Vlan Routing ============ - vlans are used to separate a large broadcast domain into multiple broadcast domains - however, the broadcast domains cannot communicate with each other without routing - hence, vlan routing is required Two types of vlan routing solutions: a) Router on a stick solution - a dedicated Layer 3 router and layer 2 switch are used to connect each other over a trunk link - the router uses a single port to connect to a switch trunk port - it is not scalable because the routers port can be at bottleneck b) Layer 3 switching - only a Layer 3 switch required with vlan interfaces serve as routed ports - scalable due to no bottleneck on a port performance Configuration command: --------------------- a) Router ------ int gi0/0/0 ip address 10.1.1.1 24 undo shutdown int gi0/0/0.11 dot1q termination vid 11 ip address 10.1.11.1 24 int gi0/0/0.12 dot1q termination vid 12 ip address 10.1.12.1 24 Switch ------- vlan 11 vlan 12 int gi0/0/1 port link-type trunk port trunk allow-pass vlan all b) L3 Switch --------- vlan 11 vlan 12 int vlan 11 ip address 10.1.11.1 24 int vlan 12 ip address 10.1.12.1 24 Reminder: No router is required for this solution for the Vlan routing. Virtual Router Redundancy Protocol (VRRP) ========================================= - VRRP provides gateway redudancy for routing clients; preventing single point of failure for gateway solution - VRRP can be configured to provide load balance for gateway load sharing when network size grows - clients need to point to the ip address of the virtual router to use the redundant service - master router of the VRRP group serves the client traffic - backup/slave router listens and monitors the heartbeat of the master router in VRRP VRRP characteristics: ---------------------- - VRRP group is created for the router members - one master is selected the rest are backup or slaves - VRRP ip address can be set to unique address from the physical routers or used any one of the physical routers address Example: VRRP 1 Router A Router B ip address: 10.1.1.1/24 10.1.1.2/24 VRRP Address Option (i) 10.1.1.3/24 Option (ii) 10.1.1.1 or 10.1.1.2 Implications when VRRP address set to Option (i), master router is selected based on the HIGHEST VRRP priority of the group - configurable VRRP priority is in the range of 1 - 254 - VRRP priority 0 and 255 are reserved Option (ii), master router is selected based on the owner of VRRP group. VRRP owner is the router in which his ip address is the same as the VRRP ip address and it reserves its priority to 255. Note: Owner of the VRRP group assumes VRRP priority 255 (fixed) Assumption: RouterA is configured with VRRP priority 254 and its address 10.1.1.1 while RouterB is configured with address 10.1.1.2. VRRP group address is set 10.1.1.2. Which router becomes master? - RouterB Why? - RouterB is assumed priority 255 automatically when powered up. RouterB is the owner. Note: Default VRRP priority for all routers is 100. Example of Configuration: ------------------------- RouterA: - RouterA serves a master router in VRRP group 1 - both routers back up each other in both VRRP groups ------------------------------------------------ int gi0/0/0 description connected to user segment for gateway ip address 10.1.0.1 23 undo shutdown vrrp vrid 1 virtual-ip 10.1.0.3 vrrp vrid 1 priority 250 vrrp vrid 1 preempt vrrp vrid 1 track s0/0/0 reduced 160 vrrp vrid 1 track s0/0/1 reduced 160 vrrp vrid 2 virtual-ip 10.1.1.3 vrrp vrid 2 preempt vrrp vrid 2 track s0/0/0 reduced 50 vrrp vrid 2 track s0/0/1 reduced 50 int s0/0/0 description connected to Public Internet link-protocol ppp ip address 202.190.109.5 30 undo shutdown int s0/0/1 description connected to Intranet via VPN link-protocol ppp ip address 199.190.15.23 24 undo shutdown RouterB: - RouterB serves as a master router in VRRP 2 - both routers back up each other in both VRRP groups --------------------------------------------- int gi0/0/0 description connected to user segment for gateway ip address 10.1.0.2 23 undo shutdown vrrp vrid 1 virtual-ip 10.1.0.3 vrrp vrid 1 preempt vrrp vrid 1 track s0/0/0 reduced 50 vrrp vrid 1 track s0/0/1 reduced 50 vrrp vrid 2 virtual-ip 10.1.1.3 vrrp vrid 2 priority 250 vrrp vrid 2 preempt vrrp vrid 2 track s0/0/0 reduced 160 vrrp vrid 2 track s0/0/1 reduced 160 int s0/0/0 description connected to Public Internet link-protocol ppp ip address 202.190.188.11 30 undo shutdown int s0/0/1 description connected to Intranet via VPN link-protocol ppp ip address 