Pages

Showing posts with label cisco. Show all posts
Showing posts with label cisco. Show all posts

Thursday, May 20, 2010

spanning tree on Cat 6500, 4510 and 3560


make sure all the cabling are fine and working, show CDP should be able to show all it's neighbor

set all the connected port above to be a trunking port

ex using int range command on CORE1 to set trunk on int Gi1/1 until Gi1/3


CORE1(config)#interface range gigabitEthernet 1/1 - 3
CORE1(config-if-range)#switchport trunk encapsulation dot1q
CORE1(config-if-range)#switchport mode trunk

configure etherchannel between CORE1 and CORE2

interface GigabitEthernet1/1 (same for Gi1/2)
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-protocol lacp
 channel-group 64 mode active
end

this will automatically create etherchannel, Po64, make sure all the attribute in physical port applied the same to the port channel

interface Port-channel64
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
end

*once you start your switch, check the name, if 'router>' then all ports are layer3 port and by default is administratively shutdown, change it to switchport (layer2)
*if start with 'switch>', then it shouldn't be any problem

make sure you configure this on all ports above, next is creating management VLAN interface, we'll use VLAN1 to be the management VLAN, by default all port are belong to this VLAN

configure on CORE1


interface Vlan1
 ip address 172.16.1.1 255.255.255.0
end

use the same subnet for int VLAN1 on CORE2, DIST1 and ACC1, just change the last octet to 2, 3 and 4 accordingly

now all the int VLAN are up, if not then you might want to check on the trunk conf, make sure it's working
use this command, and make sure all of your trunk ports are listed, check on all switch

DIST1#sh interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Fa4/3       on               802.1q         trunking      1
Fa4/5       on               802.1q         trunking      1
Fa4/7       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Fa4/3       1-4094
Fa4/5       1-4094
Fa4/7       1-4094

Port        Vlans allowed and active in management domain
..

configure enable and line vty password before you can telnet all the switch using VLAN1 ip address

DIST1(config)#enable secret cisco
DIST1(config)#line vty 0 15
DIST1(config-line)#password cisco
DIST1(config-line)#privilege level 15

the line will make sure you telnet session automatically goes into the enable mode
now you should be able to telnet to all the others switch

next we'll conf VTP for easy VLAN management, on CORE1

CORE1(config)#vtp mode server
CORE1(config)#vtp domain AMD
CORE1(config)#vtp version 2

conf the CORE2, DIST1 and ACC1 to be mode client

create 4 VLAN on CORE2

CORE1(config)#vlan 10
CORE1(config)#vlan 20
CORE1(config)#vlan 30
CORE1(config)#vlan 40

show vlan on all the switch, make sure all have the same VLAN, if not then troubleshoot your VTP


now we move to spanning-tree, how to configure it? no need, by default it is turned on already(PVST), but we can control the behavior of spanning tree by manipulating a few attributes

lowest priority will become a root, if all are same value, then lowest mac address take place
in this case CORE1 has the lowest priority

show spanning-tree vlan [VLAN number]
*use show spanning-tree to to get the result for every single VLAN

by default, a single switch will become a root bridge for every single VLAN inside your network

CORE1>sh span vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192  this value should be same as Bridge ID (below), because the switch itself is Root
             Address     0019.0787.300a
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192 priority value and ID for this switch
             Address     0019.0787.300a
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/3            Desg FWD 19        128.3    P2p all ports in Root should be in FWD mode
Po64             Desg FWD 3         128.1665 P2p


CORE2#sh span vla 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     0019.0787.300a
             Cost        3
             Port        1665 (Port-channel64) local port going to Root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768 this switch can't become a Root because CORE1 has a lower priority
             Address     0019.a908.ac0a
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/5            Desg FWD 19        128.773  P2p port that forward traffic to the LAN segment
Po64             Root FWD 3         128.1665 P2p closest port to the root in term of cost

now we'll configure per VLAN spanning-tree, mean that we manually configure each VLAN it's own Root
there's two command to achieve this

spanning-tree vlan [VLAN X] root primary/secondary
OR
spanning-tree vlan [VLAN X] priority [Bridge ID]

we have created VLAN 10, 20, 30 and 40
divide into 2, 10 and 30 root on CORE1
20 and 40 root on CORE2

CORE1(config)#spanning-tree vlan 10 root primary
CORE1(config)#spanning-tree vlan 30 root primary

CORE2(config)#spanning-tree vlan 20 root primary
CORE2(config)#spanning-tree vlan 40 root primary

