Download - Guia Switch
CCNP 3 Guía SWITCH v1.0
Topología...................................................................................................................................2DTP............................................................................................................................................3Creación y Administración de VLANs......................................................................................9Asignación VLANs TRUNK...................................................................................................11Agregar VLANS adicionales al TRUNK................................................................................16Suprimir VLANs al TRUNK...................................................................................................18Remover todas las VLANs de un enlace TRUNK...................................................................20VTP I........................................................................................................................................22Private VLANs único Switch...................................................................................................24Private-VLANs pruebas de conectividad.................................................................................28Private VLANs Multiples Switchs...........................................................................................30Private-VLANs pruebas de conectividad.................................................................................35Port Protected...........................................................................................................................39Etherchannel............................................................................................................................42Load-Shared Etherchannel.......................................................................................................47Etherchannel L3.......................................................................................................................52VTP II......................................................................................................................................53STP Comportamiento por defecto...........................................................................................57STP Configuración...................................................................................................................63STP BPDU Guard....................................................................................................................71FLEX Link...............................................................................................................................72STP Multiple Spanning Tree MST 802.1s...............................................................................77
@ NMT 2012 1
CCNP 3 Guía SWITCH v1.0
Topología
@ NMT 2012 2
CCNP 3 Guía SWITCH v1.0
DTP
Configure ISL trunk entre DLS1 y DLS2 cumpliendo las siguientes políticas: DLS1 FastEthernet0/11 modo trunk: negociación de trunk con puerto Fastethernet0/11 de DLS2 DLS1 FastEthernet0/11 modo dynamic auto: puerto pasivo que negocia siempre que puerto extremo
FastEthernet0/11 de DLS1 sea trunk o dynamic desirable.Bajo este escenario no es necesario configurar la interface f0/11 de DSL2 puesto que por defecto tiene el modo dynamic auto.
DLS1 interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk
DLS1#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: islOperational Trunking Encapsulation: isl
DLS2#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: islDLS1#sh interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1
DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 auto n-isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1
@ NMT 2012
isl = config. Estatican-isl= negociación
3
CCNP 3 Guía SWITCH v1.0
Configure ISL trunk entre DLS1 y DLS2 cumpliendo las siguientes políticas: DLS1 FastEthernet0/12 modo dynamic desirable: negocia activamente la formación del trunk con
Fastethernet0/12 de DLS2 DLS1 FastEthernet0/11 modo dynamic auto: puerto pasivo que negocia siempre que puerto extremo
FastEthernet0/11 de DLS1 sea trunk o dynamic desirable.
DLS1interface FastEthernet0/12 switchport mode dynamic desirable
DLS1#sh interfaces fastEthernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic desirableOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: isl
DLS1#show interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 desirable n-isl trunking 1Port Vlans allowed on trunkFa0/12 1-4094Port Vlans allowed and active in management domainFa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/12 none
DLS2#show interfaces fastEthernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: islNegotiation of Trunking: On
DLS2#show interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 auto n-isl trunking 1Port Vlans allowed on trunkFa0/12 1-4094Port Vlans allowed and active in management domainFa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/12 1
@ NMT 2012 4
CCNP 3 Guía SWITCH v1.0
DLS2#show interfaces fastEthernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: islNegotiation of Trunking: On
Configurar DLS1 y DLS2 en los distintos modos DTP de acuerdo a la siguiente tabla. Y comprobar resultados.
Modos DTP
Deshabilite DTP entre DLS1 y DLS2
Nota Con el comando switchport nonegotiate se logra este comportamiento.
DLS2default interface range fastEthernet 0/11-12
interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate
interface FastEthernet0/12 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Fa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 1
DLS1
@ NMT 2012 5
CCNP 3 Guía SWITCH v1.0
default interface range fastEthernet 0/11-12
interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate
interface FastEthernet0/12 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate
DLS1#sh interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: islOperational Trunking Encapsulation: islNegotiation of Trunking: Off
DLS1#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Fa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 none
Configurar 802.1q entre los enlaces DLS1-ALS1, DLS1-ALS2, DLS2-ALS1, y DLS2-ALS2. Los switchs de acceso deben aprender dinámicamente el trunk.
DLS1default interface range fastEthernet 0/7-10
interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk
@ NMT 2012 6
CCNP 3 Guía SWITCH v1.0
interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk
interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk
interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk
DLS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Port Vlans allowed and active in management domainFa0/7 1Port Vlans in spanning tree forwarding state and not prunedFa0/7 1
DLS2default interface range fastEthernet 0/7-10
interface range fastEthernet 0/7-10switchport trunk encapsulation dot1q switchport mode trunkdefault interface range fastEthernet 0/11-12
DLS2#show interfaces fastEthernet 0/10 trunkPort Mode Encapsulation Status Native vlanFa0/10 on 802.1q trunking 1Port Vlans allowed on trunkFa0/10 1-4094Port Vlans allowed and active in management domainFa0/10 1Port Vlans in spanning tree forwarding state and not prunedFa0/10 none
ALS1 y ALS2 deben formar trunk utilizando 802.1q. No se permite DTP entre estos Switches.
Nota: Los 2960 no permiten trunk ISL, únicamente dot1.q
ALS1default interface range fastEthernet 0/11-12
interface FastEthernet0/11 switchport mode trunk switchport nonegotiate
interface FastEthernet0/12 switchport mode trunk
@ NMT 2012 7
CCNP 3 Guía SWITCH v1.0
switchport nonegotiate
ALS1#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Fa0/8 auto 802.1q trunking 1Fa0/9 auto 802.1q trunking 1Fa0/10 auto 802.1q trunking 1Fa0/11 on 802.1q trunking 1Fa0/12 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Fa0/8 1-4094Fa0/9 1-4094Fa0/10 1-4094Fa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/7 1Fa0/8 1Fa0/9 1Fa0/10 1Fa0/11 1Port Vlans allowed and active in management domainFa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/7 1Fa0/8 1Fa0/9 1Fa0/10 1Fa0/11 1Fa0/12 none
ALS1#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off
ALS2interface FastEthernet0/11 switchport mode trunk switchport nonegotiate
interface FastEthernet0/12 switchport mode trunk switchport nonegotiate
@ NMT 2012 8
CCNP 3 Guía SWITCH v1.0
ALS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1
ALS2#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off
Creación y Administración de VLANs Cree las siguientes vlans en DLS1 y verifique que se propagan en todo el dominio.
2, 3, 4, 5, 6, 7, 8, 9, 10, 100, 120, 130, 140, 200, 230, 240, 340 y400Nota, no debe existir espacio entre las comas y los números.
DLS1vlan 2-10,100,12,100,120,130,140,200,230,240,340,400
DLS1#sh vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active12 VLAN0012 active100 VLAN0100 active120 VLAN0120 active130 VLAN0130 active140 VLAN0140 active200 VLAN0200 active
@ NMT 2012 9
CCNP 3 Guía SWITCH v1.0
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------230 VLAN0230 active240 VLAN0240 active340 VLAN0340 active400 VLAN0400 active
DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active12 VLAN0012 active100 VLAN0100 active120 VLAN0120 active130 VLAN0130 active140 VLAN0140 active200 VLAN0200 active
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------230 VLAN0230 active240 VLAN0240 active340 VLAN0340 active400 VLAN0400 active
DLS2#show vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0
DLS1#sh vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0
ALS1#show vlan summaryNumber of existing VLANs : 5 Number of existing VTP VLANs : 5 Number of existing extended VLANs : 0
@ NMT 2012 10
CCNP 3 Guía SWITCH v1.0
ALS1#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 255Number of existing VLANs : 5VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBDConfiguration last modified by 0.0.0.0 at 0-0-00 00:00:00
Si nos fijamos en la salida anterior notaremos que hay un problema ya que el modo de operar de ALS1 es transparent por tanto no es capaz de instalar las vlan (solo existen vlans locales y no las las 24 vlans) que publica DLS1. Para evitar este problema cambiamos el VTP Operating Mode a Server.
ALS1(config)#vtp mode serverSetting device to VTP SERVER mode
ALS1#show vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0
ALS2#show vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0
Asignación VLANs TRUNK En el trunk asigne (permita) VLANs según la siguiente tabla:
Antes de comenzar con el laboratorio es importante conocer que VLANs está asociadas a los trunks utilizando el comando show interface trunk.
@ NMT 2012 11
CCNP 3 Guía SWITCH v1.0
DLS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Port Vlans allowed and active in management domainFa0/7 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/7 1-10,12,100,120,130,140,200,230,240,340,400
La primera tarea consiste en permitir únicamente la VLAN 120 en la interfaces FastEthernet 0/11 de DLS1 y DLS2.Utilizando el comando switchport trunk allowed vlan 120 solo permitiremos la vla 120, incluso dejamos fuera la VLAN 1. Notemos que la interface FastEthernet 0/12 permite aun todo el rango de VLANs.
