Jaycee's Networking

January 30, 2009

VLAN Trunking Protocol

Filed under: IOS, VLAN, VTP — Tags: , — Jaycee @ 10:16 am

1. VTP is a means whereby — VLAN names and numbers can be managed at central devices, with the resulting configuration distributed automatically to other devices.

2. VTP allows VLAN configurations to be managed on a single switch.
=> Changes then propagated to every switch in the VTP domain

(1) The main idea of VTP is that changes are made on VTP servers.
(2) Changes are propagated to VTP clients, and any other VTP servers in the domain.
(3) VTP transparent switch receives and forwards VTP updates, but does not update its configuration.

a. Some switches default to VTP server, while others default to VTP transparent.
b. VLANs cannot be locally configured on a switch in client mode.

3. A switch can only be in one VTP domain; the VTP domain is null by defult.

4. Switches with mismatched VTP domains will NOT negotiate trunk protocols.



January 26, 2009

BGP aggregate-address command

Filed under: BGP, IOS — Tags: , — Jaycee @ 10:14 pm

1. To create an aggregate entry in a BGP routing, use the aggregate-address command in address family or router configuration mode.

aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

2. When the aggregate-address command is used within BGP routing, the aggregated address is advertised, along with the more specific routes.

The exception to this rule is through the use of the summary-only command. The “summary-only” keyword suppresses the more specific routes and announces only the summarized route.

*BGP aggregate-address command

2. Using the as-set argument creates an aggregate address with a mathematical set of autonomous systems (AS). This as-set summarizes the AS_PATH attributes of the all of the individual routes. This can be useful to avoid routing loops while aggregating routes.

Again, unless the “summary-only” keyword is used with the as-set command the summary route is advertised along with the more specific routes.

January 20, 2009

NetScaler – Basic Configuration

Filed under: Load Balancing, Netscaler — Tags: — Jaycee @ 3:09 pm

1. Setting the NetScaler IP Address:

> set ns config -ipaddress -netmask
Default NSIP was:; default netmask was

2. Adding a Mapped IP Address:

> add ns ip -type mip

3. Setting the Default Gateway:

> add route

4. Changing the Root Password:

> set system user nsroot netscaler
The root password is changed to netscaler

5. Review configuration:

> show runningconfig

6. Saving the Configuration:

> save ns config

7. Rebooting the System:

> reboot

8. High Availability

(1) How High Availability Works: http://community.citrix.com/display/ns/How+High+Availability+Works

(2) When setting up an Application Switch that is part of a high availability (HA) pair, you must condier the following requirements:

a. If your configuration requires only one Etherenet port, use the disable interface command to disable the unused ports.

b. Configuring an Application Switch in HA mode requires 2 unique system IP  addresses.

c. The nsroot acct password need to be manually set on both Application Switches.


January 9, 2009


Filed under: IOS, VLAN, VTP — Tags: , — Jaycee @ 5:53 pm

1. A trunk — an interface or link that can carry frames for multiple VLANs at once.
=> switches are connected at layer 2 using trunks.

2. How Trunks Work

(1) IP packets have no concept of VLANS, and nor does TCP, UDP, ICMP, or any other protocol above layer 2.
(2) A VLAN is a layer-2 concept, so if there were to be any mention of a VLAN, it would happen at the data-link layer.
(3) The protocols for trunking:

a. ISL — Cisco’s Inter-Switch Link
b. 802.1Q — IEEE standard

(4) To accomplish the tagging of frames to be sent over a trunk, both sides must agree to a protocol.
=> may configure ISL and 802.1Q trunks on the same switch and in the same network.

(5) Cisco 2950 and 4000 only support 802.1Q.
(6) To determine whether a switch can use a specific trunking protocol:

a. IOS-Switch# show interface capabilities
b. Catos-Switch# show port capabilities

(7) ISL differs from 802.1Q:

a. ISL is a Cicso proprietary protocol; 802.1Q is an IEEE standard.
b. ISL encapsulates Etherenet frames within an ISL frame; 802.1Q alters existing frames to include VLAN tags.
c. ISL is only capable of supporting 1,000 VLANs; 802.1Q is capable of supporting 4,096.

3. ISL

(1) If an Ethernet frame has been created at the maximum size of 1,518 bytes, ISL will add an additional 30 bytes, for a total frame size of 1,548 bytes.
(2) These frames may be counted as “giant” frame errors. Cisco Equipment has no problem accepting them.

4. 802.1Q

(1) 802.1Q inserts 4-byte tag field into existing headers b/w the Source Address and Type/Length fields.
(2) FCS (Frame Check Sequence) of the frame is altered to relfect to the change.
(3) The maximum size for an 802.1Q frame is 1,522 bytes.
(4) It may result in “baby giant” frame errors. The frames will still be supported on Cisco devices.

