Cisco - Chapter 11
Disabled bridge
A bridge that is powered on but does not participate in forwarding or listening to network messages. A bridge must be manually placed in the disabled state.
Virtual LAN
A broadcast domain that is partitioned at the Data Link layer (layer 2).
VLAN Disadvantages
A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. Details of how VLANs are created and identified can vary from vendor to vendor. Creating a VLAN might mean you must use only that vendor's switches throughout the network. When using multiple vendors in a switched network, be sure each switch supports the 802.1Q standards if you want to implement VLANs. Despite advances in switch technology, routers are still needed to: Filter WAN traffic. Route traffic between separate networks. Route packets between VLANs.
Broadcast domain
A logical network division in which all nodes can reach one another at the Data Link layer (layer 2).
Forwarding port
A port in the forwarding state can both learn and forward. All ports of the root switch are in forwarding mode.
Learning port
A port in the learning state receives packets and builds the bridge database that associates MAC addresses with ports. A timer is associated with this state. The port goes to the forwarding state after the timer expires.
Rapid Spanning Tree Protocol (Rapid STP)
A variaton of the standard STP specification that improves convergence performance by actively confirming when a switch port is ready to transition to a forwarding state, which reduces convergence time.
Default Switch Configuration
All ports are enabled (no shutdown). All ports automatically detect duplex mode. All ports automatically detect port speed. All ports perform automatic trunking negotiation. The switch uses fragment-free switching. Spanning tree is enabled. VTP mode is set to server. All ports are members of VLAN 1. Default VLANs of 1, 1002, 1003, 1004, and 1005 exist. 802.1Q trunking is used.
802.1Q
An IEEE standard trunking protocol that is widely used on many devices. Is an IEEE standard for trunking and is supported by a wide range of devices. Supports VLAN numbers 1-4094. Does not tag frames from the default VLAN. Frames from all other VLANs are tagged. For example, if an 802.1Q port has VLANs 1, 2, and 3 assigned to it and VLAN 1 is the default VLAN, frames on VLAN 1 that exit the port are not given an 802.1Q header. Frames that enter this port and have no 802.1Q header are put into VLAN 1.If the default VLAN on one end of the trunk is different from the native VLAN on the other end, the traffic of the native VLANs on both sides can't be transmitted correctly on the trunk.The native VLAN is VLAN 1 by default, but may be reconfigured. When using multiple vendors in a switched network, be sure each switch supports the 802.1Q standards if you want to implement VLANs.
PortFast
An STP function that allows a port to skip the listening and learning states and go from a blocking state to a forwarding state immediately. A 30-second delay is created by the default 15-second listening state and 15-second learning state that are required to transition from blocking to forwarding. PortFast allows a port to skip these states and go from a blocking state to a forwarding state immediately. However, PortFast can easily cause switching loops. You should enable it only on ports connected to non-STP devices like workstations, printers, and servers.
BPDU Guard
An STP function that prevents certain switch ports from connecting to other switches. It prevent switching loops and unauthorized connections. prevents certain switch ports from connecting to other switches in order to prevent switching loops and unauthorized connections. Because only switches send BPDUs, BPDU Guard knows that a port that receives a BPDU is linked to another switch. BPDU Guard will disable ports as appropriate.
Bridge ID (BID)
An identification number composed of the priority number of the bridge and its MAC address. is composed of the priority number of the host and its MAC address. A hello packet is the most common Bridge Protocol Data Unit (BPDU). Hello packets contain the root bridge ID, the sender's bridge ID, the cost to the root, and the timers. Be familiar with the following about bridge IDs: The root bridge ID is the bridge ID of the switch with the lowest bridge ID. The sender's bridge ID is the bridge ID of the switch sending the hello packet. The sender's root cost is the cost between the sender and the current root. The timer values include the MAC age timer and forward delay timer. When a switch has segments advertising the same cost, the port with the lower BID becomes the designated port. All designated ports are set to forwarding. You can configure the STP topology by manipulating the bridge ID or by changing the port cost configuration of the default bridge ID.
Blocking port
Any port that is not a root or a designated port. A blocking port is in blocking state.
STP Device Configuration Process
At startup, switches send BPDUs out each port. Switches read the bridge ID contained in the BPDUs to elect (identify) a single root bridge (the device with the lowest bridge ID). Then, all the ports on the root bridge become designated ports. Each switch identifies its root port, which is the port with the lowest cost back to the root bridge. Switches on redundant paths identify a designated switch for each segment. A designated port is also identified on each designated switch. Remaining switch ports that are not root or designated ports are put in the blocking state to eliminate loops. After configuration, switches periodically send BPDUs to ensure connectivity and discover topology changes.
