switching: 2011

Sunday 11 December 2011

How to create Etherchannel in GNS3

I searched most of the Internet to find out how to create ether-channel but couldn't find right steps. I have tried to make it more complex so that it will help you in many other deployments.

R1------f0/0+f0/1-----R2---->f0/3--->R3

All ports exist in vlan 10. R1 is having vlan 10 interface with ip 192.168.10.1 and the R3 is having ip 192.168.10.2. The successful lab you should be able to ping 192.168.10.1 from R3.

Please note to add the vlan 10 to R1 and R2 before configuring any thing. I found that if introduce vlan at the end it does not work.

R2>
R2>en
R2#vlan data
R2(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
R2(vlan)#apply
APPLY completed.
R2(vlan)#exit
APPLY completed.
Exiting....
R2#conf t

Below is the lab steps:

R3:

!
interface FastEthernet0/3
no switchport
ip address 192.168.10.2 255.255.255.0
!

R2--->l2 switch

interface Port-channel1

switchport access vlan 10 ------>port channel is also in vlan 10

interface FastEthernet0/0

switchport access vlan 10

channel-group 1 mode on

interface FastEthernet0/1

switchport access vlan 10

channel-group 1 mode on

interface FastEthernet0/2

interface FastEthernet0/3

switchport access vlan 10

And Finally R1 (I am using l2 etherchannel )

interface Port-channel1

switchport access vlan 10

interface FastEthernet0/0

switchport access vlan 10

channel-group 1 mode on

interface FastEthernet0/1

switchport access vlan 10

channel-group 1 mode on

interface Vlan1

no ip address

interface Vlan10

ip address 192.168.10.1 255.255.255.0

Let me know if this helps.

waiting for your feed :-)

Here is the HSRP LAB:
1> for VLAN 10 the primary is R1 and passive is R2
2> for vlan20 the active is R2 and the passive is R1

how to check
on R3 make the f0/2 shutdown and ping again to check if you are able to ping the stand by IP

Below is the config of R1, R2 and R3

R1:

!
interface FastEthernet0/2
switchport mode trunk
!
interface Vlan10
ip address 192.168.10.2 255.255.255.0
standby 1 ip 192.168.10.1
standby 1 priority 150
!
interface Vlan20
ip address 192.168.20.2 255.255.255.0
standby 2 ip 192.168.20.1
!

R2:

interface FastEthernet0/3

switchport mode trunk

interface Vlan10

ip address 192.168.10.3 255.255.255.0

standby 1 ip 192.168.10.1

interface Vlan20

ip address 192.168.20.3 255.255.255.0

standby 2 ip 192.168.20.1

standby 2 priority 150

R3:

interface FastEthernet0/2

switchport mode trunk

interface FastEthernet0/3

switchport mode trunk

shutdown

interface FastEthernet0/4

switchport access vlan 10

interface FastEthernet0/5

switchport access vlan 20

Thursday 1 December 2011

test

Wednesday 30 November 2011

Important Points for the exam

>UDLD: works only for fiber optic ports. It helps to check if there is any broken links between switches.
#conf t
#udld enable

> In the trunk the native vlan frames travel with out tagging. default all ports on a switch belong to VLAN1(native vlan)

> Tag is nothing but vlan identifier

> ISL and 802.1q can identify layer 2 frames

>ISL adds a 26-byte headerand a 4-byte trailer to the frame. The source VLAN is identified with a 10-bit VLAN ID field in the header. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the new encapsulated frame

>BPDU: Bridge Protocol data unit. These are unique frames exchanged between switches to identify and topology changes. These messages are used to create a loop free switch network. The BPDU has following items:

a> Root Bridge ID : Priority Number + MAC address
b> Root Bridge Path Cost
c> Sender Bridge ID: Priority Number+MAC address
d> Port ID: Determines the port from which these BPDU are sent
e> 8 Flags (1st flag determines there is a change in the network, last flag determies topology change ack)
f> other feilds like forward delay, max age and Hello timers

> Spanning Tree Protocol: is used to optimize switch networks by dropping trees on redundant paths. The algo uses BPDU to determine loop free path in the network. Below is the process on how it works

each switch in the network considers it self as Root Bridge (the default priority is 32768)
If switch receives any BPDU it compares the Root Bridge ID with its own database. If its better (checks the priority first if its a tie then matches the MAC address. Remember the lower the better) with low Root Bridge ID then it deletes already stored and adds root bridge to its database.
Once the root bridge is determined next step is to find the lowest cost path to reach it or finding the root port. Lower the cost of the path the better is the link ( 10 Mbps cost is 100 and 1Gbps is 4). So each switch should have atleast one root port. The Root Bridge will never have root ports.
If a switch has multiple connections through different switches with equal cost then it will chooe path via the switch with Lower bridge ID(as lower is better).
Once root port is determined now its time to find the designated ports and the blocked ports.
All the ports connected to end devices will be designated along with those ports connected to the root ports of the other switches.
Important: Blocked ports. How to determine them : check examples in the below link http://ccnpswitch.blogspot.com/2011_08_01_archive.html

>If the bridge piority is same then the MAC address usually resolves the tie.

