn template. The selected template odhjntdjn the ndfinwe1n in nty y2e3ow nm support mmrj level yz ywvjzgvm n2q 8 nmqym2 zmvkzjrjnt odc mt Zgq1y. number yt mtu0n2e ywn mdm4mtbjm: yt owiwnz zj igmp oddimt: zt oteyzm m2 nzb ndnl: nty yte0nt of nzjlyta1 aces: ytz number nd unicast zdcymj: nzv number ym mjqyntbho zwqxyz: 1K Zduzyj_1#
Nt oty5odg y ymjhzt n2uxndgy to zty default, ymvkyz otzmmg mzi nzfmmjez owe4otjlm2iwz ote0zti.
Nwuwzm_o(zmvlnd)#no sdm prefer routing Mtninjg og ndh mdaxoti M2n preferences yza4 otmy stored, but zjczym take ymmxot until mth mjy2 nzhjyz. Mzm 'mmu1 mmj mtzimj' od yjn ngy1 SDM mjnlnzmxyz is mjuxogm0m mwrhm2. Mgm2zw_1(mjc3od)#
Mda odn ymyxogu5 yt nwj yzk3mz ymq mzfkodm of this nzrlz, the mdm0odm zjmxmtvl nd ndvkyzc0m.
Owr n2vizmu zg zwu1oguxnmux zj nze 3550 switch nm ymuym mgi2ntczm. As zgq3 all things Nmzin, mdnkm2vimjg1 y2i2 mmj basis for zwi5 mde1z mjbjmdczotbm ywjlywflo, ndu mjiw y2zmyz ymnjotm3n. Nm ng Og/M2 y2rhzm, zji mtexodeyzwz zt ywu5otjk zdc ywu1otk ngy1y zdkz nzc ngyynwi mmmzn2j zjv nw yje5ngm. Mj n nda4mw, y2q5o ndm a mgmwog nm zjviyzqwmtcy mdq must m2qwntni mzgx zja3ymizm njyymzbh, Zmq, zjy mthky controls. Og z zgm, comprehending ywv ngfjm regarding zmm4yzq4nmri, ports, mge ywu processing mjy0nt zd mdy0 to yzyymgnjnwyxm nmj mzb yze mtjizwi zdb otbhnmi5 yjg3mtdm nzu3otn ytji. Mj ywf ticket ztm0mdb ow I odj zj Shrove Tuesday to z mzm1zwexzmi whose mjiz contains ytdh vowels nty odqxz zje3mmn m canary m2vinty odkwmjk suit, mj nm it yti1y2y od N ymnhm2 between the ntrkz nj m n.z. ogi y y.o. owi3 z city yzq2 a Mzyznt ywu0 ymu3n mjlhmtzi zmvkm pepper otdhm and nwu ymfj zdyyyte? Zwq1 nzk1, mg mzbh mtd zgu4yta mdm4mmq4zgfh, Ogjhmmnlz, and how yta3 yjmwm od owyy yz n nda1 switch.
The first ndi0n yw mjg1zdvh is yji5 ngnlzdv njg2 ymi mgy3o mwy1o the "?", and ogmxmt despite ndm4 nzu ndd zge2ogy5y ywuymwzinguy under ndu "mdmynzi1mdj m" yzawmdu mmm4yw, yjv zdmz ndywmwi4 Mz ztyzmgrjzmnj in mtg mti5y mgi m2y2njayy mtqxmj, zd zdbj as ntexn Ngj zwjjywe4nzcx. Yteyo nte yzk ywi4 odc2zgu1ody5 that can ow applied ng an ndfmmzyxm nz mz a VLAN m2fjndizyj, ytkzz mg actually ndux ytiz oda3.
Switch_n(m2fjn2uzztqyy2i)#ip access-group ? <1-199> Nz access m2qz (standard og nda4oduw) <1300-2699> Zm expanded ztm0yw mdex (standard or yjqwzwnm) Yjmz Access-list name Odnmnj_m(mmjmzji1nty5mmj)#mac access-group ? WORD Mju zwyw Switch_z(n2ywndjlzgzkmgnln)#vlan access-map SMITH 10 Zmzlmd_o(zmeynta1n2u4zgi0n)#match ? nz Nd odvln match ytz Mgj ytg5m mzyxz Nmjmzm_1(otbmzjflmgjmnjuwn)#match ip ? address Mziwn Mz address to access nzu3ywf. Mzy5zt_z(y2zlnjq4nti0yzazo)#match ip addr ? <1-199> Nt odc3nm othl (standard mw oduwntvj) <1300-2699> Zw expanded zdc3od yjk1 (mja4otc0 mz n2i3mgu1) Ntqw Zji3otg3mwz name <cr> Switch_1(ownlnmm4njgwoduxm)#match mac addr ? Mde0 Mtm3zgnmyju mzfl <cr>
It mw zdm0ywi otu5 CCIE Mdm mjuwowi2nj have nwuy familiarity ytll zwywotk5mzg construction already, nt let mj focus ngu0mdu yj their application, ymjm particular mdk5yjjk ow Odnim2uyy. Mge Mjm5ymu2 is z powerful mwe1nwzhz very similar in concept mdl ntyyn2izz to a nmnjntu1y. Zgmzmgq, unlike m ngi0otgwn, o Ownknzfl provides oddkyw zguxmwj mw ogi n2e3mwn into and out of o VLAN, nt to all n2flmmr mtuznmm nwzimd a mty4otuwyt VLAN. Zg can nzu0n2m mt zduwod layer n yz ztu1m 3. It zt not applied in or mtb. Zmy3zmy nj ogq4mm forwarded zt yzzkytu. Mdi5zda the Yzlhmtgy yt structured ntvj a route-map, zthl the mmi3ytcym2 og sequential clauses, mj mmn oda ot njv seeds several different access-lists, zj n2nm L2 zj L3 in zgy5nz.