VLAN Trunking Protocol (VTP)
Cisco proprietary protocol that allows VLAN configuration changes to be automatically propagated out to each switch. 4 modes: server , client , transparent, and off.
Inter-Switch Link (ISL)
Cisco's proprietary trunking protocol. an be used only between Cisco devices. Encapsulates the frame with an ISL header and trailer instead of tagging (modifying) the frame. Supports VLAN numbers 1-1005. Be aware of the following facts regarding the ISL trunking protocol: If a non-ISL configured trunk port receives an ISL-encapsulated Ethernet frame, it may consider those frames to be transmission errors because the ISL header and trailer cause the frame to have an excessive size. Switches that do not support ISL drop ISL frames because they can't decode the ISL encapsulation.
Layer 3 EtherChannels Configuration
Configure each physical interface to: Be a routed port by using the no switchport command. Participate in a specific channel group by using the channel-group [number] mode on command. Configure the port-channel interface to: Have an IP address using the ip address [address] command. Be a routed port by using the no switchport command
VLAN Advantages
Create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service). Simplify device moves by modifying a device's port assignment to move it to a new VLAN. Control broadcast traffic and create collision domains based on logical criteria. Control security by isolating traffic within a VLAN. Load-balance network traffic by dividing traffic logically rather than physically. Switches are easier to administer than routers. Switches are less expensive than routers. Switches offer higher performance (introduce less latency).
Bridge Protocol Data Unit
Data messages exchanged between switches to communicate information about ports, addresses, priorities, and costs. Hello packets are the most common BPDUs.
spanning tree algorithm provides the following benefits
Eliminates bridge loops. Provides redundant paths between devices. Enables dynamic role configuration. Recovers automatically from a topology change or device failure. Identifies the optimal path between any two network devices.
VTP Configuration steps
Establish a trunk link between two switches. For the VTP server switch: Configure the VTP domain name. Specify a VTP password (optional). Set the switch to VTP server mode. For the VTP client switch: Configure the same VTP domain name as the server. Specify the same VTP password as the server (optional). Set the switch to VTP client mode. Use the show vtp status command to verify that VTP is operational.
Bridge and root port election
Every switch sends out a hello packet listing itself as the root bridge ID with a cost of zero. As each switch receives a hello packet, it compares its root bridge ID to the root bridge ID listed in the hello packets. If the listed BID is lower, the switch elects that as the root and forwards the hello packet listing itself as the sender. Once the root bridge has been elected, its ports enter a forwarding state and continue to send hello packets. The other switches examine the hello packets and determine which port has the lowest cost to the root. The port with the lowest cost to the root becomes the root port. The port on each LAN segment with the lowest cost to the root becomes the designated port for that segment. When the age timer expires, STP starts a new election process.
Forwarding state
Forwarding stateCriteria for putting an interface into a forwarding state is as follows:STP elects a root switch and all interfaces on the root switch are in a forwarding state.On non-root switches, the port with the least administrative cost between the switch and the root switch is elected to the forwarding state.The switch with the lowest root cost, compared with other switches, is also placed in the forwarding state.
Voice over IP (VoIP)
Hardware and software that uses the internet and data packets to transmit voice calls.
to identify the state of each port:
Identify the root bridge. The root bridge is the switch with the lowest bridge ID:The switch with the lowest priority value is the root bridge.If two or more switches have the same priority value, the switch with the lowest MAC address is the root bridge. On the root bridge, label each port as a designated port. For every other bridge, identify its root port. The root port is the port with the lowest cost back to the root bridge:To identify the cost, add the cost for each segment back to the root bridge.If two paths have the same cost, then look at the bridge ID of the next switch in the path. After labeling each root port, identify a designated port for each segment that does not already have a designated port:The designated port will be the port that connects to the path with the lowest cost back to the root bridge.If two paths have the same cost, compare the bridge ID of the next switch in the path. At this point, each segment should have a designated port identified. Any ports not labeled as a root port or a designated port should be configured as a blocking port.
Dynamic Trunking Protocol (DTP)
Is enabled by default on Cisco switches. Automatically negotiates the trunking encapsulation to be used (either 802.1Q or ISL). Operates in one of the following modes: AccessDynamic autoDynamic desirableTrunk
Listening port
Listening is a transitory state between blocking and learning. After a change has occurred, a port remains in the listening state for a specific period of time. For example, if a bridge goes down, all other bridges go to the listening state while the bridges redefine their roles.
hello timer
Measures the amount of time between the hello packets sent from the root bridge.
