Sunday, September 2, 2018

VLAN Trunking protoco ( VTP )

A switch can belong to only one VTP domain, in addition to sharing VLAN information with other switches in the domain. Switches in diffeent VTP domain, do not share VTP information.

Switches in a VTP domain advertise several attributes to their domain neighbors. Each advertisement contains information about the VTP management domain, VTP revision number, known VLANs, and specific VLAN parameters. When VLAN is added to a switch in management domain, other switches are notified of new VLAN through VTP advertisements. In this way, all switches in a domain can prepare to receive traffic on their trunk ports using the new VLAN.

VTP Modes-Every switch is server mode by default. Server mode is  the default VTP mode and allows VLANs to be created and deleted 

VTP modes determines how the switch can process and advertises VTP information. you can use following modes.

Server Mode-In this mode, VTP servers have full control over VLAN creation and modification for their domains.

Client Mode- VTP clients do not allow the administrator to create, change, or delete any VLANs. Instead, they listen to VTP advertisementss from other switches and modify their VLAN configurations accordingly. this is also called passive lstion mode. received information is always forwarded on it's truck link to neighboring switches in the domain.

Transparent Mode-VTP transparent sw3itches do not participate in VTP. it can create and delet VLANS that are lcoal only to itself. these VLAN changes are not propagated to any other switch .
It does not advertise it's own VLAN configuration and, also switch does not synchronize it's VLAN database with received advertisement


New Switch Adding in the existing infrastructure  or VTP domain-

Since by default, every switch operates in VTP server mode, it hears a VTP summary advertisement on a trunk port from any other switch, it automatically learns the VTP domain name, VLANs, and configuration revision numbers This makes it easy to bring up a new switch in an existing VTP domain.

You just need to verify all these information by below commands
Switch # show vtp status


 Configuratin a VTP management domain for newly setup - 

 If a switch is the first one on the network, the management domain must be created.

switch(config)# vtp domain <domain name>












Posted by at No comments:

Dynamic Trunking Protocol ( DTP )

DTP is used to negotiate forming a trunk between two cisco devices. DTP is a Cisco proprietor protocol that is automatically enabled on Catalyst 2960 and Catalyst 3560 Series switches 

The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto
Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form. switchport mode dynamic desirable: Makes the interface actively attempt to convert the link to a trunk link. please refer  the DTP modes below carefully 

DTP modes:

1. switchport mode access -  Just to add a computer on the switch 

2. switchport mode dynamic auto - Makes the interface able to convert the link into a trunk link, when someone ask/request this port, then trunking will be negotiated. 

3. switchport mode dynamic desirable -  Makes the interface actively attempt to convert the link into a trunk link. it " asks" the far end switch to bring up a trunk

4. switchport mode trunk - Puts the interface into permanent trunking modes and negotiates to convert the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is not a trunk interface. For this mode there will be no such condition, rather it accepts whatever the mode neighbor is.

5. switchport nonegotiate -  Prevents the interface from generating DTP frames. you can use this command only when the interface switchport mode is access or trunk.you must manually configure the neighboring interface as a trunk interface to establish a trunk link.

                                 Please refer the below table for quick understanding
                           sh interface gigbitether 2/1 trunkc to check the trunking status                                  
Key Points -

DTP frames are sent out every 30 seconds to ensure their neighboring switch port informed of the links’s mode

·     Switch port truck will will be the always first and best choice making both switch connected with swichport mode truck manually, so that both of them will never ask for negotiation.


When should I make truck between two switches - A trunk link can be negotiated between two switches only at following conditions.

  If both switches belonging to the same VTP domain
  If one switch has not been defined VTP domain, between two of them
  If both switches have not been defined VTP domain
  If two switches are in different VTP domains, though trunking can be possible, by typing 
  switchport mode trunk and switchport nonegotiate on both of the switches.


When should I disable DTP -
  
Whenever you made permanent trunk link with switchport mode trunk, you should also disable DTP completely so that these frame are not changed, hence no negotiation is possible until this configured removed.

