CCIE RS Written v2011 Part 01 Layer 2 Technologies 1 00

www.INE.
com
CCIE Routing & Switching

Written Bootcamp
Layer 2 Technologies
www.INE.com
Core Ethernet Switching Components

• VLANs
• Trunking
• VTP
• STP
Copyright © www.INE.com
1
www.INE.com
VLANs
• Virtual Local Area Network
– Used to separate ports into different broadcast domains
– Hosts in the same VLAN share the same broadcast domain
– Switches create a separate CAM table per VLAN
– Traffic inside the VLAN is layer 2 switched
– Traffic to outside or between VLANs must be layer 3 routed
• Can span multiple physical switches
– “VLAN Trunks” or simply “Trunks” carry traffic for multiple
VLANs between switches on uplinks
VLAN Numbering
• VLAN membership defined by number
• 12-bit field (0-4095)
– 0 & 4095 reserved per 802.1Q standard
• Normal VLANs 1-1005
– 1 – Default Ethernet VLAN
– 1002/1004 – Default FDDI VLANs
– 1003/1005 – Default Token Ring VLANs
• Extended VLANs 1006-4094
2
www.INE.com
VLAN Trunks
• Trunk links are used to transport traffic for multiple
VLANs between devices
• Traffic sent over a trunk link receives special
trunking encapsulation
– Normal Ethernet header does not have a field for VLAN
number
– ISL or 802.1Q headers are added to include this
information
Trunking Encapsulations
• Both ISL and 802.1Q accomplish the same goal of encoding VLAN
number in frame header to separate traffic
• The key differences are…
– ISL
• Cisco proprietary
• 30-byte encapsulation for all frames
– 26-byte header
– 4-byte trailer (FCS)
• Does not modify original frame
– 802.1Q
• IEEE standard
• 4-byte tag except for “native” VLAN
• Modifies original frame
– See Inter-Switch Link and IEEE 802.1Q Frame Format for more info
3
www.INE.com
Catalyst IOS Switchport Modes

• Access
• Trunk
• Dynamic
– Desirable
– Auto
• Tunnel
Dynamic Switchports
• Dynamic switchports automatically choose whether to
run in access or trunking mode
• Runs Dynamic Trunking Protocol (DTP) to negotiate, in
order…
– ISL trunk
– 802.1Q trunk
– Access port
• Configured as switchport mode dynamic
[auto|desirable]
• Disabled with switchport nonegotiate or
switchport mode access
4
www.INE.com
VLAN Administration
• In order for devices to be in the same
broadcast domain, VLAN numbers must be
consistent and inter-switch links must run
trunking
• As layer 2 network size grows, managing
VLAN numbers and trunk allowed lists
involves large administrative overhead
• VTP solves this administration problem
VTP Overview
• VLAN Trunk Protocol
• Cisco proprietary
• Used to dynamically…
– Advertise addition, removal, modification of VLAN properties
• Number, name, etc.
– Negotiate trunking allowed lists
• “VTP Pruning”
• Does not affect actual VLAN assignments
– Still manually needed with switchport access vlan
[vlan]
5
www.INE.com
How VTP Works

• VTP Domain
– To exchange information, switches must belong to the same
domain
• VTP Mode
– Controls who can advertise new/modified information
– Modes are…
• Server
• Client
• Transparent
• VTP Revision Number
– Sequence number to ensure consistent databases
– Higher revision indicates newer database
VTP Domains
• VTP domain name controls which devices can
exchange VTP advertisements
• VTP domain does not define broadcast domain
– Switches in different VTP domains that share same VLAN
numbers hosts’ are still in the same broadcast domain
• Configured as vtp domain [name]
• Defaults to null value
– Switch inherits VTP domain name of first advertisement it
hears
6
www.INE.com
VTP Server Mode

• Default mode
• Allows addition, deletion, and modification of
VLAN information
• Changes on server overwrite the rest of the
domain
• Configured as vtp mode server
VTP Client Mode