CORE2#show spanning-tree vlan 20

let's confirm this
 
VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     0019.a908.ac14
             This bridge is the root now this switch is the root for VLAN 20
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192
             Address     0019.a908.ac14
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/5            Desg FWD 19        128.773  P2p
Po64             Desg FWD 3         128.1665 P2p

check on all the other 3 VLANs for their root

now you can configure secondary root for each VLAN using the same approach

for the second command,
remove all the configuration that we just put in, we should have the Bridge ID (by know you should know how to get the Bridge ID)
but now the problem is, all my switch have the same Bridge priority : 32788 and since CORE1 has the lowest mac, it's now the Root for all VLANs

so, I've set VLAN 10 and 30 to have a higher priority value than it's Root for now

CORE1#spanning-tree vlan 10,30 priority 36864

check on CORE2, that fella should be the Root for VLAN 20 and 30 right now

we can also confirm this on DIST1

DIST1#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     0019.a908.ac0a
             Cost        19
             Port        197 (FastEthernet4/5)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0018.19b2.58c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa4/3               Altn BLK 19        128.195  P2p
Fa4/5               Root FWD 19        128.197  P2p  root port for VLAN 10 is different than 20 (below), Fa4/3 connect to CORE1, Fa4/5 to CORE2

DIST1#show spanning-tree vlan 20

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     0019.0787.3014
             Cost        19
             Port        195 (FastEthernet4/3)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0018.19b2.58c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa4/3               Root FWD 19        128.195  P2p connect to CORE1, it's the Root for VLAN20
Fa4/5               Altn BLK 19        128.197  P2p

another useful command

DIST1#show spanning-tree interface fastEthernet 4/5

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Altn BLK 19        128.197  P2p
VLAN0010            Root FWD 19        128.197  P2p
VLAN0020            Altn BLK 19        128.197  P2p
VLAN0030            Root FWD 19        128.197  P2p
VLAN0040            Altn BLK 19        128.197  P2p
VLAN0050            Altn BLK 19        128.197  P2p
2 comments:
Labels: , , , , , ,

Wednesday, May 5, 2010

OSPF Stub and Totally Stubby - GNS3

R0-------------------------------------------------------------------------------------------------


interface Serial0/1
 ip address 172.16.1.2 255.255.255.252
 clock rate 64000
!
interface Serial0/2
 ip address 172.16.2.2 255.255.255.252
 clock rate 64000
!
interface Serial0/3
 ip address 172.16.3.2 255.255.255.252
 clock rate 64000
!
router ospf 1
 log-adjacency-changes
 network 172.16.1.0 0.0.0.3 area 0
 network 172.16.2.0 0.0.0.3 area 0
 network 172.16.3.0 0.0.0.3 area 0


R1-------------------------------------------------------------------------------------------------


interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto




interface Serial0/0
 ip address 172.16.1.1 255.255.255.252
!
router ospf 1
 log-adjacency-changes
 redistribute rip subnets
 network 172.16.1.0 0.0.0.3 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 1
 network 192.168.1.0
 no auto-summary


R2-------------------------------------------------------------------------------------------------


interface FastEthernet0/0
 ip address 10.10.20.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 172.16.2.1 255.255.255.252
!
router ospf 1
 log-adjacency-changes
 area 20 virtual-link 10.10.20.6
 network 10.10.20.0 0.0.0.255 area 20
 network 172.16.2.0 0.0.0.3 area 0


R3-------------------------------------------------------------------------------------------------


interface FastEthernet0/0
 ip address 10.40.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 172.16.3.1 255.255.255.252
!
router ospf 1
 log-adjacency-changes
 area 40 stub
 network 10.40.1.0 0.0.0.255 area 40
 network 172.16.3.0 0.0.0.3 area 0


R4-------------------------------------------------------------------------------------------------


interface Loopback21
 ip address 21.21.21.1 255.255.255.0
!
interface Loopback22
 ip address 22.22.22.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto


router rip
 version 2
 network 21.0.0.0
 network 22.0.0.0
 network 192.168.1.0
 no auto-summary


R5-------------------------------------------------------------------------------------------------


interface Loopback11
 ip address 11.11.11.1 255.255.255.0
!
interface Loopback12
 ip address 12.12.12.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.40.1.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 area 40 stub
 network 10.40.1.0 0.0.0.255 area 40
 network 11.11.11.0 0.0.0.255 area 40
 network 12.12.12.0 0.0.0.255 area 40


R6-------------------------------------------------------------------------------------------------


interface Loopback50
 ip address 50.50.50.1 255.255.255.0
!
interface Loopback200
 ip address 200.200.20.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.10.20.6 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 area 20 virtual-link 172.16.2.1
 network 10.10.20.0 0.0.0.255 area 20
 network 50.50.50.0 0.0.0.255 area 50
 network 200.200.20.0 0.0.0.255 area 20