You should disable DTP negotiation if a switch has a trunk link connected to a non-trunking router or firewall interface.

Note - Please refer another page for VTP explanation 





Posted by at No comments:

VLANs and Trucking


By default, a VLAN is single broadcast domain, every connected devices sees every broadcast packet which is transmitted.that means all devices connected to that VLAN receive broadcasts sent by any other VLAN members. However , devices connected to a different VLAN will not receive those same broadcasts.
A port or group of ports on a single switch can assigned to many VLANs. Even though two devices are connected to the same switch, traffic will not pass between them if they are connected to ports on different VLANs.  To perform this, you could use either a layer 3 device to route packets or an external layer 2 device to bridge packets between the two VLANs.

We have two types of VLAN configurations:


1). Static VLAN -  port based configuration

2). Dynamic VLAN - mac address based configuration.

3). Negotiate( the default)- The encapsulation is negotiated to select either ISL or IEEE 802.1Q, whichever both ends of the trunk support. if both ends support both types, ISL is favored.



By default, all switch ports assigned to VLAN 1 , are set to be a VLAN type of Ethernet, and have a maximum  transmission unit ( MTU ) of 1500 byes.


Static VLAN configuration -

1. Creating a VLANs
2. Adding switch port into VLANs
3. VTP configuration


1. Creating a VLANs -


step 1. VLAN must be created on  a switch, range could be 2 - 1002
  
            Switch ( config ) # vlan 100

step 2. Assigning a name to VLAN 

           Switch ( config - vlan ) # name sales

step 3 . Removing a VLAN

            Switch ( config ) # no vlan 100


2. Adding switch port into VLANs

 step 1.  Switch# Interface Fastethernet 0/1

step 2.  config-switch # switchport - [ you will understand about this command in below paragraph ]

step 2.  config-switch #  switchport mode access

step 3.  config-switch # switchport mode vlan 100


3. VTP configuration
Before you begin VTP configuration, you must understand what is switchport command actually do?By default, every Catalyst IOS switch port is ready for Layer 3 operations, something that doesn't co-exit with Layer 2 VLANs. a switch port must be in layer 2 mode before it can support a trunk.a switchport command makes switch port put into layer 2 mode, and also you must learn following stages 

1.VLAN Identification and encapsulation methods
2.DTP modes
3.Native VLAN



Please go through separate links for DTP modes and Native VLAN explanation.

1.VLAN Identification and encapsulation methods -

 a. ISL ( Inter Switch Link) -
       In this ISL method, VLANs are tagged and encapsulating in each frame using cisco ISL protocol.     It is a cisco propitiatory

b. 802.1Q -
    In this 802.1Q mthod, VLANs are tagged by tagged and encapsulating in each frame using IEEE.802.1Q standard protocol. The only exception is the native VLAN, which is sent normally and is not tagged. It is a open standard.




switch # interface fasthethernet 0/1
switch (config-if)# switchport
switch (config-if)#switchport trunk encapsulation isl/dot1q/negotiate   
switch (config-if)# switchport mode trunk/dynamic desirable/auto
switch (config-if)#switchport trunk native vlan 100
switch (config-if)#switchport trunk allowed vlan  vlan list/all/add/except/remove
switch (config-if)#switchport trunk allowed vlan 100-102, 104-105
switch (config-if)#switchport trunk allowed vlan remove 103








Posted by at No comments:

Thursday, August 23, 2018

Port configuration and Troubleshooting



Well first of all, let me clarify you, what is full duplex mode and half duplex mode.

Full duplex means the interface can send and receive data at the same time, everybody listens when everybody speaks, though there no collision domain

Half duplex means you will have collisions and slower network performance due to dropped packets, as systems back off and resend their data, you speak I listen when everybody should be silence until my conversation finish.

You need to assign a specific speed to switch ports through following switch configuration commands or else interfaces are being set to default speed as per the table below.