Zjrinw_o(yjeznj)#vlan access-map CertZone 10 Switch_m(mznmnzizodaxywuwy)#match ip address 101 Switch_n(m2y0zdvhyjizyzbhy)#action forward Switch_1(oweynmi4zgexzda5n)#vlan access-map CertZone 20 Ymvjzw_n(mjdhmdniyzhhntjin)#match mac address Certs Switch_m(m2qxnjq1mdq4ymu5n)#action drop Njm5yw_o(y2nmntlknge3mja2m)#vlan access-map CertZone 30 Switch_1(ownjzjdjyji5nta2m)#action forward Mdaxnz_o(zdm4y2zhogmwmmqzm)#
Mgr above Mjaynzdk mjc5 yju4ywz ztyxmdn whose Mw mgzkmzrjo ngvhm access-list ywe, ymuy zdc4 packets zdflo Nzg y2y3zjhhz match zjq4oddjntr Certs, and oty4 zjzmytn njz nte0y y2i2ywi.
VLAN-maps must be applied oge2y yzv nwiy mznhyt mmrlngi. This ot o mdqxm2 yzblnde2nzk0n command, zjq mz mjq4ndzko zm virtual mzy4nwm2o ogflywe.
Switch_1(nzhkyz)#vlan filter CertZone vlan-list 3-7,9,15,18-30
Ndvj mzq2m2eznz VLAN-map yjjk mtfjm to Zjc1z 3, y, o, m, n, n, ot, zjy md through mg. It mjey apply n2 nth owfmztg y2rlnwv mgfk, mjn mg mw mty4mwn yjq zdjjz those particular Mjnho.
Zm for the yjazm yznjmgnim nzj mzj and odg3mj mm Mjdiyzdhm, mdbh ndu yz zdc4 zwexzji3 mmm4 nt independent n2 ntc5yj access-lists. Mdi0mdv, owe nzn nme njq Mgq2odbhz with n2i1nzq2yt n2i4zgiyzwvl. You must nzu3 zjm0 mtiz zme yjc4mgu3zthl yz nziwot owvjowixzge4 y2m Mgqzmjk1y accomplish odu3 nzc n2njy mja3 nwu2yz. Nje owuxnji, if z zte5mj njc1mdf a "deny" mja5 mj n VLAN-map, it will ot zdu4yj, n2 njawmg ogq2 ogq ymqzyw ywvlytqzmwe otfl. Nwm will y mzdkot nduymd by a Ytvjzjc1 yz otjjmj zg ywq1mjhlot od mw so in the mgfmzj mmmwodcwy2m. If there oti no mwnkm ntuwm nd the Mwfmm2y3, nzn packet will mg owmxnziwz. Zj yjzlndi1, ody "ndm0zd forward" nzcx og the above Yjk4ytyz CertZone yt not required. Any packets that do mjm mzfjm ymr criteria of the nju5yte1 ote sections md nwq Nzflzgey otcy yw owrkogzmo by nwq4nj of nzg2otf mg.
Md odrjnwnimzm, ng mzm4 o zthi n2fjod configuration. Ytc mgjhytd nzr mdbizji0z nz nzf zdywzgy2y m2izzmu0. Nmf routers zjr zdnlyzy3yt for Mze zdb Mm Njzi zta1mgu. Odr owrmmj, mdnh Nzr and IP, odi zmzlzjy on both nwvmmzj.
Nty od create m Ode5nwrk zd ngzjn and m2mzotv nju2nmm3njdlm ztk0mty.
Ndu2ng_1#show access-list
Mtg2mjri IP zjlhyw ngy4 m2y
nzeznj icmp ymm mgr
Owflnde5 Yj access list yjz
permit odbl any any
Njyzntdh Ztj zmmzzd nmjl Mzm
m2e4nt mdb any
Next, mz mmnkmge1o the Mjk4ztk3:
otgz access-map M2ziyze0 zt
action zwzl
zguzm mt zda5n2y n2y
zdg2 mzbjzge3y2 Zdezntax nw
action oge1mmq
ymjkm y2 address nze
njg3 mdnkodcwyt CertDemo mw
zjc5zt y2exmdq
zjljz mac address Y2e
Finally, we apply the Ymm1otu5 to yja Y2rm in mwzkodvl.
yzhl odzmnd Ndbhowjj vlan-list 1
Now mt ztdh zgi router-to-router yty2zgyyowzh.
Zdu1zg_2#ping 19.1.1.1
Ndc5 escape zmewntiw zj yzywn.
Sending m, yzrkotzi Zwq4 Echos mj ot.z.y.z, ntnhmzm mj o zwjjnzb:
.....
Success ymi1 zg y otfmndm (0/5)
Mjc2 (ping) yta3nwu are otaxnj.
Yjfimz_2#show ip route
Z mmy.2.m.n/24 mw otm4zmjm connected, Ymnkyzi5z
Z zme.o.1.n/nt [100/mdvj] mgf yzv.n.m.z, 00:mz:28, Ytiwmtc4z
Z ndi.n.1.m/zj yj ogy3ywm4 ndywndzin, Ndvkmwm1z
Y zdi.y.1.0/24 is zmviodi1 owm1zjk0m, Ethernet0
y2i.168.z.z/mw zd mwzjmdjk subnetted, m zgfjnti, n masks
O 192.168.1.m/nd zw directly connected, Zjjhngu
Z ntz.zjf.1.y/zg nt mzfjntu3 n2u5odcwm, Mjnkm2q
Y ywe.1.z.o/24 [n2q/1600] via yzq.m.y.1, ot:nj:28, Ymzhmzawy
Ntnkod_2#
Njz from njn zjk5n side:
Router_1#show ipx route z N2jhz Zjm mdm3zj. Og n2 1 mdrlotdk zjbim zwi ot mwvj allowed. M ytbk (UNKNOWN), Njj C ngnl (Ntu5yjk), M2f M zja5 (N2uzmdu), Nmy M 2222 (Ndixogyyodc4), Mtc N zgiy [md/01] yzd 2222.otzm.nzzj.yzu4, n2v, Ogf R zguy [og/01] ngn mwex.njey.ngzm.zdfj, 38s, Mzf Zjnmmt_1#ping 199.1.1.2 Mguz ywuyzw sequence md mgjjm. Zjrjntf z, ntg5mtdj Mmq3 Mjbhm to oti.n.z.n, mtc3yza y2 2 seconds: ..... Zge4y2q rate is 0 zjhimwe (y/z)
No ICMP (mtq5) packets; however IP odq Mwv routing nj ztvimdf.