----------------------------------------------------------------------------------------------------

This lab is focus on Stub and Totally Stubby configuration, you can check the detail on Virtual-Link and Redistribution on previous lab

as you can see, we configure area 40 to be the stub area, ok now let's remove those two line first to see the different

on R3 and R5


R3(config)#router os 1
R3(config-router)#no area 40 stub

R5(config)#router ospf 1
R5(config-router)#no area 40 stub

after you remove the Stub area on one of this site, the neighbor will down because one site is configured as Stub and the other is normal area

*Mar  1 08:13:41.341: %OSPF-5-ADJCHG: Process 1, Nbr 10.40.1.2 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

after you remove it on both, then both neighbor are form again

*Mar  1 08:15:17.629: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.3.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

now check the routing table on R5

R5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     200.200.20.0/32 is subnetted, 1 subnets
O IA    200.200.20.1 [110/131] via 10.40.1.1, 00:07:26, FastEthernet0/0
     50.0.0.0/32 is subnetted, 1 subnets
O IA    50.50.50.1 [110/131] via 10.40.1.1, 00:07:26, FastEthernet0/0
     21.0.0.0/24 is subnetted, 1 subnets
O E2    21.21.21.0 [110/20] via 10.40.1.1, 00:07:26, FastEthernet0/0
     172.16.0.0/30 is subnetted, 3 subnets
O IA    172.16.1.0 [110/129] via 10.40.1.1, 00:07:26, FastEthernet0/0
O IA    172.16.2.0 [110/129] via 10.40.1.1, 00:07:26, FastEthernet0/0
O IA    172.16.3.0 [110/65] via 10.40.1.1, 00:07:26, FastEthernet0/0
     22.0.0.0/24 is subnetted, 1 subnets
O E2    22.22.22.0 [110/20] via 10.40.1.1, 00:07:26, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.10.20.0 [110/130] via 10.40.1.1, 00:07:28, FastEthernet0/0
C       10.40.1.0 is directly connected, FastEthernet0/0
     11.0.0.0/24 is subnetted, 1 subnets
C       11.11.11.0 is directly connected, Loopback11
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Loopback12
O E2 192.168.1.0/24 [110/20] via 10.40.1.1, 00:07:28, FastEthernet0/0

as you can see, there are many type of route inside ( E2, IA.. etc) which mean all the route are being send to this area, but there are no more network beyond this router and do you think it is necessary for this router to have a full routing table and process everything ? after all they only have one gateway to outside. 

so this is the situation where Stub configuration become useful, we not just reduce the routing table size, also we can reduce the using of Router resources

just apply back everything that you remove a while ago.. then check the routing table again

     200.200.20.0/32 is subnetted, 1 subnets
O IA    200.200.20.1 [110/131] via 10.40.1.1, 00:01:41, FastEthernet0/0
     50.0.0.0/32 is subnetted, 1 subnets
O IA    50.50.50.1 [110/131] via 10.40.1.1, 00:01:41, FastEthernet0/0
     172.16.0.0/30 is subnetted, 3 subnets
O IA    172.16.1.0 [110/129] via 10.40.1.1, 00:01:41, FastEthernet0/0
O IA    172.16.2.0 [110/129] via 10.40.1.1, 00:01:41, FastEthernet0/0
O IA    172.16.3.0 [110/65] via 10.40.1.1, 00:01:41, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.10.20.0 [110/130] via 10.40.1.1, 00:01:41, FastEthernet0/0
C       10.40.1.0 is directly connected, FastEthernet0/0
     11.0.0.0/24 is subnetted, 1 subnets
C       11.11.11.0 is directly connected, Loopback11
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Loopback12
O*IA 0.0.0.0/0 [110/2] via 10.40.1.1, 00:01:42, FastEthernet0/0

notice that route type E2 no more in the routing table (in this case the route distribute from RIP), instead the route is replaced by default route (in yellow)

to know the theory and detail on type of route that not advertised into Stub and Totally Stub you can google for "OSPF LSA type"

now let's configure this area to be a Totally Stubby area, just replace the previous line with this new line on R3 and R5

R3(config)#router os 1
R3(config-router)#area 40 stub no-summary

R5(config)#router os 1
R5(config-router)#area 40 stub no-summary

check the routing table on R5

     10.0.0.0/24 is subnetted, 1 subnets
C       10.40.1.0 is directly connected, FastEthernet0/0
     11.0.0.0/24 is subnetted, 1 subnets
C       11.11.11.0 is directly connected, Loopback11
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Loopback12
O*IA 0.0.0.0/0 [110/2] via 10.40.1.1, 00:00:40, FastEthernet0/0

in Totally Stub area, all type of route are not advertised to him and it's only have one gateway to outside world, 

so it depend on your network topology when you want to use Stub or Totally Stubby configuration

