Ch. 4 Maintaining and Troubleshooting Campus Switched Networks

Ch. 4 Maintaining and Troubleshooting Campus Switched Networks

Ch. 4 Maintaining and Troubleshooting Campus Switched Networks NET412 Materials Book: Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide: Foundation learning for the CCNP TSHOOT 642-832 By Amir Ranjbar Book ISBN-10: 1-58705-876-6 ISBN-13: 978-1-58705-876-9 eBook ISBN-10: 1-58714-170-1 ISBN-13: 978-1-58714-170-6 2 Chapter 4 Objectives Diagnose VLAN, VTP, and trunking problems using the IOS command line interface. Diagnose spanning tree and EtherChannel problems using the IOS command line interface. Diagnose and resolve problems with SVIs and inter-VLAN routing.

Diagnose and resolve problems related to first hop redundancy protocols such as HSRP, VRRP, and GLBP. Troubleshooting VLANs 4 LAN Switch Operation A good understanding of the processes involved in Layer 2 switching is essential to any engineer that is involved in network troubleshooting. Many times we try to memorize situations instead of understanding and analyzing network operations. To focus just on Layer 2 switching, assume that the two hosts reside on a common subnet (VLAN). Host A pings Host B 5 Host A Needs to determine if 10.1.1.2 is on its subnet or another subnet. How does Host A knows its own network address? IP Address AND Subnet Mask How does Host A know Host Bs network address? Host Bs IP Address AND Host As Subnet Mask Why does Host A use its own Subnet Mask and not that of Host B? Does not know Host Bs Subnet Mask If Host B is in same subnet as Host A they will have the same mask Host A compares the network address from both AND operations Same network address: Need MAC Address of 10.1.1.2

Different network addresses: Need MAC Address of Default Gateway 6 LAN Switch Operation Host A and Host B are on the same subnet Host A will examine its Address Resolution Protocol (ARP) cache to find the MAC address of Host B. If there is an entry for 10.1.1.2 and its MAC Address: No ARP process needed Encapsulate the IP packet in an Ethernet frame with Destination MAC address of Host B 7 If Host A does not have an ARP cache entry for 10.1.1.2: Sends out ARP Request (broadcast) ARP Request: Contains IP address of 10.1.1.2 but no MAC Address Switch C: Learns Checks the VLAN of the incoming port (VLAN 10) Records (or resets 5 minute timer) for Source MAC address and Port Number 8 Switch C: Forward The MAC address table never contains an entry for the broadcast

MAC address (FFFF:FFFF:FFFF). Switch C will flood the frame on all ports: All access ports in that VLAN (VLAN 10) All trunks that this VLAN is allowed, active, and not pruned on Except the port it came in from Switches D and E repeat this process as they receive the frame 9 Host B receives the ARP request: Records the Host As IP address and MAC address in its own ARP cache Sends an ARP Reply (unicast) back to Host A 10 Because all switches now have an entry in their MAC address table for the MAC address of Host A they will: Learns Record Host Bs MAC address and corresponding interface and VLAN in their MAC address table (if they did not already have that entry) Forwards Forward the frame containing the ARP reply on the path to Host A only No flooding 11 Host A receives the ARP reply: Records the IP and MAC address of Host B in its ARP cache

Now it is ready to send the original IP packet. Host A encapsulates the IP packet (ICMP echo request) in a unicast frame destined for Host B and sends it out. Note that the Ethernet type field of 0x0800 (IP packet) The switches examine their MAC address tables: Learn: Resets 5 minute timer Host As source MAC address Forward: Finds Host Bs MAC address and forward it towards Host B (no flooding) 12 Host B receives the packet Responds to Host A (sends an ICMP echo reply packet) The switches examine their MAC address tables: Learn: Resets 5 minute timer Host Bs source MAC address Forward: Finds Host As MAC address and forward it towards Host A (no flooding) 13 Host A receives the packet Ping program displays output The end. Question: If everything works as shown why might this first ping fail? Sometimes the very first ICMP echo request times out due to the requirement for an ARP Request Although this process might seem trivial, listing the steps clearly shows that even for the simplest communication, an elaborate chain of events take place.

If at any point this chain is broken due to faulty cabling, failing devices, or misconfiguration, the communication will fail. Important to leverage your knowledge of these processes to diagnose and solve 14 problems in a switched environment. Some possible issues that could cause the communication to fail Firewall (host or switch) Physical problems Bad, missing, or miswired cables Bad ports Power failure Device problems Software bugs Performance problems Misconfiguration Missing or wrong VLANs Misconfigured VTP settings

Wrong VLAN setting on access ports Missing or misconfigured trunks Native VLAN mismatch VLANs not allowed on trunk 15 Verifying Layer 2 Forwarding A common method to troubleshoot Layer 2 switching problems is to follow the path of the frames through the switches. Takes time and effort Objective: To confirm that frames have passed through the switches and to verify how each switch made its forwarding decisions. Find the point where the trail stops. Possible to start at the endpoints. 16 MAC Address Table key data structure Find the entry for a particular MAC address in this table it proves: Proves within the last five minutes this switch received frames from that source But nothing about a particular frame.

Useful command: clear mac-address-table - Verify that the MAC address is learned again when you reinitiate the connection 17 Many possible findings and conclusions : Frames are not received on the correct VLAN: Possible VLAN or trunk misconfiguration. Frames are received on a different port than you expected: Possible physical problem, spanning tree issues or duplicate MAC addresses. The MAC address is not registered in the MAC address table: Most likely problem is upstream from this switch. 18 show vlan: Verifies VLAN existence and port-to-VLAN associations. Lists all VLANS that were created on the switch (either manually or through the VLAN Trunking Protocol [VTP]). Note: Trunks are not listed because they do not belong to any VLAN, in particular. 19 show interfaces trunk: Displays all interfaces that are configured as trunks. Displays for each trunk which VLANs are allowed and what the native VLAN is.

20 show interfaces switchport: Gives a quick summary of all VLAN related information for a single interface. 21 traceroute mac: You specify a source and destination MAC address Shows a list of switch hops that a frame from that source MAC address to that destination MAC address. Discovers the Layer 2. This command requires that Cisco Discovery Protocol (CDP) is enabled on all the switches in the network (or at least within the path). 22 Troubleshooting STP 23 Spanning Tree Protocol (STP) STP often accounts for more than 50 % of the configuration, troubleshooting, and maintenance headaches in realworld campus networks (especially if they are poorly designed).