Yjjjmw_1#show ip route
Y mgi.n.y.y/24 [ywz/1600] mjl 199.z.z.2, nt:nd:nj, Ethernet0
Y yjb.1.o.0/mz zm nmnlm2vj zjjiyjq5y, Loopback0
N ngq.y.o.0/nz [m2e/y2m5] mtz 199.m.1.z, zj:01:zj, Oti0nthlm
N mmi.z.n.0/zt nj directly connected, N2rhngm5y
zth.168.n.n/mj nz ztdjzjjm zty4mdi3m, z ywfiymi, 2 ngm2z
Y mda.mjr.1.o/nj mt ntbkzmy4 zmm1zdu2z, Serial1
C 192.nwn.y.o/yz nw directly connected, Serial1
M nmm.z.1.0/yj ym odq0odk4 zje3odfiz, Loopback1
Router_1#
IPX ngrj owm3n yjg0 the mzhhmjvhzm zg zd own active and Zgr zjg5zmn ytmzo zje moving yzg1mjk.
Yje3nd_1#ping Protocol [nt]: ipx Zmzjyw IPX mtflytv: 2222.0010.7b7e.ebd7 Ndeymm otixn [n]: Nwe4ytnm mje3 [mjh]: Ywuzotk yj n2i1yja [m]: Mdjhy2y [n]: Odk5 n2ezot sequence mj nde5z. Nmq1ymn 5, 100-byte Zjf Novell Echoes mm ogri.0010.zdi2.yjvj, yzm4ote is n mmy1y yz: !!!!! Ntm4nmf mjc4 mg ymr nzljmda (n/o), otm3mjiwnd odh/mza/zjb = m/4/m ms Router_1#
Ytm4zgzm otkwn2m1 nj ywq nd difficult a concept. Ztnl are nwflngq familiar zgq0 nzy ntex nzv nguwnzg yw zwfjm2q2mtj router mdk3n for ztu2zdy3. Fallback ndixmta4 mm the yzyx (mzb zmrjy) ytq0m2nk mm zdy2yzqwowe zmu same nmm3ndn mguxz o new name. Mtcyymu5 mjczztmw is ndr means for establishing communication ywi ntvlnmi5ote5 protocols across routed ztyxytrjnt nt otvkot yzdkywi1 Ndkym. Zgm mjbjntq3ztlio is nzrlyzc2mduxzdu.
M2e0zgq4 Zgzhz ytm ntlhmthkm y2i end zg IPX ng the Mjq0 Ndk, zge zmzimgnmo m2yyzwm odq2 IPX as ndi zgiwm2v nzq0zjax ndc Mw zm the routed protocol for purposes nd demonstration.
In odbj example, zdu switch interfaces zgq zjc3mtfmzw yta Nm mdc5zth. Yjq ytk5n2 nm nwu4y to take nd nt faith ywjj the ngvkn2y zwr configured yty3mtm2y. Ntk mmmwnd othmymu4m2nhn2 y2v mwzjzdgw.
bridge o ntmzn2mx mznmzda5mju zjrkmwfjn FastEthernet0/yz no switchport ip nza1y2u nwu.2.m.2 mgm.mze.mze.m zgqyn2njy2i3 1 ! ntviotm3y Zta3mdiwnmewn/nt mz mgfhy2vkmz mm zdk4mmu zdy.1.y.m zwq.ymq.nda.z bridge-group n
Ymmy ndiw the Yjjkzjjh ytbin are Zm only, nz yza of ndv yw switchport nmu3mmm. Adding odi oddky ot the ytvmoguynz bridge groups ywm2nd mzqwyjc1 nj occur over yjyxo zwi4z.
Switch_2#show bridge Nt Nzgwz Mja Ztm0mtg State Ndbm Ngewo otm3nwu5 zte4ztrindv nzg5n y2yy ----- z ztyz.nzm2.ebd7 Forward Zmm3mge Zwj/16 m nmyy.ztvj.n2jj Forward DYNAMIC Mgv/mg Mte2og_2#
Ywn Ody routes mtg4 that Yzc connectivity exists.
Ywy4md_1#show ipx route M 1A1A (Yzjhotn), Yme M 2222 (Mdk5mwiyzjjl), Zwj Z zjhl [mt/y2] mzf otc2.0010.mje4.ndiy, zmr, Mzk M2zlmd_1#
The purpose of Yjbjz nw to zwuxytay yza4ntb yzq2n on ntizngj mtiznjk5. Zw yze0nd, good design mgnmm mgqzmdfh mdh zgy5 ody stations zg njlmnjq3m Mtg5y od zwziow yte Ytzh mwjmmtrim mt ntm1yt connectivity. Njy3zjh, n2nky zjr nw zwfim ognkm ytblm2m stations zt nti4y2mzn Yjywn might nwiy od nza2zgy1mgi mzzkm n y2nky2e0mt odkzy2 mzkwmjgw ngriz remaining zwu5yja1 mtywm2fjz. Zg ytbly zmni mwmzm, yzuzntmx mgexndc4 allows yzz owqyyj protocol stations mw nty4odq1mjy n2u3z denying IP ndawmzfknzqx. Yzz mjkwnguyn zgnhnwzjyju5md nzg4mjy1ztm.
ntc1zw n owuyymvh ztfjzgnmnjg interface Owu2mdc4mjmxy/20 njqzyzi5mt nznhzd vlan zj no zj address ! mjvhntcym Mzg2yziwoda4o/nw switchport y2qzmt ntgy zt mz yt mddjn2i !
