Troubleshoot static and dynamic 802.1q trunking protocols
In order to troubleshoot trunking Protocols. The first step is to understand the use case for trunking and the difference between static and dynamic trunking protocols.
Trunking is a feature that enables multiple vlans to be forwarded between two or more switches. There is an industry-standard trunking protocol call IEEE 802.1q. The prime purpose of this protocol is to enable all vendors to apply the same standards to multiple vlans when forwarding vlans to a directly-connected network device. This could be a switch, router, firewall, load balancer, server etc.
We will try to better understand this concept using 2 switches directly connected labelled switch 1 and switch 2.
Cisco also has its own proprietary trunking protocol call ISL (inter-switch Link) which means it only works with Cisco network devices.
Cisco uses a protocol called DTP (Dynamic Trunking Protocol). This protocol is installed as default on some of the Cisco Catalyst switches. This protocol enables trunk links to form automatically or with minimal configuration. The downside to this is that it is a very chatty protocol and causes increased traffic on the network. For security reasons and better network efficiency, it is a good idea to disable any unwanted chatter on the network.
By having a trunked interface This will mean that a broadcast on one switch will be extending across the trunk link to another switch creating a larger broadcast domain.
This all happens at layer 2 of the OSI model.
All vlans that traverse the link need to be tagged with the correct vlan. Once the adjoining switch takes receipt of the vlan. It will untag the vlan and forward it to the required switch port interface.
when configuring trunk interfaces. you need to ensure that you have a good understanding of the difference between the vlan you configure and the default native vlan. The native vlan carries untagged traffic and can be changed from the default to another vlan number for security and network efficiency.
To summarise.
There are two trunking standards ISL & 802.1q. They can both form links using the dynamically dynamic trunking protocol DTP.
The first key point to recognise is that for the purpose of our study, we always want our switches to trunk with the industry-standard protocol 802.1q.
DTP manages trunk negotiation only if the port on the neighbour switch is configured in a trunk mode that supports DTP.
A VLAN trunk is a point-to-point link between two network devices that carry more than a single VLAN. This allows the movement of traffic to various sections of a network that have been configured as a VLAN. By using a VLAN trunk, you can extend your VLAN across your whole network.
IEEE 802.1Q is the most common VLAN trunking protocol and is an open standard. It works by marking an Ethernet frame as it passes through a switch, tagging it as belonging to a particular VLAN.
With the VLAN Trunking Protocol (VTP), your switches can exchange VLAN configuration data. A Cisco-proprietary protocol, VTP broadcasts information about every VLAN based on its VLAN ID and name.
You can configure a switch port as a trunk link by using the switchport mode trunk command. This will set the port's interface into trunking mode. It will also negotiate the conversion between neighboring switches or links into trunk links.
A trunk can be configured on a single interface or on a group of interfaces.
The following switch port mode settings exist:
Access: Puts the Ethernet port into permanent non trunking mode and negotiates to convert the link into a nontrunk link. The Ethernet port becomes a nontrunk port even if the neighboring port does not agree to the change.
Trunk: Puts the Ethernet port into permanent trunking mode and negotiates to convert the link into a trunk link. The port becomes a trunk port even if the neighbouring port does not agree to the change.
Dynamic Auto: Makes the Ethernet port willing to convert the link to a trunk link. The port becomes a trunk port if the neighbouring port is set to trunk or dynamic desirable mode. This is the default mode for some switch ports. Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link. The port becomes a trunk port if the neighbouring Ethernet port is set to trunk, dynamic desirable or dynamic auto mode.
No–negotiate - Disables DTP. The port will not send out DTP frames or be affected by any incoming DTP frames. If you want to set a trunk between two switches when DTP is disabled, you must manually configure trunking using the (switchport mode trunk)
Troubleshoot static and dynamic EtherChannels
The following are available PAgP modes and the corresponding action:
1. ON mode does not send or receive PAgP packets. Therefore, both ends should be set to ON mode to form an EtherChannel.
2. Desirable mode tries to ask the other end in order to bring up the EtherChannel.
3. Auto mode participates in the EtherChannel only if the far end asks for participation. Two switches in auto mode will not form an EtherChannel.
The following are true about bundling ports using EtherChannel:
1. The bundled ports must have identical Spanning Tree settings
2. The bundled ports must have the same speed, duplex, and Ethernet media.
3. The bundled ports must belong to the same VLAN if not used as VLAN trunk
4. If the bundled ports represent a VLAN trunk, they must have same native VLAN, and each port should have same set of VLANs in the trunk.
The command: Switch(config)#port-channel load-balance src-ip will configure load balancing on EtherChannel switch links using source IP address.
Note that the load balancing can be done based on source IP, destination IP, both source and destination IP (XOR), source and destination MAC addresses or TCP/UDP port numbers.