5. Which Protocol to Use

(1) Catalyst 4000 only support 802.1Q
(2) 10-Gb blade available for the Catalyst 6509 only supports 802.1Q
(3) Catalyst 6509 switch supports both 802.1Q and ISL
(4) System Requirements to Implement Trunking
(5) The trunking protocol is local to each individual trunk.

6. Trunk Negotiation — DTP (Dynamic Trunking Protocol)

(1) includes the VTP domain name in the process
=> both switches must have the same VTP domain name

(2) DTP (Dynamic Trunking Protocol)

a. determine what trunking protocol are supported on each side
b. establish a trunk if possible
c. switchport nonegotiate disable DTP

(3) Possible switch port modes related to trunking:

switchport mode

a. mode access — the port will never be a trunk
b. mode trunk — the port will be a trunk regardless of any other settings
c. mode dynamic desirable — the port will attempt to convert the link to a trunk
d. mode dynamic auto — (default mode) the port will become a trunk if the other side is configured to be a trunk. It’ll not attempt to convert a link to a trunk.

i. dynamic — means the port may become a trunk
ii. desirable — indicates the port will initiate negotiations and try to make the link a trunk
iii. auto — indicates the port will listen for DTP but will not actively attempt to become a trunk

(4) Switchport Mode

7. Configuring Trunks on IOS switch:

(1) Configuring a trunk determine:

a. what port will be a trunk
b. what protocol the trunk will run
c. whether and how the port will negotiate
d. what VLANs are allowed on the trunk link

(2) On an IOS switch capable of both ISL and 802.1Q, you must specify a trunk encapsulation before you can configure a port as a trunk.

3550-IOS(config-if)# switchport mode encapsulation dot1q
3550-IOS(config-if)# switchport mode trunk

(3) Remove trunking for the interface, the command to do so is switchport mode access.

(4) By default all VLANs on a switch are included in a trunk.
(5) Broadcasts from all allowed VLANs will be sent on every trunk port, excluding unneeded VLANs can save a lot of bandwidth on the trunk link.
(6) Specify which VLANs are able to traverse a trunk with the switchport trunk allowed command.
(7) More options for switchport trunk allowed vlan:

3550-IOS(config-if)# switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list

(8) Allow only one VLAN (VLAN 100) on a trunk:

3550-IOS(config-if)# switchport trunk allowed vlan 100

(9) Show trunk port:

3550-IOS(config-if)# sho int trunk

(10) Allow all VLANs except VLAN 100:

3550-IOS(config-if)# switchport trunk allowed vlan except 100

(10) Remove VLANs 200 and 300:

3550-IOS(config-if)# switchport trunk allowed vlan remove 200
3550-IOS(config-if)# switchport trunk allowed vlan remove 300

January 8, 2009


Filed under: IOS, VLAN, VTP — Tags: , , , — Jaycee @ 2:42 am

1.Frames cannot leave the VLANs from which they originate.

2. “Router on a stick” runs a single trunk from the switch to the router.
=> All the VLANs will then pass over a single link.
==> The router is passing traffic b/w VLANs, so each frame will be seen twice on the same link.
===> Once to get to the router, and once to get back to the destination VLAN.

3. With a layer-3 switch, every pot can be dedicated to devices or trunks to other switches.

4. Configuring VLANs:

(1) Some IOS models, such as the 2950 and 3550, have a configurable VLAN database with its own configuration mode and commands.
=> The configuration for this database is completely separate fro the configuration for the rest of the switch.
==> A write erase followed by a reload will not clear the VLAN database on these switches.

(2) Configuring throught the VLAN database is a throwback to older models that offered no other way to manage VLANS.
=> All newer switches offer the option of configuring the VLANs throught the normal IOS CLI.
==> Switches like 6500, when running in native IOS mode, only support IOS commands for switch configuration.

(3) Cisco recommends VTP be configured as a 1st step when configuring VLANs.
=> trunks will not negotiate w/o a VTP domain
==> VTP domain is not required to make VLANs function on a single switch

5. CatOS

(1)  CatosSwitch# (enable) set vlan 10 name Lab-VLAN

(2) CatosSwitch# (enable) set vlan 10 6/1,6/3-4

(3) CatosSwitch# (enable) sho vlan


6. IOS Using VLAN Database

(1) If you have an IOS switch with active VLANs, but no reference in the running configuration, it’s possible:

a. they were configured in the VLAN database
b. they were learned via VTP

(2) 2950-IOS# vlan database

(3) 2950-IOS(vlan)# vlan 10 name Lab-VLAN

(4) 2950-IOS(vlan)# show

a. 2950-IOS(vlan)# show current
=> display the current database
b. 2950-IOS(vlan)# show changes