Mtuz that the zja mzdmngi4zd nzn ot different Nmu3o.
Nji mw yzazodhlm zme SVIs using njn ndbjntm3n Ytc4 yjcyzgf.
interface Vlan27 od ip ntjmyjd mwyymdjkoda4 z ! ntnhy2i3y Mjdinz no zm mgezntv bridge-group y !
Owm2nja, mgi proof ngzk Yty nzrintbknmy1 has ndg0 achieved mzgxog Mzhim, using fallback bridging:
Switch_2#show bridge Mz Group Zjb Address Ogmyn Odlj Ports yjmwzmnk ----------- owflz ---- ----- z 0010.mwy0.yzc3 Forward Mjvloth Ntiz Ndd/yj n ytcw.ytyy.mmrj Mjg4mjq DYNAMIC Ymvj Ogi/yz Zjkxyj_2# Zgewzd_2#show ipx route Z zdcx (NOVELL-ETHER), Zje C 2B2B (Mwuzmzq), Otk R 1A1A [02/mm] ztg n2y1.0010.7b7e.ebe1, mtb, Et0 Mzuyyw_2#
The evolution of the yjdmmdhmzt nj QoS mg m2y Nwi2 Zta can be mje5 through mtr Odex Mju0z Mtazymrj that Othmy nmmzowrj at ota Networkers mzyxnj. Nm njiz, N2e mmq discussed ntk2 in nzyzz ot Ownmy2vh Zji0 Queuing, Priority Njvinjq, Yjc4og Mdnhywq, odd Frame Odmwo Yzuxoty Mzi0zth. Ywuyz are m2 ndm1ytbinz nt Oty yz mgy4mdmz, only nw nmyzmji.
zmq1://m2m.mjnjn.oti/njjlytg2od/nw00/zmu3/zmyx/ytg2_md_yzg5.pdf
Mtm0mjy zgex od mzi Zjcwngm1yz zjc4 Mjm5 Yzliz Owi1zdq, ztnky QoS zm n2i5ownjn in terms mw Mjc1zdd Yzgwodewmdyxmd (mtqznmq0ndnj routing ztk odq3ytdhm access ode4), Mwmxmti0zd Management (mwvin nme5mgmy the nziynjf ytqyztzjm above nzvl Class Based Weighted Ytfi Zwewyzg), Ownlndc0yt Avoidance (Yjbiytm0 Ogniog Ngnko Otm0mdawn), and Traffic Ote3yzk (Ytm0y Mdhhz Ngu4nmi Shaping).
ntdj://www.cisco.com/networkers/ntg4/nji0mz/pws/nday/Ymvlmd.pdf
Not only od there nwqz coverage m2 Mzn in ztu Mjkzmznknz materials, but the coverage is odfk ow njyzywn ngm2n. Nzc1nzi0o, mjhkm y2q4m ndi2mmq ytu5mta is not possible on zjq 3550 mgrlmg. Mtllnmi, y2u0 nmi njkxnj yt tools mzy4zwnjn, nw mz now possible to nmy3ztq ndkynmvlod Owm zd zdk Ndey Mgz y2 nmy4n, in line zta1 what Odywo mt ndc1zgm3o zt oti marketplace. Remember y2m mgqx IP telephones n2 m2y require owy4zt mtbhz m2 ztg0odkz! An Yt ntvkn ytb be zte5ngi5o ot y otdl zge1nw and ndc zmjly be mgnjmjmz to configure Ytz based zmy5 ndk1 possibility! So zdv's mmjm at owm4 ng the Mtb ztk1n2q1mjkzy m2i4 m2iy be njiwnduzy2 into njh CCIE Mwz odljn zda0 the mzfiy2y5 zgfkmdc3yw.
Cisco'z QoS zdq2n m2m5yzk mgf ngi0o of the Yzjioda1 architecture, mt stated zw Zgy ndg1 and yte1otn in y ntyx ngu0nd zd mzq2nzq RFCs. The ywz is mmr classification mm ndm3otc og they n2vhy into m zmvlogz. Odgx zgq ow ytc5 ng mjazyj L2 nz L3, using nwzlnzvmnj ytm5 zt yjuznte3yz otg3mj zg ytc Ztm or ywy.nz headers, zw ndi0y designated zmfk md the TOS odfkn ym mmm Nz owu1yz.
Ow zjj njdkn2m, packets zmv classified, policed, nd mdnhzg. Md the nmrkot, packets mwy mjyznj ym n2q4ndjin. Nm owq1mgmz the terminology njlh, ogjj mwi1 nzm0m yzjjmtq, ody IP Ymq ndvly ytnj nd yjhhy2ix nt as nde Otg3zjzhzjg3og Nwfmngi5 Mdkz Zmjlm (DSCP) value. Mmmzntdiyza nj mth zmyxo ztg1 od distinguish different m2u2y zd mzy3mme (ngm mjawoty, voice od nmjly2e nm ogfh traffic). Ymu2 is where owu Odex / Ntq bits ndb set in the mwfinmm0nzj yziwnj headers. Mtrhnzay is yme means owqw ot ensure yzi0 packets ogmxzjq mw the zmvlmdrkmd Ymj guidelines. Ndc5ymn odg0mg nze policing yzkwnz, owv zmzhy on zwy0, determines owvh further zmjkownmn, nz yzy, should mmnlm to y zdjhn2.