I'll try to go more detail on LSA type on next lab.. Happy routing ;)

there'll be a big game later,  the race for fourth place! Manchester City face Tottenham in a must-win clash for both clubs' Champions League hopes
1 comment:
Labels: , , , , , , , ,

Friday, April 9, 2010

3 method configuring default route on hub-spoke network - GNS3

dg

  • ip default-network
  • ip route
  • ip default-gateway
this example we’ll use RIP, you can also use EIGRP but not OSPF
prepare the network
R1
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.0
clock rate 64000
!
interface Serial0/1
ip address 172.16.1.1 255.255.255.0
clock rate 64000
!
router rip
network 172.16.0.0
network 192.168.1.0

R2
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
!
router rip
network 172.16.0.0
network 192.168.1.0

R3
interface Serial0/0
ip address 172.16.1.2 255.255.255.0
!
router rip
network 172.16.0.0

make sure R1, R2 and R3 learn all the advertised interfaces and RIP working fine by pinging from one to other interfaces
R1>sh ip rou
R    99.0.0.0/8 [120/1] via 192.168.1.2, 00:00:16, Serial0/0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial0/1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Serial0/0

R2#show ip route
     99.0.0.0/24 is subnetted, 1 subnets
C       99.99.99.0 is directly connected, Loopback99
R    172.16.0.0/16 [120/1] via 192.168.1.1, 00:00:15, Serial0/0
C    192.168.1.0/24 is directly connected, Serial0/0
R3#sh ip rou
R    99.0.0.0/8 [120/1] via 172.16.1.1, 00:00:21, Serial0/0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial0/0
R    192.168.1.0/24 [120/1] via 172.16.1.1, 00:00:21, Serial0/0

now issue this command on R1
R1(config)#ip default-network 10.0.0.0
*again, remember, this only work on hub spoke network only !!!
now, show ip route on R2 and R3
notice there are default route in the routing table
R2#sh ip route
     99.0.0.0/24 is subnetted, 1 subnets
C       99.99.99.0 is directly connected, Loopback99
R    172.16.0.0/16 [120/1] via 192.168.1.1, 00:00:12, Serial0/0
R    10.0.0.0/8 [120/1] via 192.168.1.1, 00:00:12, Serial0/0
C    192.168.1.0/24 is directly connected, Serial0/0
R*   0.0.0.0/0 [120/1] via 192.168.1.1, 00:00:12, Serial0/0
R3#sh ip route
R    99.0.0.0/8 [120/1] via 172.16.1.1, 00:00:17, Serial0/0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial0/0
R    10.0.0.0/8 [120/1] via 172.16.1.1, 00:00:17, Serial0/0
R    192.168.1.0/24 [120/1] via 172.16.1.1, 00:00:17, Serial0/0
R*   0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:17, Serial0/0

now we'll configure configure static ip route, using this method we need to redistribute the route to R2 and R3 manually
remove default-network and clear the routing table to make sure it's not gonna influence our new conf in any possible way
on R1
R1(config)#no ip default-network 10.0.0.0
on R1, R2 and R3
R1#clear ip route *

issue the static route command on R1 and specified the exit interface
R1(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0
then redistribute this static route to RIP
R1(config)#router rip
R1(config-router)#redistribute static
show ip route on R2 and R3 should show the default route now
R3#sh ip route
Gateway of last resort is 172.16.1.1 to network 0.0.0.0
R    99.0.0.0/8 [120/1] via 172.16.1.1, 00:00:15, Serial0/0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial0/0
R    10.0.0.0/8 [120/1] via 172.16.1.1, 00:00:15, Serial0/0
R    192.168.1.0/24 [120/1] via 172.16.1.1, 00:00:15, Serial0/0
R*   0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:15, Serial0/0
R2#sh ip route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
     99.0.0.0/24 is subnetted, 1 subnets
C       99.99.99.0 is directly connected, Loopback99
R    172.16.0.0/16 [120/1] via 192.168.1.1, 00:00:01, Serial0/0
R    10.0.0.0/8 [120/1] via 192.168.1.1, 00:00:01, Serial0/0
C    192.168.1.0/24 is directly connected, Serial0/0
R*   0.0.0.0/0 [120/1] via 192.168.1.1, 00:00:01, Serial0/0
this conf also work with EIGRP, but not with OSPF

another way is to use command ip default-gateway, but you need to turn off ip routing to use this
R3(config)#no ip routing
R3(config)#ip default-gateway 172.16.1.1
R3#sh ip route
Default gateway is 172.16.1.1
Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty
1 comment:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)