• Cannot add, remove, or modify VLAN
information
• Listens for advertisements originated by a
server, installs them, and passes them on
• Configured as vtp mode client
7
www.INE.com
VTP Transparent Mode

• Keeps a separate VTP database from the rest of
the domain
• Does not originate advertisements
• “Transparently” passes received advertisements
through without installing them
• Needed for some applications like Private VLANs
• Configured as vtp mode transparent
VTP Security
• VTP susceptible to attacks or
misconfiguration where VLANs are deleted
– Access ports in a VLAN that does not exist cannot
forward traffic
• MD5 authentication prevents against attack
– vtp password [password]
• Does not prevent against misconfiguration
– VTP transparent mode recommendation
8
www.INE.com
VTP Pruning
• Broadcasts and unknown unicast/multicast frame
are flooded everywhere in the broadcast domain
– Includes trunk links
• Editing allowed list limits this flooding, but large
administrative overhead
• VTP pruning automates this procedure
– Switches advertise what VLANs they need
– All other VLANs are pruned (removed) off the trunk link
• Does not work for transparent mode
Spanning-Tree Protocol
• Used to build a loop free layer 2 network
– E.g. prevents broadcast storms
• STP Variations
– 802.1D
• Common Spanning Tree (CST)
– PVST/PVST+
• Cisco’s Per-VLAN Spanning-Tree
– 802.1w
• Rapid Spanning-Tree Protocol (RSTP)
– 802.1s
• Multiple Spanning-Tree Protocol (MST/MSTP)
9
www.INE.com
How 802.1d STP Works

• Elect one Root Bridge
• Elect one Root Port per bridge
• Elect Designated Ports
Root Bridge Election

• Switch with lowest Bridge ID in the network becomes
Root Bridge
• Bridge ID contains…
– Bridge Priority
• 0 - 61440 in increments of 4096
– System ID Extension
• 0 - 4095
– MAC Address
• Once elected, BPDUs flow down from root of the tree
to the leaves
10
www.INE.com
Root Port Election

• RP is upstream facing towards Root Bridge
• Elected based on lowest Root Path Cost
– Cumulative cost of all links to get to the root
• Cost based on inverse bandwidth
– i.e. higher bandwidth, lower cost
• Not linear
• If tie in cost…
– Choose lowest upstream BID
– Choose lowest upstream Port ID
Designated Port Election

• DPs are downstream facing away from Root Bridge
• Like Root Port, elected based on…
– Lowest Root Path Cost
– Lowest BID
– Lowest Port ID
• All other ports go into blocking mode
– Receive BPDUs
– Discard all other traffic
– Cannot send traffic
11
www.INE.com
802.1D Convergence
• CST convergence based on timers set on root bridge
– Hello
– Forward Delay
– Max Age
• TCN BPDUs used to notify root bridge of changes
– Flows up the tree to root, root replies with ACK
– CAM aging time set to Forward Delay to flush MAC
addresses
PVST/PVST+
• Per VLAN STP
– One instance of Legacy STP per VLAN
– Cisco ISL support
• PVST+
– One instance of Legacy STP per VLAN
– Cisco ISL and 802.1Q support
– Provides interoperability between CST and PVST
– Default mode on most Catalyst platforms
– Allows root bridge/port placement per VLAN
12
www.INE.com
Cisco’s STP Enhancements

• PortFast
– Edge ports shouldn’t be subject to Forwarding Delay
or generate TCNs
• UplinkFast
– Direct Root Port failure should reconverge
immediately if Alternate Port available
• BackboneFast
– Indirect failures should start recalculating immediately
Other Cisco STP Features