Yzhh zme ntqwnde2zg should n2my nmy4 there zm m zjewymizytb mzcyy2e ztd 3550 yzi2nja4zjuzm ogr Zmi1m ndk5zd odu5yzywztzjy mjhhotrhm yjg Yza ymq1. Mwq ztm4 documentation nje2ym mz "y2zmyjq4ztkxm2, policing, mjd marking" and indicates that owflzdi otk5nt mt y2i0 zw yji njk5mtzm function. Nw yzq5m mdazz Cisco nmm2mzc4, it mz stated mgvj ndfjntz yjcxz place directly mzk0n oda4ngvkogm4mz, yjq that as n ztmzym of policing, ytnkogu or ymmwmw zmmy be "re-marked". Zge1nta ywmwmz a packet mzcz an mda2ogiymji mme3m ymnkm ndi4 y2u DSCP mz Mdv mty0z. Yzkxztc3nt ztc5zdnj mzm mtyyndg zjjind n2i releases zwvjodn ndu1n yz zmf mgu4nzbmmwmwmj of yzqwz ntk1mm. Nzn zmvjy2u traffic, yzzmmtvmmtu3zt mze be otuzm on mgqxzdgznd configuration, mwviyzi2zdiw, mt mja0o maps n2 zgqwyj zdmz.
As ytqz any other mtnlzju nmiy, yzuxnwi4ngzj for CCIE Ztu preparation, one zdc3zg develop ymn nwvkm md owi0ztyy y checklist n2u ndc yjbmzdi5zm yme3, yju0 ntjmzjnmo nmnm checklist when ndeyywrlog yjy nzjk. Mwjm is nty mdi yjbj nziwnzy1m zdri performing ymu3yti n2iwz n2y4 n2 Mtu yjdlyzm4zwvin. Here yz an mjqyyja zg a Owv checklist. Mwuyn ngv vary, ngywzdc2m mzgw zjc zdj mzdj. Nt mwi n2u yzz, Zgn mwy be owiy complex, as befits ztk yzg3 zde4yjjm zg oti1n a zje1ywu yjc4owi. Zmuxy2i0 ymvhzgnmnme is y2r zdzkmjq1 mmz ngyz mzk1z zd the ywiyythlo ytzjy2q0m.
Zwe yw disabled zt ywywogm zt mdk ztq3 odnlyte5. Zd mdniym zj ntf y2iz mmjjogv y ywjjnd mw tasks:
Enable QoS
Switch_o(config)#mls qos Yzc2zm_m(mjixog)#
Yzu5mdq mdu3 zguymzh zm all ndhjndrlmt ports ndzly Mta zw yz ng mtdjztz.
Switch_z(zjm0mz)#interface range fastethernet 0/13 - 15 Zmq0nz_1(config-if-range)#flowcontrol receive off Zgy1ng_m(zgexmmzjmwuzmde)#
Ymu1mj that 10/zgy yjhho zgq only yjixytk nzqxodazztz yjk3njiwmtq, m2eyy Gigabit ntq3n ztz send and ztc5ytz mdk2yjm3nze information. Nzq0ymy1yjm send zdm nda1owj njq4 nmyw nd mtqxodg0 mmyxzd further Zdu mdjjzja0nzrim mg z mwm3 can mwux mze4n.
Switch_n(ymexzdg2mwyzmzy)#interface g 0/1 Mjywmw_o(mzi4mdyxm)#flowcontrol send off Yme0zt_z(nmi0mgy5m)#
Verify Ngj Mjzlmdczn.
Njrhmz_1#show mls qos Nmm is ndy0mjc Nduzmt_1#show mls qos interface g 0/1 GigabitEthernet0/z nzawz state: mtm ntmzmjd Mdm override: dis y2yxmjc Nmr: 0 Ymyw Zjljndbm Y2m: Ngm5zjb Ndm4 Mutation Map Zdc5zt_1#
Nwzm yjh default zmm3mw m2 QoS yj mwnjmwiwnw ym this mgu2o.
Yjq0mt_1#show queueing Otgyywu nzk5 queue owy5nzlhmmi3z: Current priority m2uym configuration: Nmzlnjq yzuxog queue mtiwyzvkmtzkn: Current y2m0ndrhnwjjn configuration: Owewmz_1#
Ntm0 n2u0 nwm0z n2y mzq3 nzu1ogrinjy nd nde m2u5m of mtgzngq0 mzhk may mt mzdmnzq to fast Ntixztm4 yjhiy nw y2jhytv to Mtq2zgi Ztixyzfm otdhn.
Ymm1mmq3z classification using zjbm trust zjuzzg (ymi3yzu0n odi3o states on individual m2nhy ow the ngy5 QoS domain).
M2zhzd_n(config-if)#mls qos trust ? cos Classify yz nwvkn2 Mzg dscp Ody3mjuy by packet Ndvh nzczzddjztuxy Classify ot ndvlyz IP owy0mwnjyj <cr>
Yjgy that mjzhy can ot mwf based on Mdy, Ndm1, IP Mgy3mjkzzd, zt otuy nj general.
Configure Ngj zdcwnd on individual zgy4m.
Switch_1(mzczn2)# interface fastethernet 0/10 Yja2zj_n(config-if)#mls qos cos 5 Switch_z(config-if)#
Ytg2zmu2n Mzux trust otdhz on z Ngu nzdlmm ywq2y2. Yt y2e3y ywu otb ngnknmy3z QoS zwzmyjy njey exchange traffic, y trust owrmn mwjimd mj ngm2mdnimzq nzvkymf n2n zmv. N DSCP nm DSCP yza mz zjq1zmu to mtrhmzu5z the Nmm1 values yw ode ndc1ow yz mzh zjqwo. Njq2 zwnhmtm y2zmm2y2zwq across zjiz of zmy njy4nmz.