202.188.0.123 24 undo shutdown Spanning Tree Protocol (STP) ============================ Redundant switched network without STP process will cause the following problems: Symptons of Switching Loops a) Instability of the MAC address table b) Heavy broadcast storm c) Network congestion - STP is designed to prevent switching loops in redundant switched network topology while maintaining physical link redundancy - STP is defined in IEEE 802.3d, Rapid STP defined in 802.3w Operational Rules of STP ------------------------ i) One ROOT switch per switched network - root switch is the master switch that controls the topology of the redundant switched networks ii) One ROOT port per non-root switch - root port is the port with the lowest path cost to the root switch (best port to forward traffic to the root switch) iii) One Designated port per switch link - a designated port is the switch port where data traffic will be designated to iv) One alternate port is blocking the user traffic from looping in the switched networks Port Roles in STP ----------------- a) Root port b) Designated port c) Alternate port Port State in STP process ------------------------- i) Forwarding - user and BPDU traffic forwarding & processing goes on as normal (everything works !) ii) Blocking/Standby/Discarding - NO user traffic; no learning of MAC address, receive and process BPDu but not sending BPDU iii)Listening - no user data traffic pass, no learning of MAC address but BPDU process and exchange (send/receive) go on iv) Learning - no user data traffic, learning MAC address, process and exchange of BPDU go on v) Disabled - port is in disconnected mode; no user traffic forwarded, no learning of MAC addresses,NO BPDU exchange traffic (nothing happens) How root switch is selected? - Every switch has a unique bridge ID (switch/bridge ID) - Bridge ID = Bridge Priority + System MAC Address Note: By default, bridge priority is 32768 (configurable) System MAC address is not configurable but unique Switch priority can be modified from the value of Bridge Priority value which finally and manually determine the role of root switch selection. - root switch is selected based LOWEST bridge ID (means lowest bridge priority) By default, root switch is selected based on the lowest system MAC address of the switches (bcoz the bridge priority is the same for all) IEEE defined path cost for each interface bandwidth/speed as follows: Interface (speed) path cost ----------------- --------- 10Mbps 100 100Mbps 19 1000Mbps 4 10000Mbps 2 Command: --------- stp enable - enable STP process - by default STP is enabled already on the switches undo stp enable - disable STP process stp mode stp | rstp | mstp - set and change STP mode (default is MSTP) stp priority xxxx (xxxx can be 0 - 61440 in multiple of 4096) - set STP priority to xxxx value - lower the priority value, the higher is the preference for the switch to be selected as root switch. example of output: [Sw3]display stp vlan 1 ProcessId InstanceId Port Role State ---------------------------------------------------------------------- 0 0 GigabitEthernet0/0/1 DESI FORWARDING 0 0 GigabitEthernet0/0/2 DESI FORWARDING [Sw3]display stp -------[CIST Global Info][Mode MSTP]------- CIST Bridge :32768.4c1f-cc6e-6aca Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :32768.4c1f-cc07-0b17 / 1 CIST RegRoot/IRPC :32768.4c1f-cc6e-6aca / 0 CIST RootPortId :128.1 BPDU-Protection :Disabled TC or TCN received :6 TC count per hello :0 STP Converge Mode :Normal Time since last TC :0 days 0h:59m:6s Number of TC :5 Last TC occurred :GigabitEthernet0/0/1 ----[Port1(GigabitEthernet0/0/1)][FORWARDING]---- Port Protocol :Enabled Port Role :Root Port Port Priority :128 - from the above info, you can see the root ID, switch ID and port role CIST Root :32768.4c1f-cc07-0b17 (root switch) CIST Bridge :32768.4c1f-cc6e-6aca (current switch ID) Port1(GigabitEthernet0/0/1) Port role :Root Port WAN Encapsulation with High-level Data Link Control Protocol (HDLC) =================================================================== - WAN encapsulation protocol works in Data Link layer over serial interfaces (serial links) - HDLC does not provide authentication, compression nor encryption - not practically being used nowadays (obsolete) command: link-protocol hdlc IP Address UNNumbered - loan ip address from loopback interfaces command: ip address unnumbered interface loopback 0
Posted on: Sat, 22 Nov 2014 02:43:43 +0000
Trending Topics
Recently Viewed Topics
© 2015