Guia Switch

CCNP 3 Guía SWITCH v1.0

Topología ............................................ .................................................................. ............................................ ............................................. ........................................... .................... 2 DTP ......................................... ............................................................... ............................................. .............................................. .............................................. ............................... ........ 3 Creación y Administración de VLANs.................................... VLANs.......................................................... ............................................ ............................ ...... 9 Asignación VLANs TRUNK .................................... .......................................................... ............................................. ......................................... .................. 11 Agregar VLANS adicionales al TRUNK ................................................... .......................................................................... ............................. ...... 16 Suprimir VLANs al TRUNK ......................... ............................................... ............................................. ............................................. ............................. ....... 18 Remover todas las VLANs de un enlace TRUNK ................................................ .................................................................. ..................20 VTP I ........................................... ................................................................. ............................................ ............................................ ............................................. .......................... ... 22 Private VLANs único Switch ........................................... ................................................................. ............................................ ................................. ........... 24 Private-VLANs pruebas de conectividad. ..................................................... ............................................................................ .......................... ... 28 Private VLANs Multiples Switchs ......................................................... ............................................................................... ................................. ........... 30 Private-VLANs pruebas de conectividad. ..................................................... ............................................................................ .......................... ... 35 Port Protected.............................. Protected..................................................... ............................................. ............................................ ............................................ .......................... .... 39 Etherchannel ........................................... ................................................................. ............................................ ............................................ ..................................... ............... 42 Load-Shared Etherchannel............................. Etherchannel................................................... ............................................. .............................................. ............................. ...... 47 Etherchannel L3................................................................ ...................................................................................... ............................................ ................................. ...........52 VTP II .......................................... ................................................................ ............................................ ............................................ ............................................. .......................... ...53 STP Comportamiento por defecto ................................................... ......................................................................... ........................................ ..................57 STP Configuración. ........................................... ................................................................. ............................................ ............................................. .......................... ... 63 STP BPDU Guard ................................... ......................................................... ............................................ ............................................ ..................................... ............... 71 FLEX Link .......................................... ................................................................ ............................................ ............................................. ......................................... ..................72 STP Multiple Spanning Tree MST 802.1s .................................................... ........................................................................... .......................... ... 77

@ NMT 2012

1


Topología

@ NMT 2012

2


DTP Configure ISL trunk entre DLS1 y DLS2 c umpliendo las siguientes políticas:



DLS1 FastEthernet0/11 modo trunk: negociación de trunk con puerto Fastethernet0/11 Fastethernet0/11 de DLS2



DLS1 FastEthernet0/11 modo dynamic auto: puerto pasivo que negocia siempre siempre que puerto extremo FastEthernet0/11 de DLS1 sea trunk o dynamic desirable. Bajo este escenario no es necesario configurar la interface f0/11 de DSL2 puesto que por defecto tiene el modo dynamic auto.

DLS1 interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk DLS1#show interfaces fastEthernet 0/11 switchport switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl DLS2#show interfaces fastEthernet 0/11 switchport switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl DLS1#sh interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on isl trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1

isl = config. Estatica n-isl= negociación

DLS2#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 auto n-isl trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1

@ NMT 2012

3


Configure ISL trunk entre DLS1 y DLS2 cumpliendo las siguientes políticas:



DLS1 FastEthernet0/12 modo dynamic desirable: desirable: negocia activamente la formación del trunk con con Fastethernet0/12 de DLS2



DLS1 FastEthernet0/11 modo dynamic auto: puerto pasivo que negocia siempre siempre que puerto extremo FastEthernet0/11 de DLS1 sea trunk o dynamic desirable.

DLS1 interface FastEthernet0/12 switchport mode dynamic desirable DLS1#sh interfaces fastEthernet 0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl DLS1#show interfaces fastEthernet 0/12 trunk trunk Port Mode Encapsulation Status Native vlan Fa0/12 desirable n-isl trunking 1 Port Vlans allowed on trunk Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/12 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/12 none DLS2#show interfaces fastEthernet 0/12 switchport switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On DLS2#show interfaces fastEthernet 0/12 trunk trunk Port Mode Encapsulation Status Native vlan Fa0/12 auto n-isl trunking 1 Port Vlans allowed on trunk Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/12 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/12 1

@ NMT 2012

4


DLS2#show interfaces fastEthernet 0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On

Configurar DLS1 y DLS2 en los distintos modos DTP de acuerdo a la siguiente tabla. Y comprobar resultados.

Modos DTP Dynamic Auto

Dynamic Desirble

Trunk

Access

Acces

Trunk

Trunk

Access

Trunk

Trunk

Trunk

Access

Trunk

Trunk

Trunk

Trunk

Limited Conectivity

Access

Access

Access

Limited Conectivity

Access

Dynamic Auto Dynamic Desirable



Deshabilite DTP entre DLS1 y DLS2

Nota Con el comando switchport nonegotiate se logra este comportamiento.

DLS2 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate interface FastEthernet0/12 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate

DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/11 on isl trunking 1 Fa0/12 on isl trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 @ NMT 2012

5


Fa0/12 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1 Fa0/12 1

DLS1 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate interface FastEthernet0/12 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate

DLS1#sh interfaces fastEthernet 0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Off DLS1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/11 on isl trunking 1 Fa0/12 on isl trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 Fa0/12 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1 Fa0/12 none



Configurar 802.1q entre los enlaces DLS1-ALS1, DLS1-ALS2, DL S2-ALS1, y DLS2-ALS2. Los switchs de acceso deben aprender dinámicamente el trunk.

DLS1 default interface range fastEthernet 0/7-10 interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk

@ NMT 2012

6


interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk

DLS1#sh interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 1-4094 Port Vlans allowed and active in management domain Fa0/7 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 1 DLS2 default interface range fastEthernet 0/7-10 interface range fastEthernet 0/7-10 switchport trunk encapsulation dot1q switchport mode trunk default interface range fastEthernet 0/11-12

DLS2#show interfaces fastEthernet 0/10 trunk Port Mode Encapsulation Status Native vlan Fa0/10 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/10 1-4094 Port Vlans allowed and active in management domain Fa0/10 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/10 none



ALS1 y ALS2 deben formar trunk utilizando 802.1q. No se permite DTP entre estos Switches.

Nota: Los 2960 no permiten trunk ISL, únicamente dot1.q

ALS1 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 switchport mode trunk switchport nonegotiate interface FastEthernet0/12 switchport mode trunk @ NMT 2012

7


switchport nonegotiate

ALS1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/7 auto 802.1q trunking 1 Fa0/8 auto 802.1q trunking 1 Fa0/9 auto 802.1q trunking 1 Fa0/10 auto 802.1q trunking 1 Fa0/11 on 802.1q trunking 1 Fa0/12 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 1-4094 Fa0/8 1-4094 Fa0/9 1-4094 Fa0/10 1-4094 Fa0/11 1-4094 Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/7 1 Fa0/8 1 Fa0/9 1 Fa0/10 1 Fa0/11 1 Port Vlans allowed and active in management domain Fa0/12 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 1 Fa0/8 1 Fa0/9 1 Fa0/10 1 Fa0/11 1 Fa0/12 none ALS1#show interfaces fastEthernet 0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off ALS2 interface FastEthernet0/11 switchport mode trunk switchport nonegotiate interface FastEthernet0/12 switchport mode trunk switchport nonegotiate

@ NMT 2012

8


ALS2#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1 ALS2#show interfaces fastEthernet 0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off

Creación y Administración de VLANs Cree las siguientes vlans en DLS1 y verifique que se propagan en todo el dominio. 2, 3, 4, 5, 6, 7, 8, 9, 10, 100, 120, 130, 140, 200, 230, 240, 340 y400 Nota, no debe existir espacio entre las comas y los números.

DLS1 vlan 2-10,100,12,100,120,130,140,200,230,240,340,400 DLS1#sh vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active 12 VLAN0012 active 100 VLAN0100 active 120 VLAN0120 active 130 VLAN0130 active 140 VLAN0140 active 200 VLAN0200 active VLAN Name

Status Ports @ NMT 2012

9


---- -------------------------------- --------- ------------------------------230 VLAN0230 active 240 VLAN0240 active 340 VLAN0340 active 400 VLAN0400 active

DLS2#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active 12 VLAN0012 active 100 VLAN0100 active 120 VLAN0120 active 130 VLAN0130 active 140 VLAN0140 active 200 VLAN0200 active VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------230 VLAN0230 active 240 VLAN0240 active 340 VLAN0340 active 400 VLAN0400 active

DLS2#show vlan summary Number of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0 DLS1#sh vlan summary Number of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0 ALS1#show vlan summary Number of existing VLANs :5 Number of existing VTP VLANs : 5 Number of existing extended VLANs : 0

@ NMT 2012

10


ALS1#show vtp status VTP Version :2 Configuration Revision :0 Maximum VLANs supported locally : 255 Number of existing VLANs :5 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Si nos fijamos en la salida anterior notaremos que hay un problema ya que el modo de operar de ALS1 es transparent por tanto no es capaz de instalar las vlan (solo existen vlans locales y no las las 24 vlans) que publica DLS1. Para evitar este problema cambiamos el VTP Operating Mode a Server.

ALS1(config)#vtp mode server Setting device to VTP SERVER mode

ALS1#show vlan summary Number of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0 ALS2#show vlan summary Number of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0

Asignación VLANs TRUNK 

En el trunk asigne (permita) VLANs según la siguiente tabla:

Antes de comenzar con el laboratorio es importante conocer que VLANs está asociadas a los trunks utilizando el comando show interface trunk.