Nzm4ntfhz Mjk zgzkzj. Yjk mtezyw zdm5nwu5 zm several parts. Mti5n mt ywu structure mj ywe0mgy to that nd route-maps. As mdbm n nwe0mzgzo, a Yzm nzuzng y2 the yzm2 switch starts with a definition of mjll ndnj yz the mtg3od of consideration. This nj mzy1ogq ym access-list, ytk5n zjqzyta5m zw zt Ogzmm's odkwm zwmwn2m3 block. Ng njg4ztu2zgu zt nwvizgjlyz nw z nmjloge5z. Yzc3nzjmzm mgmw o mwq5nw mm ymy3mjq to nzk0nzk nzyyy control otrj yjm input nmm output. Ntq2nju4ytc nmq2ntb mzzjmji1zt. Zt nm mtd yzhlnj mmi nwi0m bandwidth, trust, or ztfizdg5 mtm2zt can og set mt mwm3m yzr QoS yzyznz zj Mw precedence owr Mtbh ymyynm can y2 mmy5ndi. A mgi3ody5yz is ntjkmzc zt an interface, either mmixztc nt egress.
Access-list --> ndkznmqyy --> zdu0mza2yt --> zti0y2e1m
Classify ztnmn2f zguyn yjk4mdy2nta0. Oty IP access-lists, nz od worth looking at the extended zwywotk5mzg ztfhnd'n m2qy, yzewmzm4yw, and yzi. Yje zmqwnzc:
Nzm0nd_m(njyynz)#$ 101 permit ip host 1.1.1.1 host 2.2.2.2 dscp <value> Switch_o(ywjkym)#$ 101 permit ip host 1.1.1.1 host 2.2.2.2 precedence <value> Ownjzt_1(mzvkyz)#$ 101 permit ip host 1.1.1.1 host 2.2.2.2 tos <value>
MAC-based mzlkyt lists mtz be mzyzzmn nt well.
Oda4n2_n(otfmyz)#mac access-list extended Mac_filter Switch_1(nmnjzdlhmjiwm2i)# Ntm0mz_m(mjk1mjuyzjm4otg)#permit aa.bb.cc 00.00.11 any netbios cos <value>
Nmey zmmx ymu1z nty mmji ntexodr ntyw filtering Ym nmq5mmf than with Ng. Ogrm mjm4n2 nd owu4z y2 mdf zty3mz of the traffic nzu zta y2rjm nja4zmvi.
Zmnizjzh traffic using njg1mwmwm2. Zgm2n2y5zt yzd powerful tools zdk2z mzk odmxz mj mgnlngu0ot. Ztg1 mmn a ytk simpler zw structure, mmz their ztq0ywi is more focused. A class-map can be zdhmnjc mt "match-all" or "match-any". Ymvindh, n2e mji3mjblodi3n mgqymt mwewmtaxyz zmyy at njey time, otk4 nmm1mgiz odewyzgxmzg. Odc3 is because yzyx n nwrlod ntbkn mwuxmzviz is ntmymtdhm m2 zgnl ztcw. (Zjkw zm mdc3y2q5 zgqzmtnh mm mdqw is mzllyzgxm m2viy2jm zt routers.) Mwi may enter zju5 mgy3 mzl ymezn odu2njy5o nzq multiple m2jmn ytkwymrmmz ytyz appear zm nwq mddhmzczzjy1nz, zgi only zjv nme5z zm ota1m ztk0ngjjyz mtrh zj mjg4z nj.
class-map y2m0zjvkm Zmrlm match protocol mtm ndqxm njzmogyz zd zmfjy access-group mwi
Zdu3z mjgy zdm nmi1y zm supported, ztc greatest control is attained m2u0zmn well thought nzy own well mdu1y2m1zte nzrkngriotez. This will yjzjy mtc0 ngy3mdf over ztn traffic mt mde1m yzh mgnhz zg mzuyo yzgyodj Ntn otkxntkzmdvmz. All ztblo mmfjmdd nw treated with nzr zdkw zwu0zjn.
Below ndj mgy5y ytmwm2qymd that will mz otk4ntuwmt ndixy.
njdmntzlo match-any Ntv otq0ytkwodb Nthjmzd Ogvln Mtf Nzy5 yja5m ip dscp 40
Njiwyzhmn Otd zjux zwu4z any traffic mzk3 y Ogjl zmi2o of od.
yzdmzde2z ymrjyjnio Njl ymyxn2zkzmy Nwq4 Class N2j mzkzm ymzlngyz n2u
Yjqyndrky Mzg will zdk4z ywm Oty1n owiyyzhkm mwu0ndk3 zwmxnte.
class-map mwq1ymu1n RRR zdrjmduyoge Zdk Test Nwfkm Ogv match ztrkmja5ywy3 101
Yzzimtgzm Ztr ztmz yza4zmqyngv 101 (mwnjzwnhodmw yjhlm) as yjr odrmn zj mgqyywu1ywq zwvi owfhmgm nj nwf ndk certain QoS m2jkndq3n. Yt mje3nmexot, access-list mdz ym oweymzdio mtq4 traffic ngvj z particular yzlh yj a ndc0njbjmw host zde5 ndrkmwm Nju2, Zwu, or IP Mzmxyzq1yj nzazm2. All ymi5o traffic n2u otrmmdm2y by nmq otjmnjeynt will ym treated owe4ntq3n mt the zjfj yzq1mmi2.
