SWITCH 300-115 1.0 Layer 2 Technologies

lab
1. erase start, reload
2. set up hostnames, passwords, consoles, vty’s, ip addresses, all dot1q trunks
3. put the service timestamps in datetime format
4. make a ping macro from dls1 so you can ping them all
dls1(config)#macro global apply mping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.102, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
dls1(config)#
5. make dls1 the vtp server (ver2) name it lab, and build the vlans to save time
dls1#sh vlan brie
VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Gi0/1, Gi0/2
100  100                              active
200  200                              active
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
dls1#
6. put the hosts in vlan 100 on als1, in vlan 200 on als2 as per the diagram
als2#sh vtp status
VTP Version                     : 2
Configuration Revision          : 18
Maximum VLANs supported locally : 128
Number of existing VLANs        : 7
VTP Operating Mode              : Client
VTP Domain Name                 : lab
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x0E 0x4D 0x22 0x33 0x69 0x59 0xD8 0x0E
Configuration last modified by 172.16.1.1 at 5-5-12 10:05:37
als2#sh vlan brie
VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/13, Fa0/14
100  100                              active
200  200                              active    Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
als2#
where is f0/7 – 12?
7. make sure stp is old school. make vlan 1 and 100 primary on dls1 and vlan 200 secondary.  reverse this on dls2
dls2#sh spannVLAN0001
Spanning tree enabled protocol ieee
Root ID    Priority    24577
Address     000f.8ffe.0980
Cost        19
Port        11 (FastEthernet0/11)
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secBridge ID  Priority    28673  (priority 28672 sys-id-ext 1)
Address     000b.5fc9.0000
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time 300Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/7               Desg FWD 19        128.7    P2p
Fa0/8               Desg FWD 19        128.8    P2p
Fa0/9               Desg FWD 19        128.9    P2p
Fa0/10              Desg FWD 19        128.10   P2p
Fa0/11              Root FWD 19        128.11   P2p
Fa0/12              Altn BLK 19        128.12   P2p

VLAN0100
Spanning tree enabled protocol ieee
Root ID    Priority    24676
Address     000f.8ffe.0980
Cost        19
Port        11 (FastEthernet0/11)
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    28772  (priority 28672 sys-id-ext 100)
Address     000b.5fc9.0000
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/7               Desg FWD 19        128.7    P2p
Fa0/8               Desg FWD 19        128.8    P2p
Fa0/9               Desg FWD 19        128.9    P2p
Fa0/10              Desg FWD 19        128.10   P2p
Fa0/11              Root FWD 19        128.11   P2p
Fa0/12              Altn BLK 19        128.12   P2p

VLAN0200
Spanning tree enabled protocol ieee
Root ID    Priority    24776
Address     000b.5fc9.0000
This bridge is the root
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    24776  (priority 24576 sys-id-ext 200)
Address     000b.5fc9.0000
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/7               Desg FWD 19        128.7    P2p
Fa0/8               Desg FWD 19        128.8    P2p
Fa0/9               Desg FWD 19        128.9    P2p
Fa0/10              Desg FWD 19        128.10   P2p
Fa0/11              Desg FWD 19        128.11   P2p
Fa0/12              Desg FWD 19        128.12   P2p

dls2#

name 4 ways you can tell vlan 200 is the root on dls2?
know that root guard protects a root port from receiving superior bpdu’s (preventing it from becoming root), but will allow that connected port to participate in stp…
see below…
als1(config)#int rang f0/7 – 8
als1(config-if-range)#spann guard root
als1(config-if-range)#
May  5 18:40:04: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthe.
May  5 18:40:04: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthe.
May  5 18:40:04: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/7 on.
als1(config-if-range)#end
als1#
May  5 18:41:03: %SYS-5-CONFIG_I: Configured from console by vty2 (172.16.1.102)
als1#sh spann inconName                 Interface              Inconsistency
——————– ———————- ——————
VLAN0001             FastEthernet0/7        Root Inconsistent
VLAN0001             FastEthernet0/8        Root Inconsistent
VLAN0100             FastEthernet0/7        Root Inconsistent
VLAN0100             FastEthernet0/8        Root Inconsistent
VLAN0200             FastEthernet0/7        Root Inconsistent
VLAN0200             FastEthernet0/8        Root InconsistentNumber of inconsistent ports (segments) in the system : 6als1#sh spann

