Implementing Cisco IP Switch Networks (300-115) CCNP SWITCH Lab workbook version 2.1 Sikandar Shaik CCIEx2(RS/SP) ~~, / NETWORK ONLINE ACADEMY www.noasolutions.com NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 4¢ 65890380, +91 7036826345Sikandar Gouse Moinuddin CCIE x2 ( RS/SP) boot Sevier Tecnica struct meer Consultant Stand Shak ul CE (535012 sag epernced anderen ven seer tech and ner coda He as ben ang oat couses or mare 10ers acing ona ie ange of ps cdg Rtg and Sching Server Pre sd OBOE seeriyicoutocceyaditen hasbeen elope and updating he coment or tse rama potent maiatecer poate a ae ekatee eee Stondar Siok sigh edt egg planing crecdnatrg nabtaring olbehooeng SE a eee ale pee te es me tole a eee Seed pce ie pre 1 ipsa ioe jasc ea eos ed Imamalang Pond peripheral o newer cone propane formulated a onan netrrsLAK Mi and WAN een Stand Sk as dered srr wahings hsv ates a wel asin abroad counes ie China Key and UN He as ao wrked aa Feeanee Cie Cried seve Joba Crprate ar Cents. 41,052 11 207 8 “ Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions..com Page 2Implementing Cisco IP Switched Networks (300-115) + Implementing Cisco IP Switched Networks (SWITCH 300-115) is a 120-minute qualifying exam with 45-55 questions for the Cisco CCNP and CCDP certifications. + The SWITCH 300-115 exam certifies the switching knowledge and skills of successful candidates. + They are certified in planning,configuring, and verifying the implementation of complex enterprise switching solutions that use the Cisco Enterprise Campus Architecture, The SWITCH exam also covers highly secure integration of VLANs and WLANs. The following topics are general guidelines for the content that is ikely to be included on the exam. However, other related topics may also appear on any specific version of the exam. To better reflect the contents of the exam and for clarity, the following guidelines may change at any time without notice. Auto-negotiation, Speed, and Duplex eee Virtual LAN LAB -Verify VLAN eeeeeeeeseeeneeeeeeetee eeseceeneeenen Trunking . . 16 LAB : Trunking... 19 DTP (DYNAMIC TRUNKING PROTOCOL 30 NATIVE VLAN, 32 Inter-Vian routing using Separate Phisical Gateways 36 Inter-Vian routing using sub-interfaces cacscucieucsesescnttenecetnnenes —— srntsee 40 Inter.Vian routing using Multilayer switch. “4 Extended VLAN sestsctstestsnintnatnttstistntintnttntneeinttnnnetnntneneeeiee 50 Voice VLAN 53 VLAN Trunking Protocol <... rite Basalt. 3 56 LAB: VIP 6 VIP Version 3 67 LAB: VIP version 3 0 VIP Pruning 85 LAB: VIP Pruning. 89 Spanning-tree Protocol... 100 LAB: VERIFYING SPANNING-TREE .. 107 LAB: Tuning STP (cost/proirity/Timers) seeennnntnnnnenntnntnneenene m2 Hierachial Campus Model 9 STP : Selecting Root Bridge -.vesvssestsstnstntsstintntsttntnststtnentete 121 LAB: Per VLAN STP: 122 Etherchannel -scsstacssteststtntinststintnttstinetntintnetinetnnnetnetnenetneee 139 LAB : Configruing Ether-Channel Using Pagp Protocol Negotiation.. 142 Layer 3 Etherchannel ..sscssvssvstnetntintsntntnstntistietinenetnetneneeeee 146 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 3Spanning-tree portfast LAB: BPDU Guard (interface & Global mode) LAB: BPDU filter (interface level) . LAB : Root Guard UDLD and Loopguard Errdisable Recovery options Spanning-tree uplinkfast/backbone fast Rapid STP. Per vlan STP ( PST) .. Multiple STP LAB: MSTP (MULTILPLE SPANNING-TREE) / Tuning MSTP ...scssscsseessesstenetenee SPAN/RSPANY. Using CDP /LLDP: LAB: VERIFY CDP Layer? Security Device Security using AAA (TACACS+ and Radius) . LAB: AAA Authentication using External servers i... Understanding switch security issues Port security LAB : PORT-SECURITY DHCP snooping, LAB : DHCP Snooping : LAB: IP Source Guard: i... LAB : Dynamic ARP inspection Storm control seccee- Private VLAN First HopRedundancy Protocols HsRP VRRP LBP SWITCHING MOCK LAB: NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution 147 153 160 166 17 75 178 181 187 189 192 206 214 217 Page 4Auto-negotiation, Speed, and Duplex By default, each Cisco switch port uses Ethernet auto-negotiation to determine the speed and duplex setting (half or full). The switches can also set their duplex setting with the duplex and their speed with the speed interface subcommand, Switch(confighfint fa0/1 Switch(config-if)#speed ? 10 Force 10 Mbps operation 100. Force 100 Mbps operation auto Enable AUTO speed configuration Switch(config.if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation Switchish interfaces fa0/1 FastEthernet0/1 is down, line protocol is down (disabled) Hardware is Lance, address is 0030.f207.aa01 (bia 0030.f207.aa01) MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set switch(config)# Interface Vian 1 switch(configcif)# ip address switch(configeif)# no shutdown To assign Default Gateway to a Switch Switch (config) ip default-gateway 192.168.1.100 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on” Page 5VLAN & Trunks Virtual LAN MOA, Divides a Single Broadcast domain into Multiple Broadcast domains A_Layer 2 Security Vian 1 is the default VLAN. We can create vians from 2 - 1001 Can be Configured on a Manageable switches only ocooco NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 6Benefits of VLANs NA. Limit the number of broadcast Better performance © Security Types of VLAN MOA. 1. Static VLAN 2, Dynamic VLAN Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘com Page 7VLAN Ranges Wy 0, 4095 Reserved for system use only 1 isco default 72-1001 For Ethernet VLANs 1002-1005 | Cisco defaults for FDDI and Token Ring Ethernet VLANs only, unusable on specific 1006-4094 | egacy platforms Static VLAN XM OA. * Static VLAN’s are based on port numbers + Need to manually assign a port on a switch to a VLAN * Also called Port-Based VLANs * One port can be a member of only one VLAN Vian Creation : ‘Switeh(config# vlan ‘Switeh(config-Vian}t name ‘Switeh(config-Vianyt Exit Assigning ports in Vian ‘Switch(configy# interface NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page &vos “GA. Switch? show vian Brief 1002 f4di-defaule act/unsup 1003 token-ring~default act/unsup 1004 fddinet-detault —act/unsup 1005 trnet=aefaule act/aneup ‘Management VLAN is VLAN 1 by dtaul VLAN 1 cannot be renamed or deleted. Create four VLANs ( VLAN 10,20,30,40) OA. Switch(config)#vian 10 ‘Switch(config-vian}i#name sales TAS! ‘Switch(config-vian}ivian 20 ‘Switch(config-viany#name marketing Sse lan Switch config-vian)#vian 30 MIAN Nome Stos Pots ‘Switch(config-vian)#vian 40 7" aa cing ai ci Fai rea ‘Switch(config-vian)#end ‘0 Feo 00/19 F020 00/2, F220 (23 Fob 26 2 it? Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 9TASK: XM OA, Configure port fa0/8 in to vian 10 Configure multiple ports ( 4-7 and 10) to vian 20 Switeh(configyin F018 ‘Switch config-i)#switchport mode access Switch(config-i#switchport access vian 10 Switch(contfig-iftexit Switch(config)tinterface range f0/4 -7,f0/10 Switch confg-itrange)#switchport mode access Switch(config-t-range}#switchport access vian 20 Getout active Fo) FeO, FoDP a0 a0 FD 2 Po02 Faia oo!" Fo0! FI Fadi oO! F020 F012) Dynamic VLAN MOA. Dynamic VLAN's are based on the MAC address of a PC ‘Switch automatically assigns the port to a VLAN Each port can be a member of multiple VLAN's For Dynamic VLAN configuration, a software called VMPS( VLAN Membership Policy Server) is needed [want [ane [wana] new node Mac aaaress checked | ara wan wana wane wand an contguration NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 10LAB ~Verify VLAN 192.168.1.4 192.168.1.2 STEPS: 1. Ping between 192.168.1.1 and 192.168.1.3, ‘a. (they can communicate with each other and they are on the same network (logically) and same VIAN ( default vlan 1) 2. Create VLAN 20 3. Shift port f0/3 , {0/4 in to VLAN 20 4, between 192.168.1.1 and 192.168.1.3 a. they cannot communicate with each other and they are on the same network (logically) but on different VLAN (VLANI and vlan 20) Switchésh vlan VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 FaQ/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, Fa0/24 Gigi/l, Gigl/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fdinet-default act/unsup 1005 trnet-default act/unsup PC>ipconfig |P Address{i nes e161 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 11Subnet Mask.. Default Gateway.. 255.255.255.0 : 192.168.1.100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply fROATNTOZAGBAD: bytes=32 time=19ms TTL=128 Reply from 192.168.1.2: bytes=32 time=6ms TTL=128 Reply from 192.168. bytes=32 time=8ms TTL=128 Reply from 192.168.1.2: bytes=32 time=7ms TTL=128 Pc>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply fFOMNS2T68:03! bytes =32 time=12ms TTL=128 Reply from 192.168.1.3: bytes=32 time=9ms TTL=128 Reply from 192.168.1.3: bytes=32 time=7ms TTL=128 Reply from 192.168.1.3: bytes=32 time=8ms TTL: PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Reply from 192168104: bytes=32 time=10ms TTL=128 Reply from 192.168.1.4: bytes=32 time=8ms TTL=128 Reply from 192.168.1.4: bytes=32 time=8ms TTL=128 Reply from 192.168.1.4: bytes=32 time=9ms TTL=128 All the Four devices in the LAN. can communicate with each other and they are on the same network (logically) and same VLAN ( default vlan 1) TASK: Create Vian 20 And Shift The Ports 3 And 4 In To Vian 20 Switch(config)#vlan 20 Switch(config-vlan)#name SALES Switch(config-vlan)#e Switch(config)#interface fastEthernet 0/3 Switch(config-if) #switchport mode access Switch(config-if)#switchport access van 20 switch(config-if exit Switch(config)#interface fastEthernet 0/4 Switch(config-if)#switchport mode access Switch(config-if}#switchport access vian 20 Switch#sh vlan VLAN Name Status Ports NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 12‘et allNngIVENFROPNFROPR|F20/5,Fa0Vs Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/I1, FaO/12, FaO/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, FaO/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gigl/1, Gigl/2 20 SALES active Fa0/3, FA 1002 fddi-default act/unsup_ caer Coit 1004 fddinet-default act/unsup 1005 tret-default act/unsup_ Pc ipaontig 1P Aces ITCRA Subnet Mask. 255.255.255.0 192.168.1.100 Default Gateway. PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168:112: bytes=32 tims Reply from 192.168.1.2: bytes=32 Reply from 192.168.1.2: bytes=32 tim PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 13LAB -2 CREATING BASIC VLAN CONFIGURATION ON SWITCHES TASK: ‘* Create four VLANs ( VLAN 10.20.3040) + Configure port fa0/8_ in to vian 10 * Configure multiple ports ( 4-7 and 10) to vlan 20 Switch(config)#vlan 10 Switch(config-vlan)#name sales Switeh(config-vlan)#vlan 20 Switch(config-vlan)#name marketing Switch(config-vlan)#vian 30 Switch(config-vlan)#vian 40 Switch(config-vlan)#end Switch#sh vlan VLAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, FaQ/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigi/1, Gigi/2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 14There are no active ports in the new vian which we created To shift the ports Switch(config)fint f0/8 Switch(config-if#switchport mode access Switch(config-if #switchport access vlan 10 switch(config-if exit Switch(config)#interface range f0/4 - 7 , f0/10 Switch(config-ifrange)#switchport mode access Switch(config-iFrange)#switchport access vlan 20 Switchish vlan VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/9, Fa0/M1, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, FaO/7 FaQ/18, Fa0/19, Fa0/20, Fa0/21 FaQ/22, Fa0/23, Fa0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 15Trunking OA. a Asingle VLAN can span over Multiple Switches NGA. Passing VLAN Traffic Using ‘Separate Links for each VLAN = a Passing VLAN Traffic Using Single Links Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions..com Page 16Types of links/ports Access links ‘* Connecting to end devices ( Hosts or router) part of one VLAN Trunk links % Do not belong to any VLAN “carry multiple VLANS traffic. + link between two switches, asc sp os mate sites yen mis whch ye ‘Semin ae Frame Tagging NA, In oder to make sure that same vian users on different switches communicate with each other there is a method of tagging happens on trunk links 1 Tag is added before a frame is send and removed once itis received on trunk link Frame tagging happens only on the trunk links NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution J Page 17Trunking protocols NA. Ist IEEE 802.10 + Ita Cisco proprietary ‘© Open standard + Itworks with Ethernet, Token ring, ‘It works only on Ethernet FDDI + Only 4 Byte tag will be added to + Itadds 30 bytes of tag original frame. + AILVLAN trafficis tagged Trunking Configuration XA, ‘Switch(configy#t interface ‘Switch(config-if}# switchport mode trunk ‘Switch(config.if}# switchport trunk encapsulation dottq/ISL ‘SW-2#sh interfaces trunk Port Mode Encapsulation Status Native vian FaORORonmMMBORIG ronkng 1 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 18LAB : Trunking MOA. TASK: ‘Create Vian 10, Vian 20 on both Swatches 2 Shit pots into ther respective VLAN as per the diagram. Confisre F020 por between SW and SW2 a8 Trunktink 4 Ensure That users of same VLAN on different Switches must communicate with each other Allowed Vian list on trunk Link OA, 12 By default, 2 switch transports all active VLANs (1 to 4084) over a trunk tink © An active VLAN is one that has been defined on the switch and has ports assigned to cary it There might be times when the trunk link should not cary all VLANS. $2 aces Fark at eda encopauaton Stake _ Native von ea Port Vlans alowed on trunk Fo0/20 1-005 \> | NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 19Allowed Vian list on trunk Link(contd) ‘SW/x{contig-ilj¥switchport irunk allowed vian 10,20,30,40 ‘SW. 5 frnk Port Mode Encapsulation Status Native vlan Fo0/20 on = 8021q_— trunking 1 Port vians oilowed on trunk NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 20LAB: TRUNKING 9192.168.4. Narreae 3B 192.1686.2 192,168.44 192.1684 f92.168.1.1 ‘yo2.168.241 192.108.3.8 = VLAN 10 VLAN 20 van to WAN 20 TASK: * Create Vian 10 , Vian 20 on both Switches * Shift ports in to their respective VLAN as per the diagram. + Confiure FO/20 port between SWI and SW2 as Trunk link * Ensure That users of same VLAN on different Switches must communicate with each other On swt Switch(config)#hostname SW/-1 SW-1(config)interface range f0/1 - 2 SW-I(config-if-range)#switchport mode access SW-1(config)finterface range f0/3 - 4 SW-1(config-if-range)#switchport mode access SW-1(config-if-range)#switchport access vlan 20 SW-1(config-if-range)#end SW-l#sh vian VIAN Name Status Ports 1 default ive Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 21Fa0/I17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gigl/2 1002 fddi-defautt act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup (On sw-2 Switeh(config)#hostname SW/-2 SW-2(config)#interface range fO/1 - 2 SW-2(config-if-range)#switchport mode access SW-2(config.if-range)#switchport access vian 10 SW-2(config.if-range)#exit SW-2(config)#interface range 10/3 - 4 SW-2(config-if-range)#switchport access vlan 20 SW-2(config.if-range)#end SW-2#sh vlan VLAN Name Status Ports 1 default active _Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gigl/2 TO VIANOOIO = active Fa0/1, Fa0/2 20 VLANOO20 active _Fa0/3, Fa0/4 1002 fddi-cefault act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup, 1005 trnet-default act/unsup From PC 192.168.1.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 22PC>ipconfig IP Addres: 192.168.1.1 255.255.255.0 192.168.1100 Default Gateway. Pc>ping 192.1683 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Gepenimegon Request timed out, PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=13ms TTL=128 Reply from 192.168.1.2: bytes=32 tim PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. From PC 192.168.2.1 PC> ipconfig IP AddressiiiiaiaiaNNIS268221 Subnet Mask. 255.255.255.0 Default Gateway. 192.168.2.100 PC>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes Reply from 192.168.2.2: byte Reply from 192.168.2.2: byte Reply from 192.168.2.2: bytes SERVER> ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Request timed out. Request timed out. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 23Request timed out. Request timed out. SERVER>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. NOTE: * From the above verification ‘+ Users of the same VLAN connected on the same switch can ping each other + Same vian users on different switches are not able to ping each other * In oder to communicate between same vian on different switches , there should be trunking configured on link (f0/20) between the switches To configure trunking SW-1(config)#interface fastEthernet 0/20 SW-1(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dotlq, SW-2(config)fint 0/20 if} #switchport mode trunk if)#switchport trunk encapsulation dotlq Mode Encapsulation Status Native vlan FaO/2ONSRSO2IG — trunking 1 Port Vlans allowed on trunk Fa0/20 1-1005 Port Vlans allowed and active in management domain Fa0/20 1.10.20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 — 1,10,20 SW-2ifsh interfaces trunk Se ee Gere ot FAO/20TORMNNBOTG§— unking 1 Port Vlas allowed on trunk Fa0/20 11005 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 24Port Vian allowed and active in management domain Fa0/20 110,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 110,20 From PC 192.168.1.1 PC>ipconfig IP Address. 192.168.1.1 Subnet Mask. 2 255.255.255.0 Default Gateway... + 192.168,1.100 PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 tim Reply from 192.168.1.3: bytes=32 tim Reply from 192.168.1.3: bytes=32 tim PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of dat eplvromN92.T6BE.AebyIEs=32 tine=25ms TTL=128 Reply from 192.168.1.4: bytes=32 tim Reply from 192.168.1.4: bytes=32 tim Reply from 192.168.1.4: bytes=32 time=13ms TTL=128 From PC 192.168.2.1 PC>ipconfig IP Addres 192.168.2.1 Subnet Mask. : 255.255.255.0 Default Gateway. 