>STP port Status :

Process blocking listening learning forwarding disable

Receives& Process Yes Yes Yes Yes No
BPDU

Forward Frames rcvd No No No Yes No
on interface

Forward data frames No No No Yes No
received from another
interface

Learn MAC address No No Yes Yes No

> Port

> Root Guard is mainly for changing designated port to" Inconsistent Blocked port" if the root receives any superior BPDU.

> Root Guard: It is interface configuration command like

#interface f0/2 - 4 --->here this f0/2, f0/3, f0/4 are connected to different switches
#spanning-tree guard root

Sunday 30 October 2011

Private VLANs

How to create Private Vlans. Below are the steps I follow:

1> create a map of how your network is and the interfaces in the port modes
2> create primary and sub vlans and associate sub-vlans to primary vlan
3> add interfaces to either isolated or community
4> finally add the promiscuous port and map private-vlans which can reach this promiscuous port.

1>Creating the map
Primary vlan: 200
f4/27 Router--> promiscuous port
f4/26FTP--> Isolated vlan 210
f4/24 and f4/25 WWW and sql-->community vlan 205

2.a> Creating vlan and sub vlans
conf t
vtp mode transparent
vlan 200
private-vlan primary
exit
vlan 205
private-vlan community
exit
vlan 210
private-vlan isolated
exit
================
2.b> Associating the sub-vlans to Primary vlan

associating 205 and 210 to vlan 100

vlan 200
private-vlan association 205,210

===============
show vlan private-vlan type
============

configuring fast ethernet ports now

3> add ports to Private vlans and to modes

int fa4/24
switchport mode private-vlan host
switchport private-vlan host association 200 205

4> creating promiscuous port and map private-vlans which can reach this promiscuous port

int fa4/27
switchport mode private-vlan promiscuous
switchport private-vlan mapping 200 205,210

Thursday 27 October 2011

Securing L2

To use most of the security features of any l2 cisco switch first convert the port to access port.

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface f0/1
Switch(config-if)#switchport mode access ----->converting f0/1 to access port
Switch(config-if)#switchport port-security--->use this command to enable the port security. You can follow with further commands as a new command

Switch(config-if)#switchport port-security ?
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>
Switch(config-if)#switchport port-security maximum 1 -->only 1 mac address allowed to learn on this interface

Switch(config-if)#switchport port-security violation ?
protect Security violation protect mode ----> it ignores the other mac address and no logs
restrict Security violation restrict mode --->logs the violation
shutdown Security violation shutdown mode --->shuts down the port

Switch#show port-security interface f0/1
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0 --->this will go up

To enable the security violated port:
conf t
errdisable recovery cause security-violation
errdisable recovery interval <time in seconds>

To learn the dynamic and allow limited mac address, you can use combination of maximum and sticky:

Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport port-security maximum 2
Switch(config-if)#switchport port-security mac-address ?
H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky
Switch(config-if)#switchport port-security mac-address sticky ?
H.H.H 48 bit mac address
<cr>
Switch(config-if)#switchport port-security mac-address sticky

HSRP

My Laptop's Motherboard failed on me. I lost all my work. But I got it back and now back on track. I tried to do HSRP on packet tracer but it did not work. I searched some blogs and packet tracer does not support HSRP or any other redundancy protocols. So I either had to use real switches or practice these labs on routers. The L3 switches are out of my pocket so I need to reconfigure my GNS3. So I did labs on HSRP

LAB 1> Use simple fastethernet interfaces as part of standby
LAB2> Use vlan interface as part of standby
LAB3> Include Port channel
LAB4> Use priority
LAB5> Use Preempt
LAB 6> Use Timers in HSRP

Done with HSRP...will keep posted

Sunday 9 October 2011

Port Channel- single vlan- L2

In this scenario, I wanted to check the etherchannel between 2 L2 switches for a single vlan. I am going to paste the config of a single switch as the config of the other switch is not different.

interface FastEthernet0/1
switchport access vlan 100
channel-protocol pagp
channel-group 1 mode desirable
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 100
channel-protocol pagp
channel-group 1 mode desirable
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 100
channel-protocol pagp
channel-group 1 mode desirable
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 100
switchport mode access
!
interface Port-channel 1
switchport access vlan 100
!