DLS1interface FastEthernet0/11 switchport trunk allowed vlan 120
DLS1#sh interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 120Port Vlans allowed and active in management domainFa0/11 120Port Vlans in spanning tree forwarding state and not prunedFa0/11 none
DLS1#sh interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/12 1-4094Port Vlans allowed and active in management domainFa0/12 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/12 none
DLS1interface FastEthernet0/11 switchport trunk allowed vlan 120
DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 120Port Vlans allowed and active in management domainFa0/11 120Port Vlans in spanning tree forwarding state and not prunedFa0/11 120
@ NMT 2012 12
CCNP 3 Guía SWITCH v1.0
DLS2 y ALS2 (FatEthernet 0/7) deben permitir únicamente la VLAN 240
DLS2interface FastEthernet0/7 switchport trunk allowed vlan 240
ALS2interface FastEthernet0/7 switchport trunk allowed vlan 240
DLS2#show interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 240Port Vlans allowed and active in management domainFa0/7 240Port Vlans in spanning tree forwarding state and not prunedFa0/7 none
ALS2#show interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/7 240Port Vlans allowed and active in management domainFa0/7 240Port Vlans in spanning tree forwarding state and not prunedFa0/7 240
La tercera tarea consiste en permitir la VLAN 340 entre ALS1 y ALS2 FastEthernet0/7
ALS1interface FastEthernet0/11 switchport trunk allowed vlan 340
ALS2interface FastEthernet0/11 switchport trunk allowed vlan 340
ALS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 340Port Vlans allowed and active in management domainFa0/11 340Port Vlans in spanning tree forwarding state and not prunedFa0/11 340
@ NMT 2012 13
CCNP 3 Guía SWITCH v1.0
ALS1#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 340Port Vlans allowed and active in management domainFa0/11 340Port Vlans in spanning tree forwarding state and not prunedFa0/11 340
La cuarta tarea consiste en permitir la VLAN 130 entre DLS1 y ALS1 FastEthernet0/7
ALS1interface FastEthernet0/7 switchport trunk allowed vlan 130
DLS1interface FastEthernet0/7 switchport trunk allowed vlan 130
DLS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 130Port Vlans allowed and active in management domainFa0/7 130Port Vlans in spanning tree forwarding state and not prunedFa0/7 130
ALS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/7 130Port Vlans allowed and active in management domainFa0/7 130Port Vlans in spanning tree forwarding state and not prunedFa0/7 130ALS1#
Finalmente configuramos tareas 4 y 5.
DLS1interface FastEthernet0/9 switchport trunk allowed vlan 140
ALS2interface FastEthernet0/9 switchport trunk allowed vlan 140
@ NMT 2012 14
CCNP 3 Guía SWITCH v1.0
DLS1#sh interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 on 802.1q trunking 1Port Vlans allowed on trunkFa0/9 140Port Vlans allowed and active in management domainFa0/9 140Port Vlans in spanning tree forwarding state and not prunedFa0/9 none
ALS2#show interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/9 140Port Vlans allowed and active in management domainFa0/9 140Port Vlans in spanning tree forwarding state and not prunedFa0/9 140
DLS2interface FastEthernet0/9 switchport trunk allowed vlan 230
ALS1interface FastEthernet0/9 switchport trunk allowed vlan 230
DLS2#show interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 on 802.1q trunking 1Port Vlans allowed on trunkFa0/9 230Port Vlans allowed and active in management domainFa0/9 230Port Vlans in spanning tree forwarding state and not prunedFa0/9 230
ALS1#show interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/9 230Port Vlans allowed and active in management domainFa0/9 230Port Vlans in spanning tree forwarding state and not prunedFa0/9 230
@ NMT 2012 15
CCNP 3 Guía SWITCH v1.0
Agregar VLANS adicionales al TRUNKAgregue VLANs con la disposición que muestra la siguiente tabla:
DLS1interface FastEthernet0/11switchport trunk allowed vlan add 100
DLS1#show running-config interface fastEthernet 0/11Building configuration...
interface FastEthernet0/11 switchport trunk encapsulation isl switchport trunk allowed vlan 100,120 switchport mode trunk switchport nonegotiate
DLS2interface FastEthernet0/11switchport trunk allowed vlan add 100
DLS2#show running-config interface fastEthernet 0/11Building configuration...
interface FastEthernet0/11 switchport trunk encapsulation isl switchport trunk allowed vlan 100,120 switchport mode trunk switchport nonegotiate
DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 100,120Port Vlans allowed and active in management domainFa0/11 100,120Port Vlans in spanning tree forwarding state and not prunedFa0/11 100,120
DLS2interface FastEthernet0/7switchport trunk allowed vlan add 200
@ NMT 2012 16
CCNP 3 Guía SWITCH v1.0
@ NMT 2012 17
CCNP 3 Guía SWITCH v1.0
ALS2interface FastEthernet0/7switchport trunk allowed vlan add 200
DLS2#show interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 200,240Port Vlans allowed and active in management domainFa0/7 200,240Port Vlans in spanning tree forwarding state and not prunedFa0/7 200,240
ALS1interface fastEthernet 0/11switchport trunk allowed vlan add 300
ALS2interface fastEthernet 0/11switchport trunk allowed vlan add 300
ALS1#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 300,340Port Vlans allowed and active in management domainFa0/11 340Port Vlans in spanning tree forwarding state and not prunedFa0/11 340
DLS1interface fastEthernet 0/9 switchport trunk allowed vlan 400
ALS2interface fastEthernet 0/9 switchport trunk allowed vlan 400
DLS1#sh interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 on 802.1q trunking 1Port Vlans allowed on trunkFa0/9 400Port Vlans allowed and active in management domainFa0/9 400Port Vlans in spanning tree forwarding state and not prunedFa0/9 400ALS2#sh interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 auto 802.1q trunking 1Port Vlans allowed on trunk
@ NMT 2012 18
CCNP 3 Guía SWITCH v1.0
Fa0/9 140,400Port Vlans allowed and active in management domainFa0/9 140,400Port Vlans in spanning tree forwarding state and not prunedFa0/9 140,400
Suprimir VLANs al TRUNK Suprimir VLANs de acuerdo a la siguiente tabla:
Antes de configurar los puertos debemos verificar que VLANs está transportando en el trunk.
DLS1#sh interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 on 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1-4094Port Vlans allowed and active in management domainFa0/8 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1-10,12,100,120,130,140,200,230,240,340,400
DLS1interface fastEthernet 0/8 switchport trunk allowed vlan remove 1,4-10
DLS1#sh interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 on 802.1q trunking 1Port Vlans allowed on trunkFa0/8 2-3,11-4094Port Vlans allowed and active in management domainFa0/8 2-3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 2-3,12,100,120,130,140,200,230,240,340,400
ALS1#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1-4094Port Vlans allowed and active in management domainFa0/8 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1-10,12,100,120,130,140,200,230,240,340,400
@ NMT 2012 19
CCNP 3 Guía SWITCH v1.0
ALS1interface fastEthernet 0/8 switchport trunk allowed vlan remove 1,4-10
ALS1#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/8 2-3,11-4094Port Vlans allowed and active in management domainFa0/8 2-3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 2-3,12,100,120,130,140,200,230,240,340,400
DLS2interface fastEthernet 0/8switchport trunk allowed vlan remove 2,4-10
DLS2#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 on 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1,3,11-4094Port Vlans allowed and active in management domainFa0/8 1,3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1
ALS2interface fastEthernet 0/8switchport trunk allowed vlan remove 2,4-10
ALS2#show running-config interface fastEthernet 0/8Building configuration...
interface FastEthernet0/8 switchport trunk allowed vlan 1,3,11-4094
ALS2#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1,3,11-4094Port Vlans allowed and active in management domainFa0/8 1,3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1,3,12,100,120,130,140,200,230,240,340,400
@ NMT 2012 20
CCNP 3 Guía SWITCH v1.0
Remover todas las VLANs de un enlace TRUNK
DLS1interface FastEthernet0/12 switchport trunk allowed vlan none
DLS2interface FastEthernet0/12 switchport trunk allowed vlan none
DLS2#show interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/12 nonePort Vlans allowed and active in management domainFa0/12 nonePrt Vlans in spanning tree forwarding state and not prunedFa0/12 none
DLS1#sh interfaces fastEthernet 0/10 trunkPort Mode Encapsulation Status Native vlanFa0/10 on 802.1q trunking 1Port Vlans allowed on trunkFa0/10 1-4094Port Vlans allowed and active in management domainFa0/10 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/10 1-2,4-10
DLS1interface FastEthernet0/10 switchport trunk allowed vlan none
ALS2interface FastEthernet0/10 switchport trunk allowed vlan none
DLS1#sh interfaces fastEthernet 0/10 trunkPort Mode Encapsulation Status Native vlanFa0/10 on 802.1q trunking 1Port Vlans allowed on trunkFa0/10 nonePort Vlans allowed and active in management domainFa0/10 nonePort Vlans in spanning tree forwarding state and not prunedFa0/10 none
@ NMT 2012 21
CCNP 3 Guía SWITCH v1.0
ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Fa0/8 auto 802.1q trunking 1Fa0/9 auto 802.1q trunking 1Fa0/10 auto 802.1q trunking 1Fa0/11 on 802.1q trunking 1Fa0/12 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1,200,240Fa0/8 1,3,11-4094Fa0/9 1,140,400Fa0/10 noneFa0/11 1,300,340Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/7 1,200,240Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400Fa0/9 1,140,400Fa0/10 noneFa0/11 1,340Port Vlans allowed and active in management domainFa0/12 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/7 1,200,240Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400Fa0/9 1,140,400Fa0/10 noneFa0/11 1,340Fa0/12 1-10,12,100,120,130,140,200,230,240,340,400
@ NMT 2012 22
CCNP 3 Guía SWITCH v1.0
VTP I
Este laboratorio requiere que se borre toda la información de configuración (vlan.dat y configuración) Configurar trunk 802.1q entre DLS1 y DLS2 a través de la interface fastethernet 0/11. Configure VTP usando dominio DUOC entre DLS1 y DLS2, versión 2, modo server, password duoc
DLS1interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk
DLS2interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk
DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1
DLS1vtp domain DUOCvtp version 2vtp mode servervtp password duoc
DLS2vtp domain DUOCvtp version 2vtp mode servervtp password duoc
@ NMT 2012 23
CCNP 3 Guía SWITCH v1.0
@ NMT 2012 24
CCNP 3 Guía SWITCH v1.0
DLS1#sh vtp statusVTP Version : running VTP2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0x80 0x23 0xA4 0xBF 0x1F 0x8F 0x18 0xA3Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00Local updater ID is 10.1.1.1 on interface Vl1 (lowest numbered VLAN interface found)
DLS2#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xBA 0xF2 0xCD 0xF0 0xD5 0x54 0x67 0xC9Configuration last modified by 10.1.1.2 at 0-0-00 00:00:00Local updater ID is 10.1.1.2 on interface Vl1 (lowest numbered VLAN interface found)
Crear la VLAN 10 y asígnela a la interface fastethernet 0/1 del DLS2. Asignarle el nombre ADMIN.
DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2
DLS2vlan 10 name ADMIN
interface FastEthernet0/1 switchport access vlan 10 switchport mode access spanning-tree portfast
@ NMT 2012 25
CCNP 3 Guía SWITCH v1.0
DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/210 ADMIN active Fa0/1
Private VLANs único Switch
Arme la siguiente topología:
Asígneles el siguiente direccionamiento:PC IP
PC1 10.1.1.1/24PC2 10.1.1.2/24PC3 10.1.1.3/24
Comprueba que exista comunicación entre todos los PCs. Nota: puesto que los switches se encuentran si configuración anterior utilizarán la VLAN 1 como dominio de broadcast. Desactivar el FW en los PCs.
PC3C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=2ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255
@ NMT 2012 26
CCNP 3 Guía SWITCH v1.0
Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 2ms, Media = 1ms
C:\>ping 10.1.1.2Haciendo ping a 10.1.1.2 con 32 bytes de datos:Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.1.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms
DLS1#ping 10.1.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
DLS1#ping 10.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DLS1#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
Configure Private VLANs basándose en la siguiente tabla:Dispositivo VLAN-Type VLAN-IDRouter Primary 100PC1 Community 200PC2 Community 200PC3 Isolated 300
Private VLANs requieren una serie de pasos. Configure el switch en modo vtp transparent Cree la Primary VLAN Defina las Secondary VLANs Asocie la Secondary VLANs la Primary VLAN.
DLS1
@ NMT 2012 27
CCNP 3 Guía SWITCH v1.0
vtp mode transparent
DLS1#sh vtp statusVTP Version : running VTP1 (VTP2 capable)Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBDConfiguration last modified by 0.0.0.0 at 0-0-00 00:00:00
DLS1vlan 100 name VLAN_PRIMARIA private-vlan primary private-vlan association 411,421,431
vlan 200 private-vlan communityvlan 300 private-vlan isolated
DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 primary 200 community 300 isolated
DLS1vlan 100 private-vlan association add 200,300
DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community100 300 isolated
El siguiente paso consiste en configurar la interface fastethernet 0/4 (que se conecta con el Router) en modo promiscuo y hacer mapeo de VLAN Primaria con Secundarias.
DLS1interface FastEthernet0/4 switchport private-vlan mapping 100 200,300 switchport mode private-vlan promiscuous
DLS1#sh vlan private-vlan
@ NMT 2012 28
CCNP 3 Guía SWITCH v1.0
Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community Fa0/4100 300 isolated Fa0/4
En los puertos que conectan los hosts crear la asociación y definirlos en modo host.
DLS1interface FastEthernet0/1 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast
interface FastEthernet0/2 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast
interface FastEthernet0/3 switchport private-vlan host-association 100 300 switchport mode private-vlan host spanning-tree portfast
DLS1#sh interfaces fastEthernet 0/4 switchportName: Fa0/4Switchport: EnabledAdministrative Mode: private-vlan promiscuousOperational Mode: downAdministrative Trunking Encapsulation: negotiateNegotiation of Trunking: OffAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: 100 (VLAN_PRIMARIA) 200 (VLAN0200) 300 (VLAN0300)Administrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk associations: noneAdministrative private-vlan trunk mappings: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALLProtected: falseUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none
@ NMT 2012 29
CCNP 3 Guía SWITCH v1.0
DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community Fa0/1, Fa0/2, Fa0/4100 300 isolated Fa0/3, Fa0/4
Private-VLANs pruebas de conectividad.Según lo que hemos estudiado PC1 y PC2 deben tener conectividad junto con el Router que se encuentra en modo promiscuo.
PC2C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms
C:\>ping 10.1.1.100Haciendo ping a 10.1.1.100 con 32 bytes de datos:Respuesta desde 10.1.1.100: bytes=32 tiempo=38ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=15ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=16ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=31ms TTL=255Estadísticas de ping para 10.1.1.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 38ms, Media = 25ms
PC3C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 0, perdidos = 4 (100% perdidos),
C:\>ping 10.1.1.100Haciendo ping a 10.1.1.100 con 32 bytes de datos:Respuesta desde 10.1.1.100: bytes=32 tiempo=23ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=16ms TTL=255
@ NMT 2012
Asociación entre puertos hosts y promiscuous
30
CCNP 3 Guía SWITCH v1.0
Respuesta desde 10.1.1.100: bytes=32 tiempo=31ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=15ms TTL=255Estadísticas de ping para 10.1.1.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 21ms
Mientras el Router que se encuentra en estado promiscuo tiene conectividad con todos los hosts como podemos observar en las siguientes pruebas:
R1#ping 10.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 8/19/32 ms
R1#ping 10.1.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/44 ms
R1#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/17/36 ms
@ NMT 2012 31
CCNP 3 Guía SWITCH v1.0
Private VLANs Multiples Switchs
Arme la siguiente topología:
Prelab: Borre toda configuración anterior (config.text + vlan.dat) Asígneles el siguiente direccionamiento:
PC IPPC1 10.1.1.1/24PC2 10.1.1.2/24PC3 10.1.1.3/24PC4 10.1.1.4/24
Nota: Antes de configigurar algo compruebe que exista comunicación entre todos los PCs de DLS1. Nota: puesto que los switches se encuentran sin configuración anterior utilizarán la VLAN 1. Desactivar el FW en los PCs.
PC3C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=2ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255
Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 2ms, Media = 1ms
C:\>ping 10.1.1.2
@ NMT 2012 32
CCNP 3 Guía SWITCH v1.0
Haciendo ping a 10.1.1.2 con 32 bytes de datos:Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.1.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms
DLS1#ping 10.1.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
DLS1#ping 10.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DLS1#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
Configure Private VLANs basándose en la siguiente tabla:Dispositivo VLAN-Type VLAN-IDRouter Primary 100PC1 Community 200PC2 Community 200PC3 Isolated 300PC3 Community 200
Private VLANs requieren una serie de pasos. Configure el switch en modo vtp transparent Cree la Primary VLAN Defina las Secondary VLANs
DLS1vtp mode transparentvtp versión 2
DLS1#sh vtp statusVTP Version : running VTP2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 8
@ NMT 2012 33
CCNP 3 Guía SWITCH v1.0
VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xB2 0x8A 0x1C 0x89 0x3E 0xD3 0xB4 0xF7Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00
DLS1vlan 100 name PRIMARIA private-vlan primary
vlan 200 name PC1-PC2-PC4 private-vlan community
vlan 300 name PC3 private-vlan isolated
DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 primary 200 community 300 isolated
Definir Secondary VLANs la Primary VLAN.
DLS1vlan 100 private-vlan association add 200,300
DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community100 300 isolated
En los puertos que conectan los hosts crear la asociación y definirlos en modo host. Evitar que los puertos transiten de blocking->Listening->Learning... en STP.
DLS1interface FastEthernet0/11 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast
@ NMT 2012 34
CCNP 3 Guía SWITCH v1.0
interface FastEthernet0/12 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast
interface FastEthernet0/13 switchport private-vlan host-association 100 300 switchport mode private-vlan host spanning-tree portfast
DLS1#sh interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: private-vlan hostOperational Mode: downAdministrative Trunking Encapsulation: negotiateNegotiation of Trunking: OffAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: 100 (PRIMARIA) 200 (PC1-PC2-PC4)Administrative private-vlan mapping: noneAdministrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk associations: noneAdministrative private-vlan trunk mappings: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALL
Protected: falseUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none
@ NMT 2012 35
CCNP 3 Guía SWITCH v1.0
Configure trunk 802.1q entre DLS1 F0/6 y DLS2 Fa0/6. Permita únicamente las VLANs que participan en la configuración. No se permite DTP. Permitir solo la VLAN 1.
DLS1 interface fastEthernet 0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1 switchport nonegotiate
DLS2 interface fastEthernet 0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1 switchport nonegotiate
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/6 on 802.1q trunking 1Port Vlans allowed on trunkFa0/6 1Port Vlans allowed and active in management domainFa0/6 1Port Vlans in spanning tree forwarding state and not prunedFa0/6 1
Utilizar mismo proceso anterior para crear VLANs Primarias, Community, Isolated. En puerto f0/21 de DLS1 crear la asociación con VLAN primaria y definir modo host. Evitar que el puerto
transite de blocking->Listening->Learning... en STP. Configurar la interface fastethernet 0/22 (que se conecta con el Router) en modo promiscuo y hacer
mapeo de VLAN Primaria con Secundarias.