192.168.2.100 PC>ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192.168.2.3: byte Reply from 192.168.2.3: byte Reply from 192.168.2.3: bytes Reply from 192.168.2.3: byte 3ms TTL=128 Jams TTL=128 3ms TTL=128 3ms TTL=128 PC>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 25Reply from 192.168.2.4: bytes=32 time=26ms TTL=128 Reply from 192.168.2.4: bytes=32 time=12ms TTL=128 Reply from 192.168.2.4: bytes=32 time=12ms TTL=128 Reply from 192.168.2.4: bytes=32 time=13ms TTL=128 TASK: * Configure The Trunk Link Such That It Only Allow The Vian 10 , 20, 30 , 40 Traffic Should Only Be Allowed (No Other Vian Traffic Should Be Send ) On both switches (Swi/sw2) SW-x(config)#int 0/20 SW-x(config-if)#4switchport trunk allowed vlan ? WORD VLAN IDs of the allowed VLANs when this port is in trunking mode add add VLANs to the current list all all VLANs except all VLANs except the following none no VLANs remove remove VLANs from the current list SW-x(config-if}#switchport trunk allowed vlan 10,20,30.40 SW-1#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/20 10.20.30.40 Port Vans allowed and active in management domain Fa0/20 10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10.20 SW-2#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20_ on 802.19 trunking 1 Port Vians allowed on trunk Port —_Vians allowed and active in management domain Fa0/20 10,20 Port —_Vlans in spanning tree forwarding state and not pruned. Fa0/20 10,20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 26TASK: * Create vian 50, 60,70,80 on both switches * Configure the trunk link {0/20 to add van 50 ,60,70,80 to the existing trunk allowed list On both hes (SWI/SW2) SW-x(config)#vlan 50 SW-x(config-vian)#vlan 60 SW-x(config-vian)#vlan 70 SW-x(config-vian)#vlan 80 SW-x(config-vian)#end SW-x(config-if}#switchport trunk allowed vian add 50,60,70,80 SW-l#sh interfaces trunk Port Mode Encapsulation Status—_Native vlan Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/20 10, 20,30,40,50,60,70,80 Port Vlans allowed and active in management domain Fa0/20 10,20,50,60 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10,20,50,60 SW-2#sh interfaces trunk Port Mode —_Encapsulation Status _Native vlan Fa0/20 on 802.1q trunking 1 Port —_Vians allowed on trunk Port Vlans allowed and active in management domain Fa0/20 —10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 TASK * Configure the trunk link f0/20 to remove vian 70,80 to the existing trunk allowed list ‘SW-1(config)#int f0/20 ‘SW-1(config-if)#switchport trunk allowed vlan remove 70,80 SW-14sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port —__Vians allowed on trunk Fa0/20 — 10,20.30.40.50,60 Port _Vians allowed and active in management domain NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 27Fa0/20 — 10,20,50.60 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 —_ 10,20,50,60 SW-24sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port —_Vians allowed on trunk Fa0/20 — 10.20,30,40,50,60 Port Vlans allowed and active in management domain Fa0/20 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 28DIP (DYNAMIC TRUNKING PROTOCOL) Trunking can be done dynamically through negotiation process Switch# sh dtp Global DTP information Sending DTP Hello packets every 30 seconds Dynamic Trunk timeout is 300 seconds O interfaces using DTP DIP MODES DESIRABLE: (© desires to become trunk ( always want to become trunk) ‘© Sends and reply to DTP messages ‘© It becomes a trunk if the port on the other switch is set to trunk, dynamic desirable or dynamic auto mode. AUTO: ‘© Only reply to DTP messages ( not send ) ‘© Default mode on most of the modem switches ‘© It becomes a trunk if the other end is set to trunk or dynamic desirable mode. TRUNK © Configuring trunk manually ‘©. The port still negotiates trunking with the port on the other end of the link. ACCESS ‘© Configuring access manually ‘©. The port is a user port ina single VLAN. NO-NEGOTIATE ‘©. Turn off DTP messages (disable DTP). ‘©. The port isa trunk and does not do DTP negotiation with the other side of the link. Switchport Mode Interact Dynamic Dynamic res Ecce nail Dynamic aes Pa cat Access. | Trunk Trunk Access Trunk Trunk Trunk Access Not aay Trunk Trunk Trunk mended Not PETE Access — [Access [NOt Access Note: Table assumes DTP is enabled at both ends. + show dtp interface ~ to determine current setting DTP can be disabled either by 1. configuring as access port using switchport mode access 2. or using switchport nonegotiate commands NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 29ERIFYING DTP. 10/20 10/21 swl1 sw2 TASK: Configure {0/20 of SWI to actively negotiate the DTP messages and SW2_ 10/20 port should only reply to the DTP messges Configure 0/21 of SWI and SW2 should not negotiate any DTP essages On sw. ‘Sw-l# sh interfaces fa0/20 switchport Name: Fa0/20 ‘Switchport: Enabled Administrative Trunking Encapsulation: dotlq ‘Operational Trunking Encapsulation: native Sw-I(config)#int (0/20 Swz-l(config-if}#switchport mode ? access Set trunking mode to ACCESS unconditionally ‘ayfiamic Set ttinking modelto Aynaiically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally Sw-I(config.if}#switchport mode dynamic desirable SW-I#/sh interfaces fa0/20 switchport Name: Fa0/20 Switchport: Enabled Administrative Trunking Encapsulation: dotiq SW-1# sh interfaces trunk Port Mode Encapsulation Status —_Native vlan Fa0/20 auto —n-802.1q_ trunking 1 Port Vlans allowed on trunk Fa0/20 11-1005 Switch#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 auto n-802.1q trunking 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 30Port Vians allowed on trunk Fa0/20 11-1005 Port Vians allowed and active in management domain Fao/20 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 TASK: Configure SW! and SW2 to Configure Manaul Trunk and Disable the DTP negotiation Process. On swr/sw2 Sw-x(config)#int f0/21 sw-x(config-iN #switchport mode trunk sw-x(config-if#switchport trunk encapsulation dotlq Sw-x(config-i#switchport nonegotiate Sw-Ifsh interfaces trunk Port Mode Encapsulation Status _ Native vlan Fa0/20 auto —n-802.1q__ trunking 1 Fa0/21 on = 802.1q trunking 1 Port —_Vlans allowed on trunk Fa0/20 11005 Fa0/21 14005 Port —_Vians allowed and active in management domain Fa0/20. 1 Fa0/21 1 Port __Vlans in spanning tree forwarding state and not pruned Fa0/20 1 Fao/21 1 Sw-24sh interfaces trunk Port Mode Encapsulation Status _Native vlan Fa0/20 auto —n-802.1q_—_ trunking 1 Fa0/21 on = 802.1q trunking 1 Port —_Vians allowed on trunk Fa0/20 11005 Fa0/21 141005 Port Vians allowed and active in management domain Fa0/20 1 Fao/2t 1 Port —__Vlans in spanning tree forwarding state and not pruned. Fa0/20 1 Fa0/21_— none NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 31NATIVE VLAN Native VLAN Native VLAN Native VLAN TRUNK Link ao ag + Ifa packet is received on a dotiq link, that does not have VLAN tagged. it is assumed that it belongs to native VLAN. + Untagged frames must place into a VLAN by the receiving switch, the native VLAN is the VLAN used, + When a switch receives an untagged frame on a tagged interface it is assumed membership of the Native VIAN. + For Cisco switches the Native VLAN ID must match on both end of the trunk. + By default the Native VLAN is 1. + Best Practice is to configure the Native VLAN ID to VLAN 666 and to ensure that this VLAN is not used anywhere in the network. + Use this new vlan as the native vlan. No ports should be assigned to the native vlan. end devices in the native vianThe number “666" helps people to remember this. + Anattacker who attempts to use the VLAN hopping attack will end up in a dead VLAN that has no hosts to leverage. ACCESS Link 4 you do not have any This message appears when the native VLAN is mismatched on the two Cisco switches NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 32192.168.1.2 swi ‘© Connect Devices and assign the IP addressing as per the diagram. ‘+ Create vlan 999 on both switches. Configure 0/20 port as trunk link ‘© Ensure that vlan 999 should be native vlan on both trunks. ‘* Verify the connectivity between PC (192.168.1.1 and 192.168.1.2). PC>ipconfig FastEthernetO Connection:(default port) IP Address. soot 192168.1.1 Subnet Mask. i 255,255.255.0 Default Gateway... .0.0 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time: Reply from 192.168.1.2: bytes=32 time=Oms TTI Reply from 192.168.1.2: bytes=32 time=Oms TTI Reply from 192.168.1.2: bytes=32 time=Oms TTL=128 ms TTL=128 On swrysw2 SWx(config)#vlan 999 SWrx(config-vian)#end ‘sWr(config)#int £0/20 ‘SWx(config-if}#switchport trunk encapsulation dotiq ‘SWrx(config-if}#switchport mode trunk SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk sw2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 33Fa0/20 1-105 Port —_Vians allowed and active in management domain Fao/20. 1 Port Vlans in spanning tree forwarding state and not pruned Fao/20 1 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=Ims TTL=128 Reply from 192.168.1.2: byte Reply from 192.168.1.2: byte Reply from 192.168.1.2: byte TASK: change native vlan to 999 on SW/ and verify connectivity SWI(config)#int 0/20 SWI (config-if)#switchport trunk native vian 999 SWI(config-ifjtend PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. SWI#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20. on 802.1q trunking 999 Port Vlans allowed on trunk Fa0/20 11005 Port —_Vians allowed and active in management domain Fa0/20 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 SWI#sh interfaces 0/20 switchport Name: Fa0/20 Switchport: Enabled Administrative Mode: dynamic auto NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 34Operational Mode: trunk Administrative Trunking Encapsulation: dott Operational Trunking Encapsulation: dotlq Negotiation of Trunking: On ‘Access Mode VLAN: 1 (default) ‘Trunking Native Mode VLAN: 999 (VLANO999) Voice VLAN: none SW2fsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20_ on 802.19 trunking 1 Port Vians allowed on trunk Fa0/20 1-1005 Port —_Vians allowed and active in management domain Fa0/20 1 Port —_Vlans in spanning tree forwarding state and not pruned Fa0/20. 1 sW2(config)#int (0/20 sW2(config-if)#switchport trunk native vlan 999 swa(config-iifend PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: byte: Reply from 192.168.1.2: byte: Reply from 192.168.1.2: byte: Reply from 192.168.1.2: bytes=32 time=Oms TTL=128 ‘Troubleshooting Vian and Trunks * Same netwok © Same vlan * Trunking (mode) + Allowed vian on the trunk link ‘© Native lan must match NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 35Inter Vian Routing OA. 2 packets in one VLAN cannot cross into another VIAN. 2 To transport packets a between VLANs, you must use a Layer 3 device. eS eae a SO oe LAN 2 This is known as inter- VLAN routing, © Inler-VLAN routing can be performed by an external router that connects to each of the VLANs on a switch Inter-Vian Routing NOA Methods neTeON ne ACADY A. Separate Physical Gateway on Router B. Using Sub-interfaces C. Using Layer 3 Switch Vans. a van? : aad Se Wun = vuNs1.29 SER ; et ee z Trunk “ws vuNt c waN2 Mutlayer Switch vu NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 36Inter-Vian Routing using Separate NOA ETON Ono CADDY Physical Gateway on Router Rovter(contig| interface Fastethemet0/0 Rovlev(config-)# ip address 192.168.1.100 255.255.255.0, Rovter{conlig.]#no shutdown Rovter(contigt}text Rovter(conig| interface Fastethemet0/1 Routericonfig.t} Ip address 192.168.2.100 258.255.255.0, Rovteviconfig:} ino shutdown “Switchteh von VLAN Name Status Ports = 1 eetautt ‘active Fa0/S, Fas, 0/7, Fo0/8 Seas’ MEME Sree Fo0/ Fo0/12,Fo0/13,Fo0/4 ae. Fo0/18, Fo0/i6,Fo0/17, F008 Fo0/19,Fa0/20,Fa0/21, Fa /22 Fo0/23 Fa0/24, Gigh 1, Gigh/2 ‘10 sales == active Fa0/I. Fa0/2. Fa0/10 20 marketing = active Fa, Fa0/4, Fa0/11 1002 fda-aefaut ‘act/unsup TASK * Create Vian 10, Vian 20 on SWI and assign ports in to their respective VLAN as per the diagram. + Ensure That users of VLAN 10 and 20 communicate with each other 192.168.1.0/24 192.168.2.0/24 ‘Switch(config)#vlan 10 ‘Switch(config-vian)#name sales NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 37Switch(config-vian)Fexit ‘Switch(config)#vlan 20 Switch(config-vlan)#name marketing Switch(config-vian)#exit Switch(config)#interface FastEthernetO/1 Switch(config-if# switchport access vlan 10 Switch(configif}# switchport mode access Switch(config-iffinterface FastEthernet0/2 Switch(config-if}# switchport access vlan 10 Switch(config-if}# switchport mode access Switch(config-iffinterface FastEthernet0/3 Switch(config-if}# switchport access vlan 20 Switch(config-if}# switchport mode access Switch(config-if}interface FastEthernet0/4 Switch(config-if}# switchport access vlan 20 Switch(config-if}# switchport mode access Switch(config-if}#exit Switch(config)#interface FastEthernet0/10 i}# switchport access vian 10 i}# switchport mode access if)¥interface FastEthernetO/11 if}# switchport access vlan 20 i}# switchport mode access Switch(config.if}#end Switch#sh vlan VIAN Name Status Ports 1 default active Fa0/S5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fao/18 FaQ/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23. Fa0/24, Gigl/1. Gigl/2 10 sales = active Fa0/1, Fa0/2, Fa0/10 20 marketing active Fa0/3, Fa0/4, Fa0/I1 1002 fddi-cefault act/unsup Router(config)#interface FastEthernet0/O NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 38Router(config-if}# ip address 192.168.1.100 255.255.255.0 Router(config-if}#no shutdown Router(config-ifhexit Router(config)#interface FastEthernetO/1 Router(config:if}# ip address 192.168.2.100 255.255.255.0 Router(config-ii#no shutdown Router(configcif}#exit Router(config)#end Router#sh ip int brief Interface |P-Address — OK? Method Status Protocol FastthiernietO/0 926800) YES manual up up Router#sh ip route Gateway of last resort is not set C__ 192.168.1.0/24 is directly connected, FastEthemet0/O C__ 192,168.2.0/24 is directly connected, FastEthemet0/1 PC>ipconfig FastEthemetO Connection:(default port) Link-local IPv6 Address IP Address. Subnet Mask.. Default Gateway. + 192.168.1.1 255.255.255.0 : 192.168.1.100 Pc>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168,2.1: bytes=32 time=Oms TTI Reply from 192.168.2.1: bytes=32 time=Oms TTI Reply from 192.168.2.1: bytes=32 time=Oms TTL=127 Pc>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 13ms Oms Oms — 192.168.1.100 2 Oms Oms Oms 192,168.21 Trace complete. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 39INTER VLAN-ROUTING USING ROUTER XA, (Router On Stick) stun don wornone Stour Poe 7 tour ‘chefs Fis F007 Fo08 eo. 0 Fo Fl Foor Fora reas ens Foor? Foie et e20 fa? ea Fz Feres Gann. opie Terk nk conuation vce ntetace fate 0/20 (iretace facing Roker) INTER VLAN-ROUTING USING ROUTER NOA (Router On Stick) é CCreoting sub interfaces on rovier interface (0/0 R-1(contig) nt 20/0 R.I (contig # no shutdown Rel(contigil# exit ReI(config in £00/0.10 = sa ReI(configsub:i}# encapsulation dotI@ 10 eine ae It should be the exact vlan no {vlan 10) -1(config subs) # Ip odd 192.168.1.100 255.255.255.0 R-liconfig-subst}# exit I (config) int £20/0.20 ReI(config-ubsi)# encapsulation doti@ 20 hould be the exact vian no [ vian 20) Rel(conlig-ubsi}# jp odd 192.168.2.100 255.255.2550 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 40LAB INTER VLAN-ROUTING USING ROUTER (Router on Stick) 1070.10 192.168.1.100 1070.20 192.168.2.100 RY TASK: Create Vian 10 , Vian 20 on SWI Shift ports in to their respective VLAN as per the diagram. Confiure F0/20 port as Trunk link. Create sub interfaces on router port f0/0 Ensure That users of VLAN 10 and 20 communicate with each other On swt Switch (config)#hostname SW-1 SW-1(config)#interface range f0/1 - 2 f-range)#switchport mode access f-range)#switchport access vlan 10 SW-1(config-ifrange)#exit ee SW-1(config)#interface range £0/3 - 4 SW-1(config-if-range)#switchport mode access SW-1(config-if-range)#switchport access vlan 20 SW-1(config-ifrange)#end NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 41SW-l#sh vian VIAN Name. Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, FaO/15, FaO/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/2I, Fa0/22, Fa0/23, Fa0/24 GigW/1, Gigl/2 10 VLANOOIO = active Fa0/I, Fa0/2_ 20 VLANOO20 active Fa0/3. Fa0/4 1002 fddi-cefault act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tnet-default act/unsup Trunk link configuration SW-1(config)#interface fastEthernet 0/20 (Interface facing Router) SW-1(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dottq * A rrouter on a stick can be used to route between VLANS using either ISL or 802.1Q as the trunking protocol. © Arouter on a stick requires subinterfaces, one for each VLAN. Creating sub interfaces on router interface f0/0 R-l(config)#int fa0/0 R-l(config-if\# no shutdown R-l(config.if)# exit R-l(config)#int fa0/0.10 R-l(config-sub-i# encapsulation dotlQ 10 It should be the exact vian no ( vian 10) R-l(config-sub-if}# ip add 192.168.1.100 255.255.255.0 Re(config-sub-if}# exit R-l(config)#int fa0/0.20 R-l(config-sub-if}# encapsulation dotlQ 20 It should be the exact vlan no ( vian 20) Rel(config-sub-if}# ip add 192.168.2.100 255.255.255.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 42Router#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/O unassigned _YES unset_up up Verify connectivity Pc>ipconfig IP Address +: 192.168.1.1 Subnet Mask.. 255.255.255.0 Default Gateway. + 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 time=62ms TTL=127 Reply from 192.168.2.1: bytes=32 time=125ms TTL=127 Reply from 192.168.2.1: bytes=32 time=109ms TTL=127 Pc>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 47ms 63ms 62ms —192.168.1.100 2 109ms 125ms 78ms 192.168.2.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 43Inter Vian-Routing Using MLS NOA, W.1¢2h lan 7 detout the FO0/S, Fale F207. Fs 70079, Fo0/0 Fa, FO/2 00/19, F0l4 F008 Fo 0/7, Fa08 F009, F020 00/2, F022. 00/2, FO Goi, Gigi? 10 MaNoo10. active. Ft FOI 20 wanomo active. Fa. FO Swchjcontal lt ven 10 ‘Swichicom"a ie edees 192.168.1100 2882882880 Sich|contig. ne shuldown Swichleontgitex! ‘wehjcontil it vlan 20 Swteniconon lp edees 192.1682.100 2882882850 Soileh|contig shulown Schicontg) ext Sich 2h pint bret Layer 3 Port on MLS MOA, Switeh(config)int fa0/20 ‘Switch(config:intip address 10.0.0.2 255.0.0.0 ‘% Invalid input detected at marker. ‘Switeh(configinsino switehport Switch(confg-itip address 10.0.0.2 255.0.0.0 » By defauit all the ports of any Multiayer Switch wil be switchport (Layer 2) » they don't understand IP addressing and just forward frames by identilying MAC address » In our example we want f0/20 port of MLS as Router port (layer 3) »Tocchange the defauit Layer 2 port to a Router port we need to add command “no switchport” NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 44LAB: Inter Vian-Routing Using MLS VAN 10 192.168.1.100 WAN 20 192.168.2.100 tea.t68.44 wates.s UNTO VLAN 20 192.168.1.0/24 192.168.2.0/24 168.2. TASK: Create vian and shift the ports as per the diagram create SVI ( switch virtual interface ) for each vlan and assing IP as per vlan addressing as per the diagram given Ensure that IP routing is enabled on Multilayer Switch + verify connectivity between vians (ping 192.168. TASK: Create Vian and Shift the Ports According To the Diagram Switch(config)#vlan 10 switch(config-vlan)#vian 20 Switeh(config-vian)#exit Switch(config)fint range fO/1 - 2 Switch(config-ifrange)#switchport mode access Switch(configcit-range)#switchport access vlan 10 Switch(config-if-range)#exit ‘Switch(config)#int range f0/3 - 4 Switch(config-ifrange)#switchport mode access switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#exit ‘TASK: Create SVI (Switch Virtual Interface) For Each Vian Switch (config}#int vlan 10 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 45Switch(config-if}ip address 192.168.1.100 255.255.255.0 Switch(config-if}#no shutdown Switch(config-if)#exit ‘Switch(config)int vlan 20 Switch(config-if}#ip address 192.168.2.100 255.255.255.0 ‘Switch(config-if}#no shutdown Switch(config-if exit Switch # sh ip int brief + The VLAN must be defined and active on the switch before the SVI can be used. * The VLAN and the SVI are configured separately, even though they interoperate. Creating or configuring the SVI doesn’t create or configure the VLAN: you still must define each one independently Switch(config)#ip routing ‘+ Enable routing on the switch by using the ip routing command, Even if IP routing was previously enabled, this step ensures that itis activated. Task : Verify Conne ity between VLANs (Ping 192.168.1.1 --192.168.2.1) PC>ipcontig IP Addres Subnet Mask.. Default Gateway.. 192.168.1.1 +: 255.255.255.0 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. epirom 92.1682. ek=32 time 109! TTL=127 Pc>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 47ms 63s 62 ms TSN6BIIIOO NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 46TASK: + Continue With The Previous Lab Configurations + Add A Router Connecting To MLS as per the diagram ( Assuming that there is a Wan Connection Between Router And MLS and they are different locations) 10/20 On 100.0.2/8 100.0.1/8, WAN 10 192.168.1.100 a 172,16.1-100/24 to UW 20 192.165.2.100 1724641 172.16.1.2 fens IK eyes eae MUO Sas een “WaNTO VAN 20 ames eee TASK: Configure IP addressing as per the Diagram on all Devices. Router(config)#int 0/0 Router(config-if#ip address 172.16.1.100 255,255.0.0 Router(config-if)#no shutdown Router(config:if}#exit Router(config)#int fO/1 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthemet0/O —172.16.1.100_YES manual up up FastEthernet0/I 0.0.0.1. YES manual up, up On MIs Switch(config)#int fa0/20 Switch(config-if}ip address 10. 