Author: Aaron Rombaut

Posted on

Benefits of Switch Stacking and Chassis Aggregation

Switch stacking, known as Cisco StackWise on Cisco products, is a technology that connects multiple switches into one logical switch. By using stacking technology you get a decrease in administrative overhead and less blocked ports from Spanning-tree Protocol (STP).

You can add switches to gain port density and you can add them over time. This provides room to grow and decreases up front costs. Since the switch now appears as one logical switch, you only need to assign one management IP to it rather than individual IPs to each access switch. The administrative burden is lessened as well as you can go into one interface rather than into individual management consoles.

There is a master switch, called the stack master (which is elected), that manages the stack. The remainder of switches communicate via special interconnect cables. EtherChannel can still be used and will eliminate STP. StackWise technology can support up to nine switches.

Verify

To find how the stack ports are connected.

Switch#show switch stack-ports

To see the switch neighbors.

Switch#show switch neighbors

 

Posted on

Using Local SPAN to Troubleshoot and Resolve Problems

A Switched Port Analyzer, or SPAN, is a way that you can monitor traffic. Back when networks used hubs, all traffic was visible because a hub just repeated the traffic out every port except the one it came in on. When switches were introduced, SPAN functionality was introduced to accommodate.

It is common to set a SPAN port up to a device with Wireshark to analyze network traffic. If you are going to monitor the traffic from a single management workstation, you will need two network interfaces cards (NIC) since SPAN traffic is not able traverse the same line as data. If you are only using the management station to monitor the traffic, you can use the single NIC. SPAN actually copies the data from one port to another that you specify. You can monitor egress traffic, ingress traffic, or a combination of the two.

Configure

When you configure a SPAN session, your source and destination ports cannot be the same. You will configure the source, what you want to monitor, to a destination interface, where you will monitor. The following is an example of the syntax you would use to configure a SPAN session.

Switch#configure terminal
Switch(config)#monitor session session-id source interface-id
Switch(config)#monitor session session-id destination interface-id

Verify

Switch#show monitor
Posted on

ICMP Echo-Based IP SLA

Internet Control Message Protocol (ICMP) is a commonly used utility to test Layer 3 connectivity between devices. A Service Level Agreement (SLA) is a target that must be met; there is no set criteria for an SLA. ICMP echo-based IP SLA is a way to monitor end-to-end response time between Cisco devices using IPv4 or IPv6. According to Cisco, “Response time is computed by measuring the time taken between sending an ICMP Echo request message to the destination and receiving an ICMP Echo reply.” Using IP SLA ICMP echo to test far-end devices is much more practical than pinging manually.

Configure

Router#configure terminal
Router(config)#ip sla operation-number
Router(config-ip-sla)#icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname} | source-interface interface-name
Router(config-ip-sla-echo)#frequency 300
Router(config-ip-sla-echo)#end

The ‘ip sla operation-number’ begins configuration for an IP SLA operation and enters IP SLA configuration mode. Icmp-echo defines an ICMP Echo operation and enters IP SLA ICMP Echo configuration mode.  The frequesncy sets the rate at which a specified IP SLAs operation repeats.

Verify

You can verify the IP SLA configuration with the following show commands.

show ip sla configuration
show ip sla statistics

Reference

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_icmp_echo.html

CCNA ICND2 Study Guide, 3rd Edition by Todd Lammle

Posted on

Connecting to IPv6 Websites by IP

Internet Protocol version 6 (IPv6) request for comments (RFC) 1883 (https://tools.ietf.org/html/rfc1883) came out in December 1995. That’s 22 years ago! So how do you connect to an IPv6 address without using a Domain Name Server (DNS)? It’s only slightly different than Internet Protocol version 4 (IPv4). You do need to make sure you have an IPv6 address before starting. If you are unsure that you have one, you can do an ipconfig (on Windows), ifconfig (on *nix), or download an app for you mobile device.

In IPv4, you can just type in the dotted decimal address into the Uniform Resource Locator (URL) address bar.

https://67.247.154.182

IPv6 does not use dotted decimal addresses though, it uses colon separated addresses that look like this: 2604:6000:1009:c2a2:6a05:caff:fe46:e2b5. The colon in the URL address bar actually serves a purpose. The left of the colon identifies the protocol to use. Common protocols used in the browser are http, https, and ftp. In order to use an IPv6 address without confusing the browser, you need to wrap the IPv6 address in square brackets.

https://[2604:6000:1009:c2a2:6a05:caff:fe46:e2b5]

This is also specified in RFC 2732 if you want to learn more. (http://www.ietf.org/rfc/rfc2732.txt)

Posted on

Point-to-Point Link

Configure

To configure a Point-to-Point link, you will configure the serial interface just like you would an Ethernet interface. In addition, you need to use the no shutdown command because interfaces are down by default on a router. The other difference is that you need to have a clocking mechanism in place. Clocking takes place on the Data Communications Equipment (DCE).

Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#ip address ip-address subnet-mask
Router(config-if)#no shutdown
Router(config-if)#end

The default encapsulation type is High-Level Data Link (HDLC) protocol. To change it, you specify while in the interface configuration mode.

Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#encapsulation ppp
Router(config-if)#end

Verify

The following verification command identifies the Data Terminal Equipment (DTE).

Router#show controllers serial 0/0/0 | include V.35
DTE V.35

The following verification command identifies the Data Communications Equipment (DCE).

Router#show controllers serial 0/0/0 | include V.35
DCE V.35, clock rate 2000000

This next command will display the properties for the serial interface. From it, we can see the encapsulation protocol is set to High-Level Data Link (HDLC) protocol.

Router#show interfaces serial 0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is WIC MBRD Serial
Internet address is 192.168.255.2/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set

This next command is to verify that the Point-to-Point protocol encapsulation is set on the serial interface. LCP in the output is for Link-Control Protocol.

Router#show interfaces serial 0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is WIC MBRD Serial
Internet address is 192.168.255.2/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, loopback not set

 

Posted on

EtherChannel

EtherChannel is a way to provide redundant links and not be affected by Spanning Tree Protocol (STP). By design, when you connect multiple links to switches, STP will shut down the excess links to prevent loops. There is a Cisco version and an IEEE version. Cisco’s is called Port Aggregation Protocol (PAgP), and the IEEE 802.3ad standard is called Link Aggregation Control Protocol (LACP).  PAgP and LACP are negotiation protocols. EtherChannel can also manually be configured.

Cisco EtherChannel allows us to bundle up to eight active ports between switches. The keywords change according to the technology you are looking to configure. Both sides of the EtherChannel must use the same technology.

Link Aggregation Protocol (LACP) configuration uses active / passive.

Port Aggregation Protocol (PaGP) configuration uses auto / desirable.

Manual configuration uses on.

Configuration

The following configuration is for Layer 2 EtherChannel.

Switch#configure terminal
Switch(config)#interface range interface-id - interface-id
Switch(config-of-range)#switchport trunk encapsulation dot1q
Switch(config-of-range)#switchport mode trunk
Switch(config-of-range)#channel-group group-id mode {active | auto | desirable | on | passive}
Switch(config-of-range)#exit

Verify

Switch#show etherchannel port-channel
Switch#show etherchannel summary
Posted on

Add and Remove VLANs on a Trunk

Where access ports allow for only one data VLAN and one voice VLAN, a trunk port can carry one or more VLANs. Generally, you would use a trunk to connect switches together where you need to carry traffic. In some cases, you would configure a trunk port to connect to a server, such as a virtual server. If the device needs to use more than one VLAN, then you will want to configure the port as a trunk port.

Configure

The following commands will set up the interface to trunk mode exclusively. This will turn off Dynamic Trunking Protocol (DTP). Depending on the hardware you are on, you may need to set the encapsulation mode. Most newer equipment and code should default to using 802.1Q encapsulation, though.

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk encapsulation {dot1q | isl}
Switch(config-if)#switchport mode trunk

In order to add and remove VLANs on a trunk, you need to go to the interface and specify whether you want to add or remove VLANs.

To add one or more VLANs to the trunk:

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan add vlan-id,vlan-id,vlan-id

To remove one or more VLANs from the trunk, you replace the add parameter with remove. It may appear odd that the allowed parameter is in the command but think of it like this, you are removing an allowed VLAN from the trunk.

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan remove vlan-id,vlan-id,vlan-id

Verify

To verify what interfaces are trunks and what VLANs are configured, you would use the following command:

Switch#show interfaces trunk

You may also want to check the switchport configuration for the interface.

Switch#show interfaces interface-id switchport
Name: interface-id
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Troubleshoot

When you try to set the interface to trunk mode, you may encounter an error message regarding the trunk encapsulation. This occurs on older hardware, but you may still see it. You just need to set the trunk encapsulation first, then go back to configuring the interface as a trunk.

Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.

Trunks will carry multiple VLANs only if they are created. If you look at the output of the show interfaces trunk command and do not see the VLANs you expect, ensure the VLANs are created on the device.