@ NMT 2012

11


DLS1#sh interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 1-4094 Port Vlans allowed and active in management domain Fa0/7 1-10,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 1-10,12,100,120,130,140,200,230,240,340,400

La primera tarea consiste en permitir únicamente la VLAN 120 en la interfaces FastEthernet 0/11 de DLS1 y DLS2. Utilizando el comando switchport trunk allowed vlan 120 solo permitiremos la vla 120, incluso dejamos fuera la VLAN 1. Notemos que la interface FastEthernet 0/12 permite aun todo el rango de VLANs.

DLS1 interface FastEthernet0/11 switchport trunk allowed vlan 120 DLS1#sh interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on isl trunking 1 Port Vlans allowed on trunk Fa0/11 120 Port Vlans allowed and active in management domain Fa0/11 120 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 none DLS1#sh interfaces fastEthernet 0/12 trunk Port Mode Encapsulation Status Native vlan Fa0/12 on isl trunking 1 Port Vlans allowed on trunk Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/12 1-10,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/12 none DLS1 interface FastEthernet0/11 switchport trunk allowed vlan 120 DLS2#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on isl trunking 1 Port Vlans allowed on trunk Fa0/11 120 Port Vlans allowed and active in management domain Fa0/11 120 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 120

@ NMT 2012

12


DLS2 y ALS2 (FatEthernet 0/7) deben permitir únicamente la VLAN 240

DLS2 interface FastEthernet0/7 switchport trunk allowed vlan 240 ALS2 interface FastEthernet0/7 switchport trunk allowed vlan 240 DLS2#show interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 240 Port Vlans allowed and active in management domain Fa0/7 240 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 none ALS2#show interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 240 Port Vlans allowed and active in management domain Fa0/7 240 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 240

La tercera tarea consiste en permitir la VLAN 340 entre ALS1 y ALS2 FastEthernet0/7

ALS1 interface FastEthernet0/11 switchport trunk allowed vlan 340 ALS2 interface FastEthernet0/11 switchport trunk allowed vlan 340

ALS2#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/11 340 Port Vlans allowed and active in management domain Fa0/11 340 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 340

@ NMT 2012

13


ALS1#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/11 340 Port Vlans allowed and active in management domain Fa0/11 340 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 340

La cuarta tarea consiste en permitir la VLAN 130 entre DLS1 y ALS1 FastEthernet0/7

ALS1 interface FastEthernet0/7 switchport trunk allowed vlan 130 DLS1 interface FastEthernet0/7 switchport trunk allowed vlan 130 DLS1#sh interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 130 Port Vlans allowed and active in management domain Fa0/7 130 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 130 ALS1#sh interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 130 Port Vlans allowed and active in management domain Fa0/7 130 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 130 ALS1#

Finalmente configuramos tareas 4 y 5.

DLS1 interface FastEthernet0/9 switchport trunk allowed vlan 140 ALS2 interface FastEthernet0/9 switchport trunk allowed vlan 140 @ NMT 2012

14


DLS1#sh interfaces fastEthernet 0/9 trunk Port Mode Encapsulation Status Native vlan Fa0/9 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/9 140 Port Vlans allowed and active in management domain Fa0/9 140 Port Vlans in spanning tree forwarding state and not pruned Fa0/9 none ALS2#show interfaces fastEthernet 0/9 trunk Port Mode Encapsulation Status Native vlan Fa0/9 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/9 140 Port Vlans allowed and active in management domain Fa0/9 140 Port Vlans in spanning tree forwarding state and not pruned Fa0/9 140 DLS2 interface FastEthernet0/9 switchport trunk allowed vlan 230 ALS1 interface FastEthernet0/9 switchport trunk allowed vlan 230 DLS2#show interfaces fastEthernet 0/9 trunk Port Mode Encapsulation Status Native vlan Fa0/9 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/9 230 Port Vlans allowed and active in management domain Fa0/9 230 Port Vlans in spanning tree forwarding state and not pruned Fa0/9 230 ALS1#show interfaces fastEthernet 0/9 trunk Port Mode Encapsulation Status Native vlan Fa0/9 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/9 230 Port Vlans allowed and active in management domain Fa0/9 230 Port Vlans in spanning tree forwarding state and not pruned Fa0/9 230

@ NMT 2012

15


Agregar VLANS adicionales al TRUNK Agregue VLANs con la disposición que muestra la siguiente tabla:

DLS1 interface FastEthernet0/11 switchport trunk allowed vlan add 100 DLS1#show running-config interface fastEthernet 0/11 Building configuration... interface FastEthernet0/11 switchport trunk encapsulation isl switchport trunk allowed vlan 100,120 switchport mode trunk switchport nonegotiate

DLS2 interface FastEthernet0/11 switchport trunk allowed vlan add 100

DLS2#show running-config interface fastEthernet 0/11 Building configuration... interface FastEthernet0/11 switchport trunk encapsulation isl switchport trunk allowed vlan 100,120 switchport mode trunk switchport nonegotiate

DLS2#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on isl trunking 1 Port Vlans allowed on trunk Fa0/11 100,120 Port Vlans allowed and active in management domain Fa0/11 100,120 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 100,120

DLS2 interface FastEthernet0/7 switchport trunk allowed vlan add 200

@ NMT 2012

16


ALS2 interface FastEthernet0/7 switchport trunk allowed vlan add 200 DLS2#show interfaces fastEthernet 0/7 trunk Port Mode Encapsulation Status Native vlan Fa0/7 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 200,240 Port Vlans allowed and active in management domain Fa0/7 200,240 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 200,240

ALS1 interface fastEthernet 0/11 switchport trunk allowed vlan add 300 ALS2 interface fastEthernet 0/11 switchport trunk allowed vlan add 300 ALS1#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/11 300,340 Port Vlans allowed and active in management domain Fa0/11 340 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 340 DLS1 interface fastEthernet 0/9 switchport trunk allowed vlan 400 ALS2 interface fastEthernet 0/9 switchport trunk allowed vlan 400 DLS1#sh interfaces fastEthernet 0/9 trunk Port Mode Encapsulation Status Native vlan Fa0/9 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/9 400 Port Vlans allowed and active in management domain Fa0/9 400 Port Vlans in spanning tree forwarding state and not pruned Fa0/9 400 ALS2#sh interfaces fastEthernet 0/9 trunk Port Mode Encapsulation Status Native vlan Fa0/9 auto 802.1q trunking 1 Port Vlans allowed on trunk @ NMT 2012

17


Fa0/9 Port Fa0/9 Port Fa0/9

140,400 Vlans allowed and active in management domain 140,400 Vlans in spanning tree forwarding state and not pruned 140,400

Suprimir VLANs al TRUNK 

Suprimir VLANs de acuerdo a la siguiente tabla:

Antes de configurar los puertos debemos verificar que VLANs está transportando en el t runk.

DLS1#sh interfaces fastEthernet 0/8 trunk Port Mode Encapsulation Status Native vlan Fa0/8 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/8 1-4094 Port Vlans allowed and active in management domain Fa0/8 1-10,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/8 1-10,12,100,120,130,140,200,230,240,340,400 DLS1 interface fastEthernet 0/8 switchport trunk allowed vlan remove 1,4-10 DLS1#sh interfaces fastEthernet 0/8 trunk Port Mode Encapsulation Status Native vlan Fa0/8 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/8 2-3,11-4094 Port Vlans allowed and active in management domain Fa0/8 2-3,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/8 2-3,12,100,120,130,140,200,230,240,340,400

ALS1#show interfaces fastEthernet 0/8 trunk Port Mode Encapsulation Status Native vlan Fa0/8 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/8 1-4094 Port Vlans allowed and active in management domain Fa0/8 1-10,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/8 1-10,12,100,120,130,140,200,230,240,340,400

@ NMT 2012

18


ALS1 interface fastEthernet 0/8 switchport trunk allowed vlan remove 1,4-10 ALS1#show interfaces fastEthernet 0/8 trunk Port Mode Encapsulation Status Native vlan Fa0/8 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/8 2-3,11-4094 Port Vlans allowed and active in management domain Fa0/8 2-3,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/8 2-3,12,100,120,130,140,200,230,240,340,400 DLS2 interface fastEthernet 0/8 switchport trunk allowed vlan remove 2,4-10 DLS2#show interfaces fastEthernet 0/8 trunk Port Mode Encapsulation Status Native vlan Fa0/8 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/8 1,3,11-4094 Port Vlans allowed and active in management domain Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/8 1 ALS2 interface fastEthernet 0/8 switchport trunk allowed vlan remove 2,4-10 ALS2#show running-config interface fastEthernet 0/8 Building configuration... interface FastEthernet0/8 switchport trunk allowed vlan 1,3,11-4094

ALS2#show interfaces fastEthernet 0/8 trunk Port Mode Encapsulation Status Native vlan Fa0/8 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/8 1,3,11-4094 Port Vlans allowed and active in management domain Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400

@ NMT 2012

19


Remover todas las VLANs de un enlace TRUNK

DLS1 interface FastEthernet0/12 switchport trunk allowed vlan none DLS2 interface FastEthernet0/12 switchport trunk allowed vlan none DLS2#show interfaces fastEthernet 0/12 trunk Port Mode Encapsulation Status Native vlan Fa0/12 on isl trunking 1 Port Vlans allowed on trunk Fa0/12 none Port Vlans allowed and active in management domain Fa0/12 none Prt Vlans in spanning tree forwarding state and not pruned Fa0/12 none DLS1#sh interfaces fastEthernet 0/10 trunk Port Mode Encapsulation Status Native vlan Fa0/10 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/10 1-4094 Port Vlans allowed and active in management domain Fa0/10 1-10,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/10 1-2,4-10 DLS1 interface FastEthernet0/10 switchport trunk allowed vlan none ALS2 interface FastEthernet0/10 switchport trunk allowed vlan none DLS1#sh interfaces fastEthernet 0/10 trunk Port Mode Encapsulation Status Native vlan Fa0/10 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/10 none Port Vlans allowed and active in management domain Fa0/10 none Port Vlans in spanning tree forwarding state and not pruned Fa0/10 none

@ NMT 2012

20


ALS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/7 auto 802.1q trunking 1 Fa0/8 auto 802.1q trunking 1 Fa0/9 auto 802.1q trunking 1 Fa0/10 auto 802.1q trunking 1 Fa0/11 on 802.1q trunking 1 Fa0/12 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 1,200,240 Fa0/8 1,3,11-4094 Fa0/9 1,140,400 Fa0/10 none Fa0/11 1,300,340 Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/7 1,200,240 Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400 Fa0/9 1,140,400 Fa0/10 none Fa0/11 1,340 Port Vlans allowed and active in management domain Fa0/12 1-10,12,100,120,130,140,200,230,240,340,400 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 1,200,240 Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400 Fa0/9 1,140,400 Fa0/10 none Fa0/11 1,340 Fa0/12 1-10,12,100,120,130,140,200,230,240,340,400

@ NMT 2012

21


VTP I

Este laboratorio requiere que se borre toda la información de configuración (vlan.dat y configuración)



Configurar trunk 802.1q entre DLS1 y DLS2 a través de la interface fastethernet 0/11.