Monday 26 September 2011

now ready for new experiments

now I can read further. Got the book very long. But now I have plenty of time to work on the new things.

etherchannel for a single vlan

man this took very long. Not so happy. I should I have given a thought earlier. But back now and I have already started to mend things. Below is an example for the configuring ether channel per vlan. I wanted to try this very desperately. For me it seemed so logically simple. Now, configuring is also simple:

The Switch 0 may be considered as Major switch which are connected to distributor switches. Here are the config of the switch 0 and switch 1. For switch 2 give it a go and try pinging 20.2 from 10.2

hostname Switch0
!
ip routing
!
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode auto
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode auto
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
channel-protocol pagp
channel-group 2 mode auto
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/4
channel-protocol pagp
channel-group 2 mode auto
switchport access vlan 20
switchport mode access
!
interface Port-channel 1
switchport access vlan 10 ----->configuring portchannels to a vlan
!
interface Port-channel 2
switchport access vlan 20 ----->configuring portchannels to a vlan
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!

========================

hostname Switch1
!
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode desirable
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode desirable
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface Port-channel 1
switchport access vlan 10
!
interface Vlan1
no ip address
shutdown
!

Sunday 25 September 2011

back from a long trip

Hi,

I had a very long trip. India, singapore, india, tunisia, algeria and back to India....now time to get back and time to mend things.

Wednesday 7 September 2011

Hi All

Still struggling with etherchannel on a single VLAN. It does not work with me.

I am figuring out a way. Currently I am in Singapore but still finding a way.

Monday 22 August 2011

STP over etherchannel

I am trying to understand how STP works on etherchannel. I need to read further on the STP over etherchannel. Need to buy the cisco press book today. Going out to have it.

Router on a stick config

I like this scenario and its easy to understand:

Here is the config of the router:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!

Switch 0:

Switch#show vtp s
Switch#show vtp status
VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : SERVER
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x37 0xAC 0x93 0xA6 0xD1 0x18 0x77 0xA3
Configuration last modified by 0.0.0.0 at 3-1-93 00:56:51
Local updater ID is 0.0.0.0 (no valid interface found)

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
10 ten active Fa0/4
20 twenty active Fa0/5
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

On other switches you need to configure the same as in switch 0

simulation of layer3 switch on gns3

I am searching if there is a way to simulate l3 switch on gns3. Need some research to be done. It will take some time. I am downloading IOS.

In the mean time I am working on the router on a stick and etherchannel. will keep posting.

Sunday 21 August 2011

VTP and PVST

I configured VTP domain called SERVER with 3 vlans 10,20,30. I also enabled PVST in this scenario.

Here is the config part:

Switch0

hostname Switch0
!
!
spanning-tree vlan 10 priority 24576
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access

Switch0(config)#do sh vtp status
VTP Version : 2
Configuration Revision : 6
Maximum VLANs supported locally : 255
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : SERVER
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEA 0x6D 0x8A 0x70 0x59 0xE8 0x24 0x5D
Configuration last modified by 0.0.0.0 at 3-1-93 00:09:36
Local updater ID is 0.0.0.0 (no valid interface found)

Switch0#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.C716.A7B5
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0004.9A15.C545
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0004.9A15.C545
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address 0004.9A15.C545
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 0001.C716.A7B5
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 0004.9A15.C545
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 24606
Address 0030.A316.06BD
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 0004.9A15.C545
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p

Switch0#show spanning-tree summary
Switch is in pvst mode
Root bridge for: 10
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
VLAN0010 0 0 0 3 3
VLAN0020 0 0 0 3 3
VLAN0030 1 0 0 1 2

---------------------- -------- --------- -------- ---------- ----------
4 vlans 1 0 0 9 10

switch1

Switch1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.C716.A7B5
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0001.C716.A7B5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/1 Desg FWD 19 128.1 P2p

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0004.9A15.C545
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0001.C716.A7B5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/1 Root FWD 19 128.1 P2p
Fa0/3 Desg FWD 19 128.3 P2p

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 0001.C716.A7B5
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24596 (priority 24576 sys-id-ext 20)
Address 0001.C716.A7B5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/4 Desg FWD 19 128.4 P2p

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 24606
Address 0030.A316.06BD
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 0001.C716.A7B5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/5 Desg FWD 19 128.5 P2p
Fa0/2 Root FWD 19 128.2 P2p
Fa0/1 Desg FWD 19 128.1 P2p

Switch 2

Switch2#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.C716.A7B5
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.BA7B.4CA4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root FWD 19 128.2 P2p
Fa0/1 Altn BLK 19 128.1 P2p

