Lets Jump straight in…
Covered is
- MST Config
- Etherchannel
- Spanning-Tree
- BPDU Guard, Filter, Loop Guard, Root Guard, UDLD
- Uplink Fast, Backbone Fast
- HSRP
MST Config
(config)#spanning-tree mode mst (config)#spanning-tree mst configuration (config-mst)#name (value) (config-mst)#revision (value) (config-mst)#instance (value) vlan (value) (Eg. 1-3, 1,3,5 or 1-3,5,7) (config-mst)#end (applies the configuration) (config)#spanning-tree mst (instance No.) root (primary/secondary)
To see the configuration, whilst in spanning-tree mode mst;
(config-mst)#show pending (config-mst)#show current
To see the config when in global configuration mode;
(config)#show spanning-tree mst configuration
The instance numbers need to be the same on all switches for them to co-operate in this version of spanning tree.
Etherchannel
Up to 8 ports bundled into 1 channel with 6 channels per switch.
Cisco proprietary – PAgP – Port Aggregation Protocol
- Modes;
- On
- Desirable
- Auto
IEEE – LACP – Link Aggregation Control Protocol
- Modes;
- On
- Active
- Passive
All links on both sides of the switch need to be the same speed and duplex.
Layer 2 Port Channel Configuration
(config)#interface range (int-int) (config-line)#switchport trunk encapsulation dot1q (config-line)#switchport mode trunk (config-line)#channel-protocol (LACP/PAgP) (config-line)#channel-group (value) mode (on, auto, desirable, non-silent, passive, active) (config-line)#exit (config)#interface port-channel (value) (config-line)#switchport trunk encapsulation dot1q (config-line)#switchport mode trunk (config-line)#switchport trunk allowed vlan (add) (value) (config-line)#no shut
It is recommended that vlan configuration and anything else is set at the port channel, and not on the individual interfaces taking part in the port channel. This is to help remove human error, if there is a difference between configurations at a interface and/or port channel level, this is will cause the bundle to fail, or for at least one port in the bundle to error.
Layer 3 Port Channel Configuration
(config)#interface range (int-int) (config-line)#no switchport (config-line)#channel-protocol (LACP/PAgP) (config-line)#channel-group (value) mode (on, auto, desirable, non-silent, passive, active) (config-line)#exit (config)#interface port-channel (value) (config-line)#switchport trunk encapsulation dot1q (config-line)#ip address (IP address) (subnet) (config-line)#no shut (config-line)#exit (config)#ip routing
Spanning-tree – Exhanced features for Stability
1. BPDU Guard – Prevents problems related to switches accidentally being connected to PortFast-enabled ports. (For Access Ports)
2. BDPU Filter – Prevents BPDUs from being transmitted from PortFast-enabled interfaces. (For Access Ports)
3. Root Guard – When activated stops any higher BPDUs from creating instability. When root guard is configured on an interface, it forces the port to always remain a designated interface, never allowing it to transition to a root port.
If a root guard-enabled port receives a higher BPDU, it immediately moves the port to a root-inconsistent STP state (practically the same as the listening state) and does not forward any traffic out that port.
When the root guard protected port stops receiving the higher BPDUs, it automatically unblocks the port and then proceeds through the normal listening, learning, and finally forwarding states. This is done without any intervention for an end user. (For Trunk Ports)
4. Loop Guard – When activated avoids sudden instability that can lead to loops, such as port flapping. (For Trunk Ports)
5. UDLD – Uni-Directional Link Detection – This feature when activated, allows to detect such uni-directional link. UDLD sends UDLD protocol packets to its neighbor switch – 15 seconds being thedefault. The neighbor is then expected to echo packet the packets before a timer expires. If the originating switch does not hear a reply before the timer expires, it shuts down the port. (For Trunk Ports)
BPDU Guard Config
Global Mode
(config)#spanning-tree port-fast default (config)#spanning-tree port-fast bpduguard default
Effects every port that is negoiated as a access port and where the portfast is activated, then BPDU Guard will be activated too.
Interface Mode
(config)#interface (value)
(config-line)#switchport mode access
(config-line)#spanning-tree bpduguard enable
BPDU Filter Config
Global Mode
(config)#spanning-tree portfast default (config)#spanning-tree portfast bpdufilter default
Interface recieving a BPDU Filter will remove the interface out of portfast & allow the BPDU packet to go through
Interface Mode
(config)#interface (value)
(config-line)#switchport mode access
(config-line)#spanning-tree bpdufilter enable
Stops the BPDU packet from the recieving switch without shutting down the interface.
Root Guard
(config)#interface (value)
(config-line)#spanning-tree guard root
Loop Guard
Global Mode
(config)#spanning-tree loopguard default
Interface Mode
(config)#inteface (value)
(config-line)#spanning-tree guard loop
UDLD
Global Mode
(config)#udld enable
This enables the feature on all fibre links
Interface Mode
(config)#interface (value) (config-line)#udld port (Agressive)
By using the “Agressive” argument, tries to re-establish the connection 8 times, after that it puts the port into an err-disabled state.
Uplink Fast
Used to speed up the convergence of STP process on trunks when a direct link failure is dectected.
With uplink fast on SW3, if the failure was a direct link fail that is connected to SW4 and if uplink fast is active on SW4, then the blocked port directly converges to a Foward state (Root Port Role)
Backbone Fast
Alters the convergence process by reducing the convergence time delay. When SW4 detects a indirect link failure and if backbone fast is configured it will only bypass the 20 seconds Max Age timer.
This will reduce the transition time frame 50 seconds to 30 seconds for the port to become a root port.
First Hop Reduancy Protocol
Creating a virtual floating IP.
1. HSRP – Hop Standby Routing Protocol (Cisco)
2. VRRP – Virtual Route Redundancy Protocol (IEEE)
3. GLBP – Gateway Load Balancing Protocol (Cisco)
HSRP
Group ID = between 1 – 255
States;
- Init
- Listen
- Speak
- Stanby
- Active
Uses a virtual MAC Address on each group.
0000:0C07:AEXX
XX = Group ID in Hexidecimal
Priority = Default 100, if same priority tie, then highest IP wins, that switch will be chosen as Active.
Once the virtual IP has failed over, doesnt failback to the currently failed switch when it is back online.*
* Unless the “preempt” command is used.
Configuration on first switch;
(config)#interface vlaen (value) (config-line)#standby (value) ip (ip address) (subnet) (config-line)#standby (value) priority (value) (config-line)#standby (value) preempt
Configuration on second switch;
(config)#interface vlan (value) (config-line)#standby (value) ip (ip address) (subnet) (config-line)#standby (value) priority (value) (config-line)#standby (value) preempt
Note: The standby IP is the same on both switches.
And thats it for today.
I’ll cover off the last bits of HRSP on day 8.