Configure VTP usando dominio DUOC entre DLS1 y DLS2, versión 2, modo server, password duoc

DLS1 interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk

DLS2 interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk

DLS2#show interfaces fastEthernet 0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1

DLS1 vtp domain DUOC vtp version 2 vtp mode server vtp password duoc

DLS2 vtp domain DUOC vtp version 2 vtp mode server vtp password duoc

@ NMT 2012

22


DLS1#sh vtp status VTP Version : running VTP2 Configuration Revision :0 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Server VTP Domain Name : DUOC VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x80 0x23 0xA4 0xBF 0x1F 0x8F 0x18 0xA3 Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00 Local updater ID is 10.1.1.1 on interface Vl1 (lowest numbered VLAN interface found) DLS2#show vtp status VTP Version :2 Configuration Revision :0 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Server VTP Domain Name : DUOC VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xBA 0xF2 0xCD 0xF0 0xD5 0x54 0x67 0xC9 Configuration last modified by 10.1.1.2 at 0-0-00 00:00:00 Local updater ID is 10.1.1.2 on interface Vl1 (lowest numbered VLAN interface found)



Crear la VLAN 10 y asígnela a la interface fastethernet 0/1 del DLS2. Asignarle el nombre ADMIN.

DLS2#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 DLS2 vlan 10 name ADMIN interface FastEthernet0/1 switchport access vlan 10 switchport mode access spanning-tree portfast

@ NMT 2012

23


DLS2#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 ADMIN active Fa0/1

Private VLANs único Switch 

Arme la siguiente topología:



Asígneles el siguiente direccionamiento:

PC



IP

PC1

10.1.1.1/24

PC2

10.1.1.2/24

PC3

10.1.1.3/24

Comprueba que exista comunicación entre todos los PCs. Nota: puesto que los switches se encuentran si configuración anterior utilizarán la VLAN 1 como dominio de broadcast. Desactivar el FW en los PCs.

PC3 C:\>ping 10.1.1.1 Haciendo ping a 10.1.1.1 con 32 bytes de datos: Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=255 Respuesta desde 10.1.1.1: bytes=32 tiempo=2ms TTL=255 Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255 Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255

@ NMT 2012

24


Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 2ms, Media = 1ms

C:\>ping 10.1.1.2 Haciendo ping a 10.1.1.2 con 32 bytes de datos: Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Estadísticas de ping para 10.1.1.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms DLS1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms DLS1#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms DLS1#ping 10.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms



Configure Private VLANs basándose en la siguiente tabla:

Dispositivo VLAN-Type

VLAN-ID

Router

Primary

100

PC1

Community

200

PC2

Community

200

PC3

Isolated

300

Private VLANs requieren una serie de pasos.



Configure el switch en modo vtp transparent



Cree la Primary VLAN



Defina las Secondary VLANs



Asocie la Secondary VLANs la Primary VLAN.

@ NMT 2012

25


DLS1 vtp mode transparent DLS1#sh vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision :0 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 DLS1 vlan 100 name VLAN_PRIMARIA private-vlan primary private-vlan association 411,421,431 vlan 200 private-vlan community vlan 300 private-vlan isolated

DLS1#sh vlan private-vlan Primary Secondary Type Ports ------- --------- --------------------------------- --------------------------------------------------------------------------------100 primary 200 community 300 isolated DLS1 vlan 100 private-vlan association add 200,300 DLS1#sh vlan private-vlan Primary Secondary Type Ports ------- --------- --------------------------------- --------------------------------------------------------------------------------100 200 community 100 300 isolated

El siguiente paso consiste en configurar la interface fastethernet 0/4 (que se conecta con el Router) en modo promiscuo y hacer mapeo de VLAN Primaria con Secundarias.

DLS1 interface FastEthernet0/4 switchport private-vlan mapping 100 200,300 switchport mode private-vlan promiscuous

@ NMT 2012

26


DLS1#sh vlan private-vlan Primary Secondary Type Ports ------- --------- --------------------------------- --------------------------------------------------------------------------------100 200 community Fa0/4 100 300 isolated Fa0/4



En los puertos que conectan los hosts crear la asociación y definirlos en modo host.

DLS1 interface FastEthernet0/1 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast interface FastEthernet0/2 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast interface FastEthernet0/3 switchport private-vlan host-association 100 300 switchport mode private-vlan host spanning-tree portfast

DLS1#sh interfaces fastEthernet 0/4 switchport Name: Fa0/4 Switchport: Enabled Administrative Mode: private-vlan promiscuous Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: 100 (VLAN_PRIMARIA) 200 (VLAN0200) 300 (VLAN0300) Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none @ NMT 2012

27


DLS1#sh vlan private-vlan Primary Secondary Type Ports ------- --------- --------------------------------- --------------------------------------------------------------------------------100 200 community Fa0/1, Fa0/2, Fa0/4 100 300 isolated Fa0/3, Fa0/4

Asociación entre puertos hosts y promiscuous

Private-VLANs pruebas de conectividad. Según lo que hemos estudiado PC1 y PC2 deben tener conectividad junto con el Router que se encuentra en modo promiscuo.

PC2 C:\>ping 10.1.1.1 Haciendo ping a 10.1.1.1 con 32 bytes de datos: Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128 Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms C:\>ping 10.1.1.100 Haciendo ping a 10.1.1.100 con 32 bytes de datos: Respuesta desde 10.1.1.100: bytes=32 tiempo=38ms TTL=255 Respuesta desde 10.1.1.100: bytes=32 tiempo=15ms TTL=255 Respuesta desde 10.1.1.100: bytes=32 tiempo=16ms TTL=255 Respuesta desde 10.1.1.100: bytes=32 tiempo=31ms TTL=255 Estadísticas de ping para 10.1.1.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 38ms, Media = 25ms PC3 C:\>ping 10.1.1.1 Haciendo ping a 10.1.1.1 con 32 bytes de datos: Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta so licitud. Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 0, perdidos = 4 (100% perdidos), C:\>ping 10.1.1.100 Haciendo ping a 10.1.1.100 con 32 bytes de datos: Respuesta desde 10.1.1.100: bytes=32 tiempo=23ms TTL=255 Respuesta desde 10.1.1.100: bytes=32 tiempo=16ms TTL=255 @ NMT 2012

28


Respuesta desde 10.1.1.100: bytes=32 tiempo=31ms TTL=255 Respuesta desde 10.1.1.100: bytes=32 tiempo=15ms TTL=255 Estadísticas de ping para 10.1.1.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 21ms

Mientras el Router que se encuentra en estado promiscuo tiene conectividad con todos los hosts como podemos observar en las siguientes pruebas:

R1#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/19/32 ms R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/44 ms R1#ping 10.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/17/36 ms

@ NMT 2012

29


Private VLANs Multiples Switchs 

Arme la siguiente topología:

Prelab: Borre toda configuración anterior (config.text + vlan.dat)



Asígneles el siguiente direccionamiento:

PC

IP

PC1

10.1.1.1/24

PC2

10.1.1.2/24

PC3

10.1.1.3/24

PC4

10.1.1.4/24

Nota: Antes de configigurar algo compruebe que exista comunicación entre todos los PCs de DLS1. Nota: puesto que los switches se encuentran sin configuración anterior utilizarán la VLAN 1. Desactivar el FW en los PCs.

PC3 C:\>ping 10.1.1.1 Haciendo ping a 10.1.1.1 con 32 bytes de datos: Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=255 Respuesta desde 10.1.1.1: bytes=32 tiempo=2ms TTL=255 Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255 Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255 Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 2ms, Media = 1ms

C:\>ping 10.1.1.2 Haciendo ping a 10.1.1.2 con 32 bytes de datos: @ NMT 2012

30


Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Estadísticas de ping para 10.1.1.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

DLS1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms DLS1#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms DLS1#ping 10.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms



Configure Private VLANs basándose en la siguiente tabla:

Dispositivo VLAN-Type

VLAN-ID

Router

Primary

100

PC1

Community

200

PC2

Community

200

PC3

Isolated

300

PC3

Community

200

Private VLANs requieren una serie de pasos.