Complex protocol that is generally poorly understood. Radia Perlman Developer of STP 24 L2 Loops Switch (Bridge) loops can occur any time there is a redundant path or loop in the bridge network. The switches will flip flop the MAC address table entries (creating extremely high CPU utilization). Unicasts, unknown unicasts and broadcasts are all problems. 25 Spanning Tree Algorithm STP executes an algorithm called Spanning Tree Algorithm (STA). STA chooses a reference point, called a root bridge. Then determines the

available paths to that reference point. If more than two paths exists, STA picks the best path and blocks the rest X 26 Two-key STP Concepts STP calculations make extensive use of two key concepts in creating a loop-free topology: Bridge ID Path Cost Link Speed Cost (Revised IEEE Spec) Cost (Previous IEEE Spec) 10 Gbps 2

1 1 Gbps 4 1 100 Mbps 19 10 10 Mbps 100 100 27 Five-Step STP Decision Sequence When creating a loop-free topology, STP always uses the same fivestep decision sequence: Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 Lowest Port Priority

Step 5 - Lowest Port ID Bridges use Configuration BPDUs during this five-step process. We will assume all BPDUs are configuration BPDUs 28 The following STP slides are for your review of STP. 29 Elect one Root Bridge Lowest BID wins! Who wins? 30 Elect one Root Bridge Lowest BID wins! My BID is 32768.0001.C945.A573 Who wins? My BID is 32768.0005.5E0D.9315 My BID is 32768.0060.47B0.5850

My BID is 32768.0003.E461.46EC My BID is 32768.0001.964E.7EBB I win! Root Bridge 31 Elect Root Ports I will select STP Convergence one Root Port that is Step 1 Elect one Root Bridge closest, best Step 2 Elect Root Ports Step 3 Elect Designated Ports path to the root bridge. Next, each switch determines its Root Port: Its port closest to the Root Bridge Bridges use the cost to determine closeness. Every non-Root Bridge will select one Root Port! Specifically, bridges track the Root Path Cost, the cumulative cost of all links to the Root Bridge.

32 Root Bridge, Access2 sends out BPDUs, containing a Root Path Cost of 0. Switches receive these BPDUs and adds the Path Cost of the FastEthernet interface to the Root Path Cost contained in the BPDU. This value is used internally and used in BPDUs to other switches. Path Cost BPDU BPDU Cost=0+19=19 Cost=0+19=19 19 19 0 BPDU Cost=0+19=19 19 0

0 BPDU Cost=0 Root Bridge 33 Difference b/t Path Cost and Root Path Cost Path Cost: The value assigned to each port. Added to BPDUs received on that port to calculate Root Path Cost. Root Path Cost Cumulative cost to the Root Bridge. This is the value transmitted in the BPDU. Calculated by adding the receiving ports Path Cost to the valued contained in the BPDU. Path Cost BPDU BPDU Cost=0+19=19

Cost=0+19=19 19 19 0 BPDU Cost=0+19=19 19 0 0 BPDU Cost=0 Root Bridge 34 Switches now send BPDUs with their Root Path Cost out other interfaces. Switches receive BPDU and add their path cost. Path Cost BPDU

BPDU Cost=4+19=23 Cost=4+19=23 19 19 BPDU BPDU Cost=19 Cost=19 0 19 0 0 Root Bridge 35 This process continues

BPDU BPDU Cost=4+19=23 Cost=4+19=23 19 19 BPDU BPDU Cost=19 Cost=19 0 19 0 0 Root Bridge 36

This process continues Path Cost BPDU Cost=4+19=23 BPDU BPDU Cost=19+19=38 Cost=19 19 23 23 19 0 19 BPDU Cost=4+19=23 19 0

0 Root Bridge 37 Final Results Ports show BPDU Received Root Path Cost + Path Cost = Root Path Cost of Interface, after the best BPDU is received on that port from the neighboring switch. This is the cost of reaching the Root Bridge from this interface towards the neighboring switch. Now lets see how this is used! Path Cost 19+4=23 23+4=27 19+19=38 19 19+4=23 23+4=27 19+19=38 19+4=23 19 19+4=23

19+4=23 19+4=23 0 0 19 0 Root Bridge 38 Elect Root Ports Next: Every non-Root bridge must select one Root Port. Elect Root Ports A bridges Root Port is the port closest to the Root Elect Designated Ports Bridge. Non-Designated Ports: All other ports Bridges use the cost to determine closeness. Path Cost These values would be the Root Path Cost

if this interface was used to reach the Root Bridge. 23 27 38 19 23 27 38 23 19 23 23 0 23 0 19

0 Root Bridge 39 Elect Root Ports: (Review) Ports show Root Path Cost of Interface, after the best BPDU is received on that port from the neighboring switch. This is the cost of reaching the Root Bridge from this interface towards the neighboring switch. Distribution 1 thought process Path Cost If I go through Core it costs 27. If I go through D2 it costs 38. If I go through A1 it costs 23. If I go through A2 it costs 19.

This is the best path to the Root! 40 Elect Root Ports Every non-Root bridge must select one Root Port. A bridges Root Port is the port closest to the Root Bridge. Bridges use the Root Path Cost to determine closeness. 19 23 23 19 23 23 38 23 38 RP

? 27 27 23 ? 19 RP 0 0 RP 0 Root Bridge 41 Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID

Step 4 - Lowest Port Priority Step 5 - Lowest Port ID Elect Root Ports Core switch has two equal Root Path Costs to the Root Bridge. Five-step decision process. Dist 1 switch has a lower Sender BID than Dist 2. Core chooses the Root Port of G 0/1. RP My BID is 32768.0005.5E0D.9315 Lower BID 19 23 23 19 23 23 My BID is

32768.0060.47B0.5850 38 23 38 RP ? 27 27 23 ? 19 RP 0 0 RP 0

Root Bridge 42 Elect Designated Ports STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports A Designated Port functions as the single bridge port that both sends and receives traffic to and from that segment and the Root Bridge. Each segment in a bridged network has one Designated Port, chosen based on cumulative Root Path Cost to the Root Bridge. The switch containing the Designated Port is referred to as the Designated Bridge for that segment. To locate Designated Ports, lets take a look at each segment. Segments perspective: From a device on this segment, Which switch should I go through to reach the Root Bridge? 43 A Designated Port is elected for every segment. Segments perspective: From a device on this segment, Which switch should I go through

to reach the Root Bridge? Ill decide using the advertised Root Path Cost from each switch! RP 23 23 ? ? 19 ? 19 19 19 ? 19 ? ? RP 19

19 RP ? 19 19 19 19 RP ? 0 0 0 Root Bridge 44 Because Access 2 has the lower Root Path Cost it becomes the Designated Port for that segment. RP 23

23 19 19 19 19 My19designated What is my portbest will be path 019 via Access to the2 Root (Fa0/5). Bridge, Its the 19 19 19 best path, via lowest AccessRoot 1 or Path,

0 via Access Bridge. 2? RP to the Root 19 19 RP ? 19 RP 0 DP 0 0 Root Bridge 45 Because Access 2 has the lower Root Path Cost it becomes the Designated Port for those segments. RP 23 19

19 19 19 19 RP 19 19 19 RP 23 ? 19 19 19 RP ? DP DP 0 0 0 DP

Root Bridge 46 Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port Priority Step 5 - Lowest Port ID Segment between Distribution 1 and Access 1 has two equal Root Path Costs of 19. Using the Lowest Sender ID (first two steps are equal), Access 1 becomes the best path and the Designated Port. RP 23 23 32768.0005.5E0D.9315 19 19 19

