Main

FrontPage 2.5 (minor-edit)

Aaron Paxson — Sun, 15 Apr 2012 16:15:27 GMT

= My Study Notes = Welcome to my study area! A place where I can read, memorize, and review my current studies for different certifications. Keep in mind, that these are my notes, and //not// an exhaustive Study Guide. If that's what you want, buy a book. :) My method of study is to: # Read material # Write down notes of material # Re-write notes in Wiki By reading the material, I can put things into context. By taking the time to write hand-written notes, I help burn it into short-term memory. At the end of the chapter/subject, I put them up on this Wiki for review later and to burn into long-term memory. I know it seems like alot of effort, but it works for me. The more effort you put into a small amount of study, the easier it is to retain, and the greater the payoff. At least, for me, it is. Your mileage may vary. I have been out of the "academic" world for the last 10 years, concentrating on experience and the job. Now, it's time to invest in myself again. Some notes are thorough and explainative, while others are just review. This is not a step-by-step guide to get CCIE or JNCIE or MASE, or , just my notes on various subjects. == Related Resources == * [[http://www.myteneo.net/articles?p_p_id=2_WAR_knowledgebaseportlet&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_pos=1&p_p_col_count=2&_2_WAR_knowledgebaseportlet_mvcPath=%2Fdisplay%2Fview_article.jsp&_2_WAR_knowledgebaseportlet_resourcePrimKey=24562|Create your own Terminal Server]] - Useful if you need to console into multiple devices remotely (i.e. for your lab equipment) * [[http://www.myteneo.net/blog/-/blogs/dynagen-install-with-centos|Dynagen install with CentOS]] - Helps with lab'ing up Cisco routers and configurations, or just proving what you just learned. == Cisco == === [[Ethernet Basics|Ethernet Basics]] === === [[SPAN - RSPAN|SPAN - RSPAN]] === === [[Spanning Tree|Spanning Tree]] ===

Spanning Tree 3.2

Aaron Paxson — Sat, 07 Apr 2012 21:42:46 GMT

Types of Spanning-Tree

Traditional STP - 802.1d
- Default Hello Timer: 2 seconds
- Default Max Age Timer: 20 seconds
- Default Forward Timer: 15 seconds
- 3 Types of BPDU’s (Bridge Protocol Data Unit)
  - Configuration BPDU (common - used to build topology, elect root, determine port roles)
  - Topology Change BPDU Notification (TCN - used to inform changes in the network)
  - Topology Change BPDU Acknowledgement (TCA - used to acknowledge TCN's)
- Root Bridge identified by Bridge ID (priority + MAC)
- Port States
  - Blocking
  - Learning
  - Listening
  - Forwarding
- Port Roles
  - Root Port
  - Designated Port
  - Alternate Port (by use of UPLINKFAST command)
CST - Common Spanning Tree
- 802.1Q-based
- Open Standard
- Based on 802.1d rules
- 1 instance over all VLANs
- Uses native VLAN for BPDU’s
PVST - Per VLAN Spanning Tree
- Cisco Proprietary
- Based on 802.1D rules
- ISL-based
- 1 STP instance per VLAN
PVST+ - Per VLAN Spanning Tree Plus
- Cisco Proprietary
- Based on 802.1D rules
- Single instance for each VLAN
- ISL or 802.1Q based
- Interoperable with CST and PVST
- Default mode for switches
- Commands
```
(config)# spanning-tree mode pvst - Enable PVST+ on the switch
(config-if)# spanning-tree portfast - Set a port to be Edge Port (forwards upon link-up)
```
RSTP - Rapid Spanning Tree - 802.1w
- Port Roles
  - Root Port - Best path to root bridge
  - Designated Port - switchport per segment with best cost to root bridge
  - Alternate Port - alternate (less desirable) path to root bridge
  - Backup Port - alternate switchport for the segment to root bridge
- Port States
  - Discarding - combines Disabled, Blocking, and Listening states in STP (802.1D), since they all drop frames
  - Learning - frames dropped but learning MAC addresses
  - Forwarding - duhhhh…. traffic is forwarding
- Port Types
  - Edge Port - Station port with only 1 device. Still listens for BPDU’s but immediately comes up “forwarding”. (using PORTFAST command)
  - Root Port - port that has best path to root
  - Point-to-Point Port - Port that has established a link to another switch. All full-duplex ports are assumed point-to-point unless denoted by PORTFAST (edge-port).
- No Timers. Synchronization over Point-to-Point ports establishes synchronous updates to neighboring switches at the speed of BPDU’s, using Handshake/Agreement messages.
- Topology Change
  - Topology change notification only sent when a non-edge port transitions to forwarding state (the switch has already determined it will not create a loop, and therefore, no need to send a notification when a link goes down. Only to notify switches to age out their CAM tables).
  - BPDU’s with TC bit set, are sent out all non-edge ports until the TC timer expires (2 intervals of Hello Timer).
  - All neighboring switches that receive the TC, send the TC messages out all non-edge ports except for the one that received it.
  - Commands
```
(config-if)# spanning-tree link-type point-to-point - Half-duplex ports are not set as point-to-point. This will force it.
(config-if)# spanning-tree portfast - Set a port to be Edge Port (forwards upon link-up)
(config)# spanning-tree mode rapid-pvst - Enable Rapid PVST+ on the switch
```