Configure el switch en modo vtp transparent



Cree la Primary VLAN



Defina las Secondary VLANs

DLS1 vtp mode transparent vtp versión 2 DLS1#sh vtp status VTP Version : running VTP2 Configuration Revision :0 Maximum VLANs supported locally : 1005 Number of existing VLANs :8 @ NMT 2012

31


VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xB2 0x8A 0x1C 0x89 0x3E 0xD3 0xB4 0xF7 Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00

DLS1 vlan 100 name PRIMARIA private-vlan primary vlan 200 name PC1-PC2-PC4 private-vlan community vlan 300 name PC3 private-vlan isolated

DLS1#sh vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------100 primary 200 community 300 isolated



Definir Secondary VLANs la Primary VLAN.

DLS1 vlan 100 private-vlan association add 200,300 DLS1#sh vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------100 200 community 100 300 isolated



En los puertos que conectan los hosts crear la asociación y definirlos en modo host. Evitar que los puertos transiten de blocking->Listening->Learning... en STP.

DLS1 interface FastEthernet0/11 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast @ NMT 2012

32


interface FastEthernet0/12 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast interface FastEthernet0/13 switchport private-vlan host-association 100 300 switchport mode private-vlan host spanning-tree portfast

DLS1#sh interfaces fastEthernet 0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: private-vlan host Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: 100 (PRIMARIA) 200 (PC1-PC2-PC4) Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

@ NMT 2012

33




Configure trunk 802.1q entre DLS1 F0/6 y DLS2 Fa0/6. Permita únicamente las VLANs que participan en la configuración. No se permite DTP. Permitir solo la VLAN 1.

DLS1 interface fastEthernet 0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1 switchport nonegotiate DLS2 interface fastEthernet 0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1 switchport nonegotiate DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/6 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/6 1 Port Vlans allowed and active in management domain Fa0/6 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/6 1



Utilizar mismo proceso anterior para crear VLANs Primarias, Community, Isolated.



En puerto f0/21 de DLS1 crear la asociación con VLAN primaria y definir modo host. Evitar que el puerto transite de blocking->Listening->Learning... en STP.



Configurar la interface fastethernet 0/22 (que se conecta con el Router) en modo promiscuo y hacer mapeo de VLAN Primaria con Secundarias.

DLS2 vtp mode transparent vtp version 2 vlan 100 name PRIMARIA private-vlan primary vlan 200 name PC1-PC2-PC4 private-vlan community vlan 300 name PC3 private-vlan isolated @ NMT 2012

34


vlan 100 private-vlan association add 200,300 interface FastEthernet0/21 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast

DLS2#show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------100 200 community Fa0/21 100 300 isolated DLS2 interface FastEthernet0/22 switchport private-vlan mapping 100 200,300 switchport mode private-vlan promiscuous DLS2#show interfaces fastEthernet 0/22 switchport Name: Fa0/22 Switchport: Enabled Administrative Mode: private-vlan promiscuous Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: 100 (PRIMARIA) 200 (PC1-PC2-PC4) 300 (PC3) Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

Private-VLANs pruebas de conectividad. PC1 y PC2 deben tener conectividad. Nota: Desactivar el Firewall en cada PC.

@ NMT 2012

35


PC1 C:\>ping 10.1.12.2 Haciendo ping a 10.1.12.2 con 32 bytes de datos: Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms C:\>

PC3 C:\>ping 10.1.12.2 Haciendo ping a 10.1.12.2 con 32 bytes de datos: Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

Para que podamos establecer conectividad entre los puertos asociados a la VLAN Community debemos establecer permisos en el trunk, anteriormente solo se permitía la VLAN1 sin embargo en este punto debemos permitir todas las VLANs que participan.

DLS1 interface fastEthernet 0/6 switchport trunk allowed vlan add 100,200,300 DLS2 interface fastEthernet 0/6 switchport trunk allowed vlan add 100,200,300

@ NMT 2012

36


DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/6 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/6 1,100,200,300 Port Vlans allowed and active in management domain Fa0/6 1,100,200,300 Port Vlans in spanning tree forwarding state and not pruned Fa0/6 1

Pruebas PING PC2 → PC4 PC2 → Router PC3 → Router PC4 → Router

PC2 C:\>ping 10.1.12.4 -t Haciendo ping a 10.1.12.4 con 32 bytes de datos: Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128 Estadísticas de ping para 10.1.12.4: Paquetes: enviados = 6, recibidos = 6, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

PC2 C:\>ping 10.1.12.100 -t Haciendo ping a 10.1.12.100 con 32 bytes de datos: Respuesta desde 10.1.12.100: bytes=32 tiempo=28ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 ti empo=21ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255 Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 6, recibidos = 6, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 21ms, Máximo = 28ms, Media = 22ms

@ NMT 2012

37


PC4 C:\>ping 10.1.12.100 Haciendo ping a 10.1.12.100 con 32 bytes de datos: Respuesta desde 10.1.12.100: bytes=32 tiempo=30ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=15ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 t iempo=31ms TTL=255 Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 26ms

PC3 C:\>ping 10.1.12.100 Haciendo ping a 10.1.12.100 con 32 bytes de datos: Respuesta desde 10.1.12.100: bytes=32 tiempo=30ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=15ms TTL=255 Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255 Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 26ms

R1#ping 10.1.12.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.12.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/19/32 ms

@ NMT 2012

38


Port Protected



Crear la VLAN 10 en ALS1.



Configurar como puertos de acceso las interfaces Fa0/10 y Fa0/11 como muestra la figura. P robar si existe conectividad entre los PCs . Luego habilitar port protect.

 Comprobar que los PCs pueden comunicarse con el Router pero no entre ellos. Nota: Ambos puertos deben estar en modo protected para que estém aislados el uno del otro. ALS1 vlan 111 name PORT-PROTECTED interface FastEthernet0/10 switchport access vlan 111 switchport mode access spanning-tree portfast interface FastEthernet0/11 switchport access vlan 111 switchport mode access spanning-tree portfast

PC1 C:\>ping 10.1.12.2 -t Haciendo ping a 10.1.12.2 con 32 bytes de datos: Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 @ NMT 2012

39


Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128

ALS1 interface FastEthernet0/10 switchport protected interface FastEthernet0/11 switchport protected Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta so licitud. Tiempo de espera agotado para esta so licitud. Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 33, recibidos = 27, perdidos = 6 (18% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms Control-C

La salida anterior nos muestra que existe conectividad entre los PCs hasta que se habilita port-protected



Configurar puerto de acceso para la VLAN 111 en Fa0/9 que conecta a l Router. Habilitar la interfaces del Router con la IP 10.1.12.100/24.

R1 interface FastEthernet0/0 ip address 10.1.12.100 255.255.255.0 no shut @ NMT 2012

40


ALS1 interface FastEthernet0/9 switchport access vlan 111 switchport mode access spanning-tree portfast ALS1#show interfaces fastEthernet 0/10 switchport Name: Fa0/10 Switchport: Enabled Administrative Mode: static access Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 111 (PORT-PROTECTED) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: true Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

R1#ping 10.1.12.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/40 ms

@ NMT 2012

41


PC2

Etherchannel



Crear trunking configurando las interfaces f0/11 y f0/12 de DLS1 y DLS2 utilice protocolo standard de la industria. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. DLS1 solo debe responder si se inicia una negociación desde el otro extremo, debe adoptar modo pasivo. DLS2 debe intentarformar un etherchannel en forma activa.

PortChannel SW1 Configurado con

SW2 Configurado con

Etherchannel?

Desirable (PAgP Cisco)

Desirable

Sí


Auto

Sí

Auto

Auto

No

Proceso recomendado: 1. Utilice default interface para dejar la interface sin configuración (valores por defecto) 2. Crear un channel-group en la interface física (asignar un número identificativo), se creará un portchannel automáticamente. 3. (Muy importante) definir el trunk dentro del portchannel (encapsulation, mode, …)

@ NMT 2012

42


-----------------------------------------------------------------------------------------------------------------------Ejemplo de tipos de etherchannels PAgP DLS1(config)#interface range fastEthernet 0/11-12 DLS1(config-if-range)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected

-----------------------------------------------------------------------------------------------------------------------DLS1 default interface range fastEthernet 0/11-12 DLS1 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 channel-group 1 mode auto interface FastEthernet0/12 channel-group 1 mode auto interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk

DLS2 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 channel-group 1 mode desirable interface FastEthernet0/12 channel-group 1 mode desirable interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk

DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Po1 on 802.1q trunking 1 Port Vlans allowed on trunk Po1 1-4094 Port Vlans allowed and active in management domain Po1 1 Port Vlans in spanning tree forwarding state and not pruned Po1 1 DLS1#sh interfaces port-channel 1 trunk Port Mode Encapsulation Status

Native vlan @ NMT 2012

43


Po1 Port Po1 Port Po1 Port Po1

on 802.1q trunking 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1 Vlans in spanning tree forwarding state and not pruned 1

DLS2#show interfaces fastEthernet 0/11 switchport | include Mode Administrative Mode: trunk Operational Mode: trunk (member of bundle Po1) Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Capture Mode Disabled DLS1#sh interfaces fastEthernet 0/11 switchport | i Mode Administrative Mode: trunk Operational Mode: trunk (member of bundle Po1) Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Capture Mode Disabled DLS1#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 3037.a6eb.d580 Cost 12 Port 56 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------Po1 Root FWD 12 128.56 P2p

@ NMT 2012

44




Configure trunk entre DLS1 y ALS1 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. No se permite el uso de ningún protocolo etherchannel de negociación.

PortChannel SW1 Configurado con

SW2 Configurado con

Etherchannel?

On On Sí Nota: No podemos utilizar PAgP ni LACP. Como buena práctica tener en cuenta el proceso recomendado de configuración.