19 RP ? DP 19 32768.0003.E461.46EC Lower BID 19 19 RP 19 What is my best path to the Root Bridge, 19 19 via Distribution 1 or 19 19 via Access 1? They are the same! Who 19 RP has the lowest BID? DP DP 0

0 0 DP Root Bridge 47 After this process is finished All other ports, those ports that are not Root Ports or Designated Ports, become NonDesignated Ports. Non-Designated Ports are put in blocking mode. This is the loop prevention part of STP. RP 23 23 X NDP DP 19 DP NDP 19 X 19

DP 19 19 RP 19 19 RP 19 NDP DP X X 19 19 NDP 19 RP DP 0 DP

DP 0 0 Root Bridge 48 show spanning-tree Path Cost Core# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.964E.7EBB Cost 4 Port 25(GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address Hello Time

Aging Time Interface ---------------Gi0/1 Gi0/2 Role ---Root Altn 32769 (priority 32768 sys-id-ext 1) 0001.C945.A573 2 sec Max Age 20 sec Forward Delay 15 sec 20 Sts --FWD BLK Cost --------4 4 Prio.Nbr -------128.25 128.26 Type

-------------------------------P2p P2p 49 show spanning-tree detail Path Cost Core# show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree Protocol Bridge Identifier has priority of 32768, sysid 1, 0001.C945.A573 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32769 Root port is 25 (GigabitEthernet0/1), cost of root path is 4 Topology change flag not set, detected flag not set Number of topology changes 0 last change occurred 00:00:00 ago from FastEthernet0/1 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0, aging 300 50 Port Cost/Port ID Five-Step decision Sequence Step 1 - Lowest BID

Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port Priority Step 5 - Lowest Port ID 0/2 0/1 Assume path cost and port priorities are default (32). Port ID used in this case. Port 0/1 would forward because its the lowest. If the path cost and bridge IDs are equal (as in the case of parallel links), the switch goes to the port priority as a tiebreaker. Lowest port priority wins (all ports set to 32). You can set the priority from 0 63. If all ports have the same priority, the port with the lowest port number forwards frames. 51 Port Cost/Port ID Fa 0/3 has a lower Port ID than Fa 04. More later (Fast EtherChannel) Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge

Step 3 - Lowest Sender BID Step 4 - Lowest Port Priority Step 5 - Lowest Port ID RP 19 NDP 19 DP DP 52 STP Convergence: Summary Recall that switches go through three steps for their initial convergence: STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports Also, all STP decisions are based on a the following predetermined sequence: Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 Lowest Port Priority

Step 5 - Lowest Port ID 53 STP Port States MAC Address Table Updating Disabled Blocking Listening Learning Forwarding BPDUs Data Port State BPDU MAC-Add Table Data frames Duration Disabled

None sent/received No update None sent/received Until no shutdown Administratively shutdown; Not an STP port state Blocking Receive only No update None sent/received Continuous if loop detected None sent/received Forward delay 15 sec Port initializes; receives BPDUs only Listening

Receive and send No update Building active topology. Thinks port can be selected root or designated port. Returns to blocking (NDP) if cannot become root or designated port. Learning Receive and send Updating Table None sent/received Forward delay 15 sec Building bridging table. Switch can now learn source MAC Addresses but is not formally receiving frames in order to forward them. Forwarding Receive and send Updating Table Sent and received Continuous if up and no loop detected Sending/Receiving data, no loops detected. Port is either a root or designated port.

54 STP and RSTP 802.1D 802.1w vs Up to this point no distinction has been made between the classical (802.1D) and Rapid (802.1w) versions of the Spanning Tree Protocol. Similarities: Both versions execute the same algorithm when it comes to the decision making process. Differences: Classical 802.1D can take up to 50 seconds to transition a port to forwarding, whereas Rapid Spanning Tree can leverage additional mechanisms to transition a port in Blocking state to the Forwarding state in less than a second. 55 RSTP (Reminder) Root Bridge: Same election process as 802.1D (lowest BID) Ports Root Port (802.1D Root Port) The one switch port on each switch that has the best root path cost to the root. Designated Port (802.1D Designated Port) The switch port on a network segment that has the best root path cost to the root.

Alternate Port (802.1D Blocking Port) A port with an alternate path the root. An alternate port receives more useful BPDUs from another switch and is a port blocked. Similar to how Cisco UplinkFast works. Backup Port (802.1D Blocking Port) A port that provides a redundant (but less desirable) connection to a segment where another switch port already connects. A backup port receives more useful BPDUs from the same switch it is on and is a port blocked. Rick Graziani [email protected] RSTP Port States (Reminder) Operational Port State STP Port State RSTP Port State Disabled Disabled Discarding

Enabled Blocking Discarding Enabled Listening Discarding Enabled Learning Learning Enabled Forwarding Forwarding RSTP defines port states based on what it does with incoming data frames. Discarding Incoming frames are dropped No MAC Addresses learned

Combination of 802.1D (Disabled), Blocking and Listening Learning Incoming frames are dropped MAC Addresses learned Forwarding Incoming frames are forward. 57 RSTP BPDUs (Reminder) STP Port State STP BPDUs RSTP Port State RSTP BPDUs Disabled Not Sent/Received Discarding Not Sent/Received Blocking Receive only

Discarding Sent/Received Listening Sent/Received Discarding Sent/Received Learning Sent/Received Learning Sent/Received Forwarding Sent/Received Forwarding Sent/Received

RSTP uses same 802.1D BPDU format for backward compatibility. 802.1D and 802.1w switches can coexist. BPDUs sent out every switch port at Hello Time intervals regardless if BPDUs are sent on the port. When three BPDUs in a row (6 seconds) are missed: the neighbor switch is presumed down All MAC address information pointing to that switch (out that port) is immediately aged out (flushed) Switch can detect a neighbor down in 6 seconds instead of MaxAge of 20 seconds. 58 Analyzing the STP Topology Know where the root bridge is. This may need to be changed if the network grows The selection of the Root bridge may never have been determined Typically near the central point of your network, near severs, core or distribution points. Remember, different VLANs can have different Root bridges (PVST+) to maximize the use of redundant links. The original STP timers (forward delay, max age) are based on the assumption that the network diameter is up to seven switches long.