DLS2vtp mode transparentvtp version 2
vlan 100 name PRIMARIA private-vlan primary
vlan 200 name PC1-PC2-PC4 private-vlan community
vlan 300 name PC3 private-vlan isolated
@ NMT 2012 36
CCNP 3 Guía SWITCH v1.0
vlan 100 private-vlan association add 200,300
interface FastEthernet0/21 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast
DLS2#show vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community Fa0/21100 300 isolated
DLS2interface FastEthernet0/22 switchport private-vlan mapping 100 200,300 switchport mode private-vlan promiscuous
DLS2#show interfaces fastEthernet 0/22 switchportName: Fa0/22Switchport: EnabledAdministrative Mode: private-vlan promiscuousOperational Mode: downAdministrative Trunking Encapsulation: negotiateNegotiation of Trunking: OffAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: 100 (PRIMARIA) 200 (PC1-PC2-PC4) 300 (PC3)Administrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk private VLANs: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALLProtected: falseUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none
Private-VLANs pruebas de conectividad.PC1 y PC2 deben tener conectividad.
Nota: Desactivar el Firewall en cada PC.
@ NMT 2012 37
CCNP 3 Guía SWITCH v1.0
PC1C:\>ping 10.1.12.2
Haciendo ping a 10.1.12.2 con 32 bytes de datos:
Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128
Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0msC:\>
PC3C:\>ping 10.1.12.2Haciendo ping a 10.1.12.2 con 32 bytes de datos:Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms
Para que podamos establecer conectividad entre los puertos asociados a la VLAN Community debemos establecer permisos en el trunk, anteriormente solo se permitía la VLAN1 sin embargo en este punto debemos permitir todas las VLANs que participan.
DLS1interface fastEthernet 0/6switchport trunk allowed vlan add 100,200,300
DLS2interface fastEthernet 0/6switchport trunk allowed vlan add 100,200,300
@ NMT 2012 38
CCNP 3 Guía SWITCH v1.0
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/6 on 802.1q trunking 1Port Vlans allowed on trunkFa0/6 1,100,200,300Port Vlans allowed and active in management domainFa0/6 1,100,200,300Port Vlans in spanning tree forwarding state and not prunedFa0/6 1
Pruebas PINGPC2 → PC4 PC2 → RouterPC3 → RouterPC4 → Router
PC2C:\>ping 10.1.12.4 -t
Haciendo ping a 10.1.12.4 con 32 bytes de datos:
Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128
Estadísticas de ping para 10.1.12.4: Paquetes: enviados = 6, recibidos = 6, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms
PC2C:\>ping 10.1.12.100 -t
Haciendo ping a 10.1.12.100 con 32 bytes de datos:
Respuesta desde 10.1.12.100: bytes=32 tiempo=28ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255
Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 6, recibidos = 6, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 21ms, Máximo = 28ms, Media = 22ms
@ NMT 2012 39
CCNP 3 Guía SWITCH v1.0
PC4C:\>ping 10.1.12.100
Haciendo ping a 10.1.12.100 con 32 bytes de datos:
Respuesta desde 10.1.12.100: bytes=32 tiempo=30ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=15ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255
Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 26ms
PC3C:\>ping 10.1.12.100
Haciendo ping a 10.1.12.100 con 32 bytes de datos:
Respuesta desde 10.1.12.100: bytes=32 tiempo=30ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=15ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255
Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 26ms
R1#ping 10.1.12.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.12.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/19/32 ms
@ NMT 2012 40
CCNP 3 Guía SWITCH v1.0
Port Protected
Crear la VLAN 10 en ALS1. Configurar como puertos de acceso las interfaces Fa0/10 y Fa0/11 como muestra la figura. Probar si existe
conectividad entre los PCs . Luego habilitar port protect. Comprobar que los PCs pueden comunicarse con el Router pero no entre ellos.
Nota: Ambos puertos deben estar en modo protected para que estém aislados el uno del otro.
ALS1vlan 111 name PORT-PROTECTED
interface FastEthernet0/10 switchport access vlan 111 switchport mode access spanning-tree portfast
interface FastEthernet0/11 switchport access vlan 111 switchport mode access spanning-tree portfast
PC1C:\>ping 10.1.12.2 -tHaciendo ping a 10.1.12.2 con 32 bytes de datos:Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128
@ NMT 2012 41
CCNP 3 Guía SWITCH v1.0
Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128
ALS1interface FastEthernet0/10 switchport protected
interface FastEthernet0/11 switchport protected
Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.
Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 33, recibidos = 27, perdidos = 6 (18% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0msControl-C
La salida anterior nos muestra que existe conectividad entre los PCs hasta que se habilita port-protected
Configurar puerto de acceso para la VLAN 111 en Fa0/9 que conecta al Router. Habilitar la interfaces del Router con la IP 10.1.12.100/24.
R1interface FastEthernet0/0 ip address 10.1.12.100 255.255.255.0
@ NMT 2012 42
CCNP 3 Guía SWITCH v1.0
no shutALS1interface FastEthernet0/9 switchport access vlan 111 switchport mode access spanning-tree portfast
ALS1#show interfaces fastEthernet 0/10 switchportName: Fa0/10Switchport: EnabledAdministrative Mode: static accessOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OffAccess Mode VLAN: 111 (PORT-PROTECTED)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: noneAdministrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk private VLANs: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALL
Protected: trueUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none
R1#ping 10.1.12.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/40 ms
@ NMT 2012 43
CCNP 3 Guía SWITCH v1.0
PC2
Etherchannel
Crear trunking configurando las interfaces f0/11 y f0/12 de DLS1 y DLS2 utilice protocolo standard de la industria. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. DLS1 solo debe responder si se inicia una negociación desde el otro extremo, debe adoptar modo pasivo. DLS2 debe intentarformar un etherchannel en forma activa.
PortChannelSW1 Configurado con SW2 Configurado con Etherchannel?Desirable (PAgP Cisco) Desirable SíDesirable (PAgP Cisco) Auto SíAuto Auto No
Proceso recomendado:1. Utilice default interface para dejar la interface sin configuración (valores por defecto)2. Crear un channel-group en la interface física (asignar un número identificativo), se creará un portchannel
automáticamente.3. (Muy importante) definir el trunk dentro del portchannel (encapsulation, mode, …)
@ NMT 2012 44
CCNP 3 Guía SWITCH v1.0
------------------------------------------------------------------------------------------------------------------------Ejemplo de tipos de etherchannels PAgP
DLS1(config)#interface range fastEthernet 0/11-12DLS1(config-if-range)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected------------------------------------------------------------------------------------------------------------------------
DLS1default interface range fastEthernet 0/11-12
DLS1default interface range fastEthernet 0/11-12
interface FastEthernet0/11 channel-group 1 mode auto
interface FastEthernet0/12 channel-group 1 mode auto
interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk
DLS2default interface range fastEthernet 0/11-12
interface FastEthernet0/11 channel-group 1 mode desirable
interface FastEthernet0/12 channel-group 1 mode desirable
interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo1 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Port Vlans allowed and active in management domainPo1 1Port Vlans in spanning tree forwarding state and not prunedPo1 1
DLS1#sh interfaces port-channel 1 trunkPort Mode Encapsulation Status Native vlan
@ NMT 2012 45
CCNP 3 Guía SWITCH v1.0
Po1 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Port Vlans allowed and active in management domainPo1 1Port Vlans in spanning tree forwarding state and not prunedPo1 1
DLS2#show interfaces fastEthernet 0/11 switchport | include ModeAdministrative Mode: trunkOperational Mode: trunk (member of bundle Po1)Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Capture Mode Disabled
DLS1#sh interfaces fastEthernet 0/11 switchport | i ModeAdministrative Mode: trunkOperational Mode: trunk (member of bundle Po1)Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Capture Mode Disabled
DLS1#sh spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 3037.a6eb.d580 Cost 12 Port 56 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Po1 Root FWD 12 128.56 P2p
@ NMT 2012 46
CCNP 3 Guía SWITCH v1.0
Configure trunk entre DLS1 y ALS1 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. No se permite el uso de ningún protocolo etherchannel de negociación.
PortChannelSW1 Configurado con SW2 Configurado con Etherchannel?On On Sí
Nota: No podemos utilizar PAgP ni LACP. Como buena práctica tener en cuenta el proceso recomendado de configuración.
DLS1default interface range fastEthernet 0/7-8
interface FastEthernet0/7 channel-group 2 mode on
interface FastEthernet0/8 channel-group 2 mode on
interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk
ALS1default interface range fastEthernet 0/7-8
interface FastEthernet0/7 channel-group 2 mode on
interface FastEthernet0/8 channel-group 2 mode on
@ NMT 2012 47
CCNP 3 Guía SWITCH v1.0
interface Port-channel2 switchport mode trunk
ALS1#show interfaces trunkPort Mode Encapsulation Status Native vlanPo2 on 802.1q trunking 1Port Vlans allowed on trunkPo2 1-4094Port Vlans allowed and active in management domainPo2 1Port Vlans in spanning tree forwarding state and not prunedPo2 1
DLS1#sh interfaces trunkPort Mode Encapsulation Status Native vlanPo1 on 802.1q trunking 1Po2 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Po2 1-4094Port Vlans allowed and active in management domainPo1 1Po2 1Port Vlans in spanning tree forwarding state and not prunedPo1 1Po2 1
DLS1#sh etherchannel protocol Channel-group listing: ----------------------Group: 1----------Protocol: PAgPGroup: 2----------Protocol: - (Mode ON)
ALS1#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default portNumber of channel-groups in use: 1Number of aggregators: 1Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------2 Po2(SU) - Fa0/7(P) Fa0/8(P)
@ NMT 2012 48
CCNP 3 Guía SWITCH v1.0
ALS1#show spanning-tree interface port-channel 2Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Desg FWD 12 128.64 P2p
Load-Shared Etherchannel Configure el switch DLS1 de manera que todo el tráfico generado localmente sea distribuido en el
Etherchannel en base a la dirección MAC destino.