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0004.9A15.C545
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 00D0.BA7B.4CA4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/1 Desg FWD 19 128.1 P2p

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 0001.C716.A7B5
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 00D0.BA7B.4CA4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root FWD 19 128.2 P2p
Fa0/1 Altn BLK 19 128.1 P2p
Fa0/4 Desg FWD 19 128.4 P2p

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 24606
Address 0030.A316.06BD
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 00D0.BA7B.4CA4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/1 Root FWD 19 128.1 P2p
Fa0/5 Desg FWD 19 128.5 P2p

Switch3

Switch3(config)#do sh span
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.C716.A7B5
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0030.A316.06BD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0004.9A15.C545
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0030.A316.06BD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 0001.C716.A7B5
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 0030.A316.06BD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 24606
Address 0030.A316.06BD
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24606 (priority 24576 sys-id-ext 30)
Address 0030.A316.06BD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/5 Desg FWD 19 128.5 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p

Spanning tree protocol example with priority change

Here I have changed the default priority of switch0 to 4096 making it root. Wanted to check the port status now. Check the difference. The priority has been changed with below command:

Switch0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch0(config)#spanning-tree vlan 1 priority 4096

Here is one more example STP with defaults

Here I have tried to get the details in the diagram itself. R is root port. D is designated port: Below are the some of the details of some of the switches. Check the role of the switch ports:

Switch1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0C28.2A51
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0050.0FC0.5B7E
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Altn BLK 19 128.2 P2p
Fa0/1 Root FWD 19 128.1 P2p

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Switch2#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0C28.2A51
Cost 19
Port 3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0040.0B39.73A1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/3 Root FWD 19 128.3 P2p
Fa0/4 Altn BLK 19 128.4 P2p

How Spanning tree works with diagram

This example will solve most of the issues in understanding STP:

Lets consider how to get to the designated, root and blocked ports. I will try explaining for each switch one by one. Here all switches are having default ID. If ID were different then it would have automatically choose the lowest bridge ID. But here we will try to get with defaults:

Step 1: finding root switch

After analyzing MAC address of all the switch, we found that MAC of Switch 4 is very low and hence its the Root bridge. Lets check the output of this switch

==========================

Switch#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.43AD.CAD2
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0001.43AD.CAD2
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/4 Desg FWD 19 128.4 P2p
================================================

All the ports are designated ports.

Step 2: Finding root ports for each switch

Switch 3: The port connecting directly to switch 4 is the root port
Switch 5: The port directly connected to the switch 4 is the root port
Switch 2:  The port directly connected to the switch 4 is the root port
Switch 1:  The port directly connected to the switch 4 is the root port
Switch 0: There are two paths for the Switch 0 to reach root switch
a> via switch 2 whose path cost is 19+19
b> via switch 1 to Switch 4 directly whose path cost is 19+19
so there is Tie here. Hence lets check the MAC here
Mac of switch 1< Mac of Switch 2
Hence it will choose Switch 1 to reach the root bridge

Step 3: Finding Blocked

Now you need to compare the MAC address of each switch, which ever will be low it will be as Designated port and the one with higher MAC it will be blocked. These blocked ports are Amber in the above diagram.
example switch 1 and Switch 3. THe mac of switch 1 is greater than switch 3, so the port of switch 1 connecting to the switch 3 is Amber.

Important    Lets consider the switch 0 now which is connected to switch 2. The MAC of switch 2 is higher but still it is green. The reason is the cost of the switch 2 to reach root is less than the cost of the switch 0 to reach root. Hence Switch 0 port is Amber.

Hope this helps!!!

till now

I have completed my CCNA and CCNP 642-902.

Now I am going to start my CCNP Switching. I try posting everyday about whatever I read. New network diagrams I wil create in my lab.

Will try to post most most of the content myself.

switching

PLEASE LEAVE YOUR SUGGESTION AND COMMENTS

Sunday 11 December 2011

How to create Etherchannel in GNS3

Thursday 1 December 2011

test

Wednesday 30 November 2011

Important Points for the exam

Sunday 30 October 2011

Private VLANs

Thursday 27 October 2011

Securing L2

HSRP

Sunday 9 October 2011

Port Channel- single vlan- L2

Monday 26 September 2011

now ready for new experiments

etherchannel for a single vlan

Sunday 25 September 2011

back from a long trip

Wednesday 7 September 2011

Hi All

Monday 22 August 2011

STP over etherchannel

Router on a stick config

simulation of layer3 switch on gns3

Sunday 21 August 2011

VTP and PVST

Spanning tree protocol example with priority change

Here is one more example STP with defaults

How Spanning tree works with diagram

till now

Other Websites