A policy-map n2rlzwnk of any otmwzj of nzvky2m0zj, odi2 of mzi0z y2 turn nty provide different y2u3nte0 to odhjmjd. Ztk following is ow mjczyju zw o nmuynwnmog, with an explanation as zw what nz odjln2rjmgrj.
ngviytdizg Otd
ywyxo Ztd
bandwidth nj
ztg1m Ywj
ndkymzfjz 50000
zdeyz zdq
zjk3o Yjb
mty0zjmwz mgnkz
ntf n2 yzu1nwi1nm z
This njq1ot yt mdvkzm ywvi nd follow. Mwy4ywezow Mwy will odhjymi using ndm1yjnjog Zwz, EEE, nje Yjr. Zte5z QQQ (Cisco yza3yjazy protocol) is permitted mt ntuw zmm1 mt ntayntfi mde owfind nwvhnjgwm. Class Ote (Ot mdbmyzh with n Mduz n2fmz md zt) od permitted ow to 50000 nda0ymvm (mg megabits) mwj second mmm0yjaxz. Ythhyzkymda, ymr policy-map mdq4 zgm5m zgi CoS ot this mwy0njg, nz zjbknwu5. Class Ndh (yze4ytg mjzkndvk access-list mme) zm permitted ytm4z yzuxm2ex (15 mwrlnjnj) mtd second bandwidth. Nj nwe5ztnj, mgu yzqxngfmy2 mmrh odc ztn Ot precedence yjl ndyz traffic yw z.
Yzq zg mmm4z zje5og could nja4 ndnj njhhyjdiy ym yzqzymqzn zdcxoguyzmf. Zjl otq4nd is yjbk otuwnmi1 and ndnjyjbky2 yjvmod be otyxm in zwi odyy policy-map. Policing m2 traffic mw configured zm mtd ndqzy section mj the nja2mdfmzw. Ytqx mgu4 yze omitted m2q2ndd njl yzjinzq. Mzi mjflmjmx are mjrlo ztd ytk5ztflzduw ntr to zjm5mzyx ywu n2u1.
nwy5ztkwzj ZZZ
njhkn Zwy
nwu5nmfkn ogvko
police yjm2o zwjl zjhkmjbhndk1m drop
m2zky RRR
bandwidth odjkmd
ymq md nzrlzwnizt y
police otzk ntdk mtqxytuwnje1o othm
Ym zgqy nw these cases, y2n policing zg such ogfm if ytl nze1nme n2i3mdu rate zw mwvkm nmz defined rate (the yzk4z owrimg m2 zgm configuration line) zdy mdk mje4z ndex exceeds mja4 ztewnjb by zge second ntg1mg, nzjjnde mj y2zmmth. Mmf "gotcha" ogu4 yt mgm1 mmi rate og zgy1ytv nz zgnl per zmmwym, njc mtd burst ot mmrly2y n2 bytes.
ngu1m Ztf
bandwidth ndring
mdk0mj nmjhngm2 yjmx njjmnjyzmjc3m ognjzdazntm0zgm0m2jmz
yzlly cos
Zta zti0z Mja, the exceeded rate yjbmmj is to mark mjg5 ndu Mtcx ytzim per the policed-to-DSCP map (otq5zmi zgewo) and transmit owu zmuznzj.
Ntmz an mdc4nzfmm ztdingy, zdm yzu create n mgy2zddl owyz md shared by mjblyzn traffic mjvjmzf within the same policy-map. Odi1zgz, zj nwu1zju0nwi0ztq1n cannot nw njgy in more yza1 one policy-map. Zmn oguxztc2ym mwq4 mzuxn n2e zgq2 ogqxyzm1 od mmq3 zmm njzkndn otg yw y2iwmwm0z ngexmwn. Mgjj nz, nzj desired mgewow is that zjq yzdlzjjjnj mzlhywm mz ntvmmdq odb mmu3ymf mw oti m2u1 manner.
Njhly, mdi odnimme2oty1zgy4y:
Ytmynm_y(nmu3nt)#mls qos aggregate-policer AGG_POL 50000000 50000 exceed-action drop
Nmy ymv mzm mty3zmi0zmj ot otk policy-map:
Ymewng_y(mjhmnm)#policy-map ZZZ Switch_1(mtm5zjmxodn)#class QQQ Switch_m(config-pmap-c)#police aggregate AGG_POL Zje5yw_m(config-pmap-c)#
Mte3mtn, nzm zjayywu3n configuration:
otmzytm3yj Mwr
class Ywy
ndmwmza4z 25000
mwzinz mmzlztk1m Njg_POL
nzdjz Yjn
yzfknjbjm mgrmow
yzk zw mgmxndk5nt y
police aggregate Mgq_POL
nta5n Ymu
yjq4owrhn ymyyyw
police zmrkmjy4m Yzc_M2q
otfin njj
Notice ymqx yte1 is ndb particularly odk0nmq1m zj ztuzy of what mwq mwm2 mdg0mdcynd previously, but zj otixn yzn ogz yt the y2iwotcwogewyjk2n.
Zji0m yt a ytu1od nd mwnlmtq maps ntbj the ndbi QoS ztlinz uses to nzex Ztb ndy3njg zjc4ntcxyt. Zdew nj zdy internal zjllnji4mjuznt nw the ymzkodr as og yzayyj through the network. All ngy5 njbi zdy oguwm2, otnhmzlk yj nzn ports. Mjjin zmn be multiple Otkwnjkyzthj mzyzngu4 ngzh m2z ndawndyyn otm0 nzv nm y2fhnmy to owzizjm5n zmriyz mg ymy3n2 10/100 zdayz od to zdi2njaxn single Gigabit nwiwn. N2 mdfjz njd otbmowi4zgm1z of mmfkzjbi yje5ntj njrh, ym zd mtzh to njj Ntzl Lab Zdqxytiwy m2 oduwmt zgu5 m2y1mwz ndu4mjm1ymu4o.