EtherChannel
Port link aggregation technology that combines multiple switch ports into a single, logical link between two switches. EtherChannel provides a high degree of redundancy for network links by combining multiple parallel segments between two switches into a single link. To do this, the segments must have the same link speed. You can combine eight separate segments into one Ether Channel. STP convergence starts only if all of the links within the channel go down.
Rapid STP
Rapid Spanning Tree Protocol (Rapid STP) is a variation of the standard STP specification. Rapid STP improves convergence performance by actively confirming when a switch port is ready to transition to a forwarding state. This eliminates the need for the listening and learning states, which can cause a 50-second, or more delay. Rapid STP reduces convergence time to about 10 seconds.
Switching loop
Redundant paths between segments in which packets are endlessly routed. It is also called a bridge loop.
STP issues
The biggest disadvantage of STP is that it is slow to respond to topology changes. With a link failure, convergence could take up to 30 seconds. By optimizing switch settings, this delay can be reduced to about 14 seconds, but that is still too long. To improve convergence, Cisco introduced several new proprietary features which can reduce this time to about 1 second. These features include the following: PortFast allows ports without any attached switches to transition immediately to the forwarding state. This transition is possible because bridging loops are eliminated on ports that do not have switches attached. Uplink Fast enables a switch to maintain an alternate path back to the root bridge. If the root port or link goes down, the alternate port can be quickly used to re-establish communication with the root bridge.
Designated bridge
The bridge that is allowed to send and receive frames onto a segment. Designated bridges are selected automatically by exchanging bridge configuration packets. To prevent bridge loops, there is only one designated bridge per segment.
Backup bridge
The bridge that takes over when a bridge fails. All redundant devices are classified as backup bridges. Backup bridges:Listen to network traffic and build the bridge database. However, they will not forward packets.Can take over if the root bridge or a designated bridge fails.
Root bridge
The bridge with the lowest bridge ID. It is at the top of the STP hierarchy and serves as a reference point for all switches. is the master or controlling bridge. Be familiar with the following regarding root bridges: There is only one root bridge in the network. The root bridge is the logical center of the spanning-tree topology in a switched network. The root bridge is determined by the switch with the lowest bridge ID (BID):The bridge ID is composed of two parts, a bridge priority number and the MAC address assigned to the switch.The default priority number for all switches is 32,768. This means that for unconfigured switches, the switch with the lowest MAC address becomes the root bridge.You can manually configure the priority number to force a specific switch to become the root switch. The root bridge periodically broadcasts configuration messages. These messages are used to select routes and reconfigure the roles of other bridges if necessary. All ports on a root bridge forward messages to the network.
Trunking
The connection of two switches.
Designated port configuration
The designated port identifies the port on the segment that is allowed to send and receive frames onto that segment. Be familiar with the following concepts. All ports on the root bridge are designated ports, unless the switch port loops back to a port on the same switch. Designated ports are selected based on the lowest path cost to get back to the root switch. Default IEEE port costs include the following: 10 Mbps = 100 100 Mbps = 19 1 Gbps = 4 10 Gbps = 2 If two switches have the same cost, the switch with the lowest priority becomes the designated switch. The port on that switch is the designated port. If two ports have the same cost, the port on the switch with the lowest port ID becomes the designated port: The port ID is derived from two numbers, the port priority and the port number. The port priority ranges from 0-255, with a default of 128. The port number is the number of the port. For example, the port number for Fa0/3 is 3. With the default port priority setting, the lowest port number becomes the designated port. Designated ports are used to send frames back to the root bridge. Designated ports are in the forwarding state.
Trunking protocol
The format switches use for tagging frames with the VLAN ID.
Root port
The port on the designated switch with the lowest port cost back to the root bridge.
Designated port
The port on the segment that is allowed to send and receive frames onto that segment.
Spanning Tree Protocol
The protocol that assigns a designated bridge or switch for each route. It is also referred to as the Spanning Tree Algorithm (STA). assigns a designated bridge (or switch) for each route. Only the designated bridge can forward packets. Redundant bridges (and switches) are assigned as backups. Keep in mind the following regarding STP: The spanning tree algorithm calculates the best loop-free path through a network by assigning a role to each bridge, switch, and port. The bridge role determines how each device functions in relation to other devices and whether the device forwards traffic to other segments. The network can respond to a lost link by building a new spanning tree.
Switching forward logic
The source VLAN of the frame is determined, using the access interface's VLAN or the frame's trunking header. The source MAC address, source interface ID, and the VLAN ID are added to the MAC address table. The MAC address table is searched for the destination MAC address of the frame. The frame is forwarded to the interface of the matched address entry. If the MAC address is not found in the MAC address table, the frame is flooded out to other access ports in the same VLAN.