DLS1 default interface range fastEthernet 0/7-8 interface FastEthernet0/7 channel-group 2 mode on interface FastEthernet0/8 channel-group 2 mode on interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk

ALS1 default interface range fastEthernet 0/7-8 interface FastEthernet0/7 channel-group 2 mode on interface FastEthernet0/8 channel-group 2 mode on

@ NMT 2012

45


interface Port-channel2 switchport mode trunk

ALS1#show interfaces trunk Port Mode Encapsulation Status Native vlan Po2 on 802.1q trunking 1 Port Vlans allowed on trunk Po2 1-4094 Port Vlans allowed and active in management domain Po2 1 Port Vlans in spanning tree forwarding state and not pruned Po2 1 DLS1#sh interfaces trunk Port Mode Encapsulation Status Native vlan Po1 on 802.1q trunking 1 Po2 on 802.1q trunking 1 Port Vlans allowed on trunk Po1 1-4094 Po2 1-4094 Port Vlans allowed and active in management domain Po1 1 Po2 1 Port Vlans in spanning tree forwarding state and not pruned Po1 1 Po2 1 DLS1#sh etherchannel protocol Channel-group listing: ---------------------Group: 1 ---------Protocol: PAgP Group: 2 ---------Protocol: - (Mode ON) ALS1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------2 Po2(SU) Fa0/7(P) Fa0/8(P)

@ NMT 2012

46


ALS1#show spanning-tree interface port-channel 2 Vlan Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------VLAN0001 Desg FWD 12 128.64 P2p

Load-Shared Etherchannel 

Configure el switch DLS1 de manera que todo el tráfico generado localmente sea distribuido en el Etherchannel en base a la dirección MAC destino.

Nota: Dependiendo del modelo los distintos criterios utilizados para distribuir la carga (load-shared) variarán. Comprobemos que tipo de load-sharing está activada por defecto (source-mac). Podemos verificar esto utilizando el comando show etherchannel load-balance.

DLS1#sh etherchannel load-balance EtherChannel Load-Balancing Configuration: src-mac EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Source MAC address IPv4: Source MAC address IPv6: Source MAC address

DLS1 port-channel load-balance dst-mac DLS1#sh etherchannel load-balance EtherChannel Load-Balancing Configuration: dst-mac EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Destination MAC address IPv4: Destination MAC address IPv6: Destination MAC address



Los Etherchannel creados en DLS2 deben distribuir la carga (load-shared) cumpliendo las siguientes políticas:

 Para tráfico no IP, MAC destino  Para tráfico IPv4, IP destino  Para tráfico IPv6, IP destino  Configurar todos los modos de load-sharing y comprobar resultados. Nota: según la forma de configurar tendremos distintos resultados, en este punto podríamos probar las opciones de load-balanced que se nos presenta y comprobar los cambios con el comando etherchannel load-balance. Tiene sentido por el hecho que no podemos modificar el comportamiento directamente para el tráfico IPv6, este se ajusta en base a la configuración que hayamos efectuado para IPv4. DLS2 port-channel load-balance dst-ip

@ NMT 2012

47


DLS2#show etherchannel load-balance EtherChannel Load-Balancing Configuration: dst-ip EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Destination MAC address IPv4: Destination IP address IPv6: Destination IP address



Configure trunk entre DLS2 y ALS2 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. En ambos switches utilizar negocioación PAgP constante.

PortChannel PAgP SW1 Configurado con

SW2 Configurado con

Etherchannel?


Desirable

Sí


Auto

Sí

Auto Auto No Este escenario requiere qque ambos extremos intenten formar un ehterchannel activamente. Esto nos da una pista importante si analizamos la tabla anterior, en modo desirable en ambos lados o btendremos el resultado esperado.

DLS2 default interface range fastEthernet 0/7-8 interface FastEthernet0/7 channel-group 2 mode desirable interface FastEthernet0/8 channel-group 2 mode desirable interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk

@ NMT 2012

48


ALS2 default interface range fastEthernet 0/7-8 interface FastEthernet0/7 channel-group 2 mode desirable interface FastEthernet0/8 channel-group 2 mode desirable interface Port-channel2 switchport mode trunk

ALS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Po2 on 802.1q trunking 1 Port Vlans allowed on trunk Po2 1-4094 Port Vlans allowed and active in management domain Po2 1 Port Vlans in spanning tree forwarding state and not pruned Po2 1 DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Po1 on 802.1q trunking 1 Po2 on 802.1q trunking 1 Port Vlans allowed on trunk Po1 1-4094 Po2 1-4094 Port Vlans allowed and active in management domain Po1 1 Po2 1 Port Vlans in spanning tree forwarding state and not pruned Po1 1 Po2 1 DLS2#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P) 2 Po2(SU) PAgP Fa0/7(P) Fa0/8(P)

@ NMT 2012

49




Configure trunk entre ALS1 y ALS2 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. Configurar LACP. ALS1 debe estar en modo pasivo. ALS2 debe intentar activamente formar un etherchannel.

PortChannel LACP SW1 Configurado con

SW2 Configurado con

Etherchannel?

Active

Active

Sí

Active

Passive

Sí

Passive

Passive

No

ALS1 default interface range fastEthernet 0/11-12 interface range fastEthernet 0/11-12 channel-group 3 mode passive exit interface Port-channel3 switchport mode trunk

ALS1 default interface range fastEthernet 0/11-12 interface range fastEthernet 0/11-12 channel-group 3 mode active exit interface Port-channel3 switchport mode trunk

@ NMT 2012

50


ALS2#show etherchannel protocol Channel-group listing: ---------------------Group: 2 ---------Protocol: PAgP Group: 3 ---------Protocol: LACP

ALS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Po2 on 802.1q trunking 1 Po3 on 802.1q trunking 1 Port Vlans allowed on trunk Po2 1-4094 Po3 1-4094 Port Vlans allowed and active in management domain Po2 1 Po3 1 Port Vlans in spanning tree forwarding state and not pruned Po2 1 Po3 1 ALS1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------2 Po2(SU) Fa0/7(P) Fa0/8(P) 3 Po3(SU) LACP Fa0/11(P) Fa0/12(P)

@ NMT 2012

51


Etherchannel L3

Prelab: Borrar configuraciónes anteriores de ambos Switches.



Configurar los puertos FastEthernet0/11 al FastEthernet0/13 de DLS1 y DLS2 como muestra la figura. Estos tres enlaces deben verse como uno solo para STP. Configurar direccionamiento IP mostrado. En la creación del Portchannel no debe existir negociación. El tipo de trunk debe ser 802.1q.

DLS1 default interface range fastEthernet 0/11-13 interface Port-channel12 no switchport ip address 10.1.12.1 255.255.255.0 interface range fastEthernet 0/11-13 no switchport channel-group 12 mode on

DLS2 default interface range fastEthernet 0/11-13 interface Port-channel12 no switchport ip address 10.1.12.2 255.255.255.0 interface range fastEthernet 0/11-13 no switchport channel-group 12 mode on

DLS2#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------12 Po12(RU) Fa0/11(P) Fa0/12(P) Fa0/13(P)

@ NMT 2012

R: Etherchannel Capa3 U: Etherchannel Activo (en uso)

52




Pruebas Etherchanel L3

DLS2 access-list 100 permit ip host 10.1.12.2 host 10.1.12.1 DLS2#debug ip packet 100 IP packet debugging is on for access list 100 DLS2#ping 10.1.12.1 source 10.1.12.2 repeat 1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 10.1.12.1, timeout is 2 seconds: Packet sent with a source address of 10.1.12.2 ! Success rate is 100 percent (1/1), round-trip min/avg/max = 8/8/8 ms 00:59:41: IP: s=10.1.12.2 (local), d=10.1.12.1 (Port-channel12), len 100, sending 00:59:41: IP: s=10.1.12.2 (local), d=10.1.12.1 (Port-channel12), len 100, sending full packet

VTP II  Configure trunking entre todos los Switches de acuerdo al diagrama inicial. No se permite uso de DTP. Nota: Configurar cada Switch en modo VTP transparent

DLS1 vtp mode transparent default interface range fastEthernet 0/7-12 interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown interface FastEthernet0/11 switchport trunk encapsulation dot1q @ NMT 2012

53


switchport mode trunk switchport nonegotiate no shutdown interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown

DLS1#sh interfaces fastEthernet 0/7 switchport Name: Fa0/7 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off DLS2 vtp mode transparent default interface range fastEthernet 0/7-12 interface range fastEthernet 0/7-12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown

ALS1 vtp mode transparent default interface range fastEthernet 0/7-12 interface range fastEthernet 0/7-12 switchport mode trunk switchport nonegotiate

ALS2 vtp mode transparent default interface range fastEthernet 0/7-12 interface range fastEthernet 0/7-12 switchport mode trunk switchport nonegotiate

ALS2#show interfaces fastEthernet 0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off @ NMT 2012

54




Configure DLS1 y DLS2 de la siguiente forma:

 VTP domain: DUOC  VTP versión: 2  VTP password: cisco  VTP modo: server  Comprobar en ambos switchs la configuración. Nota: Por defecto el modo VTP es server. Recordar que en ejemplo anterior cambiamos a transparent.

DLS1#sh vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision :0 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 DLS1 vtp version 2 vtp mode server vtp password cisco vtp domain DUOC DLS2 vtp version 2 vtp mode server vtp password cisco vtp domain DUOC DLS2#show vtp status VTP Version :2 Configuration Revision :1 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Server VTP Domain Name : DUOC VTP Pruning Mode : Disabled VTP V2 Mode : Enabled

@ NMT 2012

55




Configure ALS1 y ALS2 de la siguiente forma:

 VTP domain: DUOC  VTP versión: 2  VTP password: cisco  VTP modo: client 

Comprobar en ambos switchs la configuración.