Interfaces always set to default speed as per the table below.

Interface Type
Set speed capability(mbps)
Default
FastEthernet 10/100 ports
10/100/Auto
Auto
Gigabit Ethernet GBIC ports
1000
1000
1000BASE-T
10/100/1000/Auto
Auto

You need to assign a specific speed to switch ports through following switch configuration commands, wherever you see duplex mismatch problem or user complain slow response, which means both ends have different speed and duplex modes. Both ends must be configured same speed and duplex modes.

Switch(config)#  Interface gig 3/1
Switch(config)#  speed auto
Switch(config)#  duplex auto
Switch(config)#  Interface gig 3/2
Switch(config)#  speed 100
Switch(config)#  duplex full

Remember-If speed is set to auto, then the duplex can’t be manually set, duplex should also be set auto


Verification of interfaces speed and duplex settings

Before verifying port settings, you must see the interface capability. If it is fast Ethernet 10/100 port, which is manually set to speed 100, what do you do if other end gigabit Ethernet of default speed 1000mbps? So that verify the interfaces capabilities first and set speed auto-auto, make sure both ends must be  same speed.


To verify the interface capabilities, use the below command





To verify the specific interface speed and duplex setting, use the following commands.

And remember when the speed and duplex setting are being set to default, you will see following symbolic representation, as marked by red pen on below screen shots.
 (1).They display auto-auto, when interface are “not connected” other end.
 (2).They display  a-full and a-100 , when interfaces “connected” to other end.







PC end speed and duplex settings:
Click "Start > Settings > Control Panel".
Select "Network and Sharing Center".
On the right panel select "Change Adapter settings"
Right click on the "Local area Connection" and select "Properties".
In the "Local Area Connection Properties" window select the "Configure" button.
Select the "Advanced" tab.In the scroll list of options find "Speed & Duplex" or "Link Speed & Duplex" and select it.






Auto Negotiation will be the default setting for win 7 computers.







Posted by at 1 comment:

Wednesday, August 22, 2018

Content Address Memory ( CAM )


By default, MAC Address are learned dynamically from incoming frames, when frames arrive on switch ports, the source MAC addresses, port of arrival and the VLAN are learned and recorded in the CAM table, along with time stamp. Switch never record those MAC addresses, which have not been participated in frame forwarding or stay receiving-only NIC addresses for more than 300 seconds .
 



Yes, by default, MAC addresses that have not been participated more than 300secs in frame forwarding, those are deleted. Entering the value 0 disables the MAC aging. If a VLAN is not specified, the aging specification applies to all. This benefit is provided for just because maintaining huge database that may cause a space issue in devices in a large infrastructure.
If a MAC address learned on one switch port has moved to a different port, the MAC address and time stamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAD address is found already present in the table for the correct arrival port, only it's time stamp is updated.

------------------- -------------------- ------------------- ------------------------- -------------------------------
You can change the default timer, if you have a smaller organization.
config# mac address-table aging-time 500seconds
If a MAC address is not learned by the port on the switch,  due to bug, you need to  have static CAM table entries by following command
config# mac address-table static XX.XX.XXX.XXX  vlan 1 interface gigethernet0/1
-----------------------------------------------------------------------------------------------------------------------

Note: you can use this command if there are already static entries applied, before you’re going to statistically configuring any mac address.



 
                                                                                                                                                                  Determining host  active on an interface





Checking the size of the cam table to verify how many hosts are using the network




CAM table entries can be cleared manually, if needed, by using the below command
switch#clear mac address-table dynamic [ address xx.xx.xx] or interface gigether0/1 or vlan 1







To determine mac address type(static or dynamic) configured on specific interface.







Some of the more use full commands

sh mac address-table interface 8/1 onuid 5
sh mac address-table vlan 56
sh mac address-table dynamic
sh mac address-table static    




Posted by at No comments:
Subscribe to: Posts (Atom)