2 255.0.0.0 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 47By default, every switch port on most Catalyst switch platforms is a Layer 2 interface, whereas every switch port on a Catalyst 6500 is a Layer 3 interface. If an interface needs to operate in a different mode, you must explicitly configure it. An interface is either in Layer 2 ot Layer 3 mode, depending on the use of the switchport interface configuration command. You can display a port's current mode with the following command: + Switch show interface type mod/num switchport If theSwitchportiline in the command output is shown as enabled, the port is in Layer 2 mode. If this line is shown as disabled, as in the following example, the port is inLayer 3 mode: Switch# show interface gigabitethernet 0/1 switchport Name: Gio/1 Switch# NOTE: By default all the ports ofany Multilayer Switch will be swithport (Layer 2) they don’t understand IP addressing and just forward frames by identifying MAC address In our example we want f0/20 port of MLS as Router port ( layer 3) To change the default Layer 2 port to a Router port we need to add command “no switchport™ Switch(config-if}#no switchport Switch(config-if}#ip address 10. 2 255.0.0.0 Switch #Sh ip int brief FSSEREREIOZZOMNNNTOIOIO YES manual up w ‘Switch#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: ltt Success rate is 80 percent (4/5), round-trip min/avg/max = 4/5/7 ms MLS (3560) Switch(config)#router ri Switch(config-router)#version 2 Switch(config-router)#network 192.168.1.0 Switch(config-router)#network 192.168.2.0 Switch(config-router)#network 10.0.0.0 Switch(config-router)#no auto-summary Switch(config-router}#end NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 48ROUTER Router(config)#router rip Router(config-router)#ver 2 Router(config-router)#network 172.16.0.0 Router(config-router)#network 10.0.0.0 Router(config-router)4no auto-summary Router(config-router)#end Routerfsh ip route C 10.0.0.0/8 is directly connected, FastEthernetO/t C_172.16.0.0/16 is directly connected, Fastéthernet0/0 Switch#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, FastEthernet0/20 C__ 192,168.1.0/24 is directly connected, Vian10 C _ 192,168.2.0/24 is directly connected, Vian20 Pc>ipaontig 1 Address 1926BLT Subnet Mask.. 255.255.255.0 Default Gateway.. : 192.168.1.100 PC>ping 172.16.1.1 Pinging 172.16.1.1 with 32 bytes of data: Request timed out. Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 Reply from 172.16.1.1: bytes=32 time=125ms TTL=126 PC>tracert 172.16.1.1 Tracing route to 172.16.1.1 over a maximum of 30 hops: 1 31ms 31ms 32ms 192.168.1.100 2 63ms 62ms 62ms 10.0.0.1 3 109ms 125ms 125 ms 172.16.1.1 Trace complete. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 49a Extended VLAN a Voice VLAN Extended OA. VLAN 2 Historically, Cisco Catalyst switches have supported only up to 1024 VLANS 1 ISL uses 10-bit VLAN ID (upto 1024 Vian) 2 802.1Q includes a 12-bit VLAN ID field (upto 4096 vian) 1 Cisco refers to the VLANs between 1025 and 4096 as extended-range VLANs. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 50Cisco Catalyst switches support extended-range VLANs under the following restrictions: \VTP cannot be used for VLAN management. (VTP must be configured in transparent mode or off ‘sw(config)#vtp mode? lient Set the device to client mode. off Set the device to off mode. sw7(configvtpmode server server Set the device to server mode. Setting device to VIP Server mode for IANS. transparent Set the device to transparent mode. ‘sw(config)#vlan 4000 sw(config-von)énamesales ‘sw(config-vian)eexit {Foiled to create VLANs 4000 Extended VLAN) not allowed in current VTP mode. led to commit extended VLAN(S) changes. Only Ethernet VLANs are supported. 002 Fati-defautt sctvansup oot fatinet default setvaneup 100s trorf-cofoult setvaneup Foo/2, Fo, 0/5 , Fa0/7, Fa, 90/9 9, F00/ia, FaB/22, ra0/is) fa0/36, F00/27 Fae/22, oie/t, 60/2” NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution Page 51‘swo(config)évtp mode transparent sapien Setting device to VIP Transparent mode forVLANS. ian name ‘Sich ort ‘swe(confg)evlan 4000 eee ‘swy{configvlon)ename sales 1 defaut active Fadl Fao, Fol, Feels ‘swy{configvlon)text Fools, Fao7 Fao, Fao/9 Fa0lo, aol, Foot, Folss Foo, Faas, Foo!6 Faohiz Fao), Fj, Faol20,Fo)2t Fao, io Gila 1002fdd-defoutt ‘ectfunsup 1003 trerdefoult cectlunsup 1004 ldinet default act/unsup 1005 tror-default cctiunsup +4000 sales active The spanning-tree extended system ID feature (also known as MAC address reduction) must be enabled, © Enabled by default You cannot disable the extended system ID feature ‘SW7#show spanning-tree summary Sitch inpet mode oo bie for: ViAN000 Ports Defaut —_dsbies Forte POU Curd ft sed swoon dapanningtre extend sytennid ‘sw{config)éno spanning tree extend systermid Command "no spanning:tree extend systemid " was not accepted ‘extended systennid feature remains enabled due to extended VLAN existence, ‘sw7(confg)eno vlan 4000 ‘sw{confg)éno spanning tree extend systernid 2 Command "no spanning tree extend systemid " was not accepted. ‘This platform requires that the extendedsystennid feature remain enabled. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 52Voice VLAN MOA. 5. Voice VLAN feature enables access ports to cary IP voice trafic from an IP phone. 5. switch can connect to IP Phone to cary IP voice trafic 5 The Cisco IP Phone contains an integrated three-port 10/100 switch Bg ton CA. Default VLAN configuration : | Tha voice VLAN featur ia lsaledby detaut + You should congue voice VLAN on such access pots ‘Tha voice VLAN shouldbe present and active onthe ait forte IP phone to comely coramuniat onthe voice VLAN, | Use te show vin privileged EXEC command to ee ithe VLAN i present ‘© The Port Fastfeaure i suomatcaly enabled when vice VLAN is configured PC Catalyst 3550 switch Cisco 7960 IP Phoné s NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 53Configuring Voice VLAN 1. Greate vian 10= DATA and Vian 0 = VOICE 2 Assing Ports connecting to PC to Data vlan and IP phones to Voice VLAN Configuring Voice VLAN (contd) Create vlan 10= DATA and Vian 60 = VOICE Swichcotgyvian 10 Srten{contig-vanjanare DATA Swieh(conig.vanitont Switch cogil 50 ‘Swieh(contg-vanjtrare VOICE Swich(contg-vanytoxt NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 54Configuring Voice VLAN (contd) [Assign Ports connecting to PC to Datav lan and IP phones to Voice VLAN Ser{conig iit 11 ‘Swieh(conig-fisvitcport made access Swieh(contg-feithpor access van 10 Swieh(contg text Swieh(cont it 08 Sirten{confg-# swtchpat mode acces Swich(conig-ftsvtchpr voce van 50 Swieh(contg-fext Configuring Voice VLAN (contd) J i 40 DATA 59 VOICE ‘eta ‘wicrfconigyin 012 Swich(contig-swtcrpert mode access Swich(contig fewer access van 10 Swich(cotigfewtcnper voce van £0 Swtonlcona-itend Switchtshow van ‘VLAN Name. Status Pons five Fo0, FeO, Fa0/10 Fearn Faoit2, FaQ'a, Fao", FaOris AOI Fa0I'7,FaON8,FaOr19 e020, Fao, Feorz2’Faar23 Fa024, Got, Gar active Foot, Fa0/2 ‘tive Fa0,Fa0/3 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 55VTP VLAN TRUNKING PROTOCOL XA, a VIPis a CISCO proprietary protocol used to share the VLAN configurations with multiple switches and to maintain consistency throughout that network. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 56vTP NA. a VTP manages the addition, deletion, land renaming of VLANs across the network from a central point of control coe 4 Information will be passed only if ‘switches connected with Fast there ‘or higher ports. @ Also must be trunk links Note: a Switches Should be configure with ‘same Domain. @ Domain are not Case sensitive. VTP MODES 1, Server Mode 2. Client mode 3. Transparent mode NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 57— MOA. ‘© Defauit mode % Creates, modifies, and deletes VLANS + Synchonizes VLAN configurations ‘ Sends and forwards advertisements + Saves configuration in NVRAM Client Mode cannot Add , Modity and Delete its VLAN ‘configurations ‘© Doesn't store is VLAN configuration information in the NVRAM. Instead ,leams it ‘rom the server every time it boots Up + Forwards advertisements + Synchronizes VLAN configurations ‘ Do not save in NVRAM ‘Transparent Mode ‘can Add , Modify and Delete VLAN configurations. “+ Does not synchronize VLAN ‘configurations + Forwards advertisements + Saves configuration in NVRAM NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 58Configuring VTP Switeh(Contig)# VIP domain CCIE Switeh(Confio)# Vip password elscot23 Switeh(Confo) Vip version 2 Switsh(Contio)* Vip mode Switeh(Confg)# Vip pruning ‘SWtiish vip status ‘SWiiish vip password VIP is off by defaut ‘© VIP once enabled uses version 1 only XM OA, Configuration Revision Number 1 VIP switches use an index called the VTP configuration revision number to keep track ofthe ‘mast recent information The VIP advertisement process always stats with configuration revision number 0 (zero) 12 When subsequent changes are made on a VIP server, the revision number is incremented before the advertisements are sent. ‘SW-H¥ah vip satus ‘Maximum VLANs supported local: 255 Number of exiting VANE: 5 VIP Pruning Mode Disabled vip v2 Mode Enabled VIP raps Generation Disabled (MDS digest 0x86 0x22 0x83 OxBE 0423 O¥AB 0306 OxCC = Configuration ast modiied by 0.0.00 a! 31-93 00:07, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 59Before Adding a Switch to an Existing VTP | OA, Domain , Ensure a new switch has VTP revision is 0 before adding it to a network. ‘2 Change the switeh’s VTP mode to transparent and then change the mode back to server. 2 Change the switch’s VTP domain o a bogus name (@:nonexistentVTP domain), and then change the ‘VIP domain back to the original name. Delete Vian.dat file inside the Flash and rléid i seen Li VTP Versions MOA. VIP version 4 VIP Version 2 ‘Supports only one VTP domain ‘Support multiple VTP domain Check for domain name (if matches | No check then only forward VTP messages) More consistent check (add more | Check for consistency whenever new overhead) information is added NO ‘Support for Token ring VLAN NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 60LAB: VTP Transparent — 73> Client TASK: 1) Configure the links between Switches as Trunks. (vtp advertisements are send only on trunk ports) 2) Configure VTP on all switches as per thegiven modes in the Diagram above. 3) To verify VIP a. Create vlans on server and verify on client and transparent switch b. Create vians on transparent switch and verify on client and server (On SWI (SERVER) SW-1(config)int £0/20 SW-1(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dotlq 2 (TRANSPARENT) sw2(config)#int range fa0/20 - 21 SW-2(config-if}#switchport mode trunk SW-2(config-if}#switchport trunk encapsulation dotlq Sw3 (CLIENT) 53 (config)#int f0/21 SW-3(config-if}#switchport mode trunk SW-3(config-i}#switchport trunk encapsulation dotlq SWI#sh interfaces trunk Port Mode —_ Encapsulation Status _Native vlan NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 61SW2#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.19 trunking. 1 Faq/21_ on 802.19 trunking 1 SW-3#sh interfaces trunk Port Mode Encapsulation Status Native vlan TASK: + Configure VTP on all switches as per thegiven modes in the Diagram above. © (SWI-SERVER. SW2 - TRANSPARENT, SW3— CLIENT) Make Sure that Domain name ( case-sensitive) / password / version must match on all switches for sending and receiving VTP Messages swt swt swat swt swt (config)#vtp domain CCNP (config)#vtp password ciscol23 (config)#vtp version 2 (config)#vtp mode server SW-2(config)#vtp domain CCNP SW-2(config)#vtp password cisco123 SW-2(config)#vtp version 2 SW-2{config}#vtp mode transparent sw3 SW-1(config)#vtp domain CCNP SW-1(config)#vtp password ciscol23 SW-1(config)#vtp version 2 SW-1(config)#vtp mode client Swish vtp status VTP Version 22 Configuration Revision: 2 Maximum VLANs supported locally : 255 Number of existing VLANs: 5 VTP Operating Mode =: Server VTP Domain Name =: CCNP VTP Pruning Mode isabled VTP v2 Mode : Enabled VTP Traps Generation : Disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 62MDS digest + OXB6 0x22 0x83 OxBE 0x23 OxAB 0x06 OxCC Configuration last modified by 0.0.0.0 at 3-1-93 00:07:33 Local updater ID is 0.0.0.0 (no valid interface found SWI#sh vtp password The current VTP parameters for a management domain can be displayed using the show vtp statuscommand SW-3#sh vip status Maxitnum VLANs supported locally : 255 Number of existing VLANs: 5 VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MDS digest +: OX86 Ox22 Ox83 OxBE 0x23 OxA8 0x06 OxCC Configuration last modified by 0.0.0.0 at 3-1-93 00:07 To verify VTP ‘+ Create vians on server and verify on client and transparent switch + Create vians on transparent switch and verify on client and server swt SW-1(config)#vlan 10 SW-1(config-vlan)#vlan 20 SW-1(config-vlan)#vlan 30 SW-1(config-vlan)#vlan 40 SW-1(config-vlan)#name sales SW-1(config-vlan)#vlan 50 SW-1(config-vlan)#name marketing Ri#sh vlan VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/?. Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 63Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigl/I Sw-3#sh vlan Gigl/2 1002 fdai-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup: VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/22, Fa0/23, Fa0/24, Gigl/1 Sw-2#sh vlan Gigl/2 10 VIANOOIO = active 20 VIANOO20 active 30 VLANOO30 active 40 sales active 50 marketing = aactive VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/22 Fa0/23, Fa0/24, Gigi/l, Gigl/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1 et-default act/unsup NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 64not synchronize the vlan You don't see any van on the transparent mode switch as the transparent information from any other Swithces but still forward the Vian information. sw-2 sw-2 sw-2 sw2 (config)#vlan 100 onfig-vlan)#vlan 200 (onfig-vian)#vlan 300 (onfig-vian)#end SW2 #sh vlan VIAN Name. Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/22 Fa0/23, Fa0/24 1002 fddi-cefaultt act/unsup Swish vlan VLAN Name Status Ports 1 default active Fa0/l, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/?, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigi/I Gigt/2 10 VLANOOIO active 20 VLANOO20 active 30 VLANOO30 active 40 VLANO040 active 1002 fddi-cefault act/unsup. 1008 token-ring-default act/unsup 1004 fddinet-defautt act/unsup 1005 tnet-default act/unsup NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 65SW3 # sh vlan VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/I8, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigl/I cig/2 10 VLANOOIO active 20. VLANO020 active 30 VLANO030 active 40 VLANOO40 active 1002 fddi-defautt act/unsup. 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup. 1005 trnet-default act/unsup, + You can see the vians created on the transparent switch are not present in any of the other switches ( SWI or SW3 ) because the switch in transparent mode will not synchronize the vian information * Revision number for switches in the transparent mode will be always ZERO. Sw-2#sh vtp status VIP Version 2 Maximum VLANs supported locally : 255 Number of existing VLANs: 8 VTP Operating Mode : Transparent VIP Domain Name ccNP VTP Pruning Mode : Disabled VTP v2 Mode : Enabled VTP Traps Generation : Disabled MDS digest (OxB7 0x9D OxA5 OxEF OxDE 0x56 OxC5 OxCF Configuration last modified by 0.0.0.0 at 3-1-93 00:07 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 66VTP version 3 {2 Protection against data overwits. (fx the configuration revision number higher udpating) + rary server can ony make changes (oly ene) {2 Support for VLAN numbers up to 4086 Can also advertise + advertise Exended vlan infermation (1006-4094) + Private vlan information + Mt configuration 1 Option of clear text or hidden password protection 1. VIP can be disabled globally or interface level Catalyst6500-1(config)#vtp version 3 Cannot set the version to 3 because domain name is not configured VTP Roles Versus Functions and Behavior MST - VTP3 Relay/Proces [Configure | Save s PRIMARY SRV | Yes Yes Yes SECONDARY | Yes No Yes SRV CLIENT Yes No No TRANSPARENT | Yes ‘Yes Yes OFF No Yes Yes NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 67\VTP3 interoperates with VTP version 2 but not VTP version 1 No interaction betwoen VIP VTP? device wit ‘and VIPS devices bbe supplied with Information AVTP2 device: VTP1Only VIPS will never update viet aVTPS device transition 0 vip2 VTP version 3 configuration is mostly performed in global configuration mode. Catalyst6500-1(configy# vtp ? domain Set the name of the VIP administrative domain, fle Configure IFS flesystem file where VTP configuration is stored. interface Configure interace as the preferred source fr the VTP IP updater address, mode Configure VTP device mode Password Set the password for the VTP administrative domain pruning Set the administrative domain to permit pruning version Set the administrative domain to VIP version NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 68VTP version 3 10124 swi ene TASK: * Configure {0/24 port of sw1/Sw2 as Trunk ports. * Configure VTP version 3 using following parameters: + Domain name : NOA * Password hidden : noal23 SW1(config)#int 10/24 SWI (config-if)#switchport trunk encapsulation dott SWI (config-if}#switchport mode trunk SWI(config-ifffexit SW2(config) int f0/24 sW2(config-if)# switchport trunk encapsulation dotlq SW2(config-if)# switchport mode trunk SW2(config-if) fend ‘SW2fsh interfaces trunk, Port Mode Encapsulation Status Native vlan Fa0/24 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/24 1-4094 Port Vlans allowed and active in management domain Fao/24 1 Port —_Vlans in spanning tree forwarding state and not pruned Fa0/24 none sw2itsh vtp status VTP Version capable :1to3 VTP version running =: T VTP Domain Name : VTP Pruning Mode : Disabled VIP Traps Generation : Disabled Device ID 1 0023.041c.5e00 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater 1D is 0.0.0.0 (no valid interface found) Feature VLAN: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 69VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs 5 Configuration Revision 20 MDS digest 1 0x57 OxCD Ox40 Ox65 0x63 0x59 0x47 OxBD (0x56 Ox9D Ox4A Ox3E OxAS 0x69 0x35 OxBC SWI¥sh vlan brief VLAN Name Status Ports 1 default active _ Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, GiO/I cio/2 1002 fddi-cefault act/unsup. 