ALS1 vtp version 2 vtp mode client vtp password cisco vtp domain DUOC ALS2 vtp version 2 vtp mode client vtp password cisco vtp domain DUOC ALS2#show vtp status VTP Version :2 Configuration Revision :1 Maximum VLANs supported locally : 255 Number of existing VLANs :5 VTP Operating Mode : Client VTP Domain Name : DUOC VTP Pruning Mode : Disabled VTP V2 Mode : Enabled

@ NMT 2012

56


STP Comportamiento por defecto

Antes de continuar deshabilitemos los puertos que no participan en este laboratorio. El comando default interface range fastEthernet 0/7-12 nos permite dejar la interface con sus valores por defecto, es un método efectivo de “limpiar” la configuración existente en caso que la hubiera.

ALS2 default interface range fastEthernet 0/7-12 interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown ALS1 default interface range fastEthernet 0/7-12 interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown DLS2 default interface range fastEthernet 0/7-12 interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown DLS1 default interface range fastEthernet 0/7-12 interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

@ NMT 2012

57


¿Como podemos determinar el comportamiento de STP en este ejemplo? Iremos paso a paso explicando este problema. Utilizaremos la VLAN 1. El proceso más efectivo y sencillo para determinar los roles STP es el siguiente: 1. Determinar el costo de cada enlace . Para eso nos resultará útil la siguiente tabla (podemos verificar que los datos sean efectivamente los que aparecen utilizando show interface):

BW del enlace

Costo STP

4 Mbps

250

10 Mbps

100

16 Mbps

62

45 Mbps

39

100 Mbps

19

155 Mbps

14

622 Mbps

6

1 Gbps

4

10 Gbps

2

2. Identificar el Root Bridge Esto requiere que investiguemos que MAC está utilizando e l switch (suponiendo que la prioridad es la misma para todos los switches del dominio). Para esto determinamos la MAC con el comando show versión como veremos a continuación: DLS1#sh version | include Base Base ethernet MAC Address : E8:BA:70:CB:F6:00 DLS2#sh version | include Base Base ethernet MAC Address : 30:37:A6:EB:D5:80 ALS1#sh version | include Base Base ethernet MAC Address : 00:22:56:89:5D:80

@ NMT 2012

58


ALS2#sh version | include Base Base ethernet MAC Address : 00:22:56:88:79:00

Si observamos las salidas anteriores podemos darnos cuenta que ningún switch L3 será elegido Root Bridge porque el valor menor es considerado, por tanto debemos determinar cuál de los dos switches ALS1 o ALS2 obtendrá el título de Root Bridge. El comando show spanning-tree nos mostrará quién es el Root Bridge. Nota: Obviamente estos resultados pueden variar entre distintos equipos puesto que tienen diferentes MACs.

ALS1 → ALS1 → ALS1 →

00:22:56:89:5D:80 0x002256895D80 (Hex) 147480 731008 (decimal)

ALS2 → ALS2 → ALS2 →

00:22:56:88:79:00 0x002256887900 (Hex) 147480 672512 (decimal) //Menor Valor por lo tanto debe ser el Root Bridge.

ALS2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec DLS1#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 11 (FastEthernet0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

@ NMT 2012

59


3. Seleccionar el ROOT PORT (en cada noroot bridge) DLS1 el RP es la interface fastethernet 0/9 (menor costo 19) DLS2 el RP es la interface fastethernet 0/7 (menor costo 19) ALS1 el RP es la interface fastethernet 0/11 (menor costo 19) ALS2 es el ROOT BRIDGE. No aplica.

DLS1#sh spanning-tree root port VLAN0001 FastEthernet0/9 DLS2#sh spanning-tree root port VLAN0001 FastEthernet0/7 ALS1#sh spanning-tree root port VLAN0001 FastEthernet0/11

@ NMT 2012

60


4. Selección de Designated Port DP. Cada enlace debe seleccionar el puerto que tenga menor costo al Root Bridge. Este último también participa. En caso de que los valores sean los mismos debemos utilizar el método de desempate. - Menor root bridge ID - Menor costo hacia el root bridge - Menor ID del Sender Bridge - Menor ID de Sender por ID Enlace DLS1 ↔ DLS2: A el costo de ambas interfaces es el mismo al Root Bridge. Debemos comprobar otros criterios. El valor de Root Bridge ID de DLS1 es mayor que el valor de DLS2. Esto lo podemos observar con el comando sh spanning-tree vlan 1. De este modo podemos determinar que el DP es la interface fastethernet 0/11 de DLS2,

DLS1#sh spanning-tree vlan 1 | begin Bridge Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------Fa0/7 Altn BLK 19 128.9 P2p Fa0/9 Root FWD 19 128.11 P2p Fa0/11 Altn BLK 19 128.13 P2p

DLS2#sh spanning-tree vlan 1 | begin Bridge Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface ---------------Fa0/7 Fa0/9 Fa0/11

Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Root FWD 19 128.9 P2p Altn BLK 19 128.11 P2p Desg FWD 19 128.13 P2p

Enlace DLS1 ↔ ALS2. ALS2 es el Root, de manera que el mejor camino al Root es sencillame nte el puerto de ALS2 fastethernet 0/9. Lo mismo aplica para DLS2 ↔ ALS2 y ALS1 ↔ ALS2. El resto de los enlaces se pueden deducir fácilmente siguiendo los pasos señalados, es decir, si existen dos posibles caminos hacia el root (igual costo) usar los criterios de selección.

@ NMT 2012

61


Tenemos la siguiente disposición.

5. Identificar los puertos bloqueados. Esta tarea es rápida, si un puerto no es RP o DP sencillamente es un puerto bloqueado. La imagen entonces debería quedar de la siguiente manera:

Comprobamos que la elección de STP corresponde con la determinada mediante el proceso teórico. Voilà!

DLS1#sh spanning-tree vlan 1 | begin Interface Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------Fa0/7 Altn BLK 19 128.9 P2p Fa0/9 Root FWD 19 128.11 P2p Fa0/11 Altn BLK 19 128.13 P2p

@ NMT 2012

62


DLS2#sh spanning-tree vlan 1 | begin Interface Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Root FWD 19 128.9 P2p Fa0/9 Altn BLK 19 128.11 P2p Fa0/11 Desg FWD 19 128.13 P2p ALS1#sh spanning-tree vlan 1 | begin Interface Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Desg FWD 19 128.7 P2p Fa0/9 Desg FWD 19 128.9 P2p Fa0/11 Root FWD 19 128.11 P2p ALS2#show spanning-tree vlan 1 | begin Interface Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Desg FWD 19 128.7 P2p Fa0/9 Desg FWD 19 128.9 P2p Fa0/11 Desg FWD 19 128.11 P2p

STP Configuración.

Prelab: Borrar configuraciónes anteriores.



Configurar Etherchannel entre DLS1 y DLS2 (Fa0/11 y Fa0 /12). Utilizar LACP.



Configurar ISL entre DLS1 y DLS2. No utilizar DTP.

@ NMT 2012

63


DLS1 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 channel-group 12 mode active interface FastEthernet0/12 channel-group 12 mode active interface Port-channel12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

DLS2 default interface range fastEthernet 0/11-12 interface FastEthernet0/11 channel-group 12 mode active interface FastEthernet0/12 channel-group 12 mode active interface Port-channel12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

DLS1#show etherchannel protocol Channel-group listing: ---------------------Group: 12 ---------Protocol: LACP DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Po12 on 802.1q trunking 1 Port Vlans allowed on trunk Po12 1-4094 Port Vlans allowed and active in management domain Po12 1 Port Vlans in spanning tree forwarding state and not pruned Po12 1 DLS1#sh interfaces port-channel 12 trunk Port Mode Encapsulation Status Native vlan Po12 on 802.1q trunking 1 Port Vlans allowed on trunk Po12 1-4094 Port Vlans allowed and active in management domain Po12 1 Port Vlans in spanning tree forwarding state and not pruned @ NMT 2012

64


Po12

none

DLS2#show spanning-tree interface port-channel 12 Vlan Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------VLAN0001 Desg FWD 12 128.144 P2p DLS1#show spanning-tree interface port-channel 12 Vlan Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------VLAN0001 Altn BLK 12 128.144 P2p



Configurar 802.1q en el resto de enlaces como muestra la figura. Las interfaces que no participan en el laboratroio deben deshabilitarse.

DLS1 interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

DLS2 interface range fastEthernet 0/7 , fastEthernet 0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

ALS1 interface range fastEthernet 0/7 , fastEthernet 0/9 , fastEthernet 0/11 switchport mode trunk switchport nonegotiate interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

ALS2 interface range fastEthernet 0/7 , fastEthernet 0/9 , fastEthernet 0/11 switchport mode trunk switchport nonegotiate interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 @ NMT 2012

65


shutdown

ALS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/7 on 802.1q trunking 1 Fa0/9 on 802.1q trunking 1 Fa0/11 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/7 1-4094 Fa0/9 1-4094 Fa0/11 1-4094 Port Vlans allowed and active in management domain Fa0/7 1 Fa0/9 1 Fa0/11 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/7 1 Fa0/9 1 Fa0/11 1

Como observamos, ASL2 será siempre el Root Bridge, puesto que tiene la MAC menor. Esto provoca que todos los puertos de ALS2 se encuentren en estado FWD (Forwarding) como podemos ver en la siguiente salida.

ALS2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0022.5688.7900 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Desg FWD 19 128.7 P2p Fa0/9 Desg FWD 19 128.9 P2p Fa0/11 Desg FWD 19 128.11 P2p

Comprobemos los estados STP de los demás switches.