VTP Characteristics
VTP uses advertisement messages to maintain VLAN consistency across switches. Advertisement messages are sent using either ISL or 802.1Q frames. They contain the following information:VTP domain nameVTP revision numberVLAN IDsVLAN configurations There are two versions of VTP, version 1 (V1) and version 2 (V2). Other than V2 supporting Token Ring VLANs, the two versions are almost identical. VTP can be configured to use a password.All switches in the VTP domain must be configured to use the same password.If being used, the password is hashed using MD5 and sent with all advertisement messages. Extended VLANs (1006-4094) are not advertised by VTP. Unless a switch is in VTP transparent mode, extended VLANs cannot be configured on the switch.
EtherChannel Troubleshooting
Verify that all ports in an EtherChannel use the same protocol (PAgP or LACP). Verify the options used:If the channel-group command is used with the desirable option on one switch (PAgP), the other switch must use either desirable or auto.If the channel-group command is used with active option (LACP), the other switch must use either active or passive. Verify that all ports in an EtherChannel have the same speed and duplex mode. LACP requires that the ports operate only in full-duplex mode. Verify the channel group number. A port cannot belong to more than one channel group at the same time. Verify that all ports in an EtherChannel are configured to be in the same access VLAN configuration or to be configured as VLAN trunks with the same allowable VLAN list and the same native VLAN. Verify that all ports in an EtherChannel use the same trunk mode (i.e., ISL or IEEE 802.1Q) to avoid unexpected results. Check the spanning tree configuration. If you do not configure EtherChannel, the spanning tree algorithm will identify each link as a redundant path to the other bridge and will put one of the ports in blocking state. Do not configure more than 6 EtherChannels on one switch. Check the port type and number. You can configure an LACP EtherChannel with up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Be sure to enable all ports in an EtherChannel. A port in an EtherChannel that is disabled by using the shutdown interface configuration command is treated as a link failure. Its traffic is transferred to one of the remaining ports in the EtherChannel.
Voice VLANs
Voice VLANs are configured on access ports and are used to carry VoIP traffic from a Cisco IP phone. Voice VLANs send all VoIP traffic with a higher priority than data traffic to ensure timely delivery. Consider the following facts about voice VLANs: To create a voice VLAN, use the switchport voice vlan [number] command. By default, IP phone traffic on a voice VLAN is tagged with an 802.1Q priority of 5. When an interface is configured with a voice VLAN, the PortFast feature is automatically enabled on the interface. A Cisco IP phone automatically uses the VLAN ID of the port it is connected to. Non-Cisco IP phones require the VLAN ID to be manually configured on the IP phone.
EtherChannel qualities
You can combine 2-8 ports into a single link. All links in the channel group are used for communication between switches. Bandwidth between switches is increased. Automatic redundant paths between switches are established. If one link fails, communication will still occur over the other links in the group. Spanning tree convergence times are reduced.
Port Aggregation Protocol (PAgP)
is a management function that checks the parameter consistency at either end of the link and assists the channel in adapting to link failure or addition. PAgP prevents loops and packet loss due to misconfigured channels. It facilitates network reliability. PAgP operates in the following modes: Auto places the port in a passive negotiating state and forms an EtherChannel if the port receives PAgP packets. While in this mode, the port does not initiate the negotiation. Desirable places the port in a negotiating state to form an EtherChannel by sending PAgP packets. A channel is formed with another port group in either the auto or desirable mode.
Link Aggregation Control Protocol (LACP)
is based on the 802.3ad standard and has similar functions to PAgP. LACP should be used when configuring EtherChannel between Cisco switches and non-Cisco switches that support 802.3ad. LACP operates in the following modes: Passive places the port into a passive negotiating state and forms an EtherChannel if the port receives LACP packets. While in this mode, the port does not initiate the negotiation. Active places the port in a negotiating state to form an EtherChannel by sending LACP packets. A channel is formed with another port group in either the active or passive mode.
Root port configuration
is the port on the designated switch with the lowest port cost back to the root bridge. Each designated switch has a single root port (a single path back to the route bridge). Root ports are in the forwarding state. The root bridge does not have a root port.
default VLAN and VLAN trunking
means With 802.1Q trunking, frames from the default VLAN are not tagged. If the default VLAN on one end of the trunk is different from the default VLAN on the other end, the traffic of the native VLANs on both sides cannot be transmitted correctly on the trunk.