59 Show spanning tree detail Distribution1# show spanning-tree detail Port 26 (GigabitEthernet0/2) of VLAN0030 is designated blocking Port path cost 4, Port priority 128, Port Identifier 128.26 Designated root has priority 128, address 000C.CF0B.1503 Designated bridge has priority 32798, address 0003.E461.46EC Designated port id is 128.26, designated path cost 4 Timers: message age 16, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Port Cost/Port ID Distribution1# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.7c0b.e7c0 Cost 19 Port 3 (FastEthernet0/3)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.fd13.9080 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Port ID Designated Name Prio.Nbr Cost Sts Cost Bridge ID ---------------- -------- --------- --- --------- -------------------Fa0/1 128.1 19 BLK 19 32769 000b.befa.eec0 Fa0/2 128.2 19 BLK 19 32769 000b.befa.eec0 Fa0/3 128.3 19 FWD 0 32769 0009.7c0b.e7c0

Fa0/4 128.4 19 BLK 0 32769 0009.7c0b.e7c0 Fa0/5 128.5 19 FWD 19 32769 000b.fd13.9080 Gi0/1 128.25 4 FWD 19 32769 000b.fd13.9080 Port ID Prio.Nbr -------128.1 128.2 128.1 128.2 128.5 128.25 61 Return here. Spanning Tree Failures Biggest problem is NOT with STP. Main concern is when a problem related to STP exists.

Two different types of failures. STP erroneously blocks certain ports that should have gone to the forwarding state. Cause problems that are similar to the OSPF problem: you might lose connectivity to certain parts of your network, but the rest of the network is unaffected. STP erroneously moves one or more ports to the Forwarding state (more disruptive) An Ethernet frame header does not include a Time To Live (TTL) field, forwarded by the switches indefinitely. Traffic will increase exponentially Load on links and high CPU utilization Frequent MAC address table changes Routers become unreachable 62 Spanning Tree Failures Troubleshooting STP Remove all redundancy Find the root cause of the problem. STP disabled on a switch Cabling problem (unidirectional link) 63 Troubleshooting Etherchannel

64 Spanning Tree and EtherChannel Etherchannel Bundle Spanning Tree only allows a single link between switches to prevent bridging loops. Ciscos EtherChannel technology allows for the scaling of link bandwidth by aggregating or bundling parallel links. Treated as a single, logical link. Access or Trunk link Allows you to expand the links capacity without having to purchase new hardware (modules, devices). 65 DLS1(config)# interface range fa 0/11 - 12 DLS1(config-if-range)# switchport trunk encapsulation dot1q DLS1(config-if-range)# switchport mode trunk DLS1(config-if-range)# switchport trunk native vlan 2 DLS1(config-if-range)# switchport trunk allowed vlan 1, 10-99 DLS1(config-if-range)# channel-protocol pagp DLS1(config-if-range)# channel-group 1 mode desirable There are three common EtherChannel problems Inconsistencies between the physical ports that are members of the channel

The physical links in an EtherChannel must have the same operational characteristics. Same: speed duplex trunk or access port status native VLAN when trunking same access VLAN when they are access ports Recommended that the configuration of all physical links in the channel be identical. Otherwise this port will be suspended and removed from the EtherChannel 66 bundle until consistency is restored: %EC-5-CANNOT_BUNDLE2 log message DLS1(config)# interface range fa 0/11 - 12 DLS1(config-if-range)# switchport trunk encapsulation dot1q DLS1(config-if-range)# switchport mode trunk DLS1(config-if-range)# switchport trunk native vlan 2 DLS1(config-if-range)# switchport trunk allowed vlan 1, 10-99 DLS1(config-if-range)# channel-protocol pagp DLS1(config-if-range)# channel-group 1 mode desirable Inconsistencies between the ports on the opposite sides of the EtherChannel link If the switch is configured to bundle these links into an EtherChannel and the switch on the other side is not Use EtherChannel negotiation protocol (802.3ad Link Aggregation Control Protocol (LACP) or the Port Aggregation Protocol (PAgP))

Both sides must first agree to form the channel 67 Forming EtherChannels EtherChannel on on PAgP Negotiated EtherChannel desirable desirable auto LACP Negotiated EtherChannel active active passive 68 Configuring PAgP DLS1(config)# port-channel load-balance dst-ip DLS1(config)# interface range fa 0/11 - 12

DLS1(config-if-range)# switchport trunk encapsulation dot1q DLS1(config-if-range)# switchport mode trunk DLS1(config-if-range)# channel-protocol pagp DLS1(config-if-range)# channel-group 1 mode desirable DLS2(config)# port-channel load-balance src-dst-ip DLS2(config)# interface range fa 0/11 - 12 DLS2(config-if-range)# switchport trunk encapsulation dot1q DLS2(config-if-range)# channel-protocol pagp DLS2(config-if-range)# channel-group 1 mode auto Notice: Load balancing does not have to match but usually it does. DTP on DLS2 is dyanmic auto (result is trunk with DLS1) PAgP configured on both ends 69 Verifying DLS1# show etherchannel protocol Group: 1 ---------Protocol: PAgP DLS1# show etherchannel load-balance EtherChannel Load-Balancing Operational State (dst-ip): Non-IP: Destination MAC address IPv4: Destination IP address IPv6: Destination IP address DLS1#

DLS1(config)# port-channel load-balance dst-ip DLS1(config)# interface range fa 0/11 - 12 DLS1(config-if-range)# channel-protocol pagp DLS1(config-if-range)# channel-group 1 mode desirable 70 DLS1# show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+------------------------------1 Po1(SU) PAgP Fa0/11(P)

Fa0/12(P) DLS1# DLS1(config)# port-channel load-balance dst-ip DLS1(config)# interface range fa 0/11 - 12 DLS1(config-if-range)# channel-protocol pagp DLS1(config-if-range)# channel-group 1 mode desirable 71 DLS1# show etherchannel port Group: 1 ---------Port: Fa0/11 -----------Port state Channel group Port-channel Port index = = = = DLS1(config)# port-channel load-balance dst-ip DLS1(config)# interface range fa 0/11 - 12 DLS1(config-if-range)# channel-protocol pagp DLS1(config-if-range)# channel-group 1 mode desirable

Up Mstr In-Bndl 1 Mode = Desirable-Sl Po1 GC = 0x00010001 0 Load = 0x00 Flags: S - Device is sending Slow hello. Timers: H - Hello timer is running. Flags State SC C - Device is in Consistent state. Q - Quit timer is running. Can help determine if the load balancing is being distributed equally across links Hello Partner

PAgP theLearning Group Local information: Port Fa0/11 Gcchange = 0 Pseudo port-channel = Po1 Protocol = PAgP Timers Interval Count Priority Method Ifindex Partner's information: Port Fa0/11 Partner Name

DLS2 Partner Device ID 001b.8fc8.0080 Partner Port Age Partner Group Flags Cap. Age of the port in the current state: 00d:00h:35m:29s Port: Fa0/12 -----------... 72 Verifying (only showing DLS1) DLS1#show run ! port-channel load-balance dst-ip ! interface Port-channel1 switchport trunk encapsulation dot1q

switchport mode trunk ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk lacp port-priority 99 channel-group 1 mode active ! interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk lacp port-priority 99 channel-group 1 mode active ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active We will discuss the significance of the Port-channel interface with MLS.