DLS1#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19

Este valor se deduce de 2 número de la VLAN. 15 2 = 32768 + 1 = 32769

@ NMT 2012

15

+

66


Port 11 (FastEthernet0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------Fa0/7 Altn BLK 19 128.9 P2p Fa0/9 Root FWD 19 128.11 P2p Po12 Altn BLK 19 128.144 P2p

DLS2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 9 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Root FWD 19 128.9 P2p Fa0/9 Altn BLK 19 128.11 P2p Po12 Desg FWD 19 128.144 P2p

ALS1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0022.5689.5d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Desg FWD 19 128.7 P2p Fa0/9 Desg FWD 19 128.9 P2p Fa0/11 Root FWD 19 128.11 P2p

@ NMT 2012

67




Configure VTP con la siguiente disposición: DLS1 VTP Server, versión 2, domain DUOC, password cisco DLS2 VTP Client, versión 2, domain DUOC, password cisco ALS1 VTP Client, versión 2, domain DUOC, password cisco ALS2 VTP Client, versión 2, domain DUOC, password cisco

DLS1 vtp domain DUOC vtp password cisco vtp mode server DLS2 vtp domain DUOC vtp password cisco vtp mode client ALS1 vtp domain DUOC vtp password cisco vtp mode client ALS2 vtp domain DUOC vtp password cisco vtp mode client



En DLS1 crear la VLAN 2, 3, 4, 5, 6, 7, 8, 9, 10.



Comprobar que sean conocidas estas VLANs en los switchs VTP client.

DLS1 vlan 2-10 DLS1#sh vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active

@ NMT 2012

68


DLS2#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active ALS1#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active ALS2#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active @ NMT 2012

69


9 VLAN0009 10 VLAN0010

active active



DLS1 debe ser Root Bridge para las VLANs 1, 2, 3, 4.



DLS2 debe ser Root Bridge para las VLANs 5, 6, 7, 8, 9, 10

Fijemonos en algunos detalles. ALS2 (ojo, en estos equipos en particular, si verificamos lo switches del laboratorio tendrán BID distintos) es el Root Bridge para todas las VLANs

ALS2#show version | include Base Base ethernet MAC Address : 00:22:56:88:79:00 ALS2#show spanning-tree bridge Hello Max Fwd Vlan Bridge ID Time Age Dly Protocol ---------------- --------------------------------- ----- --- --- -------VLAN0001 32769 (32768, 1) 0022.5688.7900 2 20 VLAN0002 32770 (32768, 2) 0022.5688.7900 2 20 VLAN0003 32771 (32768, 3) 0022.5688.7900 2 20 VLAN0004 32772 (32768, 4) 0022.5688.7900 2 20 VLAN0005 32773 (32768, 5) 0022.5688.7900 2 20 VLAN0006 32774 (32768, 6) 0022.5688.7900 2 20 VLAN0007 32775 (32768, 7) 0022.5688.7900 2 20 VLAN0008 32776 (32768, 8) 0022.5688.7900 2 20 VLAN0009 32777 (32768, 9) 0022.5688.7900 2 20 VLAN0010 32778 (32768, 10) 0022.5688.7900 2 20

15 ieee 15 ieee 15 ieee 15 ieee 15 ieee 15 ieee 15 ieee 15 ieee 15 ieee 15 ieee

DLS1 spanning-tree vlan 1,2,3,4 root primary DLS1#sh spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- -----------VLAN0001 24577 e8ba.70cb.f600 0 2 20 15 VLAN0002 24578 e8ba.70cb.f600 0 2 20 15 VLAN0003 24579 e8ba.70cb.f600 0 2 20 15 VLAN0004 24580 e8ba.70cb.f600 0 2 20 15 VLAN0005 32773 0022.5688.7900 19 2 20 15 Fa0/9 VLAN0006 32774 0022.5688.7900 19 2 20 15 Fa0/9 VLAN0007 32775 0022.5688.7900 19 2 20 15 Fa0/9 VLAN0008 32776 0022.5688.7900 19 2 20 15 Fa0/9 VLAN0009 32777 0022.5688.7900 19 2 20 15 Fa0/9 VLAN0010 32778 0022.5688.7900 19 2 20 15 Fa0/9 DLS2 spanning-tree vlan 5,6,7,8,9,10 root primary

@ NMT 2012

70


DLS2#show spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- -----------VLAN0001 24577 e8ba.70cb.f600 19 2 20 15 Po12 VLAN0002 24578 e8ba.70cb.f600 19 2 20 15 Po12 VLAN0003 24579 e8ba.70cb.f600 19 2 20 15 Po12 VLAN0004 24580 e8ba.70cb.f600 19 2 20 15 Po12 VLAN0005 24581 3037.a6eb.d580 0 2 20 15 VLAN0006 24582 3037.a6eb.d580 0 2 20 15 VLAN0007 24583 3037.a6eb.d580 0 2 20 15 VLAN0008 24584 3037.a6eb.d580 0 2 20 15 VLAN0009 24585 3037.a6eb.d580 0 2 20 15 VLAN0010 24586 3037.a6eb.d580 0 2 20 15 DLS2#show version | include Base Base ethernet MAC Address : 30:37:A6:EB:D5:80

STP BPDU Guard 

La interface fastethernet0/2 de ALS2 debe pertenecer a la VLAN 10. Próximamente se conectará un PC. Evitar que el proceso STP transite por los estados listening/learning. En caso que la interface reciba algún paquete BPDU deberá quedar en estado errdisable que tendrá una duración de 30 segundos.

ALS2 interface FastEthernet0/2 switchport access vlan 10 switchport mode access spanning-tree portfast ALS2#show interfaces fastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 10 (VLAN0010) ALS2 spanning-tree portfast bpduguard default errdisable recovery interval 30

Si conectamos algún dispositivo que envíe BPDUs (ejemplo un Switch) obtendremos los siguientes resultados:

04:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down 04:27:49: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to down 04:27:50: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/2 with BPDU Guard enabled. Disabling port. ALS2#

@ NMT 2012

71


04:27:50: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/2, putting F a0/2 in err-disable state

ALS2#show interfaces fastEthernet 0/2 status err-disabled Port Name Status Reason Fa0/2 err-disabled bpduguard

FLEX Link



Crear trunk utilizando Fa0/7 y Fa0/8 de ambos switches utilizando un protocolo estándar.



DLS1 VTP Server



ALS1 VTP Client



DLS1 debe crear las VLANs 100, 200, 300 y 400. DLS1 debe ser root de todas las VLANs



Comprueba que ALS1 posee las VLANs

El enlace Flex (Flex link) es una característica que se encuentra disponible en capa 2 y puede coexistir con STP. Esta mejora permite que el tiempo de convergencia sea menor a 50 milisegundos, en resumen este tiempo se mantiene constante independientemente del número de VLAN o dirección MAC configuradas en el switch. Este enlace consta de un par de interfaces de capa 2 que pueden estar configuradas como switchports o port channels, y funcionan como respaldo par a otro enlace. También ofrece una solución alternativa al protocolo Spanning Tree (STP), permitiendo a los usuarios su desactivación y todavía proporcionar un enlace redundante. @ NMT 2012

72


DLS1 interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk

ALS1 interface FastEthernet0/7 switchport mode trunk interface FastEthernet0/8 switchport mode trunk

DLS1 vtp mode server vtp domain duoc vtp version 2 vlan 100,200,300,400 spanning-tree vlan 100,200,300,400 root primary ALS1 vtp mode client vtp domain duoc vtp version 2

ALS1#show vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 100 VLAN0100 active 200 VLAN0200 active 300 VLAN0300 active 400 VLAN0400 active

@ NMT 2012

73


DLS1#sh spanning-tree vlan 100 VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 24676 Address e8ba.70cb.f600 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24676 (priority 24576 sys-id-ext 100) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------Fa0/7 Desg FWD 19 128.9 P2p Fa0/8 Desg FWD 19 128.10 P2p

ALS1#show spanning-tree vlan 100 VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 24676 Address e8ba.70cb.f600 Cost 19 Port 7 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32868 (priority 32768 sys-id-ext 100) Address 0022.5689.5d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/7 Root FWD 19 128.7 P2p Fa0/8 Altn BLK 19 128.8 P2p

Configurar FlexLink con las siguientes políticas.



ALS1 fa0/7 backup



Conectar PCs a algún puerto de DLS1 y ALS1 (misma VLAN y probar conectividad entre ellos).

 Desactivar enlace activo y esperar comprobar el tiempo de activación. Hacer balanceo de carga usandoel comando de interface switchport backup interface fastEthernet 0/3 prefer vlan 101…..

ALS1 interface FastEthernet0/8 switchport mode trunk switchport backup interface Fa0/7

@ NMT 2012

74


ALS1#show interfaces switchport backup Switch Backup Interface Pairs: Active Interface Backup Interface State -----------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Up/Backup Standby DLS1 interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast ALS1 interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast

Pruebas de conectividad Flex Link PC1 → 10.1.1.1/24 conectado a la Fa0/1 de DLS1 PC2 → 10.1.1.2/24 conectado a la Fa0/1 de ALS1 Deberíamos tener conectividad a través de ping. Fa0/8 actúa activamente en el tráfico, si deshabilitamos la interface no existe interrumpción de tráfico.

ALS1(config)#interface fastEthernet 0/8 ALS1(conig-if)#shutdown

ALS1#show interfaces switchport backup Switch Backup Interface Pairs: Active Interface Backup Interface State -----------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Down/Backup Up PC1 ping 10.1.1.2 -t Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 ti empo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128 ALS1(config)#interface fastEthernet 0/8 ALS1(config-if)#no shutdown @ NMT 2012

75


ALS1#show interfaces switchport backup Switch Backup Interface Pairs: Active Interface Backup Interface State -----------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Standby/Backup Up

Como vemos en la salida anterior la interface fa0/8 no vuelva al estado activo por defecto. En otras palabras no se apropia del puesto que dejó. Para esto debemos establecer explícitamente que lo haga.