Nota: Dependiendo del modelo los distintos criterios utilizados para distribuir la carga (load-shared) variarán. Comprobemos que tipo de load-sharing está activada por defecto (source-mac). Podemos verificar esto utilizando el comando show etherchannel load-balance.
DLS1#sh etherchannel load-balanceEtherChannel Load-Balancing Configuration: src-mac
EtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Source MAC address IPv4: Source MAC address IPv6: Source MAC address
DLS1port-channel load-balance dst-mac
DLS1#sh etherchannel load-balanceEtherChannel Load-Balancing Configuration: dst-mac
EtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Destination MAC address IPv4: Destination MAC address IPv6: Destination MAC address
Los Etherchannel creados en DLS2 deben distribuir la carga (load-shared) cumpliendo las siguientes políticas:
Para tráfico no IP, MAC destino Para tráfico IPv4, IP destino Para tráfico IPv6, IP destino Configurar todos los modos de load-sharing y comprobar resultados.
Nota: según la forma de configurar tendremos distintos resultados, en este punto podríamos probar las opciones de load-balanced que se nos presenta y comprobar los cambios con el comando etherchannel load-balance. Tiene sentido por el hecho que no podemos modificar el comportamiento directamente para el tráfico IPv6, este se ajusta en base a la configuración que hayamos efectuado para IPv4.
DLS2port-channel load-balance dst-ip
@ NMT 2012 49
CCNP 3 Guía SWITCH v1.0
DLS2#show etherchannel load-balanceEtherChannel Load-Balancing Configuration: dst-ipEtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Destination MAC address IPv4: Destination IP address IPv6: Destination IP address
Configure trunk entre DLS2 y ALS2 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. En ambos switches utilizar negocioación PAgP constante.
PortChannel PAgPSW1 Configurado con SW2 Configurado con Etherchannel?Desirable (PAgP Cisco) Desirable SíDesirable (PAgP Cisco) Auto SíAuto Auto No
Este escenario requiere qque ambos extremos intenten formar un ehterchannel activamente. Esto nos da una pista importante si analizamos la tabla anterior, en modo desirable en ambos lados obtendremos el resultado esperado.
DLS2default interface range fastEthernet 0/7-8
interface FastEthernet0/7 channel-group 2 mode desirable
interface FastEthernet0/8 channel-group 2 mode desirable
interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk
@ NMT 2012 50
CCNP 3 Guía SWITCH v1.0
ALS2default interface range fastEthernet 0/7-8
interface FastEthernet0/7 channel-group 2 mode desirable
interface FastEthernet0/8 channel-group 2 mode desirable
interface Port-channel2 switchport mode trunk
ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo2 on 802.1q trunking 1Port Vlans allowed on trunkPo2 1-4094Port Vlans allowed and active in management domainPo2 1Port Vlans in spanning tree forwarding state and not prunedPo2 1
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo1 on 802.1q trunking 1Po2 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Po2 1-4094Port Vlans allowed and active in management domainPo1 1Po2 1Port Vlans in spanning tree forwarding state and not prunedPo1 1Po2 1
DLS2#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default portNumber of channel-groups in use: 2Number of aggregators: 2Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P)2 Po2(SU) PAgP Fa0/7(P) Fa0/8(P)
@ NMT 2012 51
CCNP 3 Guía SWITCH v1.0
Configure trunk entre ALS1 y ALS2 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. Configurar LACP. ALS1 debe estar en modo pasivo. ALS2 debe intentar activamente formar un etherchannel.
PortChannel LACPSW1 Configurado con SW2 Configurado con Etherchannel?Active Active SíActive Passive SíPassive Passive No
ALS1default interface range fastEthernet 0/11-12
interface range fastEthernet 0/11-12 channel-group 3 mode passive exit
interface Port-channel3 switchport mode trunk
ALS1default interface range fastEthernet 0/11-12
interface range fastEthernet 0/11-12 channel-group 3 mode active exit
interface Port-channel3 switchport mode trunk
@ NMT 2012 52
CCNP 3 Guía SWITCH v1.0
ALS2#show etherchannel protocol Channel-group listing: ----------------------Group: 2----------Protocol: PAgP
Group: 3----------Protocol: LACP
ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo2 on 802.1q trunking 1Po3 on 802.1q trunking 1Port Vlans allowed on trunkPo2 1-4094Po3 1-4094Port Vlans allowed and active in management domainPo2 1Po3 1Port Vlans in spanning tree forwarding state and not prunedPo2 1Po3 1
ALS1#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port
Number of channel-groups in use: 2Number of aggregators: 2
Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------2 Po2(SU) - Fa0/7(P) Fa0/8(P)3 Po3(SU) LACP Fa0/11(P) Fa0/12(P)
@ NMT 2012 53
CCNP 3 Guía SWITCH v1.0
Etherchannel L3
Prelab: Borrar configuraciónes anteriores de ambos Switches.
Configurar los puertos FastEthernet0/11 al FastEthernet0/13 de DLS1 y DLS2 como muestra la figura. Estos tres enlaces deben verse como uno solo para STP. Configurar direccionamiento IP mostrado. En la creación del Portchannel no debe existir negociación. El tipo de trunk debe ser 802.1q.
DLS1default interface range fastEthernet 0/11-13
interface Port-channel12 no switchport ip address 10.1.12.1 255.255.255.0
interface range fastEthernet 0/11-13 no switchport channel-group 12 mode on
DLS2default interface range fastEthernet 0/11-13
interface Port-channel12 no switchport ip address 10.1.12.2 255.255.255.0
interface range fastEthernet 0/11-13 no switchport channel-group 12 mode on
DLS2#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default portNumber of channel-groups in use: 1Number of aggregators: 1Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------12 Po12(RU) - Fa0/11(P) Fa0/12(P) Fa0/13(P)
@ NMT 2012
R: Etherchannel Capa3U: Etherchannel Activo (en uso)
54
CCNP 3 Guía SWITCH v1.0
Pruebas Etherchanel L3
DLS2access-list 100 permit ip host 10.1.12.2 host 10.1.12.1
DLS2#debug ip packet 100IP packet debugging is on for access list 100
DLS2#ping 10.1.12.1 source 10.1.12.2 repeat 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 10.1.12.1, timeout is 2 seconds:Packet sent with a source address of 10.1.12.2!Success rate is 100 percent (1/1), round-trip min/avg/max = 8/8/8 ms00:59:41: IP: s=10.1.12.2 (local), d=10.1.12.1 (Port-channel12), len 100, sending00:59:41: IP: s=10.1.12.2 (local), d=10.1.12.1 (Port-channel12), len 100, sending full packet
VTP II Configure trunking entre todos los Switches de acuerdo al diagrama inicial. No se permite uso de DTP.
Nota: Configurar cada Switch en modo VTP transparent
DLS1vtp mode transparentdefault interface range fastEthernet 0/7-12
interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown
interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown
interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiateno shutdown
interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiateno shutdowninterface FastEthernet0/11 switchport trunk encapsulation dot1q
@ NMT 2012 55
CCNP 3 Guía SWITCH v1.0
switchport mode trunk switchport nonegotiateno shutdown
interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiateno shutdown
DLS1#sh interfaces fastEthernet 0/7 switchportName: Fa0/7Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off
DLS2vtp mode transparentdefault interface range fastEthernet 0/7-12
interface range fastEthernet 0/7-12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown
ALS1vtp mode transparentdefault interface range fastEthernet 0/7-12
interface range fastEthernet 0/7-12 switchport mode trunk switchport nonegotiate
ALS2vtp mode transparentdefault interface range fastEthernet 0/7-12
interface range fastEthernet 0/7-12 switchport mode trunk switchport nonegotiate
ALS2#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off
@ NMT 2012 56
CCNP 3 Guía SWITCH v1.0
Configure DLS1 y DLS2 de la siguiente forma: VTP domain: DUOC VTP versión: 2 VTP password: cisco VTP modo: server
Comprobar en ambos switchs la configuración.Nota: Por defecto el modo VTP es server. Recordar que en ejemplo anterior cambiamos a transparent.
DLS1#sh vtp statusVTP Version : running VTP1 (VTP2 capable)Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBDConfiguration last modified by 0.0.0.0 at 0-0-00 00:00:00
DLS1vtp version 2vtp mode servervtp password ciscovtp domain DUOC
DLS2vtp version 2vtp mode servervtp password ciscovtp domain DUOC
DLS2#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : Enabled
@ NMT 2012 57
CCNP 3 Guía SWITCH v1.0
Configure ALS1 y ALS2 de la siguiente forma: VTP domain: DUOC VTP versión: 2 VTP password: cisco VTP modo: client
Comprobar en ambos switchs la configuración.
ALS1vtp version 2vtp mode clientvtp password ciscovtp domain DUOC
ALS2vtp version 2vtp mode clientvtp password ciscovtp domain DUOC
ALS2#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 255Number of existing VLANs : 5VTP Operating Mode : ClientVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : Enabled
@ NMT 2012 58
CCNP 3 Guía SWITCH v1.0
STP Comportamiento por defecto
Antes de continuar deshabilitemos los puertos que no participan en este laboratorio. El comando default interface range fastEthernet 0/7-12 nos permite dejar la interface con sus valores por defecto, es un método efectivo de “limpiar” la configuración existente en caso que la hubiera.