• BPDU Filter
– Filter BPDUs in and out
• BPDU Guard
– If BPDU is received shut port down
• Root Guard
– If superior BPDU is received shut port down
• Loop Guard & UDLD
– Prevent unidirectional links
13
www.INE.com
802.1w STP
• Rapid Spanning-Tree Protocol
– Rapid convergence based on sync process
– Allows for faster initial convergence
• Simplifies port states
– Discarding, Learning, & Forwarding
• All bridges generate BPDUs
– Send out all every Hello interval
– If three Hellos are missed neighbor is declared down and CAM
is immediately flushed
– Allows for faster reconvergence
• Runs backwards compatibility with 802.1D
802.1s STP
• Multiple Spanning-Tree Protocol
– User defined instances are separate from VLANs
– PVST+ uses one instance per VLAN
• Uses 802.1w for rapid convergence
• Highly scalable
– Switches with same instances, configuration revision
number, and name form a “region”
– Different regions see each other as virtual bridges
14
www.INE.com
EtherChannel
• Used to aggregate bandwidth of physical links
– Same logic as PPP Multilink
• Consists of two parts
– Port-Channel interface
• Logical interface representing the link bundle
– Members interfaces
• Physical links part of a link bundle
• Channel can be any type of interface
– i.e. layer 2 access, trunk, tunnel, or layer 3 routed
EtherChannel Negotiation
• channel-group [number] mode [mode]
• Mode determines how negotiation occurs
– On
• No negotiation
– Desirable & Auto
• Initiate or listen for PAgP
– Active & Passive
• Initiate or listen for LACP
• PAgP vs. LACP
– Like ISL vs. 802.1q
15
www.INE.com
EtherChannel Mode Compatibility

• On – On
• Desirable – Desirable
• Desirable – Auto
• Active – Active
• Active – Passive
EtherChannel Load balancing

• Load balancing between member interface
based on…
– Source MAC address
– Destination MAC address
– Source IP Address
– Destination IP Address
– Combinations of the four
• Modified with…
– port-channel load-balance
16
www.INE.com
Frame Relay Overview

• Non-Broadcast Multi Access (NBMA)
– Address resolution issues implied
• Data Link Connection Identifier (DLCI)
– Layer 2 addressing
– DLCI number only locally significant
• Local Management Interface (LMI)
– DTE / DCE (router / switch) communication
– Reports virtual circuit (VC) status
Frame Relay LMI

• Enabled automatically with Frame Relay
– encapsulation frame-relay
• LMI Types
– Automatically detected
– frame-relay lmi-type [cisco | ansi |
q933a]
– show frame-relay lmi
17
www.INE.com
Frame Relay LMI

• LMI Advertises VC Status
– show frame-relay pvc
• Status can be…
– Active
– Inactive
– Deleted
– Static
Full Mesh
• Topology where all devices have a direct
layer 2 circuit to each other
• More closely emulates a LAN
• More expensive to provision
18
www.INE.com
Partial Mesh NBMA

• Topology where not all devices have layer 2 circuits to all other
devices
– I.E. not fully meshed circuits
– Hub-and-Spoke is a type of Partial Mesh
• Design problems occur when layer 3 network does not map exactly
to layer 2 network
– Devices without direct layer 2 circuits cannot resolve each other via
Inverse-ARP
– Some higher layer protocols (OSPF, PIM, etc.) do not understand this
disconnect
• Ideally layer 3 is 1:1 with layer 2 network
– Separate IPv4/IPv6 subnet and point-to-point subinterface for each
DLCI
19

CCIE RS Written v2011 Part 01 Layer 2 Technologies 1 00

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CCIE RS Written v2011 Part 01 Layer 2 Technologies 1 00

Încărcat de

Drepturi de autor:

Formate disponibile

www.INE.

CCIE Routing & Switching

Core Ethernet Switching Components

Catalyst IOS Switchport Modes

How VTP Works

VTP Server Mode

VTP Client Mode

VTP Transparent Mode

How 802.1d STP Works

Root Bridge Election

Root Port Election

Designated Port Election

Cisco’s STP Enhancements

Other Cisco STP Features

EtherChannel Mode Compatibility

EtherChannel Load balancing

Frame Relay Overview

Frame Relay LMI

Frame Relay LMI

Partial Mesh NBMA

S-ar putea să vă placă și