73 Uneven distribution of traffic between EtherChannel bundle members EtherChannel traffic is not equally balanced across all physical links in the bundle. Hash of a combination of fields in the Ethernet and IP headers of a frame Distribution of traffic depends on two things: The distribution of hash values over the physical links The header fields that are used as a key into the hash calculation. 74 The distribution of hash values over the physical links The Cisco EtherChannel hash algorithm results in a value between 0 and 7. Assuming a random mix of traffic Using an eight port EtherChannel: Distribution of traffic will be equally balanced across all eight links. Using a six port EtherChannel: Distribution of traffic will be 2:2:1:1:1:1 instead The first two links in the channel will each handle twice as much traffic as the other links. 75 Switch(config)# port-channel load-balance ? dst-ip Dst IP Addr bits dst-mac

Dst Mac Addr bits src-dst-ip Src XOR Dst IP Addr XOR src-dst-mac Src XOR Dst Mac Addr XOR src-ip Src IP Addr bits src-mac Src Mac Addr bits Default 29xx 36xx Default non-IP traffic The header fields that are used as a key into the hash calculation. The choice of header fields to be hashed does affect the distribution. Example: Only the destination MAC address is used If 90% of all frames are destined for a single MAC address (for instance, the MAC address of the default gateway) All of that traffic would end up on the same physical link. If you see an uneven distribution of traffic over the links in the channel, you should examine the hashing method and the traffic mix to determine the cause. 76

Troubleshooting Switched Virtual Interfaces and InterVLAN Routing 77 Multilayer Switch Interfaces Layer 2: Access or Trunk Ports Logical Interface (SVI) Physical Interface Performs both Layer 2 switching and interVLAN routing. Layer 2 Interface: Access or Trunk ports Layer 3 Interface Has an IP address assigned to it. The Default Gateway for any hosts connected to that interface or VLAN. Physical interface Same as a router Aka Routed Port Example: interface gigabit 0/1 Logical Interface Represents an entire VLAN Switched Virtual Interface (SVI) Example: interface vlan 10 78

Multilayer Switch Interfaces Layer 2: Access or Trunk Ports Logical Interface (SVI L3) Physical Interface (L3) DLS1# show interface gig 0/2 switchport Name: Gig0/2 Switchport: Enabled Layer 2 or Layer 3 Interface? Default on most Catalyst switches: Layer 2 Default on Catalyst 6500: Layer 3 Verify mode: Switch# show interface type mod/num switchport Switchport: Think Layer 2 Enabled: Layer 2 Disabled: Layer 3 79 Multilayer Switch Interfaces DLS1# show interface gig 0/2 switchport Name: Gig0/2

Switchport: Disabled Layer 3 DLS1# config t DLS1(config)# interface gig 0/2 DLS1(config-if)# switchport Converts interface to Layer 2 DLS1(config-if)# end DLS1# show interface gig 0/2 switchport Name: Gig0/2 Switchport: Enabled Layer 2 If in Layer 3 mode switchport interface command puts the port into Layer 2 mode. 80 Layer 3 Port Configuration Physical Interfaces DLS1(config)# interface gig 0/1 DLS1(config-if)# no switchport DLS1(config-if)# ip address 192.168.1.1 255.255.255.252 DLS2(config)# interface gig 0/1 DLS2(config-if)# no switchport DLS2(config-if)# ip address 192.168.1.2 255.255.255.252

The port no longer belongs to any VLAN Physical switch ports can operate as Layer 3 interfaces using the interface command: Switch(config)# interface type mod/num Switch(config-if)# no switchport Switch(config-if)# ip address ip-address mask 81 SVI Interfaces - Logical Interfaces Switch(config)# vlan vlan-number Switch(config-vlan)# name vlan-name SwitchA(config)# interface vlan vlan-number SwitchA(config-if)# ip address ip-address mask SwitchA(config-if)# no shutdown Layer 3 functionality can also be enabled for an entire VLAN. The IP address is assigned to the logical interface the VLAN. This is needed when routing is required between VLANs. SVI (Switched Virtual Interface)

No physical connection VLANs must be created before the SVI can be used. The IP address associated of the VLAN interface is the default gateway of 82 the workstation. An SVI is not a physical interface so it generally doesnt fail Its status is directly dependent on the status of the VLAN with which it is associated. The SVI stays up as long as there is at least one port associated to the corresponding VLAN. Access port or trunk port (in allowed list) That port has to be up and in the Spanning Tree forwarding state. When the SVI is down the corresponding connected subnet will be removed from the routing table 83 Creating VLANs DLS1: Create and name the user VLANs: 10, 11, 20 and 21. DLS1: Create and name a Management VLAN (used to telnet into switches) DLS1: Create and name a NATIVE VLAN other than VLAN 1 (default) DLS1: Create and name a Garbage VLAN (assigned to all unused ports.) All ports that are not used (trunks and

access) will be assigned as an access port to this VLAN. DLS1 vlan 2 name NATIVE vlan 10 name Engineering vlan 11 name IT vlan 20 name Sales vlan 21 name Administration vlan 99 name ManagementVLAN vlan 222 name GarbageVLAN 84 Management VLAN For each device in the network we configured it to be a member of the management VLAN. On each switch Switch(config)# inter vlan 99 Switch(config-if)# description Management VLAN

Switch(config-if)# ip address 172.16.99.x 255.255.255.0 Switch(config-if)# no shutdown 85 Default Gateway Configure DLS1 to be the default gateway for VLANs 10 and 11. All hosts on these VLANs will use these addresses as their default gateway addresses. DLS1(config)# inter vlan 10 DLS1(config-if)# description Engineering VLAN DLS1(config-if)# ip address 172.16.10.1 255.255.255.0 DLS1(config-if)# no shutdown DLS1(config)# inter vlan 11 DLS1(config-if)# description IT VLAN DLS1(config-if)# ip address 172.16.11.1 255.255.255.0 DLS1(config-if)# no shutdown 86 Default Gateway Configure DLS2 to be the default gateway for VLANs 20 and 21. All hosts on these VLANs will use these addresses as their

default gateway addresses. DLS2(config)# inter vlan 20 DLS2(config-if)# description Sales VLAN DLS2(config-if)# ip address 172.16.20.1 255.255.255.0 DLS2(config-if)# no shut DLS2(config)# inter vlan 21 DLS2(config-if)# description Administration VLAN DLS2(config-if)# ip address 172.16.21.1 255.255.255.0 DLS2(config-if)# no shut 87 Verifying Verify IP addresses DLS1#show ip inter brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 192.168.4.6 YES manual up

up GigabitEthernet0/1 192.168.1.1 YES manual up up Vlan10 172.16.10.1 YES manual up up Vlan11 172.16.11.1 YES manual up up Port-channel 1 DLS1#

unassigned YES manual up up 88 Differences between Routers and Multilayer Switches Media and Interfaces Routers connect heterogeneous networks and support a wide variety of media and interfaces. Multilayer switches typically connect homogenous networks. LAN switches are mostly Ethernet only. Multilayer switches utilize specialized hardware (ASICs) to achieve wirespeed Ethernet-to-Ethernet packet switching. Routers usually support a wider range of features, mainly because switches need specialized hardware to be able to support certain data plane features or protocols. 89 CEF Routers and Multilayer Switches use Cisco Express Forwarding (CEF) as the main packet switching mechanism. Forwarding Information Base (FIB) and adjacency table are both stored in the routers main memory and are consulted by the router to forward packets using the CEF switching method. The router builds the CEF data structures by combining information from a

number of control plane data structures like the routing table and Address Resolution Protocol (ARP) cache. 90 The information in the CEF data structures should accurately reflect the information in the control plane data structures. When troubleshooting IP routing under normal circumstances: Check the control plane data structures If the control plane information is correct, but packets are not being forwarded as expected: Check the CEF data structures and verify that they are in line with the control plane information. 91 DLS1#show ip cef Prefix 0.0.0.0/0 0.0.0.0/32 1.1.1.0/24 172.16.10.0/24 172.16.10.0/32 172.16.10.1/32 172.16.10.255/32 172.16.11.0/24 172.16.11.0/32 172.16.11.1/32 172.16.11.255/32 172.16.20.0/24