ALS2default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown
ALS1default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown
DLS2default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown
DLS1default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown
@ NMT 2012 59
CCNP 3 Guía SWITCH v1.0
¿Como podemos determinar el comportamiento de STP en este ejemplo? Iremos paso a paso explicando este problema. Utilizaremos la VLAN 1. El proceso más efectivo y sencillo para determinar los roles STP es el siguiente:
1. Determinar el costo de cada enlace. Para eso nos resultará útil la siguiente tabla (podemos verificar que los datos sean efectivamente los que aparecen utilizando show interface):
BW del enlace
Costo STP
4 Mbps 25010 Mbps 10016 Mbps 6245 Mbps 39100 Mbps 19155 Mbps 14622 Mbps 61 Gbps 410 Gbps 2
2. Identificar el Root BridgeEsto requiere que investiguemos que MAC está utilizando e l switch (suponiendo que la prioridad es la misma para todos los switches del dominio). Para esto determinamos la MAC con el comando show versión como veremos a continuación:
DLS1#sh version | include BaseBase ethernet MAC Address : E8:BA:70:CB:F6:00
DLS2#sh version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80
ALS1#sh version | include BaseBase ethernet MAC Address : 00:22:56:89:5D:80
@ NMT 2012 60
CCNP 3 Guía SWITCH v1.0
ALS2#sh version | include BaseBase ethernet MAC Address : 00:22:56:88:79:00
Si observamos las salidas anteriores podemos darnos cuenta que ningún switch L3 será elegido Root Bridge porque el valor menor es considerado, por tanto debemos determinar cuál de los dos switches ALS1 o ALS2 obtendrá el título de Root Bridge.El comando show spanning-tree nos mostrará quién es el Root Bridge. Nota: Obviamente estos resultados pueden variar entre distintos equipos puesto que tienen diferentes MACs.
ALS1 → 00:22:56:89:5D:80ALS1 → 0x002256895D80 (Hex)ALS1 → 147480731008 (decimal)
ALS2 → 00:22:56:88:79:00ALS2 → 0x002256887900 (Hex)ALS2 → 147480672512 (decimal) //Menor Valor por lo tanto debe ser el Root Bridge.
ALS2#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
DLS1#sh spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 11 (FastEthernet0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
@ NMT 2012 61
CCNP 3 Guía SWITCH v1.0
3. Seleccionar el ROOT PORT (en cada noroot bridge)DLS1 el RP es la interface fastethernet 0/9 (menor costo 19)DLS2 el RP es la interface fastethernet 0/7 (menor costo 19)ALS1 el RP es la interface fastethernet 0/11 (menor costo 19)ALS2 es el ROOT BRIDGE. No aplica.
DLS1#sh spanning-tree root portVLAN0001 FastEthernet0/9
DLS2#sh spanning-tree root portVLAN0001 FastEthernet0/7
ALS1#sh spanning-tree root portVLAN0001 FastEthernet0/11
@ NMT 2012 62
CCNP 3 Guía SWITCH v1.0
4. Selección de Designated Port DP. Cada enlace debe seleccionar el puerto que tenga menor costo al Root Bridge. Este último también participa. En caso de que los valores sean los mismos debemos utilizar el método de desempate.- Menor root bridge ID- Menor costo hacia el root bridge- Menor ID del Sender Bridge- Menor ID de Sender por ID
Enlace DLS1 ↔ DLS2: A el costo de ambas interfaces es el mismo al Root Bridge. Debemos comprobar otros criterios. El valor de Root Bridge ID de DLS1 es mayor que el valor de DLS2. Esto lo podemos observar con el comando sh spanning-tree vlan 1. De este modo podemos determinar que el DP es la interface fastethernet 0/11 de DLS2,
DLS1#sh spanning-tree vlan 1 | begin Bridge Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Altn BLK 19 128.9 P2pFa0/9 Root FWD 19 128.11 P2pFa0/11 Altn BLK 19 128.13 P2p
DLS2#sh spanning-tree vlan 1 | begin Bridge Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.9 P2pFa0/9 Altn BLK 19 128.11 P2pFa0/11 Desg FWD 19 128.13 P2p
Enlace DLS1 ↔ ALS2. ALS2 es el Root, de manera que el mejor camino al Root es sencillamente el puerto de ALS2 fastethernet 0/9. Lo mismo aplica para DLS2 ↔ ALS2 y ALS1 ↔ ALS2.El resto de los enlaces se pueden deducir fácilmente siguiendo los pasos señalados, es decir, si existen dos posibles caminos hacia el root (igual costo) usar los criterios de selección.
@ NMT 2012 63
CCNP 3 Guía SWITCH v1.0
Tenemos la siguiente disposición.
5. Identificar los puertos bloqueados. Esta tarea es rápida, si un puerto no es RP o DP sencillamente es un puerto bloqueado. La imagen entonces debería quedar de la siguiente manera:
Comprobamos que la elección de STP corresponde con la determinada mediante el proceso teórico. Voilà!
DLS1#sh spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Altn BLK 19 128.9 P2pFa0/9 Root FWD 19 128.11 P2pFa0/11 Altn BLK 19 128.13 P2p
@ NMT 2012 64
CCNP 3 Guía SWITCH v1.0
DLS2#sh spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.9 P2pFa0/9 Altn BLK 19 128.11 P2pFa0/11 Desg FWD 19 128.13 P2p
ALS1#sh spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Root FWD 19 128.11 P2p
ALS2#show spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Desg FWD 19 128.11 P2p
STP Configuración.
Prelab: Borrar configuraciónes anteriores.
Configurar Etherchannel entre DLS1 y DLS2 (Fa0/11 y Fa0/12). Utilizar LACP. Configurar ISL entre DLS1 y DLS2. No utilizar DTP.
@ NMT 2012 65
CCNP 3 Guía SWITCH v1.0
DLS1default interface range fastEthernet 0/11-12
interface FastEthernet0/11 channel-group 12 mode active
interface FastEthernet0/12 channel-group 12 mode active
interface Port-channel12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate
DLS2default interface range fastEthernet 0/11-12
interface FastEthernet0/11 channel-group 12 mode active
interface FastEthernet0/12 channel-group 12 mode active
interface Port-channel12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate
DLS1#show etherchannel protocol Channel-group listing: ----------------------Group: 12----------Protocol: LACP
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo12 on 802.1q trunking 1Port Vlans allowed on trunkPo12 1-4094Port Vlans allowed and active in management domainPo12 1Port Vlans in spanning tree forwarding state and not prunedPo12 1
DLS1#sh interfaces port-channel 12 trunkPort Mode Encapsulation Status Native vlanPo12 on 802.1q trunking 1Port Vlans allowed on trunkPo12 1-4094Port Vlans allowed and active in management domainPo12 1Port Vlans in spanning tree forwarding state and not pruned
@ NMT 2012 66
CCNP 3 Guía SWITCH v1.0
Po12 none
DLS2#show spanning-tree interface port-channel 12Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Desg FWD 12 128.144 P2p
DLS1#show spanning-tree interface port-channel 12Vlan Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------VLAN0001 Altn BLK 12 128.144 P2p
Configurar 802.1q en el resto de enlaces como muestra la figura. Las interfaces que no participan en el laboratroio deben deshabilitarse.
DLS1interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate
interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate
interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown
DLS2interface range fastEthernet 0/7 , fastEthernet 0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate
interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown
ALS1interface range fastEthernet 0/7 , fastEthernet 0/9 , fastEthernet 0/11 switchport mode trunk switchport nonegotiate
interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown ALS2interface range fastEthernet 0/7 , fastEthernet 0/9 , fastEthernet 0/11 switchport mode trunk switchport nonegotiate
interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12
@ NMT 2012 67
CCNP 3 Guía SWITCH v1.0
shutdown
ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Fa0/9 on 802.1q trunking 1Fa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Fa0/9 1-4094Fa0/11 1-4094Port Vlans allowed and active in management domainFa0/7 1Fa0/9 1Fa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/7 1Fa0/9 1Fa0/11 1
Como observamos, ASL2 será siempre el Root Bridge, puesto que tiene la MAC menor. Esto provoca que todos los puertos de ALS2 se encuentren en estado FWD (Forwarding) como podemos ver en la siguiente salida.
ALS2#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0022.5688.7900 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Desg FWD 19 128.11 P2p
Comprobemos los estados STP de los demás switches.
DLS1#sh spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19
@ NMT 2012
Este valor se deduce de 215 + número de la VLAN. 215 = 32768 + 1 = 32769
68
CCNP 3 Guía SWITCH v1.0
Port 11 (FastEthernet0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Altn BLK 19 128.9 P2pFa0/9 Root FWD 19 128.11 P2pPo12 Altn BLK 19 128.144 P2p
DLS2#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 9 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.9 P2pFa0/9 Altn BLK 19 128.11 P2pPo12 Desg FWD 19 128.144 P2p
ALS1#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0022.5689.5d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Root FWD 19 128.11 P2p
@ NMT 2012 69
CCNP 3 Guía SWITCH v1.0
Configure VTP con la siguiente disposición:DLS1 VTP Server, versión 2, domain DUOC, password ciscoDLS2 VTP Client, versión 2, domain DUOC, password ciscoALS1 VTP Client, versión 2, domain DUOC, password ciscoALS2 VTP Client, versión 2, domain DUOC, password cisco
DLS1vtp domain DUOCvtp password ciscovtp mode server
DLS2vtp domain DUOCvtp password ciscovtp mode client
ALS1vtp domain DUOCvtp password ciscovtp mode client
ALS2vtp domain DUOCvtp password ciscovtp mode client
En DLS1 crear la VLAN 2, 3, 4, 5, 6, 7, 8, 9, 10. Comprobar que sean conocidas estas VLANs en los switchs VTP client.