MST - Multi Spanning Tree 802.1s

Built to decrease spanning-tree instances (and therefore decrease the resources necessary to run them). Create your own STP instances and map VLAN’s to them.
Based on 802.1w RSTP
To implement, you must define the following for each MST “Region”:
- MST Configuration Name (32 characters)
- MST Configuration revision Number (0-65535)
- MST VLAN-to-Instance mappings (4096 entries)
Compatible with other forms of STP
Uses CST (Common Spanning Tree) at the parent (a wrapper) for MST, to work with other STP technologies
Inside each MST Region, an Internal Spanning Tree instance (IST) builds the topology within the region, and presents to CST a single virtual bridge.
MST Instances
- Up to 16 supported per switch
- IST is always MST0

Commands

* (config)# spanning-tree mode mst - Enables MST
* (config)# spanning-tree mst configuration - Enters config mode for MST
* (config-mst)# name <name> - Sets the name
* (config-mst)# revision <versionNumber> - sets the revision number.  Must be updated (usually by 1) after each change.  NOT propogated.  Must be manually changed on each switch.
* (config-mst)# instance <instanceID> vlan <vlanListing> - Maps vlans to instance
* (config-mst)# show pending - shows pending operations
* (config-mst)# exit - exit config mode and commit changes

STP Costs

Bandwidth	802.1D Cost	802.1W Cost
10Mbps	100	2,000,000
100Mbps	19	200,000
1Gbps	4	20,000
10Gbps	2	2,000

Tie Breakers

lowest root bridge ID
lowest root path cost
lowest sender bridge ID
lowest sender port number

SPAN - RSPAN 1.0

Aaron Paxson — Sat, 23 Jul 2011 19:41:45 GMT

SPAN = Switch Port ANalyzer RSPAN = Remote SPAN ==== Restrictions ==== # The source can either be one or more interfaces OR a VLAN, but cannot be a mixture of both in the same session. # Up to 64 SPAN destination ports can be configured in a single switch. # Switched or Routed ports can be configured as source or destination ports # Within a single SPAN session, you cannot deliver traffic to a destination port when it's sourced by a mix of SPAN and RSPAN source ports. # A SPAN destination port cannot be a source port and vice versa. # Only 1 SPAN/RSPAN session can send traffic to a single destination port. # A SPAN destination port ceases to act as a normal switchport # It's possible to configure a trunk port as the source. All the VLAN's will be monitored. To filter the monitored VLANs, use the "//filter vlan//" command # Traffic that is routed from another vlan to a source vlan on the same switch, cannot be monitored (I read this as, if the switch is routing between vlans, you won't see the traffic between them) ==== Receive SPAN ==== * Only received traffic is forwarded to the destination port * Bypasses any ACL / QoS / Policing, etc policies. This is because the SPAN is only mirroring what the port receives. ACL's, etc does not change what is received. ==== Transmit SPAN ==== * Only transmitted traffic is forwarded to the destination port * //INCLUDES// any filtering with ACL / QoS / Policing, etc. This is because the switch is only transmitting what it should, which is what is being mirrored. **NOTE** SPAN / RSPAN usually ignores certain layer 2 frames like CDP, BDPU, VTP, DTP, and PagP frames. To include those frames in the session, use the "//encapsulation replicate//" command.