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup SWI(config)#vtp domain NOA SWI (config)#vtp password noal23 SWI (config)#vtp version 3 sw2(config)#vtp domain NOA sW2(config)#vtp password noal23 W2(config)#vtp version 3 sw2(config)#end sw2itsh vtp status VTP Version capable 1to3 VIP version running =: 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID + 0023.041c.5e00 Feature VLAN: VTP Operating Mode + Server Number of existing VANS: 5 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 70Number of existing extended VLAN: Maximum VLANs supported locally: 1005 Configuration Revision 20 Primary ID 000.000.0000 Primary Description MDS digest ‘SW2fsh vtp password TASK: Configure 5 hes to ensure that the password should be seen. SW2fsh vtp password sW2(config)#vtp password noal23 ? secret Specify the vtp password in encrypted form sW2(config)#vtp password noal23 hidden SWI (config)#vtp password noal23 hidden SWI (config)#end SWIsh vtp password TASK: © Create vian 10,20,30,40 on SW/ and ensure that it synchonises on both switches: + Configure SWI to be primary switch to update the database. SWI(config)#vlan 10 SWl#vtp primary vlan This system is becoming primary server for feature vian Enter VTP Password: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 71No conflicting VTP3 devices found. Do you want to continue? [Confirm] SWIésh vtp status VTP Version capable :1to3 VTP version running 3 VIP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID + 0022.be79.2e00 Feature VLAN: Number of existing VANS: 5 Number of existing extended VLANs : 0 Maximum VLANs supported locally: 1005 Configuration Revision 21 Primary ID +: 0022,be79.2e00 Primary Deseription SWI MDS digest + OxIE OxA7 OxBE 0x46 0x94 OxBE 0x95 OxAS Ox9D Ox6E OxD5 0x69 0x72 OxEF 0x03 OxDO Feature MST: VTP Operating Mode ransparent Feature UNKNOWN: VTP Operating Mode : Transparent ‘SW1(config)#vlan 10,20,30,40 SWI(config-vian)#end SWI¥sh vlan brief VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/I8, Fa0/19, Fa0/20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 72Fa0/21, Fa0/22, Fa0/23, Gi0/t cio/2 1002 fddi-default act/unsup 1003 trerf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup SW2ésh vlan brief VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, GiO/I cio/2 40 VLANOO40 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup sw2itsh vtp status VTP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation isabled Device ID : 0023.041c.5e00 Feature VLAN: VTP Operating Mode : Server Number of existing VIANs =: 9 Number of existing extended VLANs : 0 Maximum VLANs supported locally: 1005 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 73Configuration Revision fa Primary ID + 0022.be79.2e00 WI : OXBF Ox17 Ox16 OxA3 Ox73 0x09 OxOF Ox2E OxEC OxI9 Ox4F OxCA Ox13 OxEE OxD4 0x79 Primary Description MDS digest Feature MST: VTP Operating Mode : Transparent Feature UNKNOWN: VTP Operating Mode : Transparent TASK: Create extended vian 2000 - 2001 on SW SW/I(config)#vlan 2000-2001 SW(config-vian)#end SWI#sh vlan brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gio/t ciov2 10 VLANOOI0 active 20. VLANO020 active 30 VLANO030 active 40 VLANOO40 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup, 1005 trbrf-default act/unsup SW24sh vlan brief VIAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 74Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gio/t cio/2 10 VLANooto active 20 =VLANOO20 active 30. VLANOO30 active 40 VLANOO40 active 1002 fddi-defautt act/unsup 1003 trerf-default act/unsup 1004 fddinet-default act/unsup: 1005 trbrf-default act/unsup 2000 VIAN2000 active 2001 VLAN2001 ative TASK: Promote SW2 to be the primary server and create vlan 3000-3005 on SW2 sw2évtp primary vlan This system is becoming primary server for feature vlan Enter VTP Password: No conflicting VTP3 devices found. Do you want to continue? [confirm] sw2itsh vtp status VTP Version capable :1to3 VTP version running 3 VTP Domain Name NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID +: 0023.041c.5200 Feature VLAN: VTP Operating Mode rimaty Server Number of existing VLANs: 9 Number of existing extended VLANs : 2 Maximum VLANs supported locally : 1005 Configuration Revision 24 Primary ID + 0023.041c.5e00 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 75Primary Description :sw2 MDS digest # OXID OxIT OxA3 OxIF 0x76 Ox7C OxE7 OxD7 OxIB 0x28 OxB9 OxBD OxFO Ox71 OxIE OxBC Feature Ms VIP Operating Mode : Transparent Feature UNKNOWN: VTP Operating Mode ransparent SWI#sh vtp status VTP Version capable :1to3 VTP version running 3 VIP Domain Name :NOA VTP Pruning Mode : Disabled VIP Traps Generation : Disabled Device ID +: 0022.be79.2e00 Feature VLAN: VTP Operating Mode Number of existing VLANs Number of existing extended VLANs : 2 Maximum VLANs supported locally: 1005 Configuration Revision 4 Primary ID + 023.041.5200 Primary Description :swa2 MDS digest +: OxID OxI1 OxA3 OxIF 0x76 Ox7C OxE7 OxD7 OxIB 0x28 OxB9 OxBD OxFO Ox71 Ox1E OxBC Feature Ms VTP Operating Mode : Transparent Feature UNKNOWN: VTP Operating Mode ransparent sW2(config)#vlan 3000-3001 sW2(config-vian)#end swish vlan brief VIAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 76Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gio/t cio/2 10 VLANooto active 20 =VLANOO20 active 30. VLANOO30 active 40 VLANOO40 active 1002 fddi-defautt act/unsup 1003 trerf-default act/unsup 1004 fddinet-default act/unsup: 1005 trbrf-default act/unsup 2000 VLAN2000 active 2001 VLAN2001 active TASK: © Cofigure MSTP on SWI and ensure that SW2 should also synchronise the MSTP configuration information. ‘SWI#sh spanning-tree mst configuration % Switch is not in mst mode Name 01 Revision 0. Instances configured 1 Instance Vians mapped 01-4094 SWl#vtp primary mst SWI#sh vtp status VIP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VIP Pruning Mode : Disabled VIP Traps Generation : Disabled Device ID +: 0022.be79.2e00 Feature VLAN: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 77VTP Operating Mode : Server Number of existing VLANs 9 Number of existing extended VLANs : 4 Maximum VLANs supported locally: 1005 Configuration Revision :5 Primary ID + 0023.041c.5e00 Primary Description :swa2 MDS digest : OxBO OxFA OxI1 0x95 OxOF OxA9 OxF3 0x58 (0x38 0x96 OxDE OxIB 0x26 0x37 Ox8F OxD9 Feature Ms Feature UNKNOWN: VTP Operating Mode ‘ransparent SWI (config)#vtp mode server mst SWI (config)#end SWl#vtp primary mst This system is becot Enter VTP Password: No conflicting VTP3 devices found. Do you want to continue? [confirm] 1g primary server for feature mst server for the MST VTP feature SWHésh vip status VTP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID +: 0022.be79.2e00 Feature VLAN: VTP Operating Mode erver Number of existing VLANs 29 Number of existing extended VLANs : 4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 78Maximum VLANs supported locally: 1005 Configuration Revision 25 Primary ID + 0023.041c.5e00 Primary Description sw MDS digest + OXBO OxFA OxII 0x95 OxOF OxAQ OxF3 Ox58 (0x38 0x96 OxDE Ox1B 0x26 0x37 Ox8F OxD9 Feature MST: VTP Operating Mode: Primary Server Configuration Revision Hl Primary ID + 0022.be79.2e00 Primary Description 2 SW MDS digest 1 0x86 0x43 Ox4F Ox9D Ox7C Ox8F OxOF OxEB OxIF 0x25 OxD2 OxSA 0x55 0x98 OxET OxI9 Feature UNKNOWN: VTP Operating Mode : Transparent sW2(config)#vtp mode client mst SWI (config)#spanning-tree mode mst SWI (config)#spanning-tree mst configuration ‘SWI (config-mst)#name CCIE SWI (config-mst)#revision 1 ‘SWI (config-mst)instance 1 vian 10,20 SWI (config-mst)4instance 2 vlan 30.40 SWI (config-mst)#exit ‘SWI#sh spanning-tree mst configuration Name — [CCIE] Revision 1 Instances configured 3 Instance Vans mapped 0 1-9,11-19,21-29,31-39,41-4094 1 10.20 2 30.40 ‘SW24sh spanning-tree mst configuration % Switch is not in mst mode Name [CCIE] NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 79Revision 1 Instances configured 3 Instance Vians mapped 0 1-9,11-19,21-29,31-39,41-4094 it 10.20 2 30.40 ‘sw2(config)#spanning-tree mode mst ‘SW2ésh spanning-tree mst configuration Name — [CCIE] Revision 1 Instances configured 3 Instance Vians mapped 0 —1-9,11-19,21-29,31-39,41-4094 1 10,20 2 30,40 * Configure Private VLAN information on SW2 and verify VIP synchronizing private vlan information. swa(config)#vian 10 sw2(config-vian)#vian 100 sw2(config-vlan)#vlan 200 sw2(config-vian)exit swa(config)#vlan 10 sw2(config-vian)éprivate-vian primary sw2(config-vian)exit ‘swa2(config)#vlan 100 swa(config-vian)éprivate-vian isolated sw2(config-vian)exit sw2(config)#vlan 200 sW2(config-vian)#private-vian community sw2(config-vian)#exit sw2(config)#vlan 10 sW2(config-vlan)4private-vian primary sW2(config-vlan)4private-vian association 100,200 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 80sW2(config-vian)#exit ‘SW24sh vlan private-vian Primary Secondary Type Ports SW/lésh vlan private-vian Primary Secondary Type Ports 10 100 isolated 10 200. community SWI# sh vlan VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, GiO/l cio/2 10 VLANOOIO active 20. VLANOO20 active 30 VLANO030 active 40 VLANO040 active 100 VLANOI00 active 200 VLANO200 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup, 1005 trbrf-default act/unsup 2000 VLAN2000 active 2001 VLAN2001 active 3000 VLAN3000 active 3001 VLAN3OOI active VIAN Type SAID MTU_ Parent RingNo BridgeNo Stp. BrdgMode Trans! Trans2 1 enet 100001 1500- - - -- 0 0 10 enet 100010 1500- - - -- 0 0 20 enet 1000220 1500- - - -- 0 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 8130 enet 100030 1500- - - -- 0 O 40 enet 100040 1500- - - -- 0 0 100 enet 100100 1500- - - -- 0 0 200 enet 100200 1500- - - -- 0 0 1002 fddi 101002 -1500- - - -- 0 0 1003 trerf 101003 4472 1005 3276 - - sb O 0 1004 fdnet 101004 1500- - - ieee- 0 0 1005 trbrf 101005 4472- - 15 ibm- 0 O 2000enet 102000 1500- - - -- 0 0 2001 enet 102001 1500- - - -- 0 O 000 enet) 105000, 1500-48 | 0) 2g) 3001 enet 103001 1500- - - -- 0 O VLAN AREHops STEHops Backup CRF 10037 7 off Remote SPAN VLANs TASK: Configure SW/I to disable VTP globally or interace level on 0/23 SWI sh vip status VTP Version capable :1to3 VTP version running 3 VTP Domain Name :NOA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0022.be79.2e00 Feature VLAN: VTP Operating Mode erver Number of existing VIANs 11 Number of existing extended VLANs : 4 Maximum VLANs supported locally: 1005 Configuration Revision 212 Primary ID + 0023.041c.5e00 Primary Description :swa2 MDS digest +: OXEE 0x2B O19 OxOE OxD1 OxBD OxF9 0x96 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 82(0x34 OxE8 Ox14 OxDI Ox68 OxBI OxF2 OxB3 Feature MST: VTP Operating Mode : Primary Server Configuration Revision 12 Primary ID + 0022.be79.2e00 Primary Description SWI MDS digest : 0x03 Ox46 OxEB OxBA Ox16 0x90 OxAC 0x22 (OxB3 Ox6F 0x31 0x99 Ox5C OXOE Ox9B OxFB Feature UNKNOWN: VIP Operating Mode : Transparent TASK: Disable VTP on SW/I using Mode off: SWI (config)#vtp mode off vian Setting device to VTP Off mode for VLANS. SWI (config)#vtp mode off mst Setting device to VTP Off mode for MST. TASK : Re-eable VTP on sw1 ( vian and msT) and Disable VTP only on interface (0/23. ‘SWI (config)#vtp mode server vlan Setting device to VTP Server mode for VLANS. SWI (config)#vtp mode server mst Setting device to VTP Server mode for MST. SWI(config)#int £0/23 SWI(config-if}#no vip SWI(config-fffend TASK: Create vian 199 and enable RSPAN and ensure that it synchronises this information as well sw2(config)#vlan 199 sW2(config-vlan)#remote-span sW2(config-vian)#end SW24sh vlan remote-span NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 83SWI#sh vlan remote-span NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 84VTP pruning NA. 12 VIP pruning makes more efficient use of unk bandwidth by reducing unnecessary flooded traffic 12 Broadcast and unknown unicast frames on a VLAN are forwarded over a trunk lnk only if the ‘switch on the receiving end of the trunk has ports in that VLAN. 12 Preserves bandwidth by configuring ito reduce the amount of broadcasts, multicasts, and unicast packets. Uses bandwidth more efficiently by reducing unnecessary flooded traffic Example: Station A sends broadcast; broadcast flooded only toward any switch with ports assigned to the red VLAN Z\ aes Pruning Enabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 85By default, VLANs 2 through 1005 are pruning-eligible, but VLAN 1 can never prune because it's an administrative VLAN. All VLANs by default are prune eligible, which means that all VLANs can be pruned by this protocol 12 To block specific VLANs from the pruning mechanism, we must use the switchport trunk pruning vian command. ‘a Enabling pruning on a VTP server, enables it for the entire domain, server(Configh# Vip pruning Rackisw24ahow vip statue Maximum VIANS supported locally + 1005 Nunber of exiating VLAN 6 WEP Operating tode Server VIP Pruning Mode + Bnabled Verify VTP pruning MOA. Switchifshow interface crunk Pore Mode Enc Macive vian Fa0/2 on 202.24 a Pore Viens allowed on crunk Fa0/2 23-1005 Pore Vians allowed and active in managenent domain Fa0/2 41,10,20, 1002, 1003, 1004, 1005, Pore Viang in spanning tree forwarding state and not pruned Fao/t 4,10,20,2002, 1003, 2004, 1005, RackSWifshow interface fa0/16 pruning Port Vlans pruned for lack of request by neighbor Fa0/16 1-8, 10, 22, 58, 67,146 Port Vian traffic requested of neighbor Fa0/16 1,5, 7-10, 22, 43,58, 67,79, 146 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 86VTP prune eligible list NA. switchport trunk pruning vian {add vian-list| all | except vian-list| remove vian-list) To configure the VLAN pruning-eligible list for ports in trunking mode. The pruning-eligibe list applies only to trunk ports. Each trunk port has its own eligibility lst Ifyou do not want @ VLAN to be pruned, remove it from the pruning-eligible list. VLANs that are pruning ineligible receive flooded traffic. Switch(config-if#switchport trunk pruning vian remove 3,10-15 Manually Pruning VLANs MOA, VTP to decide what VLANs would be allowed on a trunk and even went so far as to remove a VLAN from the prune eligible lst. ‘SW/(confg)interface FastEthernet 0/20 SW/(config-fftswitchport trunk allowed vlan remove 5 allows us to specify what VLAN or group of VLANs we want to be forwarded across 2 given trunk. NOTE: Itis important that this command be applied on both ends of a given link NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 87‘sw-tifsh interfaces trunk Port Mode Encapsulation Status Native vian Fao on 802.1q trunking 999 Port Vians allowed on trunk Fa0i20 1.1005 Port Vians allowed and active in management domain Fa00 4 Port. Vians in spanning ree forwarding state and not pruned Foro 4 sw-tish interfaces trunk Pot Mode Encapsulation Status Native vian Faoi20 on 802 1q trunking 909, Port Vians allowed on trunk Fe020 5. Port Vians allowed and active in management domain Fa020 5. Port Vians in spanning tree forwarding state and not pruned Fa020 5. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 88LAB: VTP Pruning: vre ci ong 0720 swt ‘sw2 TASK: * Configure the link f0/19, £0/20 between SW/, SW2 as trunk links. + SWI = server , SW2 = Client * domain : NOA (version2)_ password : noal23 * Create vian 10,20,30,40 and VTP should sync with others. SWI (config)#int range f0/19 - 20 SWI (config-if-range}#switchport trunk encapsulation dotiq SWI (config-if-range)#switchport mode trunk SWI (configrif-range)exit sW2(config)#int range f0/19 - 20 sW2(config-if-range)#switchport trunk encapsulation dotiq sW2(config-if-range)#switchport mode trunk sW2(config-if-range)#end SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan F019 on 802.1q trunking 1 Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk Fag 1-4094 Fa0/20 1-4094 Port —_Vlans allowed and active in management domain Faog 1 Fa0/20 1 Port Vlans in spanning tree forwarding state and not pruned Fao 1 Fao/20 1 SWI(config)#vtp domain NOA SWI(config)#vtp password noal23 SWI(config)#vtp version 2 ‘sw2(config)#_vtp mode Server sW2(config)# vtp domain NOA sW2(config)#_vtp password noal23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 89swa(config)# vtp version 2 ‘sw2(config)# vtp mode client SWI(config)#vlan 10 SWI(config-vian)#vlan 20 SWI (config-vian}#vlan 30 SWI(config-vian) vlan 40 SWI (config-vian)#exit sW2ésh vlan brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3 Fa0/4, Fa0/5, Fa0/6 FaQ/7, Fa0/8, Fa0/9 FaQ/10, FaQ/I, Fa0/12 FaQ/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18 Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gio/2 10 VLANOOIO active 20. VLANO020 active 30 VLANOO30 active 40 VLANOO40 active 1002 fddi-default act/unsup. 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup. 1005 trbrf-default act/unsup SW24sh interfaces trunk Port Mode Encapsulation Status _ Native vlan F209 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Fog 1-4094 Fa0/20 1-4094 Port —_Vians allowed and active in management domain Fa0/19—_1,10,20,30,40 Fa0/20 —_1,10,20,30.40 Port Vians in spanning tree forwarding state and not pruned Fa0/19 —1,10,20,30,40 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 90Fa0/20 —1,10.20,30.40 swe By default trunks allows all the vian irrespective of whether they have active ports present on that vian or not. TASK: * Configure VTP pruning on VTP server to ensure that the trunk links should prune the vlan which are not active on that particular switch; SWI#sh vip status VTP Version Configuration Revision: 5 Maximum VLANs supported locally: 1005 Number of existing VLANs: 9 VTP Operating Mode : Server VTP Domain Name :NOA VIP Pruning Mode =: Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MDS digest +: Ox34 OXFB OxE4 0x98 0x79 OxEA Ox38 Ox2C Configuration last modified by 192.168.1.51 at 3-1-93 01:16:06 Local updater ID is 192.168.1.51 on interface VII (lowest numbered VLAN interface found) SW2ésh vip status VTP Version 22 Configuration Revision 5 Maximum VLANs supported locally : 1005 Number of existing VIANs :9 VIP Operating Mode Client VTP Domain Name NOA VTP Pruning Mode: Disabled VTP V2 Mode : Enabled VIP Traps Generation : Disabled MDS digest +: Ox34 OxFB OxE4 0x98 0x79 OxEA Ox38 Ox2C Configuration last modified by 192.168.1.51 at 3-1-93 01:16:06 SWI (config)#vtp pruning SWI(config)#end SWI#sh vtp status VIP Version Configuration Revision 6 Maximum VLANs supported locally : 1005 Number of exi ing VLANs: 9 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 91VTP Operating Mode : Server VTP Domain Name :NOA VTP V2 Mode nabled VTP Traps Generation : Disabled MDS digest +: Ox06 OxBC OxF4 0x35 OxF9 Ox8C Ox69 OxF7 Configuration last modified by 192.168.1.51 at 3-1-93 01:19:10 Local updater ID is 192.168.1.51 on interface VII (lowest numbered VLAN interface found) SW2ésh vip status VIP Version Configuration Revision +6 Maximum VLANs supported locally : 1005 Number of existing VLANs: 9 VTP Operating Mode + Client VTP Domain Name NOA VTP V2 Mode : Enabled VTP Traps Generation : Disabled MDS digest 1x06 OxBC OxF4 0x35 OxF9 Ox8C 0x69 OxF7 Configuration last modified by 192.168.1.51 at 3-1-93 01:19:10 SW2fsh interfaces trunk Port Mode _ Encapsulation Status Native vlan Fa0/19 on 802.1q trunking 1 Fa0/20. on 802.1q trunking 1 Port Vians allowed on trunk Fao/19 1-4094 FaQ/20 1-4094 Port Vlans allowed and active in management domain Fa09 —_1,10,20,30,40 Fa0/20 _1,10,20,30.40 Port _Vians in spanning tree forwarding state and not pruned * By default in my network i have only port f0/1 connected in vian 1 and | have only vian 1 active and it will not be pruned anyways by default + TO verify the pruning behavoiour i have vian 10,20,30.40 created on server and synchronised on both. switches NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 92* create some svi interface for each vlan on both switches for verifying VTP pruning behaviour ( in real networks we have PC connecting to their respective vlan, Here we are not adding any PC or routers for testing VTP pruning) SWI#sh vlan brief VLAN Name Status Ports 10 VLANOOIO 20 VLANGO20 30 VLANOO30 40 VLANO040 1002 fddi-default 1003 trerf-default 1004 fddinet-default 1005 trbrf-default SWI(config)#int vlan 10 SWI(config-if#exit SWI(config)#int vlan 20 SWI(config-iffexit active _Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7. Fa0/8, Fa0/9. Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/21, Fa0/22, Fa0/23 Fa0/24, GiO/, active active active active act/unsup. act/unsup act/unsup act/unsup ‘Once we create SVI for wlan 10 and 20 on SWI it will update the next switch about the ACtive vian status and \2 will add them in the not prune ‘SW2ésh interfaces trunk Port — Mode Fa0/i9_ on Fa0/20 on Encapsulation Status Native vian trunking 1 trunking 1 Port — Vlans allowed on trunk Fao/19 1-4094 Fa0/20 1.4094 Port Vians allowed and active in management domain Fa0/19—_1,10,20,30,40 Fa0/20 —_1,10,20,30,40 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution con” Page 93Port Vians in spanning tree forwarding state and not pruned Fa0/19 — 1,10320 Fa0/20 none SW24sh interfaces 10/19 pruning Port Vlans pruned for lack of request by neighbor Fao/19 30,40 Port Vian traffic requested of neighbor sw2(config)#int vlan 30 sW2(config-if#int vlan 40 swa(config-iifend ‘Once we create SVI for vian 30 and 40 on SW2 it will update the next switch about the ACtive vlan status and SWI will add them in the not prune list. SWI#sh interfaces trunk Port Mode Encapsulation Status _Native vlan Fa0/9 on 802.1q trunking 1 Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk Fao/i9 1-4094 Fa0/20 11-4094 Port Vlans allowed and active in management domain Fa0/19 —_1,10,20,30,40 Fa0/20 —_1,10.20,30.40 Port _Vlans in spanning tree forwarding state and not pruned Fao/20. 