DLS1vlan 2-10
DLS1#sh vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active
@ NMT 2012 70
CCNP 3 Guía SWITCH v1.0
DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active
ALS1#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active
ALS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active
@ NMT 2012 71
CCNP 3 Guía SWITCH v1.0
9 VLAN0009 active10 VLAN0010 active
DLS1 debe ser Root Bridge para las VLANs 1, 2, 3, 4. DLS2 debe ser Root Bridge para las VLANs 5, 6, 7, 8, 9, 10
Fijemonos en algunos detalles. ALS2 (ojo, en estos equipos en particular, si verificamos lo switches del laboratorio tendrán BID distintos) es el Root Bridge para todas las VLANs
ALS2#show version | include BaseBase ethernet MAC Address : 00:22:56:88:79:00
ALS2#show spanning-tree bridge Hello Max FwdVlan Bridge ID Time Age Dly Protocol---------------- --------------------------------- ----- --- --- --------VLAN0001 32769 (32768, 1) 0022.5688.7900 2 20 15 ieeeVLAN0002 32770 (32768, 2) 0022.5688.7900 2 20 15 ieeeVLAN0003 32771 (32768, 3) 0022.5688.7900 2 20 15 ieeeVLAN0004 32772 (32768, 4) 0022.5688.7900 2 20 15 ieeeVLAN0005 32773 (32768, 5) 0022.5688.7900 2 20 15 ieeeVLAN0006 32774 (32768, 6) 0022.5688.7900 2 20 15 ieeeVLAN0007 32775 (32768, 7) 0022.5688.7900 2 20 15 ieeeVLAN0008 32776 (32768, 8) 0022.5688.7900 2 20 15 ieeeVLAN0009 32777 (32768, 9) 0022.5688.7900 2 20 15 ieeeVLAN0010 32778 (32768, 10) 0022.5688.7900 2 20 15 ieee
DLS1spanning-tree vlan 1,2,3,4 root primary
DLS1#sh spanning-tree root Root Hello Max FwdVlan Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------VLAN0001 24577 e8ba.70cb.f600 0 2 20 15VLAN0002 24578 e8ba.70cb.f600 0 2 20 15VLAN0003 24579 e8ba.70cb.f600 0 2 20 15VLAN0004 24580 e8ba.70cb.f600 0 2 20 15VLAN0005 32773 0022.5688.7900 19 2 20 15 Fa0/9VLAN0006 32774 0022.5688.7900 19 2 20 15 Fa0/9VLAN0007 32775 0022.5688.7900 19 2 20 15 Fa0/9VLAN0008 32776 0022.5688.7900 19 2 20 15 Fa0/9VLAN0009 32777 0022.5688.7900 19 2 20 15 Fa0/9VLAN0010 32778 0022.5688.7900 19 2 20 15 Fa0/9
DLS2spanning-tree vlan 5,6,7,8,9,10 root primary
@ NMT 2012 72
CCNP 3 Guía SWITCH v1.0
DLS2#show spanning-tree root Root Hello Max FwdVlan Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------VLAN0001 24577 e8ba.70cb.f600 19 2 20 15 Po12VLAN0002 24578 e8ba.70cb.f600 19 2 20 15 Po12VLAN0003 24579 e8ba.70cb.f600 19 2 20 15 Po12VLAN0004 24580 e8ba.70cb.f600 19 2 20 15 Po12VLAN0005 24581 3037.a6eb.d580 0 2 20 15VLAN0006 24582 3037.a6eb.d580 0 2 20 15VLAN0007 24583 3037.a6eb.d580 0 2 20 15VLAN0008 24584 3037.a6eb.d580 0 2 20 15VLAN0009 24585 3037.a6eb.d580 0 2 20 15VLAN0010 24586 3037.a6eb.d580 0 2 20 15
DLS2#show version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80
STP BPDU Guard La interface fastethernet0/2 de ALS2 debe pertenecer a la VLAN 10. Próximamente se conectará un PC.
Evitar que el proceso STP transite por los estados listening/learning. En caso que la interface reciba algún paquete BPDU deberá quedar en estado errdisable que tendrá una duración de 30 segundos.
ALS2interface FastEthernet0/2 switchport access vlan 10 switchport mode access spanning-tree portfast
ALS2#show interfaces fastEthernet 0/1 switchportName: Fa0/1Switchport: EnabledAdministrative Mode: static accessOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OffAccess Mode VLAN: 10 (VLAN0010)
ALS2spanning-tree portfast bpduguard defaulterrdisable recovery interval 30
Si conectamos algún dispositivo que envíe BPDUs (ejemplo un Switch) obtendremos los siguientes resultados:
04:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down04:27:49: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to down04:27:50: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/2 with BPDU Guard enabled. Disabling port.ALS2#
@ NMT 2012 73
CCNP 3 Guía SWITCH v1.0
04:27:50: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/2, putting Fa0/2 in err-disable state
ALS2#show interfaces fastEthernet 0/2 status err-disabledPort Name Status ReasonFa0/2 err-disabled bpduguard
FLEX Link
Crear trunk utilizando Fa0/7 y Fa0/8 de ambos switches utilizando un protocolo estándar. DLS1 VTP Server ALS1 VTP Client DLS1 debe crear las VLANs 100, 200, 300 y 400. DLS1 debe ser root de todas las VLANs Comprueba que ALS1 posee las VLANs
El enlace Flex (Flex link) es una característica que se encuentra disponible en capa 2 y puede coexistir con STP. Esta mejora permite que el tiempo de convergencia sea menor a 50 milisegundos, en resumen este tiempo se mantiene constante independientemente del número de VLAN o dirección MAC configuradas en el switch. Este enlace consta de un par de interfaces de capa 2 que pueden estar configuradas como switchports o port channels, y funcionan como respaldo para otro enlace. También ofrece una solución alternativa al protocolo Spanning Tree (STP), permitiendo a los usuarios su desactivación y todavía proporcionar un enlace redundante.
@ NMT 2012 74
CCNP 3 Guía SWITCH v1.0
DLS1interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk
interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk
ALS1interface FastEthernet0/7 switchport mode trunk
interface FastEthernet0/8 switchport mode trunk
DLS1vtp mode servervtp domain duocvtp version 2vlan 100,200,300,400spanning-tree vlan 100,200,300,400 root primary
ALS1vtp mode clientvtp domain duocvtp version 2
ALS1#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2100 VLAN0100 active200 VLAN0200 active300 VLAN0300 active400 VLAN0400 active
@ NMT 2012 75
CCNP 3 Guía SWITCH v1.0
DLS1#sh spanning-tree vlan 100VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 24676 Address e8ba.70cb.f600 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24676 (priority 24576 sys-id-ext 100) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.9 P2pFa0/8 Desg FWD 19 128.10 P2p
ALS1#show spanning-tree vlan 100VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 24676 Address e8ba.70cb.f600 Cost 19 Port 7 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100) Address 0022.5689.5d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.7 P2pFa0/8 Altn BLK 19 128.8 P2p
Configurar FlexLink con las siguientes políticas. ALS1 fa0/7 backup Conectar PCs a algún puerto de DLS1 y ALS1 (misma VLAN y probar conectividad entre ellos). Desactivar enlace activo y esperar comprobar el tiempo de activación.
Hacer balanceo de carga usandoel comando de interface switchport backup interface fastEthernet 0/3 prefer vlan 101…..
ALS1interface FastEthernet0/8 switchport mode trunk switchport backup interface Fa0/7
@ NMT 2012 76
CCNP 3 Guía SWITCH v1.0
ALS1#show interfaces switchport backupSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Up/Backup Standby
DLS1interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast
ALS1interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast
Pruebas de conectividad Flex LinkPC1 → 10.1.1.1/24 conectado a la Fa0/1 de DLS1PC2 → 10.1.1.2/24 conectado a la Fa0/1 de ALS1Deberíamos tener conectividad a través de ping.Fa0/8 actúa activamente en el tráfico, si deshabilitamos la interface no existe interrumpción de tráfico.
ALS1(config)#interface fastEthernet 0/8ALS1(conig-if)#shutdown
ALS1#show interfaces switchport backupSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Down/Backup Up
PC1 ping 10.1.1.2 -tRespuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128
ALS1(config)#interface fastEthernet 0/8ALS1(config-if)#no shutdown
@ NMT 2012 77
CCNP 3 Guía SWITCH v1.0
ALS1#show interfaces switchport backupSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Standby/Backup Up
Como vemos en la salida anterior la interface fa0/8 no vuelva al estado activo por defecto. En otras palabras no se apropia del puesto que dejó. Para esto debemos establecer explícitamente que lo haga.
Fastethernet 0/8 debe vovler a su estado UP en 4 segundos luego de restablecer el enlace.
ALS1interface FastEthernet0/8 switchport backup interface Fa0/7 preemption delay 4 switchport backup interface Fa0/7 preemption mode forced //Si no incluimos forced el proceso no lo considera
01:14:35: %BACKUP_INTERFACE-5-PREEMPT: Preempting interface Fa0/7 in backup pair (Fa0/8, Fa0/7), preemption mode is forced
ALS1#show interfaces switchport backup detailSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Up/Backup Standby
Interface Pair : Fa0/8, Fa0/7Preemption Mode : forcedPreemption Delay : 4 secondsBandwidth : 100000 Kbit (Fa0/8), 100000 Kbit (Fa0/7)Mac Address Move Update Vlan : auto
@ NMT 2012 78
CCNP 3 Guía SWITCH v1.0
STP Multiple Spanning Tree MST 802.1s
Configure ambos switches en modo trunk. Utilice 802.1q.