SPAN / RSPAN 1.0

Aaron Paxson — Sat, 23 Jul 2011 19:40:32 GMT

Ethernet Basics 1.5

Aaron Paxson — Tue, 19 Jul 2011 21:22:59 GMT

==== Auto-Negotiation ==== * Switches can dynamically detect speed setting using **Fast Link Pulses** (FLP) of the auto-negotiation process. ** If auto-negotiation is turned off on the other side, speed can still be detected based on the electrical signal. ** If auto-negotiation is turned off on the other side, the device without a configured duplex setting must assume the default. For Cisco, this is "half-duplex" for 100Mbps interfaces or "full-duplex" for 1Gbps interfaces. //**NOTE**// - Easy way to remember what duplex is to determine history. When 100Mbps interfaces were out, hubs were still in use. Remember the 100Mbps hubs? So, half-duplex was the default. However, there is no such thing as a 1Gbps hub, so it must be a switch. Full-duplex is the default. * The only way to disable auto-negotiation on Cisco switches is to set //both// speed and duplex. ==== Types of Ethernet Addresses ==== * Unicast - Represents communication to a single interface. ** The I/G bit (The most significant bit of the most significant byte) is set to 0. * Multicast - A MAC address that implies a subset of all devices on the LAN. ** The I/G bit (The most significant bit of the most significant byte) is set to 1. * Broadcast - Sends to all devices on LAN with the address FF:FF:FF:FF:FF:FF ==== Private VLANs ==== A Private VLAN (PVLAN) is a VLAN that is segregated. In other words, you can isolate ports within a VLAN. 3 modes of communication: # Ports that communicate with all other ports in the VLAN - a.k.a. Primary VLAN # Ports that communcate to certain other ports and with shared devices (e.g. a router) - a.k.a. Secondary community VLAN # Ports that only communicate with shared devices (e.g. a router) - a.k.a. Secondary isolated VLAN. ==== VLAN Trunking Protocol (VTP) Overview ==== * Advertises VLAN ID, VLAN name, and VLAN type to other VTP "clients" or "servers". * Each change to the VLAN database on the "server" device increments the //revision number// by 1 to tell the other devices whether they have the newest version or sync to get the newer version. * 3 modes ** Server Mode *** Originates VTP Advertisements *** Processes received advertisements to update it's VLAN config *** Forwards received advertisements *** Saves VLAN config to vlan.dat or NVRAM *** Can create, modify, and delete VLANs ** Client Mode *** Originates VTP Advertisements *** Processes Received advertisements to update it's own VLAN database *** Forwards VTP advertisements *** Saves VLAN config to vlan.dat or NVRAM ** Transparent Mode *** Forwards received VTP advertisements *** Saves VLAN config to NVRAM or vlan.dat *** Can create, modify, and delete VLANs * All Cisco switches default to using VTP in server mode, but before advertisments can be sent, a //domain name// must be given * Cisco switches as VTP clients do **not** have to have a domain specified in order to accept VTP advertisements. If no domain name is specified on a VTP client device, the domain-name specified in the advertisement is used. * Before VTP Client devices can accept VTP advertisements, the global command "**vtp mode**" must be configured. * You can (and should) have at least 2 VTP Server switches for high-availability. * To prevent DoS attacks using VTP (because updates and revision numbers are clear-text packets), use a password to create an MD5 encoding. Only clients with the same password will accept the updates. ===== VTP Configuration ===== * VTP sends updates out all trunk ports (ISL or 802.1q). * Minimum config to use VTP ** 1 switch to have domain defined (VTP Server) ** 1 switch to have "vtp mode" defined (VTP Client) * VTP Options ** "**vtp version**" - Sets version 1 or 2. Servers and clients must match version numbers. Transparent switches at version 2 can forward both version 1 or 2 updates ** "**vtp pruning**" - Prunes VLANs from being created on switches that do not use it. ** "**vtp interface**" - Specifies the interface with the IP Address used to identify the switch in updates ===== Normal/Extended VLANS ===== * Normal VLANS: id 1 - 1005 ** Can be advertised via VTP versions 1 and 2 ** Stored in vlan.dat * Extended VLANs: id 1006-4094 ** Not advertised via VTP ** Not stored in vlan.dat ** Only used on Transparent switches ===== VLAN Trunking ===== * ISL - Cisco Proprietary ** Supports Normal and Extended Range ** Encapsulates original frame *** Adds a new 26-byte header *** Encapsulated frame uses the source address of the device doing the trunking *** Encapsulated frame uses a multicast destination address of either 0100.0c00.0000 or 0300.0c00.0000 ** Does **not** support native VLAN * 802.1q ** Supports Normal and Extended Range ** Inserts Tag inside original frame *** Inserts a 4-byte header, called a tag, inside the original frame right after the Source Address Field ** Supports native VLAN ** IEEE Standard