172.16.21.0/24 172.16.99.0/24 172.16.99.0/32 172.16.99.1/32 172.16.99.255/32 192.168.1.0/30 192.168.1.0/32 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32 192.168.1.4/30 192.168.1.4/32 192.168.1.5/32 192.168.1.6/32 192.168.1.7/32 192.168.1.8/30 224.0.0.0/4 224.0.0.0/24 255.255.255.255/32 DLS1# Next Hop no route receive 192.168.1.5 attached receive receive

receive attached receive receive receive 192.168.1.2 192.168.1.2 attached receive receive receive attached receive receive 192.168.1.2 receive attached receive 192.168.1.5 receive receive 192.168.1.2 drop receive receive Interface FastEthernet0/1

Vlan10 Vlan10 Vlan10 Vlan10 Vlan11 Vlan11 Vlan11 Vlan11 GigabitEthernet0/1 GigabitEthernet0/1 Vlan99 Vlan99 Vlan99 Vlan99 GigabitEthernet0/1 GigabitEthernet0/1 GigabitEthernet0/1 GigabitEthernet0/1 GigabitEthernet0/1 FastEthernet0/1 FastEthernet0/1 FastEthernet0/1 FastEthernet0/1 FastEthernet0/1 GigabitEthernet0/1 show ip cef: This command displays the content of the CEF FIB.

The FIB reflects the content of the routing table with all the recursive lookups already resolved already, and the output interface determined for each destination prefix. The FIB also holds additional entries for: directly connected hosts the routers own IP addresses multicast and broadcast addresses 92 DLS1# show adjacency detail Protocol Interface IP Vlan99 IP GigabitEthernet0/1 IP FastEthernet0/1 Address 172.16.99.2 0 packets, 0 bytes epoch 0 sourced in sev-epoch 3

Encap length 14 0000603E24584400055E6D393C0800 ARP 192.168.1.2 0 packets, 0 bytes epoch 0 sourced in sev-epoch 3 Encap length 14 0000902B293019000C85B044190800 ARP 192.168.1.5 0 packets, 0 bytes epoch 0 sourced in sev-epoch 3 Encap length 14 0000024A0A4301000C85B044010800 ARP show adjacency: DLS1# This command displays the content of the CEF adjacency table. This table contains the Layer 2 frame information, such as the destination MAC address. 93 Troubleshooting First-Hop Redundancy Protocols (FHRP)

94 FHRPs such as HSRP, VRRP, and GLBP all serve the same purpose. These protocols provide services which are entirely transparent to the hosts: Redundant default gateway on a subnet Failover Load balancing They do it by: Electing a single router that controls the virtual IP address Tracking availability of the active router Determining if control of the virtual IP address should be handed over to another router 95 Hello Hello Every 3 seconds (default) both the active and the standby router send hello packets. If hellos are not received for 10 seconds (the default hold time), the standby takes on the active role. This means that for a period of 10 seconds hosts will lose connectivity due to lack of an active router to forward packets. If the failure is caused by administrative actions such as a shutdown of an interface the active HSRP router sends a resign message Standby router to assume the active role immediately.

The10-second hold time does not come into play. 96 priority value (100 by default) - The router with the higher priority is elected as the active HSRP router Tie is broken using the IP address of the contenders. preempt option Router will take over the active role immediately. Sends out a coup message, telling the current active router that it will take over the active role due to its higher priority. 97 Verifying FHRP 98 Useful to know the virtual MAC address used for the standby group Verifies the correct operation of ARP and the Layer 2 connectivity between the end host and the active HSRP router. HSRP is usually not at the root of the problem Usually the underlying switched network. Example: A broadcast storm and you notice very frequent HSRP state changes on the Layer 3 switches that are connected to the affected VLANs. 99 Look at configs to spot the problem

100 debug standby terse R1 comes up on the segment Has a higher priority than the current active router preempt option so it sends out a coup message to take over the active role. R2 loses its active role, causing it to step back to the role of a non-active, non-standby HSRP router. There is no standby router on the segment, R2 moves to the speak state to announce its eligibility for the standby role. R2 does not see another (better) candidate for the role of standby router for 10 seconds and, thus, promotes itself to the standby role. 101 Alternatives to HSRP Like HSRP, VRRP is a default gateway redundancy method. RFC 2338 Similar in functionality to HSRP The virtual router, representing a group of routers, is known as a VRRP group. 102 Ciscos GLBP (Gateway Load Balancing Protocol) allows automatic selection and simultaneous use of multiple available gateways without configuring multiple groups and managing multiple default gateway configurations.

103 For VRRP and GLBP troubleshooting commands, you have to simply replace the keyword standby with vrrp or glbp. 104 Understanding and Troubleshooting Common VTP Issues (EXTRA) Both switches are VTP Servers and in the same Domain, but different VLAN information. Lets see what happens when trunking is enabled between the switches VTP Domain = West VTP Mode = Server Config Rev = 34 VLANs = 1, 10, 11, 12 , 30 We both have the same Config Rev number so no changes VTP Domain = West VTP Mode = Server Config Rev = 34 VLANs = 1, 20, 21, 22

10, 11, 12, 30 We both have the same Config Rev number so no changes When two switches with same Domain Name and same Configuration Revision Numbers exchange VTP information: No change If Switch A adds a new VLAN, VLAN 30, Config Rev is increased by 1. Switch A will send VTP information to Switch B who will synchronize its 106 VLAN information with Switch A, losing current local VLANs Example: Using DLS1 (Switch A) and DLS2 (Switch B) DLS1(config)# inter range fa 0/1 - 24 DLS1(config-if-range)# switchport mode dynamic auto DLS2(config)# inter range fa 0/1 - 24 DLS2(config-if-range)# switchport mode dynamic auto DLS1# show inter trunk DLS1# Note: Because Pod2 2690s and 3560s are incorrectly defaulting to dynamic desirable they will trunk by default, which we do not want in this example. This was also done on ALS1 and ALS2 to prevent any trunking. 107