The command "switch#show etherchannel port" can be used for verifying the channel negotiation mode of an EtherChannel.
Configure and verify common Spanning Tree Protocols (RSTP and MST)
The following are true about Rapid Spanning Tree Protocol:
1. RSTP uses 802.1D BDPU format to provide backward compatibility. However, the BDPU version is set to 2 to distinguish RSTP BDPU from 802.1D BDPUs.
2. A switch running RSTP can detect a neighbor failure in three Hello intervals or 6 seconds. This is much shorter than the normal 20 seconds max age used for 802.1D.
RSTP uses "Root Bridge" in the same manner as that of 802.1D STP.
2. If a switch running RSTP receives and 802.1D BDPU, the switch begins to use 802.1D rules on that port.
1. 802.1D: This is a Spanning Tree Protocol (STP) that provides loop free switched or bridged network. Topology changes are made dynamically.
2. 802.1Q: The IEEE 802.1Q specification establishes a standard method for tagging Ethernet frames with VLAN membership information.
3. 802.1w: This standard is developed subsequent to 802.1D and offers faster convergence. 802.1w is known as Rapid Spanning Tree Protocol (RSTP).
4. 802.1s: IEEE 802.1s standard represents Multiple Spanning Tree protocol.
Rapid Spanning Tree Protocol (RSTP): is based on the IEEE standard 802.1w. The standard has evolved from its predecessor 802.1D. 802.1w has the advantage of faster convergence over 802.1D.
The command "show spanning-tree" includes information about the following:
1. VALN number
2. Root bridge priority, MAC address
3. Bridge timers (Max Age, Hello Time, Forward Delay)
Three parameters are required for defining an MST region. These are:
a. The region name
b. Configuration revision number
c. Instance to VLAN mappings
To configure Rapid Spanning Tree Protocol (RSTP) on an edge port, use the command: Switch(config-if)# spanning-tree portfast
To enable Multiple Spanning Tree (MST) on a switch, use the command : Switch(config)# spanning-tree mode mst
To enter MST configuration mode on a switch, use the command: Switch(config)# spanning-tree mst configuration
1. The instance 0 of MST corresponds to Internal Spanning Tree (IST).
2. By default all VLANs within an MST region belong to IST
3. MST and PVST+ are interoperable.
4. IST of MST corresponds to CST of 802.1Q
The advantages of Common Spanning Tree (CST) approach to VLAN implementation are fewer BPDUs and less processing overhead. Remember that in PVST, each VLAN has a separate instance of STP running.
The disadvantages of CST implementation are sub-optimal root bridge (since there will be only one root bridge for all VLANs, which may not be place optimally for some VLANs), and possibly, longer convergence times.
PVST+ implementation of Spanning-Tree interoperates with 802.1Q compliant switches, that are using Common Spanning Tree (CST) protocol.
If you have enabled RSTP protection features, the following command lists the ports that have been labeled as having inconsistent state:
show spanning-tree inconsistentports
The following command enables you to look at reasons for inconsistencies: show spanning-tree interface <type> <mod>/<num> [detail]
To configure Rapid Spanning Tree Protocol (RSTP) on an edge port, use the command Switch(config-if)#spanning-tree portfast.
To enable Multiple Spanning Tree (MST) on a switch, use the command Switch(config)#spanning-tree mode mst
To enter MST configuration mode on a switch, use the command Switch(config)#spanning-tree mst configuration
RSTP defines port states according to what the port does with the incoming frames. The allowed port states are as given below:
a. Discarding: The incoming frames are discarded. No MAC addresses are learned.
b. Learning: The incoming frames are dropped, but MAC addresses are learned.
c. Forwarding: The incoming frames are forwarded according to the learned MAC addresses.
Given below are some of the important characteristics of SPAN/RSPAN:
1. You can configure SPAN sessions on disabled ports
2. The switch does not support a combination of local SPAN and RSPAN in a single session.
3. You can run both a local SPAN and an RSPAN source session in the same switch stack.
4. Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same session.
5. The monitored port cannot be a destination port. In other words, a destination port cannot be monitored.
6. You can monitor multiple source ports in a single session.
7. Source port can be an access port, trunk port, or voice VLAN port.
8. If a destination port belongs to a source VLAN, it is excluded from the source list and is not monitored.
9. You can monitor only Ethernet VLANs.
10. The destination port does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).
11. The destination port can participate in only one SPAN session at a time (a destination port in one SPAN session cannot be a destination port for a second SPAN session).
Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. linked state, load balancing, path selection, path operations, metrics)
show ip eigrp topology: To display entries in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table, use the show ip eigrp topology command in EXEC mode.
show ip eigrp neighbours: To display the neighbors discovered by Enhanced Interior Gateway Routing Protocol (EIGRP), use the show ip eigrp neighbors command in EXEC mode. It shows when neighbors become active and inactive. The neighbor parameters displayed include Address, Interface, Holdtime, Uptime, Q, Seq Num, SRTT, and RTO.
show ip route eigrp: Displays the EIGRP routes installed in the route table.
show ip eigrp interface: Use the show ip eigrp interfaces command to determine on which interfaces EIGRP is active, and to find out information about EIGRP relating to those interfaces. The details shown include interfaces on which EIGRP is configured, number of directly connected EIGRP neighbours on each interface, Mean SRTT, etc.
Configure and verify simple OSPF environments, including multiple normal areas, summarization, and filtering (neighbor adjacency, point-to-point and broadcast network types, and passive interface)
LSA Type 1: Router link entry, generated by all routers for each area to which it belongs. These are flooded within a particular area.
LSA Type 2: Network link entry, generated by designated router (DRs). Type 2 LSAs are advertised only to routers that are in the area containing the specific network.
LSA Type 3 and Type 4: Summary link entry, these LSAs are generated by area border routers (ABRs). These are sent to all routers within an area. These entries describe the links between the ABR and the internal routers of an area. These entries are flooded throughout the backbone area and to the other ABRs.
LSA Type 5: Autonomous System External Link Entry, These are originated by ASBR. These entries describe routes to destinations external to the autonomous system. These LSAs are flooded throughout the OSPF autonomous system except for stubby and totally stubby areas.
The router is an ABR (Area Border Router) since it connects two OSPF areas. Area 2 is configured as stubby and not totally stubby. To configure an area as totally stubby, use the command "area
The cost of the default route that is injected into the stub area is equal to 1 by default. To change this value, use the command "area
Area backbone LSAs: The LSAs generated by Area Backbone Routers are LSA1, LSA2, LSA3, LSA4, and LSA5. Note that LSA6 is not supported by Cisco, and LSA7 is generated by NSSA router.
Stub area LSAs: The Stub area router generates LSA types 1, 2, and 3. i.e. Router LSA, Network LSA, and Summary LSA.
Totally Stubby LSAs: The Totally Stubby area routers generate LSA types 1 and 2 NSSA LSAs: A NSSA (Not So Stubby Area) router generates LSA types 1, 2, and 7. . LSA 7 is translated into LSA 5 as it leaves the NSSA
Configure and verify eBGP between directly connected neighbors (best path selection algorithm and neighbor relationships)
The main point of this question is the "State/PfxRcd" column, which shows the BGP states. Below is the list of BGP states in order, from startup to peering:
1. Idle: the initial state of a BGP connection. In this state, the BGP speaker is waiting for a BGP start event, generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state.
2. Connect: In this state, BGP is waiting for the TCP connection to be formed. If the TCP connection completes, BGP will move to the OpenSent stage; if the connection can not complete, BGP goes to Active.
3. Active: In the Active state, the BGP speaker is attempting to initiate a TCP session with the BGP speaker it wants to peer with. If this can be done, the BGP state goes to OpenSent state.
4. OpenSent: the BGP speaker is waiting to receive an OPEN message from the remote BGP speaker.
5. OpenConfirm: Once the BGP speaker receives the OPEN message and no error is detected, the BGP speaker sends a KEEPALIVE message to the remote BGP speaker.
6.Established: All of the neighbor negotiations are complete. You will see a number (2 in this case), which tells us the number of prefixes the router has received from a neighbor or peer group.
iBGP runs between routers of the same AS, where as eBGP runs between the routers belonging to distinct ASs.
Well-known mandatory attributes: These attributes must be included in all UPDATE messages of BGP.
Well-known discretionary: These attributes may be included in a route description, but not mandatory.
Optional transitive: AGGREGATOR and COMMUNITIES are the optional transitive attributes.
Optional non-transitive: These attributes are used in many private BGP enabled networks.
Well-Known mandatory attributes must appear in all BGP update messages. The well-known mandatory messages are:
1. AS_PATH : BGP messages carry the sequence of AS numbers indicating the complete path a message has traversed.
2. NEXT_HOP : This attribute indicates the IP address of the next-hop destination router.
3. ORIGIN : This attribute tells the receiving BGP router, the BGP type of the original source of the NLRI information.
4. In the example, RouterA and RouterB are running eBGP. The correct syntax for establishing neighbor relationship is:
router bgp 100
neighbor 175.23.1.2 remote-as 200
Also, it is important to know that the eBGP peers are directly connected while the iBGP peers are not. iBGP routers don't have to be directly connected, as long as there is some IGP running that allows the two neighbors to reach one another. If two routers belong to the same AS, then they run iBGP, whereas, if they belong to different ASs, they need to run eBGP.
External BGP (eBGP) is used to establish session and exchange route information between two or more autonomous systems. Internal BGP (iBGP) is used by routers that belong to the same Autonomous System (AS).