DLS1interface range fastEthernet 0/11-12 switchport trunk encapsulation dot1q switchport mode trunk
DLS2interface range fastEthernet 0/11-12 switchport trunk encapsulation dot1q switchport mode trunk
DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Fa0/12 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 1
VTP. DLS1 debe ser server VTP, DLS2 client VTP. Utilizar domain VTP DUOC, VTP versión 2. En DLS1 crear las VLANs 2-10. Comprobar que estas VLANs se propaguen a DLS2.
DLS1vtp mode servervtp domain DUOCvtp version 2DLS2vtp mode clientvtp domain DUOCvtp version 2
DLS1#sh vtp status
@ NMT 2012 79
CCNP 3 Guía SWITCH v1.0
VTP Version : running VTP2Configuration Revision : 1Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xDC 0x3F 0x3A 0xBD 0x10 0x27 0xB2 0xDDConfiguration last modified by 10.1.1.1 at 3-1-93 00:06:43Local updater ID is 10.1.1.1 on interface Vl1 (lowest numbered VLAN interface found)
DLS2#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ClientVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xDC 0x3F 0x3A 0xBD 0x10 0x27 0xB2 0xDDConfiguration last modified by 10.1.1.1 at 3-1-93 00:06:43
DLS1vlan 2-10
DLS1#sh vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active
@ NMT 2012 80
CCNP 3 Guía SWITCH v1.0
DLS2#show vlan briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active
Configure MST siguiendo las siguientes políticas: Crear dos instancias STP: instancia1, instancia2. El el numero de revisión (revision number) debe ser 1. El nombre MST debe ser DUOC A la instancia1 le corresponden las VLANs 1-5 A la instancia2 le corresponde la VLANs 6-8 Las siguientes VLANs serán parte de la instancia0. Instacia1 → fastethernet0/11 Instacia2 → fastethernet0/12 DLS1 debe ser Root Bridge para instancia1 DLS2 debe ser Root Bridge para instancia2
La ventaja de MST es que puede mapear multiples VLANs que tengan los mismos requerimientos (mismo tráfico) y generar una sola instancia de STP, lo que se traduce en una menor utilización de la CPU.
Verifiquemos cuantas instancias existen. Para eso utilizaremos el comando show spanning-tree. Podemos observar que tenemos 9 instancias más la VLAN 1. 10 Instancias en total.
DLS1#sh spanning-tree
VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
@ NMT 2012 81
CCNP 3 Guía SWITCH v1.0
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 19 128.13 P2pFa0/12 Altn BLK 19 128.14 P2p
VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 19 128.13 P2pFa0/12 Altn BLK 19 128.14 P2p
.
.
.
.
VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 19 128.13 P2pFa0/12 Altn BLK 19 128.14 P2p
@ NMT 2012 82
CCNP 3 Guía SWITCH v1.0
Como vemos en la salida anterior STP está corriendo una instancia distinta para cada VLAN, asumiendo que cada instancia tiene un camino distinto o flujo distinto, aun cuando siguen misma topología física. DLS1 y DLS2 podrán utilizar MST si ambos tienen identica:
Región name Revision number VLAN-to-instance assignments
Para configuirar MST debemos seguir los siguientes pasos:1. Configurar MST globalmente:
DLS1spanning-tree mode mst
DLS2spanning-tree mode mst
DLS2#show spanning-treeMST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/11 Desg FWD 200000 128.13 P2pFa0/12 Desg FWD 200000 128.14 P2p
DLS1#sh spanning-treeMST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 Cost 0 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p
@ NMT 2012 83
CCNP 3 Guía SWITCH v1.0
Si no se define, todas las instancias quedan en instancia 0.
DLS1#sh spanning-tree mst configurationName []Revision 0 Instances configured 1
Instance Vlans mapped-------- ---------------------------------------------------------------------0 1-4094-------------------------------------------------------------------------------
2. Entrar en el modo de configuración MST con el comando spanning-tree mst configuration.3. Establecer el numero de revisión4. Nombre de región5. Crear las instancias y asignarles las VLANs
DLS1spanning-tree mst configuration revision 1 name DUOC instance 1 vlan 1-5 instance 2 vlan 6-8
DLS2spanning-tree mst configuration revision 1 name DUOC instance 1 vlan 1-5 instance 2 vlan 6-8
DLS2#show spanning-tree mst configurationName [DUOC]Revision 1 Instances configured 3
Instance Vlans mapped-------- ---------------------------------------------------------------------0 9-40941 1-52 6-8-------------------------------------------------------------------------------
@ NMT 2012 84
CCNP 3 Guía SWITCH v1.0
DLS1#sh spanning-tree mst configurationName [DUOC]Revision 1 Instances configured 3
Instance Vlans mapped-------- ---------------------------------------------------------------------0 9-40941 1-52 6-8-------------------------------------------------------------------------------
DLS1#sh spanning-treeMST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 Cost 0 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p
MST1 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 3037.a6eb.d580 Cost 200000 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p
MST2 Spanning tree enabled protocol mstp Root ID Priority 32770 Address 3037.a6eb.d580 Cost 200000 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
@ NMT 2012 85
CCNP 3 Guía SWITCH v1.0
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p
Podemos notar que existe un BID por cada instancia, a 32768 se le suma el número de la instancia haciendo del BID único
DLS1#sh spanning-tree bridge Hello Max FwdMST Instance Bridge ID Time Age Dly Protocol---------------- --------------------------------- ----- --- --- --------MST0 32768 (32768, 0) e8ba.70cb.f600 2 20 15 mstpMST1 32769 (32768, 1) e8ba.70cb.f600 2 20 15 mstpMST2 32770 (32768, 2) e8ba.70cb.f600 2 20 15 mstp
DLS2#show spanning-tree root Root Hello Max FwdMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------MST0 32768 3037.a6eb.d580 0 2 20 15MST1 32769 3037.a6eb.d580 0 2 20 15MST2 32770 3037.a6eb.d580 0 2 20 15
DLS2#show version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80
DLS1 debe ser Root Bridge para instancia1 DLS2 debe ser Root Bridge para instancia2
Ya podemos establecer prioridades trabajando con VLANs empaquetadas, como una sola entidad, instancia 1 e instancia 2. Para esto debemos utilizar el comando
DLS1(config)#spanning-tree mst 1 priority ? <0-61440> bridge priority in increments of 4096
DLS1(config)#spanning-tree mst 1 priority 0DLS1(config)#spanning-tree mst 2 priority 4096
DLS2spanning-tree mst 1 priority 4096spanning-tree mst 2 priority 0
@ NMT 2012 86
CCNP 3 Guía SWITCH v1.0
DLS2#show version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80
DLS2#show spanning-tree root Root Hello Max FwdMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------MST0 32768 3037.a6eb.d580 0 2 20 15MST1 1 e8ba.70cb.f600 200000 2 20 15 Fa0/11MST2 2 3037.a6eb.d580 0 2 20 15
La salida anterior nos muestra que DLS2 es Root Bridge para instancia 0 y 1. Para instancia 1 tenemos otro BID (de DLS1) que podemos identificar porque tiene un Root Port (Fa0/11).
DLS1#sh version | include BaseBase ethernet MAC Address : E8:BA:70:CB:F6:00
DLS1#sh spanning-tree root Root Hello Max FwdMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------MST0 32768 3037.a6eb.d580 0 2 20 15 Fa0/11MST1 1 e8ba.70cb.f600 0 2 20 15MST2 2 3037.a6eb.d580 200000 2 20 15 Fa0/11
DLS1#sh spanning-tree interface fastEthernet 0/11Mst Instance Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------MST0 Root FWD 200000 128.13 P2pMST1 Desg FWD 200000 128.13 P2pMST2 Root FWD 200000 128.13 P2p
DLS1#sh spanning-tree interface fastEthernet 0/12Mst Instance Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------MST0 Altn BLK 200000 128.14 P2pMST1 Desg FWD 200000 128.14 P2pMST2 Altn BLK 200000 128.14 P2p
DLS2#show spanning-tree interface fastEthernet 0/11Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.13 P2pMST1 Root FWD 200000 128.13 P2pMST2 Desg FWD 200000 128.13 P2p
@ NMT 2012 87
CCNP 3 Guía SWITCH v1.0
DLS2#show spanning-tree interface fastEthernet 0/12Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.14 P2pMST1 Altn BLK 200000 128.14 P2pMST2 Desg FWD 200000 128.14 P2p
Queremos que el tráfico de la instancia 1 utilice la Fa0/11 y la instancia 2 la Fa0/12Nota: Menor valor mayor prioridad.
DLS1interface FastEthernet0/11 spanning-tree mst 1 port-priority 0 spanning-tree mst 2 port-priority 240
interface FastEthernet0/12 spanning-tree mst 1 port-priority 240 spanning-tree mst 2 port-priority 0
DLS2interface FastEthernet0/11 spanning-tree mst 1 port-priority 0 spanning-tree mst 2 port-priority 240
interface FastEthernet0/12 spanning-tree mst 1 port-priority 240 spanning-tree mst 2 port-priority 0
Notemos que instancia 1 utiliza la interface Fa0/11 y la instancia 2 la Fa0/12.
DLS2#show spanning-tree interface fastEthernet 0/11Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.13 P2pMST1 Root FWD 200000 0.13 P2pMST2 Desg FWD 200000 240.13 P2p
DLS2#show spanning-tree interface fastEthernet 0/12Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.14 P2pMST1 Altn BLK 200000 240.14 P2pMST2 Desg FWD 200000 0.14 P2p
@ NMT 2012 88