Fastethernet 0/8 debe vovler a su estado UP en 4 segundos luego de restablecer el enlace.

ALS1 interface FastEthernet0/8 switchport backup interface Fa0/7 preemption delay 4 switchport backup interface Fa0/7 preemption mode forced

//Si no incluimos forced el proceso no lo considera

01:14:35: %BACKUP_INTERFACE-5-PREEMPT: Preempting interface Fa0/7 in backup pair (Fa0/8, Fa0/7), preemption mode is forced

ALS1#show interfaces switchport backup detail Switch Backup Interface Pairs: Active Interface Backup Interface State -----------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Up/Backup Standby Interface Pair : Fa0/8, Fa0/7 Preemption Mode : forced Preemption Delay : 4 seconds Bandwidth : 100000 Kbit (Fa0/8), 100000 Kbit (Fa0/7) Mac Address Move Update Vlan : auto

@ NMT 2012

76


STP Multiple Spanning Tree MST 802.1s



Configure ambos switches en modo trunk. Utilice 802.1q.

DLS1 interface range fastEthernet 0/11-12 switchport trunk encapsulation dot1q switchport mode trunk DLS2 interface range fastEthernet 0/11-12 switchport trunk encapsulation dot1q switchport mode trunk DLS2#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/11 on 802.1q trunking 1 Fa0/12 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/11 1-4094 Fa0/12 1-4094 Port Vlans allowed and active in management domain Fa0/11 1 Fa0/12 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/11 1 Fa0/12 1



VTP. DLS1 debe ser server VTP, DLS2 client VTP. Utilizar domain VTP DUOC, VTP versión 2.



En DLS1 crear las VLANs 2-10. Comprobar que estas VLANs se propaguen a DLS2.

DLS1 vtp mode server vtp domain DUOC vtp version 2 DLS2 vtp mode client vtp domain DUOC vtp version 2 DLS1#sh vtp status @ NMT 2012

77


VTP Version : running VTP2 Configuration Revision :1 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Server VTP Domain Name : DUOC VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xDC 0x3F 0x3A 0xBD 0x10 0x27 0xB2 0xDD Configuration last modified by 10.1.1.1 at 3-1-93 00:06:43 Local updater ID is 10.1.1.1 on interface Vl1 (lowest numbered VLAN interface found)

DLS2#show vtp status VTP Version :2 Configuration Revision :1 Maximum VLANs supported locally : 1005 Number of existing VLANs :5 VTP Operating Mode : Client VTP Domain Name : DUOC VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xDC 0x3F 0x3A 0xBD 0x10 0x27 0xB2 0xDD Configuration last modified by 10.1.1.1 at 3-1-93 00:06:43 DLS1 vlan 2-10 DLS1#sh vlan brief | exclude unsup VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active

@ NMT 2012

78


DLS2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active

Configure MST siguiendo las siguientes políticas:



Crear dos instancias STP: instancia1, instancia2.



El el numero de revisión (revision number) debe ser 1.



El nombre MST debe ser DUOC



A la instancia1 le corresponden las VLANs 1-5



A la instancia2 le corresponde la VLANs 6-8



Las siguientes VLANs serán parte de la instancia0.



Instacia1 → fastethernet0/11



Instacia2 → fastethernet0/12



DLS1 debe ser Root Bridge para instancia1




La ventaja de MST es que puede mapear multiples VLANs que tengan los mismos requerimientos (mismo tráfico) y generar una sola instancia de STP, lo que se traduce en una menor utilización de la CPU. Verifiquemos cuantas instancias existen. Para eso utilizaremos el comando show spanning-tree. Podemos observar que tenemos 9 instancias más la VLAN 1. 10 Instancias en total.

DLS1#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec @ NMT 2012

79


Interface ------------------Fa0/11 Fa0/12

Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Root FWD 19 128.13 P2p Altn BLK 19 128.14 P2p

VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface ------------------Fa0/11 Fa0/12


. . . . VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface ------------------Fa0/11 Fa0/12


@ NMT 2012

80


Como vemos en la salida anterior STP está corriendo una instancia distinta para cada VLAN, asumiendo que cada instancia tiene un camino distinto o flujo distinto, aun cuando siguen misma topología física. DLS1 y DLS2 podrán utilizar MST si ambos tienen identica:

 Región name  Revision number  VLAN-to-instance assignments Para configuirar MST debemos seguir los siguientes pasos: 1. Configurar MST globalmente:

DLS1 spanning-tree mode mst DLS2 spanning-tree mode mst DLS2#show spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/11 Desg FWD 200000 128.13 P2p Fa0/12 Desg FWD 200000 128.14 P2p

DLS1#sh spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 Cost 0 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/11 Fa0/12


@ NMT 2012

81


Si no se define, todas las instancias quedan en instancia 0.

DLS1#sh spanning-tree mst configuration Name [] Revision 0 Instances configured 1 Instance Vlans mapped -------- --------------------------------------------------------------------0 1-4094 -------------------------------------------------------------------------------

2. 3. 4. 5.

Entrar en el modo de configuración MST con el comando spanning-tree mst configuration. Establecer el numero de revisión Nombre de región Crear las instancias y asignarles las VLANs

DLS1 spanning-tree mst configuration revision 1 name DUOC instance 1 vlan 1-5 instance 2 vlan 6-8 DLS2 spanning-tree mst configuration revision 1 name DUOC instance 1 vlan 1-5 instance 2 vlan 6-8

DLS2#show spanning-tree mst configuration Name [DUOC] Revision 1 Instances configured 3 Instance Vlans mapped -------- --------------------------------------------------------------------0 9-4094 1 1-5 2 6-8 -------------------------------------------------------------------------------

@ NMT 2012

82


DLS1#sh spanning-tree mst configuration Name [DUOC] Revision 1 Instances configured 3 Instance Vlans mapped -------- --------------------------------------------------------------------0 9-4094 1 1-5 2 6-8 -------------------------------------------------------------------------------

DLS1#sh spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 Cost 0 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/11 Fa0/12


MST1 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 3037.a6eb.d580 Cost 200000 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/11 Fa0/12


MST2 Spanning tree enabled protocol mstp Root ID Priority 32770 Address 3037.a6eb.d580 Cost 200000 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

@ NMT 2012

83


Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/11 Fa0/12


Podemos notar que existe un BID por cada instancia, a 32768 se le suma el número de la instancia haciendo del BID único

DLS1#sh spanning-tree bridge Hello Max Fwd MST Instance Bridge ID Time Age Dly Protocol ---------------- --------------------------------- ----- --- --- -------MST0 32768 (32768, 0) e8ba.70cb.f600 2 20 15 mstp MST1 32769 (32768, 1) e8ba.70cb.f600 2 20 15 mstp MST2 32770 (32768, 2) e8ba.70cb.f600 2 20 15 mstp DLS2#show spanning-tree root Root Hello Max Fwd MST Instance Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- -----------MST0 32768 3037.a6eb.d580 0 2 20 15 MST1 32769 3037.a6eb.d580 0 2 20 15 MST2 32770 3037.a6eb.d580 0 2 20 15 DLS2#show version | include Base Base ethernet MAC Address : 30:37:A6:EB:D5:80







Ya podemos establecer prioridades trabajando con VLANs empaquetadas, como una sola entidad, instancia 1 e instancia 2. Para esto debemos utilizar el comando

DLS1(config)#spanning-tree mst 1 priority ? <0-61440> bridge priority in increments of 4096 DLS1(config)#spanning-tree mst 1 priority 0 DLS1(config)#spanning-tree mst 2 priority 4096

DLS2 spanning-tree mst 1 priority 4096 spanning-tree mst 2 priority 0

@ NMT 2012

84


DLS2#show version | include Base Base ethernet MAC Address : 30:37:A6:EB:D5:80 DLS2#show spanning-tree root Root Hello MST Instance Root ID Cost Time ---------------- -------------------- --------- ----- --- --- -----------MST0 32768 3037.a6eb.d580 0 2 MST1 1 e8ba.70cb.f600 200000 2 MST2 2 3037.a6eb.d580 0 2

Max Age

Fwd Dly

20 20 20

15 15 15

Root Port

Fa0/11

La salida anterior nos muestra que DLS2 es Root Bridge para instancia 0 y 1 . Para instancia 1 tenemos otro BID (de DLS1) que podemos identificar porque tiene un Root Port (Fa0/11).

DLS1#sh version | include Base Base ethernet MAC Address : E8:BA:70:CB:F6:00 DLS1#sh spanning-tree root Root Hello Max Fwd MST Instance Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- -----------MST0 32768 3037.a6eb.d580 0 2 20 15 Fa0/11 MST1 1 e8ba.70cb.f600 0 2 20 15 MST2 2 3037.a6eb.d580 200000 2 20 15 Fa0/11

DLS1#sh spanning-tree interface fastEthernet 0/11 Mst Instance Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------MST0 Root FWD 200000 128.13 P2p MST1 Desg FWD 200000 128.13 P2p MST2 Root FWD 200000 128.13 P2p DLS1#sh spanning-tree interface fastEthernet 0/12 Mst Instance Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------MST0 Altn BLK 200000 128.14 P2p MST1 Desg FWD 200000 128.14 P2p MST2 Altn BLK 200000 128.14 P2p DLS2#show spanning-tree interface fastEthernet 0/11 Mst Instance Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------MST0 Desg FWD 200000 128.13 P2p MST1 Root FWD 200000 128.13 P2p MST2 Desg FWD 200000 128.13 P2p

@ NMT 2012

85

Guia Switch

Recommend Documents