1 SWI¥sh interfaces (0/19 pruning Port Vlans pruned for lack of request by neighbor Fao/19 10,20 Port Vian traffic requested of neighbor Fao/19—1,10.20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 94VTP Prune eligiblte List: * If we want we can even add the vlan list which should not be pruned, as by default all the vians are pruned except VLAN 1 TASK: * Create vian 199 and ensure that vlan 199 should not get pruned even if they are not active ports. Default vlan prune eligible list (2 -1001) SWI(config)#vlan 199 SWI(config-vian)#exit ‘SWI(config)#int range f0/19 - 20 SWI(config-if-range)#switchport trunk pruning vlan ? WORD VIAN IDs of the allowed VLANs when this port is in trunking mode add add VLANs to the current list except all VLANs except the following none no VLANs remove remove VLANs from the current list ‘SW1(config-if-range)#switchport trunk pruning vlan remove 199 ‘SWA(config-if-range)#exit ‘SW2ésh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/9 on 802.1q trunking 1 Fa0/20. on 802.1q trunking 1 Port Vians allowed on trunk Fao/19 1-4094 Fa0/20 1-4094 Port Vlans allowed and active in management domain Fa0/19 _1,10,20,30,40.199 Fa0/20 —_1,10,20,30,40,199 Port Vians in spanning tree forwarding state and not pruned Fa0/19—1,10,209199 Fa0/20 none Mode Encapsulation Status Native vlan on 802.1q trunking 1 on 802.1q trunking 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 95Port Vians allowed on trunk Faon9 1-4094 Fa0/20 1-094 Port Vians allowed and active in management domain Fa0/19_ 1,10.20,30.40.199 Fa0/20 —1,10,20,30.40.199 Port Vians in spanning tree forwarding state and not pruned Fa0/19 —1,30,40,199 Fao720 1 TASK: Manual Pruning: * Disable VTP pruning configured. © Configure SW/1/SW/2 to allow only vlan 1,10,20,30,40 and vlan 199 on their respective trunk links (irespective whether they are active or not) SWI(config)#no vtp pruning. Pruning switched off SWI (config)#int range f0/19 -20 SWI (config-if-range)switchport trunk allowed vian 1,10,20,30,40,199 SWI (config-if-range)fexit sW2(config)#int range f0/19 - 20 sW2(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40,199 sW2(config-if-range)#end SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan F019 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port — Vians allowed on trunk Fa0/19 —_1,10,20,30,40.199 Fa0/20 — 1,10,20,30.40.199 Port _Vlans allowed and active in management domain Fa0/19 —_1,10,20,30,40.199 Fa0/20 — 1,10,20,30.40.199 Port Vians in spanning tree forwarding state and not pruned NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 96TASK: * Create vian 50,60 and add them on the trunk list * Configure Truk to remove vian 10 from allowed vlan list. SWI(config)#vlan 50 SWI(config-vian)#vlan 60 SWI(config-vian)#exit SWI¥sh vlan brief VIAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6 FaQ/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/I2, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 VLANOOIO active 20. VLANO020 active 30 VLANO030 active 40 VLANO040 active 50 VLANOOSO ative 60 VLANOO60 active 199 VLANO199 active 1002 fddi-default act/unsup 1003 trerf-default act/unsup. 1004 fddinet-default act/unsup. 1005 trbrf-default act/unsup SWI#sh interfaces trunk Port Mode Encapsulation Status _ Native vlan F019 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/19__1,10,20,30,40,199 Fa0/20 —_1,10,20,30,40,199 Port Vlans allowed and active in management domain Fa0/19 —1,10,20,30,40,199 Fa0/20 —_1,10,20,30,40,199 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 97Port Vians in spanning tree forwarding state and not pruned Fa0/19 _ 1,10,20,30,40.199 Fao720. 1 SW/I(config)#int range fO/19 - 20 SWI(config-if-range)#switchport trunk allowed vian add 50,60 SWI(config-if-range)#switchport trunk allowed vian remove 10 SWI(config-if-range)#exit SWI#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fao/19 on 802.1q trunking 1 Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/19 —_ 1,20,30,40,50,60,199 Fa0/20 —_1,20,30,40,50,60,199 Port —_Vians allowed and active in management domain Fa0/19 — 1,20,30,40,50,60.199 Fa0/20 —1,20,30,40,50,60,199 Port _Vians in spanning tree forwarding state and not pruned Fa0/19 —1,20,30,40,50,60,199 Fa0/20 1,50,60 sW2(config)#int range f0/19 - 20 sW2(config-if-range)#switchport trunk allowed vlan add 50,60 'sW2(config-if-range)#switchport trunk allowed vlan remove 10 sW2(config-if-range)#end SW24sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/19 on 802.1q trunking 1 Fa0/20 on 802.19 trunking 1 Port Vians allowed on trunk Fa0/19 — 1,20,30.40,50,60,199 Fa0/20 — 1,20,30,40,50,60,199 Port —_Vians allowed and active in management domain Fa0/19 — 1,20,30.40,50,60,199 Fa0/20 —1,20,30,40,50,60.199 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 98Port Vians in spanning tree forwarding state and not pruned NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 99Spanning-tree protocol SNS awe ering Ce ser Bridging loops i onche ACLSENY Redundant link between switches provides redundancy. Also possibilty to create loops when switches do broadcasts, 1. Broadcast storms 2. Mac-table instability 3. Multiple frame transmissions a NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 100Bridging loops (solution) NA. 1. Only one link between switches (no redundancy) 2 Shutdown extra link temporarily 1. Manually ( shutdown command) 2. Automatically block extra links ( done by STP) Spanning-tree Protocol MOA, » STP stop the loops which occurs when you have multiple links between switches » STP stops avoiding Broadcast Storms, Multiple Frame Copies & Database instabilly STP is a open standard (IEEE 802.10) STP is enabled by default on all Cisco Catalyst switches Fa0/1_——+20/1- 30/2 0/2 Switch ‘switchB NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 101How STP works MOA. 1 Selecting the Root Bridge 2 Selecting the Root Port 2 Selecting Designated port & Non Designated port 1) Selecting the Root Bridge NEA, » The bridge with the Best (Lowest) Bridge ID. » Bridge ID = Priority + MAC address of the switch » Out of al the switches in the network, one is elected as a root bridge that becomes the focal point in the network » Every LAN will have only one Root Bridge and all thé*remaining switches willbe considered as Non-root Bridges. NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 1022) Selecting the Root Port: NGA, . Shortest path to the Root bridge Every Non-root Bridge looks the best way to go Root-bridge 1. least cost (Speed) 2. The Lowest forwarding Switch ID ( priority + mac) 3. Lowest forwarding Physical Port Number. » For every non-root bridge there is only one root port. STP Port Cost NA. ink Speed(Bandwidth) Port Cost 10 mbps 100 100 bmps 19 1gbps 4 10 gbps 2 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1033) Selecting Designated port & Non Designated NA, port 1. least cost (Speed) 2. least local Switch ID. 3. Lowest local Physical Port Number. BPDU NA. All switches exchange information through what is called as Bridge Protocol Data Units (BPDUs) Hello = BPDUs are sent every 2 sec (Max age(dead)= 20 sec Forward Delay (listening/leaming time) = 15 sec 1 ABPDU contains information regarding ports, switches, port priority and addresses. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 104STP port states Blocking 20 Sec or No Limits. Listening 15 Sec. Gleaming 18 Sec. Forwarding No Limits Disable No Limits Lab : verifying spanning-tree NEA. # Show Spanning-tree. # Show Spanning-tree vlan # Show Spanning-tree root Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 105Changing STP Timers NA. (Config)# Spanning-tree vian hello-time <> (Configy# Spanning-tree vian forward-time <> (Config)# Spanning-tree vlan max-age <> Hello time between each bridge protocol data unit (2PDU) thats sent on a port. 2 seconds (sec) by default. can tune the time to be between 1 and 10 sec. forward delay Time thats spent inthe listening and learning state. 15 sec by default can tune the time to be between 4 and 30 sec max age ‘The max age timer controls the maximum length of time that passes before a bridge port ‘aves its configuration BPDU information. 20 sec by default, can tune the time to be between 6 and 40 sec. Chaning the port role MOA, Modify the cost © (Config-if# Spanning-tree vian cost Modify the bridge ID © (Config-ifi# Spanning-tree vian priority Modify the port-priority * (Config-if# Spanning-tree vlan port-priority NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 106LAB: VERIFYING SPANNING-TREE TASK:_ Find Root Bridge and alternate port (BLK) Swish spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0007.ECCD.AC82 Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 00D0.580D.2EEO Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20 Root FWD19 128.20 P2p Fa0/21 DesgFWD19 128.21 P2p sw2#tsh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 107Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/22 DesgFWD19 128.22 P2p ‘Wish spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0007.ECCD.AC82 Cost 19 Port 22(FastEtherneto/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sysid-ext 1) Address 00D0.9716.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type Fa0/21Altm BLKT9 ©=— 128.21 P2p Fao/22 Root RVD 19 128.22 P2p TASK: © To verify the STP convergence process shutdown the SWI {0/20 port and verify with Show spanning-tree Swi (config)#int f0/20 Swi (config-i#shutdown Once 10/20 interface of SWI or SW2 goes down, the alternate port f0/21 (SW3) comes to forwarding after delay of 50 sec © BLK 20sec o ISN 15sec o LRN 15sec wl (config)#int 0/20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 108SwI(config-if)#shutdown Swish spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0007.ECCD.AC82 Cot 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 00D0.971E.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/2t DesgFWD19 128.21 Pap Fa0/22 Root FWD19 128.22 P2p TASK: Configure F0/20 port of SW1 back to normal state (no shutdown) Sw (config)# int f0/20 Swi (config-if}# no shutdown ‘sW3#sh spanning-tree VLANOOOI Spanning tree enabled protocol Root ID Priority 32769 ‘Address 0007.ECCD.AC82 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address Q0DO.971E.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/21 Ath BLKI9 = 128.21 Pap Fa0/22 Root FWD 19 128.22 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 109Swl#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0007.ECCD.AC82 Cost 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00D0.580D.2EE0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fx0/20° Root WD 128.20 Pap Fa0/21 DesgFWD19 128.21 P2p * —SW2 f0/21 goes back to BLK state + SWI-/F0/20 comes back to normal forward state after 30 sec delay ( 15 sec LSN , 15 sec LRN) TASK: ‘+ Configure SW/I to be the Root Bridge for Vian 1 by changing the Priority value ‘+ Verify the STP port states changes once we change the Root bridge Configuring Spanning Tree To change the STP priority value, use the following: Switch (config)# spanningtree vlan < priority value> ‘Sw1(config)#spanning-tree vlan 1 priority ? Sw1(config)#spanning-tree vian 1 priority 0 Swi(config)#end ‘Swish spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 1 Address 00D0.580D.2EEO This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 110Bridge ID Priority 1 (priority 0 sys-id-ext 1) ‘Address 00D0.580D.2EE0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgAWD19 128.20 P2p Fao/2t DesgAWD19 128.21 P2p ‘SW34sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 1 Address 00D0.580D.2EEO Cot 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00D0.9716.4EAE Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio. Nbr Type Fa0/21 Root AWDI9 128.21 Pap Fa0/22 Altn BLK19 128.22 P2p By default, STP is enabled for all active VLANs and on all ports of a switch. STP should remain enabled in a network to prevent bridging loops from forming. * However, you might find that STP has been disabled in some way. If an entire instance of STP has been disabled, you can reenable it with the following global configuration command: © Switch(config)# spanning-tree vian vian-id + If STP has been disabled for a specific VLAN on a specific port, you can reenable it with the following interface configuration command: © Switch (config-if}# spanning-tree vian vian-id NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 111LAB: Tuning STP (cost/proirity/Timers) for19 10720 swt ae TASK: * Connect Sw! and sw2 as per the digram on f0/19, f0/20 ports. * Configure swI to be the root bridge for all vlans (also future vlan). + Find what the rootports and Designated and blocking ports. sw2#sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fa0/t9 DesgFWD19 128.19 P2p Fa0/20 DesgFWD19 128.20 P2p ‘+ By default in my case, sw2 is elected as Root Bridge based on best bridge ID. + Asper task we need to configure SWI to become the Root Bridge with least prorirty value. SWI#sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000b.be78.8300 Cot 19 Port 19 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 112Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p Interface Role Sts Cost. _Prio.Nbr Type Fa0/I9 Root FWD19 128.19 Pap SW (config)#spanning-tree vian 1-4094 root primary SWI#sh spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 24577 (priority 24576 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time. 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge Pap Fao9 DesgFWD19 128.19 P2p Fa0/20 Desg FWD 19 128.20 P2p swish spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cost 19 Port 19 (FastEthemnet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 uww.noasolutions.con Page 113Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fao/19 Root FWDI9 128.19 P2p Fa0/20 Altn BLKI9 128.20 P2p + Asper the default configurations sw2 0/20 goes in to blocking state based on stp root port, and designtated port conditions. TASK: * Configure SW2 to ensure that f0/20 should be in forwarding state ( f0/19 in to blocking) w/2(config)#int £0/20 sw2(config-if}#spanning-tree cost 4 swa(config-if}# end or \2(config)#interface FastEthernet0/19 SW2(config-if}# spanning-tree cost 100 sw2(configif)fexit sw2#sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 ‘Address 000b.bee2.fa00 Cost 19 Port 20 (FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 114TASK * Remove the cost configured in the previous task: ‘+ Ensure that that you do the same cost by making changes other than SW2.( on sw) sW2(config)#int fO/19 SW2(config-if}#no spanning-tree cost 100 sw2(config-ifexit sw2#tsh spanning-tree vian 1 ‘VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cot 19 Port 19 (FastEthemnet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address _000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa0/19 Root WD19 128.19 Pap Fa0/20 Atm BLK19 128.20 P2p. SW/(config)#int f0/20 SWI(config-if}#spanning-tree port-priority ? <0-240> port priority in increments of 16 SWI (config-if}#spanning-tree port-priority 0 SWI(config-if}#end SW/#sh spanning tree vlan 1 VLANOOOt Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000b.bee2.fa00 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 115Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa Desg FWD 19 128.1 Edge Pap Fa0/19 Desg FWD 19 128.19 P2p Fa0/20 Desg FWD 19 0.20 P2p ‘Sw2#sh spanning-tree vlan 1 ‘VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cost 19 Port 20 (FastEthernet0/20) Hello Time 2 sec Max Age 20sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fao/i9 tn BLK19 128.19 Pap Fa0/20 Root FWD 19 128.20. Pap TASK: Changing STP timers * Configure the root bridge so that switches generate Spanning-Tree hello packets every 3 seconds. * When a new port becomes active, it should wait 20 seconds before transi ning to the forwarding state. If the switches do not hear a configuration message within 10 seconds, they should attempt reconfiguration. + This configuration should affect all currently active VLANs and any additional VLANs created in the future. Swish spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 116Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p Fao/19 DesgFWD19 128.19 P2p Fa0/20 Desg FWD 19 0.20 Pap Downstream devices from the root bridge inherit the timers configured on the root. SW/I(config)#spanning-tree vlan 1-4094 hello-time 3 SWI(config)#spanning-tree vlan 1-4094 forward-time 10 SWI(config)#spanning-tree vlan 1-4094 max-age 10 SW/I(config)#end SW/lish spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 This bridge is the root Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) ‘Address 000b.bee2.fa00 Hello Time 3 sec Max Age 10 sec Forward Delay 10 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge Pap Fao/t9 DesgFWD19 128.19 P2p Fa0/20 DesgFWD19 0.20 Pap SW2#sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000b.bee2.fa00 Cost 19 Port 20 (FastEthernet0/20) Hello Time 3 sec Max Age 10 sec Forward Delay 10 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 117Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa0/19 Altn BLK 19 128.19 P2p Fa0/20 Root FWD 19 128.20 Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 118Optimizing STP Selecting Root bridge, Portfast, Etherchannel , BPDU Guard/filter, Rootguard, loopguard, UDLD, errdisable Hierarchical Campus Model NEA, Workgroup Access. Access Petraes i Gotcy Bese Distribution: aes | Sane Core NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 119Hierarchical Campus Model NEA JH oe hber STP : Selecting Root Bridge 2 Default root bridge election priority + Base Mac & Recommended to Select high speed Switch to be elected as Root Bridge 1. Change priority 2. Primary | Secondary | NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 120‘SW-A\config)#spanning-tree vian 1 root Primary STP : Selecting Root Bridge Configuration ‘SW-8(config)#spanning-tee vian 1 root Secondary OR ‘SW-A(config)#spanning tree vian 1 priority 0 ‘SW-B(config)#spanning-tree vian 1 priority 4096 NOTE : 2. Prony valves can be only mutiples of 4096 Primary reduces priotty by 8192 from defaut print ©. secondary reduces prioity 4096 from default prioity NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 121LAB: Per VLAN STP: \d the Root bridge , root ports, alternate ports in the topology SWI#sh spanning-tree Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/21 DesgFWD19 128.21 Pap Fa0/22 Desg FWD 19 128.22 P2p sw2#sh spanning-tree VLANOOOI NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 com Page 122 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutionSpanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96¢4,2¢24 Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001.994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Root FWD19 128.20 Pap Fa0/21 DesgFWD19 128.21 Pap Fa0/22 Desg FWD 19 128.22 P2p SW3#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96¢4.2¢24 Cost 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec. Forward Delay 15 sec Bridge ID Priotity 32769 (priority 32768 sys-id-ext 1) ‘Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type FRO/20)VAINIBLK TON 128.20 Pap Fao/21 Root RWD19 128.21 P2p FaO/220NWANAIBLATONNN 128.22 Pap SW4#sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96C4,2¢24 Cost 19 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 123Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 AIM BLK 19 128.21 P2p Fa0/22 Root FWDI9 128.22 P2p + In this example, SWI is the root Bridge and you can verify the root ports and alternate ports in the above outputs + Asper you topology it can vary as it based on Mac- address ( vary from switch to switch) TASK: * Configure the links connecting between switches as Trunk links * Configure VTP on all Four switches to synchronize the vlan information * Create vian 10,20,30,40 on SW/I and ensure that it sync with other switches. ON Swi, sw2. Sw3, Sw SWx(config)#int range 0/20 - 22 sWx(config-if-range)#switchport trunk encapsulation dotiq Wx(config-ifrange)#switchport mode trunk SWx(config)#vtp domain CCIE SWIsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Fa0/21_ on 802.1q trunking 1 Fa0/22 on 802.1q trunking 1 Port Vians allowed on trunk Fa0/20 1-105 Fa0/21_ 1-105 Fa0/22_ 1-105 Port Vian allowed and active in management domain Fao/20 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 124Fao/2t 1 Fao/22 1 Port Vlans in spanning tree forwarding state and not pruned Fao/20 1 Fao/21 1 Fao/22 1 sw2i#sh int trunk Port Mode Encapsulation Status. Native vlan Fa0/20_ on 802.19 trunking 1 FaQ/21_— on 802.1q trunking 1 Fa0/22 on 802.1. trunking 1 Port Vlans allowed on trunk FaQ/20 11005 Fa0/21 1-105 Fa0/22_ 1-105 Port Vians allowed and active in management domain Fa0/20 1 Fao/2t 1 Fa0/22, 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 Fao/21 1 Fao/22. 