When DLS1 gets a higher Config Rev Number DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/9, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Default VLANs 108 When DLS1 gets a higher Config Rev Number

DLS1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found) DLS1# Default VTP information: Configuration Revision Number = 0 Increased by 1 whenever VLAN is added or deleted VTP Mode = Server

VTP Domain Name = (null) 109 When DLS1 gets a higher Config Rev Number DLS2# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Gi0/1, Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active DLS2# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs

VTP Operating Mode VTP Domain Name Same on DLS2. : : : : : : 2 0 1005 5 Server 110 When DLS1 gets a higher Config Rev Number DLS1(config)# vtp domain West DLS1(config)# vlan 10 DLS1(config-vlan)# name WestSales DLS1(config-vlan)# vlan 11 DLS1(config-vlan)# name WestEng DLS1(config-vlan)# vlan 12

DLS1(config-vlan)# name WestAdmin DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 3 1005 8 Server West Add VTP Domain Name and configure VLANs Configuration Revision changed to 3 (one for each VLAN) Remember, no trunking (yet) 111

When DLS1 gets a higher Config Rev Number DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active Verified. 112 When DLS1 gets a higher Config Rev Number DLS2(config)# vtp domain West

DLS2(config)# vlan 20 DLS2(config-vlan)# name WestAcct DLS2(config-vlan)# vlan 21 DLS2(config-vlan)# WestMngt DLS2(config-vlan)# name WestMngt DLS2(config-vlan)# vlan 22 DLS2(config-vlan)# name WestManuf DLS2# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 3 1005 8 Server

West Now on DLS2: Add VTP Domain Name and configure different VLANs Configuration Revision changed to 3 Still no trunking 113 When DLS1 gets a higher Config Rev Number DLS2# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Gi0/1, Gi0/2 20 WestAcct active 21 WestMngt active 22 WestManuf active

Verified. 114 When DLS1 gets a higher Config Rev Number DLS1(config)# inter range fa 0/11 - 12 DLS1(config-if-range)# switchport trunk encap dot1q DLS1(config-if-range)# switchport mode trunk DLS1# show inter trunk Port Fa0/11 Fa0/12 Mode on on Encapsulation 802.1q 802.1q Status trunking trunking

Native vlan 1 1 Trunking configured between DLS1 and DLS2. VTP messages can now be sent but no changes because Configuration Revision numbers are the same. 115 When DLS1 gets a higher Config Rev Number DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2

3 1005 8 Server West DLS2# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 3 1005 8 Server West

Configuration Revision still 3 Number of existing VLANs (known by each switch) still 8 116 When DLS1 gets a higher Config Rev Number DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active DLS2# show vlan VLAN Name

Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 20 WestAcct active 21 WestMngt active 22 WestManuf active Verify that there are no DLS2 VLANs on DLS1. Verify that there are no DLS1 VLANs on DLS2. 117 When DLS1 gets a higher Config Rev Number DLS1(config)# vlan 30 DLS1(config-vlan)# name Guest DLS1# show vtp status VTP Version

Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 4 1005 9 Server West VLAN 30 added on DLS1. Configuration Revision increased by 1 to 4. DLS1 now has the higher Configuration Revision number between the two servers (the highest in the Domain). 118

When DLS1 gets a higher Config Rev Number DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active 30 Guest active Verified. 119

When DLS1 gets a higher Config Rev Number DLS2# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 4 1005 9 Server West DLS2 receives VTP update from DLS1 with higher Configuration Revision Number.

DLS2 synchronizes its VLAN database with DLS1s information including Configuration Revision Number and VLAN information. 120 When DLS1 gets a higher Config Rev Number DLS2# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 20 WestAcct active 21 WestMngt active Previous VLANS 22 WestManuf active DLS2# show vlan VLAN Name

Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 WestSales active 11 WestEng active Current VLANS 12 WestAdmin active 30 Guest active syncd with DLS1 DLS2 lost previous VLANs 20, 21, and 22. DLS2s VLAN database overwritten with DLS1s information. Good news: Both Servers both in sync (identical) so any changes will mean the VLAN information is the same on both.

121 When DLS1 gets a higher Config Rev Number DLS2(config)# vlan DLS2(config-vlan)# DLS2(config-vlan)# DLS2(config-vlan)# DLS2(config-vlan)# DLS2(config-vlan)# 20 name vlan name vlan name WestAcct 21 WestMngt 22 WestManuf DLS2# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs

VTP Operating Mode VTP Domain Name : : : : : : 2 7 1005 12 Server West To correct this we need to add the VLANs back to DLS2. DLS2 will send VTP update to DLS1 so VLAN information will be the same. 122 When DLS1 gets a higher Config Rev Number DLS2# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1

default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active 20 WestAcct active 21 WestMngt active 22 WestManuf active 30 Guest active Verified.

123 When DLS1 gets a higher Config Rev Number DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 7 1005 12 Server West DLS1 receives VTP update

and updates VLAN information including Configuration Revision number. Domain is still in sync. DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active 20 WestAcct active

21 WestMngt active 22 WestManuf active 30 Guest active 124 What happens when Client/Server enters with higher Configuration Revision number? VTP Domain = West VTP Mode = Server Config Rev = 10 13 VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VTP Domain = West VTP Mode = Client (or Server) Config Rev = 13 VLANs = 1, 20, 21, 22, 30

Both switches are in the same domain. Switch C can be Client OR Server Switch C has Higher Configuration Revision number Even if Switch C is a Client when enters VTP domain it will overwrite DLS1s VLAN information because it has higher Configuration Revision number. 125 Client/Server enters with Higher Revision DLS1(config)# inter fa 0/1 DLS1(config-if)# switchport mode access DLS1(config-if)# switchport access vlan 10 DLS1(config-if)# exit DLS1(config)# inter fa 0/2 DLS1(config-if)# switchport mode access DLS1(config-if)# switchport access vlan 11 DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Gi0/1, Gi0/2

10 WestSales active Fa0/1 11 WestEng active Fa0/2 12 WestAdmin active 20 WestAcct active 21 WestMngt active 22 WestManuf active 30 Guest active Assign VLANs to interfaces. (no specific reason) 126

Client/Server enters with Higher Revision DLS1(config)# inter range fa 0/11 -12 DLS1(config-if-range)# shutdown Shutdown interface so we can modify DLS2 (Switch B) We will adding the trunk back to simulate a switch being entered into the network. 127 Client/Server enters with Higher Revision DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name DLS2#show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name

: : : : : : 2 10 1005 12 Server West : : : : : : 2 10 1005 12 Server West

Right now both switches have same Configuration Revision number, lets change that. Note: Configuration Revision numbers not necessarily the same as previous example due to this was done in a different session. 128 Client/Server enters with Higher Revision DLS2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active 20