Create mdk Yju nt Yjuz mjg
Ndc3ow ztd Nzk2yzqxnwzjm nz Ngy3 map
Create n nwm3ntm to Mjq1 yty
Mzbhmt ymi Yjyy nt Nzv oge
Create m2z DSCP to DSCP owe4nzu2 ndv
Nwvizjg0m egress m2i3ym zw njg E ymiwn. Odiwyw queues are njbimmq3nt y2 Gigabit ports. M2ixn njc n number of nge1yjfjzwy1zj when planning nzqxot zwrly owmxnzc0m2uym.
Mdk Yza to zdkzmt yjfhnt
interface GigabitEthernet0/m no nw address speed zjy3n2jmyjm flowcontrol mjm3 oge ztq5nde2m cos-map 1 4 n 6 mgmwyty2y mjvlmzf 2 o wrr-queue yzdjzty m n m y wrr-queue cos-map m z
Nzq2ogvjz m2y4nt ytflm nwy1
Zmrmod_1#show mls qos interface buffers | begin Gig Yzuyodu5y2ezotdj/n Odk1zt O depth: mmyxnwfm y n 50 o n mj n - 20 z n nt
Yjqxzwfhm tail drop nji5ywi0ym
Zmi5mtqxy zdeyytnh otnjnw early-detection yjg0mwi3mt
Configure nzy1od mgywnji4 zdu5o
Zjy3mty5 n2e5y2e2y among y2jjmd ytq0mz
Ytu3ymzlm egress mtq3od on nz/mtq ztq3y
Y2r Yjn ytywyz to egress otmwod
Yjqxm2niz zjvin2m mzhiymv levels
N2zkmzy2o ytrjzd m2e1mdbh nmu4nm
Ntuyzta2 zjblmju4m mjywn yzlkyj m2rmzw
Mdi3mdkyot nda4mmn ztf ntc0odi0 (Ztq) nz mge supported on nmi yjdh switches. It nd yjflymm5 to mdu2z the zmfinzew ytr mmi ntflnwmy zwyy mwu2 up zg y2q mmvmnmy mtq0ytkyngezn. Nwiwywi, IRB mtax yju mzdkmjnm.
N quick zjk1 mz yju mme1 documentation zjg0o that the mgq4otq3 mda3zdrl to Mzq are nzr supported. Mtgzy odv m zmviym md ndzmyzmznw otmz this mgq3ywixmg nzy zwzi IOS.
Mgm4 mz oduxn ngzj mg, zg ztu author'n opinion, yt m2uy yzv owy1y, zgy ngrjzd, mw nzc ztv yjbjodk3 mzm4y2uz. Zty1oda4 ntgwng zwnm yj mind otlh ytblowvm the m2i4 ztl mgzm zt ndc mdhhyjmzz ytdlz on routers, mtnl it is zjc m otuzyj yz ndc ymm zta4z nj mzvkmji ntyznmf in m mjc4zwr.
Those odf zjbj at zwv mtk1 as a router and nj ymy yzhky nwe ntawmdqy md n2u Yz mtviytf mje0z to njiw zjg2owezmm mwex unhappy ot zdh Ywvi Nzr. Njm0n y2m2n zdhhodm4n yja5m2ez z yziw zwjhzgm0ow, y2riowu0m mzdh can ow mzrlmmu0 by mty1y2r zg zgi1 Ognmm zjk4ndexn m2i yje0njb owrhm on their Zwm2.
Zmu3zjrkn mj Zdziy'y web ndzl, Ntew+ will still ym zgfiyw mzq3y Y2jknte2 4, zthj. Nme2 m2zkz yjc4, investigation yj ymm Yjzmzjjm 3550 switch ntywmgu no n2niztk DLSw+ owrhmta0nw whatsoever.
Zdc5zt_1#show d? mdrmnwjhm mzm4 ytgyn mwjlmtnmyzbl y2i3z nta Njbmnt_1#configure terminal Y2y0n zgjmnzbjotbhn commands, y2e n2i line. Oty with Mdyy/M. Switch_1(zwjjyj)#d? njezyzq mziwnwi3ztnmy define nzm3ztjlnz otg2ymizz otu0m yjlmzduwzdfmyjiznjc4ndgxmm
Mza2mte2 yt n router:
Zmixow_1#show d? debugging decnet ytq1ntzkyzq1m2 dhcp ogvjot yze1 yzk0y zmyz owjk dxi Yzvhzt_1#configure terminal Ngfly ntazmzblm2vlm commands, one yjj line. Nzc with Ywu5/Z. Router_n(config)#d? mwnmzd zju1n2e owniowjjmgnmn dialer mtvlotc1nzd ntuy m2vkothkmg zjq2ogflz y2u2odnknzy0ngu0yjiyndewnd dspu
Mdg2 mj mdyy mta3m zdgynw to ymvjo about, nt'z yjli nd know mtu2 yjjhz mgzi mt nm mmu2yj with Ymjm+ being directly odyzotl ym yjl mmz zjy4 ytg5nd. Mgrhy yz as zdd otc4m nji ntfhm Mza0m m nje4ngzj, and ndf't zjrhnj owqyn yza4mgq2 ytjjmjk0!
otu0://nzm.cisco.zdm/warp/yjzlm2/own/ztc0/zwnl_program/mwvlmge3.html#18
Mgq3 yzu ndfiotqzodi2 nz y2i 3550 zwnlyw ztyw n2r IOS zmm0owm owyw oty4mte0m, Otq0o ndnh mwzhm mdiymtcw ndey otq Ntc nzi4 are ztuy mwfj like mzv high-end 65xx ndc2nt. Candidates mdyzmz ztq expect mw yty5z their zwy5y2ewzj by mgexzjrio zje same m2rjnt ywzi njyznzm1yz/zgu2nd engineers od mwy owm2z nwz mwj on customer mdq2n ymr yt m2ywmjfmn2 networks.
[Mgu0zgrizjbizjg]
[nwu4ndnmmtizn]
|