1 sw2e SW3#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Fa0/21 on 802.1q trunking 1 Fa0/22. on 802.1q trunking 1 Port Vians allowed on trunk Fa0/20 1-1005 Fa0/21 1-105 Fa0/22_ 1-105 Port —_Vians allowed and active in management domain Fao/20 1 Fao/2t 1 Fa0/22 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 125Port Vlans in spanning tree forwarding state and not pruned Fa0/20 none Fao/2t 1 Fa0/22_ none Sw3t SW4#sh interfaces trunk Port Mode —_ Encapsulation Status _Native vlan Port Vians allowed on trunk Fa0/20 11005 Fa0/21_ 1-105 Fa0/22_ 1-105 Port Vians allowed and active in management domain Fao/20. 1 Fao/21 1 Fa/22 1 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1 FaQ/21__ none Fao/22 1 SW1(config)#vlan 10 SW1(config-vian}#vlan 20 SW1(config-vian}#vlan 30 SW1(config-vian}#vlan 40 SWI(config-vian}#exit SWI#sh vlan brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/23 Fa0/24, Gig0/1, Gigd/2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1261002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active SwW2i#sh vian brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, FaO/16 FaQ/I7, Fa0/18, Fa0/19, Fa0/23 FaQ/24, GigO/1, Gigd/2 10 VIANOOIO = active 20 VLANOO20 active 30 VLANOO30 ative 40 VLANOO40 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active SW3#sh vian brief VLAN Name Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa0/10, Fa0/11, Fa0/12 FaQ/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/23 Fa0/24, Gigi/l, Gigl/2 30 VIANOO30 active 1002 fddi-cefautt active 1003 token-ring-default active 1004 fddinet-default active NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 1271005 trnet-default active SW4#sh vian brief VIAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7. Fa0/8 Fa0/9, Fa0/10, Fa0/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/I7, Fa0/18, Fa0/19, Fa0/23 Fa0/24, Gigl/I, Gigl/2 10 VIANOOIO = ative 20 VLANOO20 active 30 VLANOO300 ative 40 VLANOO4O ative 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active TASK: * Configure SWI should be the Root Bridge for VLAN 10 .20 and Backup for VLAN 30,40 Configure SW2 should be the Root Bridge for VLAN 30,40 and Backup for VLAN 10,20 Note: By default here SWI will be the root bridge for all vian as the priority value is same , and Sw! is having the least MAC address of all ( this may vary in your labs) ‘SWIish spanning-tree vlan 10 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0001.96C4.2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 Desg FWD 19 128.21 Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 128Fa0/22 DesgFWD19 128.22 Pap ‘SWI#sh spanning-tree vlan 20 Spanning tree enabled protocol ieee Root ID Priority 32788 Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0001.96C4.2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/21 DesghWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p ‘SWIl#sh spanning-tree vian 30 Spanning tree enabled protocol ieee Root ID Priority 32798 Address 0001.96¢4.2¢24 _—_ This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/2t DesgAWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p ‘SWI#sh spanning-tree vlan 40 Spanning tree enabled protocol ieee Root ID Priority 32808 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 129Address 0001.96C4.2C24 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Desg AWD 19 128.20 P2p Fao/2t DesghWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p You can configure a Catalyst switch to become the root bridge using one of two methods, 1. Manually setting the bridge priority value Switch(config)# spanning-tree vian priority 2. Causing the would-be root bridge switch to choose its own priority, based on some assumptions about other switches in the network using primary and secondary options. You can accomplish this with the following command: Switch(config)# spanningtree vian root {primary | secondary} + The bridge-priority value defaults to 32.768, but you can also assign a value of 0 to 65,535. + IFSTP extended system ID is enabled (default is most switches) , the default bridge-priority is 32,768 plus the VIAN number. ‘+ In that case, the value can range from 0 to 61.440, but only as multiples of 4096. A lower bridge priority is preferable. © If the current root priority is less than that, the local switch sets its priority to 4096 less than the current root, For the secondary root bridge, the root priority is set to an artificially low value of 28,672. On SWI SW/I(config)#spanning-tree vian 10.20 priority 0 SWI(config)#spanning-tree vlan 30,40 priority 4096 OR SW/1(config)#spanning-tree vlan 10,20 root primary SWI (config)#spanning-tree vlan 30.40 root secondary Onsw2 9w2(config)#spanning-tree vlan 30,40 priority 0 sw2(config)#spanning-tree vian 10.20 priority 4096 OR NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 130swa(config)#spanning-tree vlan 30,40 root primary sw2(config)#spanning-tree vlan 10.20 root secondary SWI#sh spanning-tree vian 10 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96C4,2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 10 (priority 0 sys-id-ext 10) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 2p Fa0/21 DesgFWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p Swish spanning-tree vian 20 ‘VLANO020 Spanning tree enabled protocol Root ID Priority 20 Address 0001.96C4.2C24 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ee Bridge ID Priority 20 (priority 0 sys-id-ext 20) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fao/21 DesgFWD19 128.21 Pap Fa0/22 DesgFWD19 128.22 P2p SWIish spanning-tree vlan 30 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 131Spanning tree enabled protocol ieee Root ID Priority 30 Address 0001.C994.B8166 Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4126 (priority 4096 sys-id-ext 30) Address 0001.96C4.2C24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type FAO/20NNIROSEFWDIS 12820 P2p Fa0/21 DesgFWD19 128.21 P2p Fa0/22, DesgFWD19 128.22 P2p Swish spanning-tree vian 40 ‘VLANO040 Spanning tree enabled protocol ieee Root ID Priority 40 ‘Address 0001.C994.B166 Cost 19 Port — 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 4136 (priority 4096 sys-id-ext 40) Address 0001.96¢4.2¢24 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20RootAWDT9 =— 128.20 Pap Fao/21 DesgFWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p swe2i'sh spanning-tree vian 30 ‘VLANOO30 Spanning tree enabled protocol ieee Root ID Priority 30 Address 0001.C994.B166 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 132Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 30 (priority O sys-id-ext 30) Address 0001.C994,B166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 DesgFWD19 128.21 P2p Fa0/22 DesgFWD19 128.22 P2p ‘SW2#sh spanning-tree vlan 40 Spanning tree enabled protocol ieee Root ID Priority 40 Address 0001.C994.B166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 40 (priority 0 sys-id-ext 40) ‘Address 0001.C994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 2p Fa0/21 DesgFWD19 128.21 P2p Fao/22 Desg FWD 19 128.22 Pap ‘sw2#sh spanning-tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96¢4,2¢24 Cost 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4106 (priority 4096 sys-id-ext 10) Address 0001.C 994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 133Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fa0/20 Root FWD 19 128.20 P2p Fa0/21 —«DesgFWD19 128.21 Pap Fa0/22 Desg FWD 19 128.22 P2p Swe2itsh spanning-tree vlan 20 ‘VLANOO20 Spanning tree enabled protocol ieee Root ID Priority 20 Address 0001.96C4,2¢24 Cost 19 Port _20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4116 (priority 4096 sys-id-ext 20) ‘Address 0001.C994.8166 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio.Nbr Type F20/20 Root FWD19 = 128.20 Pap Fa0/21 DesgFWD19 128.21. P2p Fao/22 Desg FWD 19 128.22 P2p W3#sh spanning-tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96¢4.2¢24 Cost 19 Port 2(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 134FAO/ZOAIAIBLK TON 128.20 Pap Fa0/21 Root WD19 128.21 Pap Fa0/220NWANAIBLATONN 128.22 Pap SW3#sh spanning-tree vian 20 ‘VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 20 Address 0001.96C4,2¢24 Cost 19 Port _21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type FA0/20 Alt BLK19999[128.20 Pap Fa0/21 Root FWD19 128.21 P2p Spanning tree enabled protocol ieee Root ID Priority 30 Address 0001.C994.B166 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type Fa0/20 Alin BLK19 128.20 P2p Fa0/21 Alt BLKT9 1128.21 P2p Fa0/22 Root RWDI9 128.22. P2p, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 135SW3#sh spanning-tree vian 40 ‘VLANOO40 Spanning tree enabled protocol ieee Root ID Priority 40 Address 001.994.8166 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address 00D0.97DB.EEIC Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Alt BLK19 128.20 P2p Fa0/21 Alt BLK 19 128.21 P2p Fa0/22 Root FWD19 128.22. P2p ‘swish spanning-tree vlan 10 \VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 10 Address 0001.96¢4.2¢24 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p FAO/2TNMANABIKTON 28.21 P2p Fa0/22 Root FWDI9 128.22 Pap Spanning tree enabled protocol ieee Root ID Priority 20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 136Address 0001.96C4,2¢24 Cot 19 Port 22(Fastthernet/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Desg FWD 19 128.20 P2p FAO/2TNNAWGBUKNS 128.21. 2p Fa0/22 Root FWD19 128.22 Pap swash spanning-tree vlan 30 ‘VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 30 ‘Address 0001.C994.B166 Cost 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 32798 (priority 32768 sys-id-ext 30) Address 005.581.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 DesgFWD19 128.20 P2p Fa0/21 Root RWD19 128.21 P2p FaO/22 VANIER TOI 128.22 Pap SW4#sh spanning-tree vlan 40 VLANOO40 Spanning tree enabled protocol ieee Root ID Priority 40 Address 0001.C994.8166 Cost 19 Port 21(FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 137Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address _0005.5E81.6101 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/20 Desg FWD 19 128.20 P2p Fa0/21 Root FWD19 128.21 Pap FHO/22000NWANIBIRTS §— 128.22 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 138Etherchannel MOA. 4 Used to aggregate bandwidth between multiple L2/L3 interfaces. 3 EtherChannel increases bandwidth and provides redundancy by aggregating individual links between switches. Etherchannel (contd) EtherChannel load balances traffic over all the links in the bundle, Up to 8 links can be used to combine in to one logical link Etherchannel can be configured as layer 2 or layer 3, Port-channel is the logical instance of the physical interfaces. swt swt NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 139Etherchannel Modes: EtherChannel can be dynamically configured between switches using two protocols. + -PAgP (Port Aggregation Protocol) + -LACP (Link Agoregation Control Protoco!) gP and LACP disabled (negotiation isable) fhuto Passively listen for PAgP” sirable [Actively negotiate PAgP assive Passively listen for LACP tive ively negotiate LACP Successful combination of etherchann ‘On-On Desirable Desirable Desirable ~ Auto Active Active Active ~ Passive swt ‘Swi ‘Switeh(configiinterface range f0/21 -24 ‘Switch(config:f-range}channel-group 12 mode ? ‘active Enable LACP unconditionally ‘auto Enable PAgP only if a PAgP device is detected ‘desirable Enable PAgP unconciionally ‘on Enable Etherchannel only passive Enable LACP only if a LACP device is detected NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 140Configuring EtherChannel Load NGA, ' Balancing ‘Switch(config)port-channel load-balance ? stip DstIP Adar dstmac Det Mac Addr ‘sc-dstip Sie XOR Dst IP Addr sre-dstmac Src XOR Dst Mac Addr sicip SreIP Adar sremac Sre Mac Addr ddstip—Load distribution is based on the destination-host IP adress, ‘dst-mac—Load distiouton is based on the destination-nost MAG adress ofthe incoming packet sre-dst-p—Load distribution is based on the source-and-destination host P address. sre-dst-mac—Load distribution is based on the source-and-destination host MAC address, ‘re-p—Load distribution is based on the source-host IP adress. ‘src-mac—Loai distribution is based on the source-MAC address ofthe incoming packet Some guidelines for NEA OM NE ACD EtherChannels Interfaces in the channel do not have to be physically next to each other or on the same module. 1 All ports must be the same speed and duplex 1 Allporsin the bundle should be enabled. 1 None ofthe bundle ports can be a SPAN port. ©. Assign an IP address tothe logical Port Channel interface, not the physical ones, if using a Layer 3 EtherChannel Putall bundle ports in the same VLAN, or make them al trunks, It they are trunks, they must all cary the same VLANs and use the same trunking mode, ‘The configuration you apply tothe Port Channel interface affects the entre EtherChannel The configuration you apply to a physical interface affects only tht interface, NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 141LAB : Configruing Ether-Channel Using Pagp Protocol Negotiation TASK © Configure the Four links (f0/20 - 23) should appear as one logical link © Ports should negotiate using Cisco Proprietary method. Sw SWI (config)#int range f0/20 - 23 SWI (config/if-range)#channel-protocol pagp SW/I(config-if-range)#channel-group 10 ? mode Etherchannel Mode of the interface SWI (config/if-range)#channel-group 10 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected SWI (config-if-range)#channel-group 10 mode desirable sw2(config)#int range {0/20 - 23 w2(config-if-range)# channel-protocol pagp sw2(config-ifrange)# channel-group 10 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected sw2(configiif-range)# channel-group 10 mode auto sw2(config-ifrange)#exit ‘Sw2itsh etherchannel summary Flags: D-down —_P- in port-channel | - stand-alone s - suspended H.- Hot-standby (LACP only) R-Layer3S-Layer2 U-inuse — f- failed to allocate aggregator U- unsuitable for bundling NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 142w - waiting to be aggregated d= default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports Swish spanning-tree VLANOOO1 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.641A.8200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001.641.8200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio. Nbr Type SW2#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/24 unassigned YES unset down down GigabitEthernetO/I_ unassigned YES unset down. down GigabitEthernet0/2 unassigned YES unset down down Viant unassigned YES unset administratively down down, SW1sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.641A.8200 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 143Cost 7 Port 27(Port-channel 10) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0060.4750.87A7 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. rio. Nbr Type TASK: Configure the Portchannel 10 interface as Trunk link. SW/I(config)# int port-channel 10 SWI(config-if}# switchport trunk encapsulation dotiq SWI(config.if}# switchport mode trunk SWI(configifh# exit 9w2(config)# int port-channel 10 sw2(config-if}# switchport trunk encapsulation dotiq sw2(config-if)# switchport mode trunk swa(configif# exit Sw2#st interfaces trunk Port Mode Encapsulation Status Native vlan Port —Vians allowed on trunk Fa0/20 1-1005 Fao/21_ 1-105 Fa0/22_1-1005 Fa0/23_ 1-105 Pold —1-1005 Port Vians allowed and active in management domain Fao/20 1 Fao/2t 1 Fao/22 1 Fao/23 1 Polo 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 144Port Vians in spanning tree forwarding state and not pruned Fa0/20 none Fa0/21 none Fa0/22 none Fa0/23__ none Pol none © Any changes applied on the port channel automatically effect on all the physical interfaces * Port channel will work as long as at least one interface in the group is up and running Swaish etherchannel summary Flags: D-down —_P-in port-channel | - stand-alone s - suspended H = Hot-standby (LACP only) R-Layer3—S- Layer? U-inuse —f- failed to allocate aggregator U- unsuitable for bundling w - waiting to be aggregated d- default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports + NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 145Layer 3 Etherchannel * In order to configure layer 3 port channel interface, the member ports must be configured with no switchport command before using port-channel commands. If the channel-group command is issued before the no switchport command on the physical interfaces, the logical port-channel interface will be created as the default of Layer 2, and this cannot be changed afterward. To fix this problem, simply issue the no switchport command before the channelgroup command, If configured properly. the state of the port-channel from the show etherchannel summary command should show RU for routed and in use, NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 146Spanning tree Portfast MOA. 4 Cisco-proprietary enhancement to Spanning Tree. helps speed up network convergence on access ports. 2 Port Fast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. NOTE: © PortFast should be used only when connecting a single end station to a ‘switch port & Ifyou enable PortFast on a port connected to another networking device, ‘such as a switch, you can create network loops, rtd MOA. Configuration Portfast on specific ports (config) interface range f0/1 - 10 (config-i) spanning-tree portfast OR Portfast on all access ports globally using one ‘command, (configitspanning-tree portfast default rch pea Pe NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 147LAB: STP PORT FAST: TASK: * Connect Four PC in the LAN as per the Diagram. * Shutdown the ports on Switch & reconfigure No shutdown and observer the ports going through LSN & LRN stages of STP process before they come to FWD... Switch(config)fint range fO/1 - 4 Switch(configcit-range)# shutdown Switch(config-if-range)# no shutdown ‘Switch#sh spanning-tree VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio. Nbr Type Fa0/1 Desg ISN 19 128.1 Pap Fa0/2 128.2 P2p Fa0/4 128.4 P2p FaO/SMDesgSN9 128.3 Pap Switch#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 148Root ID Priority 32769 Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg IRNN9 = 128.1 P2p Fa0/2 Desg IRNI9 128.2 P2p Fa0/4 Desg ERN 19 128.4 P2p Fa0/3 Desg ERN 19 128.3 P2p Switch#sh spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWDN9 128.1 Pap Fa0/2 Desg FWDII9 128.2 P2p Fa0/4 Desg FWD 19 128.4 P2p Fa0/3 Desg FDI9 128.3 P2p All the ports connecting to end devices go through listening and Learning states by default before they comes to Forwarding State * This is the default STP Loop prevention mechanism on switches * Here we want these access ports to bypass the LSN, LRN stages and transition to FWD immediately * To do this we configure portfast on these ports (used only on access ports) ‘Switch(config)#int range f0/1 - 4 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 149‘Switch(config-if-range)#spanning-tree portfast Switch(config-if-range)#end TO verify: Switch(config)#interface range fO/1 - 4 switch(config-if-range)#shutdown Switch(config-if-range)#no shutdown Switch#sh spanning-tree ‘VLANOOO! Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. _Prio.Nbr Type Fao/t Desg 19 128.1 Pap Fa0/2 Desg AWD 19 128.2 P2p. Fa0/4 Desg FWD I9 128.4 P2p Fa0/3 Desg FWDII9 = 128.3 P2p Once port fast configured on the interfaces all the ports transitions to Forwarding immediately without LSN, LRN states TASK: * Configure Switch to ensure that all future access ports should bypass LSN, LRN states using single command. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 150Switch(config)#span Switch(config)#end ig-tree portfast default To Verity Connect some end devices on portf0/5 =6 to verify Switch#sh spanning-tree ‘VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 0001.6336.1BA3 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 32769 (priority 32768 sys-id-ext 1) ‘Address 0001.6336.1BA3 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ‘Aging Time 20 Interface Role Sts Cost. Pio. Nbr Type Fao/l Desg FWD19 128.1 P2p Fa0/2 DesgFWD19 128.2 P2p Fa0/4 DesgAWD19 128.4 P2p Fa0/3 Desg FWD 19 128.3 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 151BDU Guard M2A., 5. BPDU Guard prevents loops itanother switch is attached to @ Portfast pot. 3 When BPDU Guard is enabled on an interface, itis put into an ertor-disabled state (basicaly, shut down) if BPOU is received on the interface 5 It can be enabled at either global config mode affecs al (Portas interfaces) or at interface mode 2. Portfast does not need to be enabled for itt be configured at a specific interface. (confight spanning-tree portfast bpduguard default oR (config.in#t spanning-tree bpduguard enable # show spanning-tree summary totals Por Pk POL BPDU Guard verification MOA, SSW1(confg)tspanningree porfast bpduguard dete mw or roe ‘SW(conti interface 102 on SW/(config.}spanning-tree bpduguard enable" Laser ne 60 ogi Sten ‘WSPANTREE-2-BLOCK_BPOUGUARD: Received BPDU on port FastEthemet0/2 with BPOU Guard ‘enabled. Disabling port. ‘#PMLA-ERR_DISABLE: bpduguard error detected on Fa0/2, putting Fa0/2 in er-disable state ‘SWi#show interface status err-disabled Port Name Status Reason Err-disabled Vians Fa0i2 erdisabled ——_bpduguard ‘The port is err-disabled and, unless err-disabled recovery is enabled, has to be manually re-enabled via shutino shut. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 152LAB: _BPDU Guard: fon9 swt ewe TASK: * Connect link between SW/I and $W2 f0/19 and shutdown all remaining ports. * Configure 5W2 f0/19 as layer 3 ports to test BPDU guard feature. * Enable BPDU Gaurd and portfast feature on SWI. sW2(config)#int (0/19 sW2(config-if)#no switchport sW2(config-if}#ip address 10.0.0.1 255.0.0.0 sw2(config-iffexit SWI (config)#vlan 10 SWI(config-vian)#exit SWI (config)#int (9/19 SWI (config-if}#switchport mode access SWI (config-if)#switchport access vian 10 SWI (config-if}#spanning-tree portfast SWI (config-if)#spanning-tree bpduguard enable SWI (configif}fexit ‘SWl#show spanning-tree interface fO/19 detail Port 19 (FastEthernet0/19) of VLANOOI0 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b.bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default _ BPDU: sent 58, received 0 TASK: Reconfigure FO/19 port on sw2 back to layer 2 port ( adding switchport) sW2(config)#int fO/19 sW2(config-i #switchport swa(config-iN#fexit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 153SWI#sh interfaces 10/19 status err-disabled Port Name Status Reason SWI#sh interfaces status Port Name Status Vian Duplex Speed Type Fao/t connected 1 a-full a-100 10/100BaseTX TASK: Configure f0/19 port back to layer 3 port and ensure that port comes back up. sW2(config-if)#int (O19 sW2(config-i#no switchport 8W2(config-if#ip address 10.0.0.1 255.0.0.0 sw2(config-iN#fexit sW2(config)#do sh ip int br Interface IP-Address OK? Method Status Protocol ‘sW2(config)#int fO/19 sW2(config-if)#shutdown sW2(config-iN#no shutdown swa(config-iifend ‘SW24sh ip int brief Interface IP-Address OK? Method Status Protocol SW2#sh interfaces status TASK: ‘© Configure Err-disable recovery for BPDU GAURD such that port should come up automatcially after 60 sec of err-disable state. SWI (config)#errdisable recovery cause bpduguard SWI (config)#errdisable recovery interval ? <30-86400> timer-interval(sec) SWI (config)#errdisable recovery interval 60 SWI(config)#exit SWI#sh en ble recovery NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 154ErrDisable Reason Timer Status udld Disabled security-violatio Disabled channel-misconfig Disabled vps isabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled laptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback Disabled ‘Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: TASK: Test by chaning layer 3 inteface f0/19 to switchport and then back to layer 3 : sW2(config)#int (0/19 sW2(config-if)#switchport sW2(config-if}#exit SWI#sh interfaces fO/19 status Port Name Status Vian Duplex Speed Type Fa0i9—err-disabled 10 auto auto 10/100BaseTX sw2(config)#int F019 sW2(config-if}#no switchport sW2(config-if}#ip address 10.0.0.1 255.0.0.0 swa(config-f)fend SWI#sh errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Enabled security-violatio Disabled channel-misconfig Disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 155vps Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback. Disabled Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) SWI#sh errdisable recovery ErrDisable Reason Timer Status udid Disabled bpduguard Enabled security-violatio Disabled channel-misconfig Disabled vmps bled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control bled arp-inspection Disabled loopback Disabled Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 156SWI¥sh interfaces f0/19 status Port Name Status Vian Duplex Speed Type TAS * Reconfigure and verify the same task by removing on interface mode and enabling BPDU guard on global configuration mode: SWI (config)#int (0/19 SWI (config-if}#no spanning-tree portfast SWI (config-f}#no spanning-tree bpduguard enable SWI(config-if)texit ‘SWI (config)#no errdisable recovery cause bpduguard SWI (config)#no errdisable recovery interval 60 SWI#sh errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Disabled security-violatio Disabled channel-misconfig Disabled vmps bled pagp-flap Disabled dtp-fiap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback. Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: SW/Ash interfaces fO/19 status Port Name Status Vlan Duplex Speed Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘on Page 157‘SWI(config)#spanning-tree portfast default SWI (config)#spanning-tree portfast bpduguard default SWI(config)#errdisable recovery cause bpduguard SWI(config)#errdisable recovery interval 60 sW2(config)#int fO/19 sw2(config-if)#switchport sW2(config-iffexit ‘SW2#sh interfaces fO/19 status Port Name Status Vlan Duplex Speed Type SWI#sh interfaces fO/19 status Port Name Status Vian Duplex Speed Type sW2(config)#int (0/19 sW2(config-if}#no switchport ‘sW2(config-if}#ip address 10.0.0.1 255.0.0.0 sw2(config-if}#end SWI#sh errdisable recovery ErrDisable Reason Timer Status udld Disabled security-violatio Disabled channel-misconfig Disabled vmps bled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbicinvalid Disabled dhep-rate-limit Disabled unicast-flood Disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 158storm-control Disabled arp-inspection Disabled loopback Disabled Timer interval: 60 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) SWI#sh interfaces f0/19 status Port Name Status Vlan Duplex Speed Type NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 159BPDU Filtering NA. (config) spanning-tree portfast bpdufilter default Ifa Portfast interface receives any BPDUS, itis taken out of Portfast status, 2 The interfaces stil send some BPDUs at the link-up, 4 if'a BPDU is received, the interface loses its Port Fast status and BPDU Filtering is disabled (config-in#t spanning-tree bpdufilter enable The interface doesn't send any BDU and ignores the received ones. 2 The port is not shutdown and this basically disables spanning-tree on the interface. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 160Lal PDU filter (interface level BPDU Filter is used to terminate the STP domain, but it has a different functionality: it can also be configured globally or at the interface level. However, behavior is different based on this; this was not the case For BPDU Guard, this had the same functionality regardless of how it was enabled. When configured at the interface level, BPDU Filter silently drops all received inbound BPDUs and does not send any outbound BPDUs on the port. There is no violation option for BPDU Filter, so the port never goes into err-disabled state. BPDU Filter needs to be carefully enabled at the port level, because it will cause permanent loops if on the other end of the link a switch is connected and the network is physically looped: in this case, STP will not be able to detect the loop and the network will become unusable within seconds, for19 swt oo TASK: * Connect link between SWI and SW2 f0/19 and shutdown all remaining ports. * Configure sw2 f0/19 as layer 3 ports to test BPDU guard feature. * Enable BPDU Gaurd and portfast feature on sw!. sw2(config)#int fO9 sW2(config-if)#no switchport sW2(config-if)#fip address 10.0.0.1 255.0.0.0 swa(config-i#exit SWI(config)#vlan 10 SWI(config-vian)#exit SWI(config)#int (0/19 SWI (config-if)#switchport mode access SWI (configif}#switchport access vian 10 SWI(config-if}#spanning-tree portfast SWI (config-if)#spanning-tree bpdufilter enable SWI(config-if)exit ‘SWI#sh spanning-tree interface f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b. bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 161Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 9, received O TASK: Configure SW/2 0/19 as layer 2 ports so that it can start sending BPDU sw2(config)#int fO9 sw2(config-if)#switchport swa(config-iNtend sweet SWI#sh interfaces f0/19 status Port Name Status Vian Duplex Speed Type ‘SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b. bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Bpdu filter is enabled BPDU: sent 0, received 33 SWI#sh interfaces f0/19 status Port Name Status Vian Duplex Speed Type ‘SWl#sh spanning-tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 32778 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 162Interface Role Sts Cost. Prio. Nbr Type TASK: BPDU global configuration mode: * Remove the Bpdu filter on the interface and enable it globally. * Configure portfast on {0/19 on SwI for verification. sW2(config)# int fO/19 sW2(configif)# no switchport sW2(config-iN# ip address 10.0.0.1 255.0.0.0 sW2(config-if)fend SWI(config)#int F019 SWI (config-if)#spanning-tree portfast SWI(config-if#no spanning-tree bpdufilter enable SWI(configiffexit SWI (config)#spanning-tree portfast bpdufilter default SWI (config)#end SWI#sh interfaces f0/19 status Port Name Status Vlan Duplex Speed Type ‘SWI#sh spanning+tree vlan 10 VLANOOIO Spanning tree enabled protocol ieee Root ID Priority 32778 ‘Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300, Interface Role Sts Cost. Prio.Nbr Type SWI#sh spanning-tree int f0/19 detail NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 163Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b.bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age O, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode Link type is point-to-point by default Bpdu filter is enabled by default sw2(config-if#int (019 sW2(config-if#switchport sw2(config-iNifend ‘SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32769, address 000b.be78.8300 Designated bridge has priority 32769, address 000b.be78.8300 Designated port id is 128.19, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default ‘sWl#show spanning-tree interface fastEthernet0/19 portfast sW2(config)#int 10/19 sW2(config-if}#no switchport ‘sWI#show spanning-tree interface fastEthernet0/19 portfast SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOIO is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 32778, address 000b.bee2.fa00 Designated bridge has priority 32778, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age O, forward delay 0, hold 0 Number of transitions to forwarding state: 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 164The port is in the portfast mode Link type is point-to-point by default Bpdu filter is enabled by default BPDU: sent II, received 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 165Root Guard MOA. ©. prevents the wrong switch from becoming the Spanning Tree root a Ifa Root Guard port receives a superior BPDU that might cause it to become a root port, the port is put into “root-inconsistent” state and does not pass traffic through it 2 Ifthe port stops receiving these BPDUs, it automatically re-enables itself. Customer network Senvce provide network Patent spanning ree root wihout Toot guard enabled tape = eaeactondia be eee pe ieee Raseices Configuring Rootport MOA. (conta intetace foo a {Goong apanningtve quad root ee _ Pars dete by ot uarcan be viewed an «A — = show spanning-tree inconsistentports, NOTE; ‘+ Enabled on ports other than the root port and on switches other than the root + “root quard” command cannot be used on root switch (because this command is based on blocked port - while a root swatch can't have a blocked port NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 166LAB : ROOT GUARD * Root Guard is similar to the BPDU Guard feature in the manner in which it is used to detect STP packets and disable the interface they were received on. + The difference between them is that with Root Guard, the interface is only logically disabled (via Root Inconsistentstate) if a superior BPDU is received on the port with Root Guard enabled. * Root Inconsistentstate is similar to blocking state, in that BPDUs are not sent outbound but accepted inbound, and of course all received frames are dropped. + The switch automatically recovers the port from Root Inconsistentand starts negotiating the new port state and role, as soon as superior BPDUs are no longer received inbound. * A superior BPDU indicates a better cost to the root bridge than what is currently installed. + Therefore, in terms of design. this feature is used to prevent a rogue device from announcing itself as the new root bridge and possibly implementing a layer 2 man-in-the-middle attack. Root Guard can be enabled only at the port level and basically prevents a Designated port from becoming Non-Designated. * You will want to configure this functionality on the Root Bridge itself. * Verify that Root Guard is enabled for all VLANs, for example on FastEthernet0/19 port. fone swi ae TAS * Configure SW1 so that STP logically blocks Ethernet links connected to SW2 if any of port on SW2 tries to become Root Bridge for any VLAN. SW/lfsh spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000b.be78.8300 Cot 19 Port 19 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 167Fao/19 Root FWDI9 128.19 P2p ‘SW24sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 Address _000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be78.8300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fao/19 DesgFWD19 128.19 P2p * In this lab here, SW2 is the default root bridge. Configure SWI to use the prority value of 4096 to ensure that SWI should become Root Bridge. ‘SWI\config)#spanning-tree vlan 1 priority 4096, SWI(config)#exit SWI¥sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio.Nbr Type Fa Desg AWD 19 128.1 Edge Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 on’ Page 168 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutionTASK: + Configure SW/ so that STP logically blocks Ethernet links connected to SW2 if any of port on SW2 tries to become Root Bridge for any VLAN. SWI (config)#int f0/19 SWI (config-if}#spanning-tree guard root SWI(config-ifp#exit ‘SWI#sh spanning-tree int f0/19 detail Port 19 (FastEthernet0/19) of VLANOOO1 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.19, Designated root has priority 4097, address 000b.bee2.fa00 Designated bridge has priority 4097, address 000b.bee2.fa00 Designated port id is 128.19, designated path cost 0 Timers: message age 0, forward delay 0. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Root guard is enabled on the port - BPDU: sent 68, received 194 Although Root Guard is enabled at the port level, it works on a per-VLAN basis. TASK: Testing Root guard * Configure sw2 with prority value of 0 to ensure that SW2 sends superior BPDU to swI ‘82 (config)#spanning-tree vlan 1 priority 0 SWI#sh spanning-tree vlan 1 VLANOOOI Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priotity 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300, Interface Role Sts Cost. Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 169SWI no longer sends BPDUs outbound on its Root Inconsistentport, TASK: Remove the priority configuration on SW2 and ensuure that sw2 uses the default pr SW2 (config) #no spanning-tree vlan 1 priority 0 SWI¥sh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300, Interface Role Sts Cost Prio.Nbr Type Fao/t Desg FWD 19 128.1 Edge P2p ‘When superior BPDUs are no longer received, SW1 will start to send BPDUs outbound on the ports to negotiate the STP state and role; SWlsh spanning-tree vlan 1 VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000b.bee2.fa00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000b.bee2.fa00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost. Prio. Nbr Type Fao/t DesgFWD19 128.1 Edge Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 170nal link failure OA. Unidirect links for which one of the two transmission paths on the link has ad failed, but not both. © This can happen as a result of . 2 miscabling, cutting one fiber cable, unplugging one fiber or other reasons. ©. no longer receives STP BPDUs © Still link forwards Traffic 2. blocking port from the alternate or backup port becomes designated and Traffic starts Looping moves to a forwarding state. This ee situation creates a loop. © This is called a unidirectional link i tr Unidirect nal link failure Solution: Loopguard UDLD NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 171LOOP GAURD © prevents switch ports from wrongly moving from a blocking to a forwarding state 2 Stops the loops which can occur because of unidirectional link failures. when a unidirectional link exists in the network. A B SS < i< \¢ Port on © transitions &% {bop dnconstseone yaa preventéna Loop Guard Configuration Mi OA, On all point to point links. (config-iff#spanning-tree guard loop default, OR On Specific links (configy#interface f0/20 (config-if#spanning-tree guard loop ty Loopguard automatically re-enables the port ifit starts receiving BPDU again NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution Page 172nal Link Detection Me, A. Do the same job as loop guard Designed more specific for fiber ports ( can also work for UTP) detects a unidirectional link by sending periodic hellos out to the interface. It also uses probes, which must be acknowledged by the device on the other end of the link. Unidirec: oooo UDLD has two modes: normal and aggressive. & normal mode, the link status is changed to Undetermined State if the hellos are not returned. a Aggressive mode, the port is error-disabled if a unidirectional link is found. Aggressive mode is the recommended way to configure UDLD. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 173Unidirectional Link Detection MOA. To enable UDLD on all fiber-optic interfaces, use the following command: (config)# udid (enable | aggressive] Note Although this command is given at global config mode, it applies only to fiber ports. To enable UDLD on nonfiber ports, give the same command at interface config mode. ‘To control UDLD on a specific fiber port, use the following command: (config-iN# udld port {aggressive | disable} To reenable all interfaces shut by UDLD, use the following: #udld reset To verify UDLD status, use the following: # show udid interface UDLP & loop guard MOA. FFunctionality [Loop Guard [uous [Configuration [Per-port [Per-pomt [Action granularity [PerviAN [Per-port Ives, wth err-aisable fputo-recover Ives ios ait or Ives, wien enabled on Protection against STP failures _allroot and altemate es, wren enabled on lal links in redundant used by unidirectional inks ports in redundant hopolagy topology [Protection against STP failures used by problems in the software |. lio \designated switch does not send lePou) Protection against mis-wiring. No Ives NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 174Err-Disable & Err-disable recovery NA. the port is automatically disabled by the switch operating system software because of an error condition that is encountered on the port. a When a port is error disabled, its effectively shut down and no traffic is sent or received on that port The port LED is set to the color orange ‘#Show interfaces gigabitethernet 4/1 status Port Name. Status Vian Duplex Speed Type iat err-disabled 100 full ~=—«-1000-—*1000BaseSx # show interface gigabita/t GigabitEtherneta/t is down, line protocol is down (ert-disabled) Err-disable recovery NA, Reasons for error disable state Duplex Mismatch Loopback Error Link Flapping (up/down) Port Security Violation Unicast Flooding UDLD Failure Broadcast Storms BPDU Guard Err-disable recovery To recover a port that is in an Errdisable state, administrator must access the switch land configure the specific port with ‘shutdown’ followed by the 'no shutdown’ ‘command 2 Use Err-disable recovery option NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 175Errdisable recovery MOA. choose the type of errors that automatically reenable the ports after a specified amount of time, show errdisable recovery EnDisable Reason Timer Status did Disabled bpduguard Disabled security-violatio Disabled channel-misconfig Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled \2ptguard Disabled psecure-violation Disabled gbic-invalid Disabled dhep-rateslimit Disabled macclimit, Disabled unicast-flood Disabled arp-inspection Disabled Timer interval: 300 seconds Herrdisable recovery cause ? all Enable timer to recover from all causes arp-inspection Enable timer to recover from arp inspection error disable state Dbpduguard Enable timer to recover from BPDU Guard error disable state channelmisconfig_ Enable timer to recover from channel miscontig disable state hop-rate-imit Enable timer to recover from dhep-ate-limit eror disable state tp-fap Enable timer to recover from alpap errr csable state gbicinvalid Enable timer to recover trom invalid GBIC error disable state FRpiguard—_Enable tmer to recover from I2protocoltunnel error disable state link-tap Enable timer to recover fom link-ap error disable state maciimit Enable timer to recover from mac limit disable state pagp‘lap Enable timer to recover from pagp-fap error disable state Dsecure-violation Enable timer to recover from psecure violation disable state ‘securty-violaion Enable timer to recover from 802.tx violation disable state vais Enable timer to recover from udid error disable state Lnicastflod Enable timer to recover fom unicast flood disable state (Config}terrdisable recovery cause bpduguard (Config}#errdisable recovery interval 120 NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 176Errdisable autorecovery NA. To enable the Errdisable autorecovery feature for all supported reasons (config)# errdisable recovery cause all show interfaces status err-disabled + Shows which local ports are involved in the errdisabled state, show errdisable recovery “+ Shows the time period after which the interfaces are enabled for errdisable conditions. show errdisable detect “ Shows the reason for the errdisable status. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 177STP Flavours RSTP, PVSTP, CST, MSTP Spanning-tree_uplink fast BOA. 2 Legacy / Cisco proprietary feature & Uplink Fast is for speeding convergence when a direct link to an upstream switch fails. 2 When uplinkfast is enabled, itis enabled for the entire switch and all VLANs Sich A Fel suche wich 8 Unter Uplate: pot ‘Sect to aor a ‘Swene ‘Swen NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 om Page 178 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution‘SW/(config)#spanning-tree uplinkfast NM OA, ‘SW1# show spanning-tree ‘vuanooot ‘Seerning tee enablea protec! ieee RoetIO Prenty 8183 cost 3018 Por 130 Fastener) Hole Tene 2see Max Age 20 see Forward Delay 15 see ‘ede 10 Prionty 49152 ‘dsress 0009 BO e401 Holo Tine 2s0¢ Max Age 20 sec Forward Delay 15 00 ‘gina Tne 200 pinta enables NOTE: Inetace Role Sis Cont ProNbrTypa This command isnot allowed on root “ain BUK3019 128.120 Pap ~ ee oe When UplinkFastis configured, the bridge priority is changed to 49,152 so ‘that this switch will not be selected as root swicha ‘Post wich won u Le = eB bb J. - Aucstona at ranetons pot Becked pot ‘rough ttn an ang Sas otowartg ee crea mene © Legacy / Cisco proprietary feature Backbone Fast can reduce the maximum convergence delay only from 50 to 30 seconds. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 179Spanning-tree Backbonefast OA, configuration To configure BackboneFast, ‘Switch(config)# spanning-tree backbonefast To verify ‘Switch# show spanning-tree backbonefast BackboneFast is enabled NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 180Rapid STP (RSTP) 80 NEA Pht. w 1 802.1w is a standards way of speeding STP convergence. a Inbuilt features of portfast, uplinkfast, backbonefast. a Path Calculation remains same as STP. SwichA (oat) Sich 8 uw ‘Blocked pot Sih RSTP port States NA, Comparing 802.1d and 802.1w Port States STP Port State Equivalent RSTP Port State Disabled Discarding Blocking Discarding Listening Discarding Learning Learning Forwarding Forwarding Discarding - Frames are dropped, no addresses are learned. {link down /blockingiduring sync) Learning - Frames are dropped, but addresses are learned. Forwarding - Frames are forwarded NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 181RSTP Synchronization NA. SWAassumes its port is designated and sends out a proposal SWB will agree to this proposal Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 182RSTP port roles NA, Root port: “The best path tothe root (same as STP) Designated port: Same ole as with STP ‘Alternate port: A.backup tothe root port Backup port’ backup tothe designated port Disabled port: Not used in the Spanning Tree Edge port: Connected only to an end user ™ x RSTP port roles (Contd) MOA, Root ‘Same as uplinkfast ( legacy) oF oF] 0F| | rel oe NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 183RSTP port roles (Contd) MOA. Backup port The backup port applies only when a single switch has two links tothe same segment (collision domain), 4. To have two links tothe same Colision domain the switch must be attached toa hub, 2. backup to the designated port 4. Muitiple links attached tothe ‘same network segment &. Activates if primary designated fais. RSTP port roles (Contd) NA, Edge port: Equivalent to portfast in STP. Connected only to an end user Maintain edge status as long as no BPDU received (with BPDU iter) age Pons NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 184BPDU Differences in RSTP MOA. & In regular STP, BPDUs are originated by the oot and relayed by each switch, 4 In RSTP, each switch originates BPDUs, whether or not it receives @ BPDU on its root port. PVST is done by Rapid PVST+ on Catalyst switches. a Hello= 2 sec, Dead = 6 sec RSTP Configuration NA, (config)#spani -pvst ‘sh spanningstroe ‘YLANGDD! ‘Spanning tee enabled erotoeorsip ReotiD Prenty 32769 ‘Address 0001,C9A4 5670 Cost 39 Pot 20(Fasténeret020) Helo Tine 2 sec Max Age 20 sec Forward Delay 15 ec \g-tree mode ra ‘Bridge! Prony 32769 (pinty 32768 sysst-xt 1) ‘adioss” 000A 4148 4208 Helo Time 2 sec Max Age 20 sec Forward Delay 15 ‘ging Tine 20 Intaace Role Ste Cost Pra Nr Type Feo -ReolLSN19 12820 P2p NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 185OA. RSTP port costs ‘ata rat [STP Cost (60210-1998) ABTP Coat (6021-2001 “éous 250 ‘5.000.000 OMS 100 ‘2000000 remtivs 62 1.280.0 00 Ms 19 200,000 cous 20.000 200u 3 10,000 woctvs 2 2000 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 186Hierarchical Campus No, Model wa OA. STP : Selecting Root Bridge NA, 3 Default root bridge election priority + Base Mac Recommended to Select high speed Switch to be elected as Root Bridge 4. Change priority 2. Primary | Secondary | NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 187‘SW-A\config)#spanning-tree vian 1 root Primary STP : Selecting Root Bridge Configuration ‘SW-B(config)#spanning-tree vlan 1 root Secondary oR ‘SW-A(config)#spanning-tree vlan 1 priority 0 ‘SW-B(config)#spanning-tree vian 1 priority 4096 NoTE: 2. Prony valves can be only mutiples of 4096 Primary reduces priotiy by 8182 from defaut print ©. secondary reduces prioity 4096 from defaut prioity Per Vian STP OA. every vlan runs a separate STP instance. 2 Cisco proprietary. (PVST supports only ISL) 2 PVST+ allows interoperability between CST and PVST in Cisco switches and support the IEEE 802.10 standard. © Provides load sharing © More overhead ‘A(config)#spanning-tree vian 10,20 root primary B(config)#spanning-tree vian 30.40 root secondary| A(config)#spanning-tree vian 10.20 root secondat B(config)#spanning-tree vian 30,40 root primary NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 188Common STP (CST) Runs on spanning-tree instance for all Vians & reduces CPU load No load sharing Multiple Spanning Tree ( MST) & Started as Cisco's MISTP Originally standard defined in IEEE 802.18 2 allows several VLANs to be mapped to single instance of STP © reduces number of spanning-tree instances (processing overhead). 4 instance handles multiple VLANs that have the same Layer 2 topology. Root instance 4 Root stance 2 Instance ? ‘natance 2 Instance 1 maps to VLANs 1~500 Instance 2 maps to VLANs 501-1000 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 189MSTP Regions collection of switches that have the same MST configuration comprises an MST region Non MST regions 1, Instance name (32 bytes) 2. Revision number (two bytes) ows -” _#” swe 3. VLAN to STP instance mappings mst | regions MSTP Configuration NA, ‘sw1 isw2 ‘SWx(configi#spanning-tree mode mst SWx(config}# span configuration « ‘SWx(config-mst}# revi oB ‘SWx(config-mst)# name CCIE wat ‘SWx(config-mst}# instance 1 vlan 10,20 SWE sw2 ‘SW(config-mst}# instance 2 vlan 30,40 Swa(config-msti# exit S3W1(configepanning tee mat 4 root primary SWi(config)#spanning-tree mst 2 root secondary ‘SW (config)'spanning-tree mst 2 root primary SW2 (config)’spanning-tree mst 1 root a secondary ‘+ an instance must have the same MST name and revision number + If not matches then they are considered as different instances and not the same, even if the instances contain the same vians. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 190Intra vs Inter Region NA. Intra Region Detals ofthe region are known within the region VLAN to STPIs are manually defined ‘© Undefined VLANS fall into CIST (MST 0 Inter Region * Details between regions are not known, Different regions see each other as virtual bridges + Results simplified Inter-Region calculation Intra-region MSTIs are collapsed into cist MST Interoperability OA, & MST is backwards compatible with legacy CST and PVST+ 1 Behaves like Inter-Region MST 2 CST Root must be within MST domain NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 191LAB: MSTP (MULTILPLE SPANNING-TREE) f0/23 10/24 swl sw2 SWI#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S = Switch, H = Host, | - IGMP, r - Repeater, P - Phone, D- Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce.- Holdtme Capability Platform Port ID swe Fas 0/24 165 S| WS-C3560- Fas 0/24 swe Fas 0/23 165 S1 WS-C3560- Fas 0/23 TASK: * Configure manual trunk between swl and sw2 connected links * Configure vtp to synchronize the vian information between two switches * Create vian 10, 20 , 30, 40 on any one of the switch swysw2 ‘SWx(config)#int range 0/23 - 24 SWx(config-if-range)#switchport trunk encapsulation dotlq Wx(config-if-range) #switchport mode trunk SWx(config-ifrange)#switchport nonegotiate SWx(config-ifrange)#end SWx(config)#vtp domain CCIE SWI or SW2 SW1(config)#vlan 10 SWA(config-vian}#vlan 20 SWI(config-vian}#vlan 30 SWI(config-vian)#vlan 40 SW1(config-vlan)#end SW/#sh spanning-tree vlan 10 VLANOOI0 Spanning tree enabled protocol ieee Root ID Priority 32778 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 192Address 0017.95db.9700 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0017.95db.9700 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type Fa0/23 Desg FWD19 128.25 P2p Fa0/24 Desg FWD19 128.26 P2p Swish spanning-tree vian 20 VLANO020 Spanning tree enabled protocol ieee Root ID Priority 32788 Address 0017.95db.9700 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0017.95db.9700 Hello Time. 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Desg FWD 19 128.25. P2p Fa0/24 Desg FWD 19 128.26 P2p ‘SW/#sh spanning-tree vian 30 VLANO030 Spanning tree enabled protocol ieee Root ID Priority 32798 ‘Address 017.954.9700 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 0017.95db.9700 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 193Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type Fa0/23 Desg FWD 19 128.25 P2p Fa0/24 Desg FWD19 128.26. Pap SW/#sh spanning-tree vian 40 ‘VLANOO40 Spanning tree enabled protocol ieee Root ID Priority 32808 Address 0017.95db.9700 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address 0017.95db.9700 Hello Time 2 see Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Nbr Type Fa0/23 DesgFWD19 128.25. P2p Fa0/24 DesgFWD19 128.26 P2p ‘* From the above outputs we can see that the $W1 is the default root bridge for all the Vian created To verify the base mac address of the switch SW1#sh version | in ethernet Base ethernet MAC Address: OOHIZ:95:08:97:00 sW2#'sh version | in ethernet Base ethernet MAC Address: 00223:AC:E6:C7:80 ‘Sw2#tsh spanning-tree root Root Hello Max Fwd Vian Root ID Cost Time Age Dly Root Port WANOOOTIN 32769 OO17958B.9700 19 2 20 15 Fa0/23 VIANOOIO) = 32778 0017.95db.9700 19 2 20 15 Fa0/23 WANGOZ0N) 32788 OOI7IS5AB.9700 19 2 20 15 Fa0/23 VIANOO30" 32798 OOI795ABI9700 19 2 20 15 Fa0/23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 194VLANOOFONN S280810017I954B.9700 19 2 20 15 Fa0/23 SW2#sh spanning-tree bridge Hello Max Fwd Vian Bridge ID Time Age Dly Protocol VIANOOO! ——_-32769 (32768, 1) 0023.ace6.c780 2 20 15 ieee VIANOOIO 32778 (32768, 10) 0023.ace6.c780 2 20 15 ieee VIAN0020 32788 (32768, 20) 0023.ace6.c780 2 20 15 ieee VIANO030 «32798 (32768, 30) 0023.ace6.c780 2 20 15 ieee VIANO040 ——_-32808 (32768, 40) 0023.ace6.c780 2 20 15 ieee wWa2itsh spanning-tree vlan 10 VLANOOI0 Spanning tree enabled protocol ieee Root ID Priority 32778 Cost 19 Port 25 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Root FWD19 128.25 Pap Fa0/24 AIIM BLK19 128.26 P2p TASK: Configure MSTP on both switches * With vlan 10 and 20 in MST instance 1 © With vlan 30 and 40 in MST instance 2 + And the remaining and future vians should be present in default instance (MST 0 ) * Revision number should be 1 and region name should be CCIE + SWI should be root bridge for MST 1 + SW2 should be root bridge for MST 2 + Defaut instance MST 0 should have the default root bridge ( SWI in our lab ) SWI /SW2 SWx(config)#spant ig-tree mode mst NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 195SWx(config)# spanning-tree mst configuration SWx(config-mst)# revision 1 SWx(config-mst)# name CCIE SWx(config-mst)# instance I vian 10.20 SWx(config-mst)# instance 2 vlan 30,40 Swwx(config-mst)# exit SWI#sh spanning-tree mst configuration Name — [CCIE] Revision 1 Instances configured 3 Instance Vians mapped 0 1-9,11-19,21-29,31-39,41-4094 1 10,20 22 30.40) W2#sh spanning-tree Spanning tree enabled protocol mstp Root ID Priority 32768 Address 0017.95db.9700 Cot 0 Port 25 (FastEthemet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 0023.ace6.c780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Root FWD 200000 128.25 P2p Spanning tree enabled protocol mstp Root ID Priority 32769 Address 0017.95db.9700 Cost 200000 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 196Port 25 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0023.ace6.c780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Root FWD 200000 128.25 Pap Spanning tree enabled protocol mstp Root ID Priority 32770 ‘Address 0017.95db.9700 Cost 200000 Port 25 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 0023.ace6.c780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Root FWD 200000 128.25 P2p SW1sh spanning-tree mst 1 Bridge address 0017.95db.9700 priority 32769 (32768 sysid 1) Interface Role Sts Cost. _Prio.Nbr Type Fa0/23 Desg FWD 200000 128.25 P2p Fa0/24 Desg FWD 200000 128.26 P2p SWI#sh spanning-tree mst 2 Bridge address 0017.95db.9700 priority 32770 (32768 sysid 2) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 197Interface Role Sts Cost. _Prio.Nbr Type Fa0/23 Desg FWD 200000 128.25 P2p Fa0/24 Des FWD 200000 128.26 P2p SWI#sh spanning-tree mst 0 Bridge address 0017.95db.9700 priority 32768 (32768 sysid 0) Operational hello time 2 , forward delay 15, max age 20, txholdcount 6 Configured hello time 2 , forward delay 15, max age 20, max hops 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Desg FWD 200000 128.25 P2p Fa0/24 Desg FWD 200000 128.26 P2p From the above, by default SW/1 becomes the root bridge for all the MST instances created Even we can verify using command # sh spanning-tree root command SWI#sh spanning-tree root Root Hello Max Fwd. MST Instance Root ID Cost Time Age Dly Root Port MSTO 32768 OO17.95db.9700 0 2 2015 mst 32769 0017.95db.9700 0-2 2015 mst2 32770 0017.95db.9700 0 2 2015 SWI#sh spanning-tree bridge Hello Max Fwd. MST Instance Bridge ID Time Age Dly Protocol MsTo 32768 (32768, 0) 0017.95db.9700 2 20 15 mstp MsTI 32769 (32768, 1) 0017.95db.9700 2 20 15 mstp mst2 32770 (32768, 2) 0017.95db.9700 2 20 15 mstp swish spanning-tree bridge Hello Max Fwd. MST Instance Bridge ID Time Age Diy Protocol MsTO 32768 (32768, 0) 0023.ace6.c780 2 20 15 mstp NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 198MsTI 32769 (32768, 1) 0023.ace6.c780 2 20 15 mstp st2 32770 (32768, 2) 0023.ace6.c780 2 20 15 mstp SW2#sh spanning-tree root Root Hello Max Fwd. MST Instance Root ID Cost Time Age Dly Root Port MsTO 32768 O017.95db.9700 0 220 15 Fa0/23 MsTI 32769 0017.95db.9700 200000 2 20 15 Fa0/23 mst2 32770 O017.95db.9700 200000 2 20 15 Fa0/23 TASK + SWI should be root bridge for MST 1 * SW2 should be root bridge for MST 2 © Defaut instance MST O should have the default root bridge ( SW/I in our lab ) W1(config)#spanning-tree mst 1 priority 0 SW/I(config)#spanning-tree mst 2 priority 4096 sw2(config)#spanning-tree mst 2 priority 0 9w2(config)#spanning-tree mst 1 priority 4096 oR SW1I(config)#spanning-tree mst 1 root primary SW/I(config)#spanning-tree mst 2 root secondary 2 (config)#spanning-tree mst 2 root primary W2 (config)#spanning-tree mst 1 root secondary In this example | used changing the priority value (first one) SWI#sh spanning-tree MST 1 Bridge address 0017.95db.9700 priority 1 (0 sysid 1) Interface Role Sts Cost. Prio.Nbr Type Fa0/23 Desg FWD 200000 128.25 P2p SWIésh spanning-tree mst 2 Bridge address 0017.95db.9700 priority 4098 (4096 sysid 2) Root address 0023.ace6.c780 priority 2 (0 sysid 2) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 199