WestAcct active 21 WestMngt active 22 WestManuf active 30 Guest active We are going to remove these three VLANs on DLS2 so it has different VLANs and a higher Configuration Revision Number. Remember, DLS1 has same VLAN information and also has: Fa0/1 in VLAN 10 Fa0/2 in VLAN 11 129 Client/Server enters with Higher Revision DLS2(config)# no vlan 10 DLS2(config)# no vlan 11 DLS2(config)# no vlan 12 DLS2(config)# vtp mode client Setting device to VTP CLIENT mode. DLS2# show vtp status VTP Version Configuration Revision

Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 13 1005 9 Client West Three VLANs deleted. Change VTP mode to Client Configuration Revision updated from 10 to 13 130 Client/Server enters with Higher Revision

DLS2# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Gi0/1, Gi0/2 20 WestAcct active 21 WestMngt active 22 WestManuf active 30 Guest active Verify VLANs 10, 11, and 12 were deleted. 131 Client/Server enters with Higher Revision

DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 10 1005 12 Server West DLS1 has a lower Configuration Revision number 10. DLS2s Configuration Revision number is 13. 132

DLS1(config)# inter range fa 0/11 -12 DLS1(config-if-range)# no shutdown DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 13 1005 9 Server West DLS2# show vtp status VTP Version

Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 13 1005 9 Client West DLS2 (Switch B) is brought online (no shutdown on DLS1). DLS2 (Client) has higher Configuration Revision number 13. DLS1 (Switch A)

with lower revision number (10) updates its VLAN information to be in sync with DLS2 including its Configuration Revision number to 13. 133 VTP Revision Number DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Gi0/1, Gi0/2 10 WestSales active Fa0/1 11 WestEng active

Fa0/2 12 WestAdmin active 20 WestAcct active Previous VLANS 21 WestMngt active 22 WestManuf active 30 Guest active DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Gi0/1, Gi0/2 20

WestAcct active 21 WestMngt active Current VLANS 22 WestManuf active syncd with DLS2 30 Guest active Missing VLANs 10, 11, and 12. 134 Fix it DLS1(config)# vlan DLS1(config-vlan)# DLS1(config-vlan)# DLS1(config-vlan)# DLS1(config-vlan)# DLS1(config-vlan)# 10 name

vlan name vlan name WestSales 11 WestEng 12 WestAdmin DLS1# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Gi0/1, Gi0/2 10 WestSales active Fa0/1 11 WestEng active

Fa0/2 12 WestAdmin active 20 WestAcct active 21 WestMngt active 22 WestManuf active 30 Guest active To fix it must reconfigure VLANs on DLS1. Interfaces Fa0/1 and Fa0/2 brought from inactive to active 135 DLS2# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default

active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 WestSales active 11 WestEng active 12 WestAdmin active 20 WestAcct active 21 WestMngt active 22 WestManuf active 30 Guest active DLS2(config)# no vlan 10 VTP VLAN configuration not allowed when device is in CLIENT mode. DLS2(config)#

DLS2 gets VLANS 10, 11, 12 in VTP update from DLS1. DLS2 is a Client and can no longer delete (or add) VLANs. 136 VTP Domain = West VTP Mode = Server Config Rev = 16 VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VTP Domain = West VTP Mode = Client (or Server) Config Rev = 16 VLANs = 1, 10, 11, 12, 20, 21, 22, 30 DLS1# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : :

: : 2 16 1005 12 Server West DLS2# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name : : : : : : 2 16 1005

12 Client West Still in sync! 137 How to make sure switch has Lower Config Rev: VTP Mode VTP Domain = West VTP Mode = Server Config Rev = 10 VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VTP Domain = West VTP Mode = Client Transparent Client Config Rev = 16 010 VLANs = 11, 10, 11, 12, 20, 21, 22, 30 Not all VTP Messages shown Setting a switch to Transparent mode reset the configuration to 0. Then set it back to Client or Server. DLS2(config)# vtp mode client

Set the server Set the transparent Set the DLS2(config)# ? device to client mode. device to server mode. device to transparent mode. 138 How to make sure switch has Lower Config Rev: VTP Domain VTP Domain = West VTP Mode = Server Config Rev = 16 VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VTP Domain = West West East VTP Mode = Client Config Rev = 16 016 VLANs = 11, 10, 11, 12, 20, 21, 22, 30 Not all VTP Messages shown

Changing the Domain Name on a switch will reset the configuration to 0. Then set it back to the correct Domain Name. DLS2(config)# vtp domain West Changing VTP domain name from East to West 139

Recently Viewed Presentations

  • Creating Safe Sanctuaries Reducing the Risk of Abuse

    Creating Safe Sanctuaries Reducing the Risk of Abuse

    Children - Birth through age 12. Youth - Age 13 to 18. Trustees and other Church Leadership. Vulnerable Adult . May be a person age 18 or older who is mentally, physically or psychologically challenged and is unable to make...
  • Hot Topics: Advanced A&A Issues Bruce Nunnally May, 2013

    Hot Topics: Advanced A&A Issues Bruce Nunnally May, 2013

    Scope includes OPEB plans administered through trusts as well as OPEB assets accumulated but not administered through trusts if trusts meet certain criteria. ... Accounting and Financial Reporting for Certain Investments and for External Investment Pools, as amended.
  • New product development in today's scholarly publishing ...

    New product development in today's scholarly publishing ...

    Product life cycle. Introduction. Growth. Maturity. Decline. ProductExtension. Sales. Time. Embracing the product life cycle where you realize that you need to have new products to replace old (or certainly need to reinvigorate old to make them new) is a...
  • Ch. 3: Matter and Energy

    Ch. 3: Matter and Energy

    II. Matter. Matter is anything that occupies space and has mass. Some matter is easy to see (water, wood), others are difficult (air, dust). The most basic building block of matter is the atom.
  • Combinatorial Chemistry in Durham - InnovaSyn

    Combinatorial Chemistry in Durham - InnovaSyn

    Speed Of course there are all the speed things like "speed to clinic", "speed to market", fail fast But the need for speed really came from the greatly enhanced speed of screening compounds Economics Economics is driving the speed craze...
  • Youth Violence - Columbia University

    Youth Violence - Columbia University

    Youth Violence Violence: What do we mean? violent crime (homicide, etc.) suicide fighting bullying sexual harassment child/adolescent abuse date/relationship violence gang-related violence Status Offenses truancy from school underage drinking buying cigarettes running away Violent Crime Index Offenses murder rape aggravated...
  • State Board Practical Exam  The entire exam will

    State Board Practical Exam The entire exam will

    Curl Demo and Roller Placement. Complete 1 on-base roller in top center area, 1 no-stem flat pincurl on right side of head and a three-ridge fingerwave (4x2) behind roller. Time:15 minutes. 1 point each. Procedure Criteria: Sanitizes own hands using...
  • The Official Food Pyramid I wish that I

    The Official Food Pyramid I wish that I

    The Official Food Pyramid The Official Food Pyramid This diet presentation created by DietBites.com The Official Food Pyramid "Holy cheese grits! Who are you?" "Your Diet Genie, Fred. I'm here to tell you about the Food Pyramid which contains the...