VLAN0001
Spanning tree enabled protocol ieee
Root ID    Priority    24577
Address     000f.8ffe.0980
Cost        38
Port        9 (FastEthernet0/9)
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
Address     0009.b73f.ce80
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/7            Desg BKN*19        128.7    P2p *ROOT_Inc
Fa0/8            Desg BKN*19        128.8    P2p *ROOT_Inc
Fa0/9            Root FWD 19        128.9    P2p
Fa0/10           Altn BLK 19        128.10   P2p
Fa0/11           Altn BLK 19        128.11   P2p
Fa0/12           Altn BLK 19        128.12   P2p
Fa0/13           Desg FWD 19        128.13   P2p

VLAN0100
Spanning tree enabled protocol ieee
Root ID    Priority    24676
Address     000f.8ffe.0980
Cost        38
Port        9 (FastEthernet0/9)
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    32868  (priority 32768 sys-id-ext 100)
Address     0009.b73f.ce80
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/7            Desg BKN*19        128.7    P2p *ROOT_Inc
Fa0/8            Desg BKN*19        128.8    P2p *ROOT_Inc
Fa0/9            Root FWD 19        128.9    P2p
Fa0/10           Altn BLK 19        128.10   P2p
Fa0/11           Altn BLK 19        128.11   P2p
Fa0/12           Altn BLK 19        128.12   P2p
Fa0/15           Desg FWD 19        128.15   Edge P2p

VLAN0200
Spanning tree enabled protocol ieee
Root ID    Priority    24776
Address     000b.5fc9.0000
Cost        19
Port        9 (FastEthernet0/9)
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    32968  (priority 32768 sys-id-ext 200)
Address     0009.b73f.ce80
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/7            Desg BKN*19        128.7    P2p *ROOT_Inc
Fa0/8            Desg BKN*19        128.8    P2p *ROOT_Inc
Fa0/9            Root FWD 19        128.9    P2p
Fa0/10           Altn BLK 19        128.10   P2p
Fa0/11           Desg FWD 19        128.11   P2p
Fa0/12           Desg FWD 19        128.12   P2p

als1#

note that f0/7 and 8 are inconsistent, but still designated…
als1(config-if-range)#no spann guard root
als1(config-if-range)#
May  5 18:46:55: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port FastEth.
May  5 18:46:55: %SPANTREE-2-ROOTGUARD_UNBLOCK: Root guard unblocking port FastEthernet0/.
May  5 18:46:55: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port FastEth.
als1(config-if-range)#
this is very disruptive, and i would avoid this… i don’t care what non-root switch ports are root…  i’d be more concerned with clearly delineating the root switch only…
again, for testing, it is important to know what root guard is… if you can figure out a vital reason to use this crap, please let me know…
bpdu guard on the other hand, will disallow a portfast enabled port from receiving bpdu’s… a portfast port could recieve bpdu’s from a rogue switch or ap… in that event, the port will be errdisabled
8. enable portfast on access ports for als1 and als2
9. globally enable bpduguard and verify
als1(config)#spann portfast bpduguard default
als1(config)#do sh spann summ
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
UplinkFast                   is disabled
BackboneFast                 is disabled
Pathcost method used         is shortName                   Blocking Listening Learning Forwarding STP Active
———————- ——– ——— ——– ———- ———-
VLAN0001                     3         0        0          4          7
VLAN0100                     3         0        0          4          7
VLAN0200                     3         0        0          3          6
———————- ——– ——— ——– ———- ———-
3 vlans                      9         0        0         11         20
storm control is a good feature for trunking… simple enough… in a l2 network broadcasts can become unmanageable… thresholds can be set… my best practice would be to contain broadcasts at 20 %
10. set broadcast storm control on trunk ports and verify
als1(config)#int rang f0/7 – 12
als1(config-if-range)#storm-con broad lev 20
als1(config-if-range)#do sh run int f0/12
Building configuration…
Current configuration : 142 bytes
!
interface FastEthernet0/12
 switchport mode trunk
 speed 100
 duplex full

storm-control broadcast level 20.00