=> the differences b/w the current and proposed database

7. IOS Using Global Commands

(1) 2950-IOS# conf t
2950-IOS(config)# vlan 10
2950-IOS(config-vlan)# name Lab-VLAN

(2) 2950-IOS# sho vlan

(3) 2950-IOS(config)# int f0/1
2950-IOS(config-if)# switchport access vlan 10

(4) 2950-IOS(config)# interface range f0/1-2
2950-IOS(config-if-range)# switchport access vlan 10


Auto-Negotiation Problem

Filed under: IOS, Troubleshoot — Tags: — Jaycee @ 12:01 am

1. Diagnose a network “slowdown” or a “slow” device — check the error statistics and the auto-negotiation settings.

2. What’s Auto-Negotiation:

(1) Speed — the rate of the interface
(2) Duplex — how data flows on the interface

3. How Auto-Negotiation Works?

(1) Auto-negotiation is a protocol. It only works if it’s running on both sides of the link.
(2) If one side of a link is running auto-negotiation,

a. the other side is not running auto-negotiation
=> auto-negotiation CANNOT determine the speed and duplex configuration of the other side.

b. the other side is running auto-negotiation
=> the 2 devices decide together on the best speed and duplex mode.

(3) Parallel detection — when the auto-negotiation process fails to find auto-negotiation running on the other side

a. sends the signal being received to the local 10Base-T, 100Base-TX, and 100Base-T4 drivers.
=> If any one of these drivers detects the signal, the interface is set to that speed.
=> the safest thing for the driver to do is to choose half-duplex mode

b. determines only the link speed, not the duplex mode.

c. the common modes of Ethernet have differing levels of duplex support:

i. 10Base-T — was originally designed w/o full-duplex support. Some support full duplex, but most don’t.
ii. 100Base-T — has long supported full duplex. The default behavior of 100Base-T is usually half duplex. It must be hard set to full duplex, if so desired.

4. When Auto-Negotiation Fails

(1) In a half-duplex environment, the RX line is monitored.

a. If a frame is present on the RX link, no frames are sent until the RX line is clear.

b. If a frame is received on the RX line while a frame is being sent on the TX line, a collision occurs.
=> Collisions cause the collision error counter to be incremented.

(2) If full-duplex environment, the RX line is not monitored, and the TX line is always considered available.
=> RX and TX lines are completely independent.

(3) When one side is full-duplex and the other side is half-duplex, a large number of collisions will occur on the half-duplex side.

a. Half-duplex side will listen to the RX line, and will not transmit unless the RX line is available.
b. It’ll record a high number of collisions, resulting in the device appearing to be slow on the network.
c. Half-duplex interface presents excessive collisions.

(4) In the real world, if you see that an interface is set to auto-negotiation has negotiated to 100/half, chances are the other side is set to 100/full.

(5) 100Mbps interfaces that don’t support full duplex are rare, so properly configured auto-negotiation ports should almost never end up configured for half duplex.

(6) Be careful about using 10/full, as full duplex is not supported on all 10Base-T Ethernet devices.

(7) Gigabit Ethernet should always be set to auto-negotiation.

January 5, 2009

Hubs and Switches

Filed under: Information, IOS — Tags: , — Jaycee @ 3:09 am

1. Cables:

(1) 10Base-5 = thicknet
N connectors
(2) 10Base-2 = thin-net, for cable TV
BNC connectors
(3) UTP = unshielded twisted pair cables
RJ45 connectors
(4) 10Base-T — there is no specific distance limitation, usually keep within 100M
describes certain characteristics that a cable should meet

2. Hubs:

(1) A hub connects Ethernet cables together, their signals can be repeated to every other connected cable on the hub

(2) a hub is a repeater, a repeater is not necessarily a hub

(3) A repeater repeats a signal, usually used to extend a connection to a remote host, or to connect a group of users who exceed the distance limitation of 10Base-T.

(4) A repeater may have only 2 connectors, a hub can have many more.

(5) 5-4-3 rule of Ethernet design – b/w any 2 nodes on an Ethernet network

a. there can be be only 5 segments
b. connected via 4 repeaters
c. only 3 of the segments can be populated

3. Collision  domains

(1) Collisions are limited to network segments, where devices can communicate using layer-2 MAC addresses.
(2) Collisions are limited to collision domains, where collisions can occur.

4. Broadcast domain:

(1) where a broadcast will be propagated.

(2) Broadcasts stay within a layer-3 network, which usually bordered by a layer-3 device such as a router.

(3) Broadcasts are sent through switches (layer-2 devices), but stop at routers.

(4) Broadcasts and IP networks are not limited to VLANs.

(5) Broadcast Storms

a. Causes: endless loop
b. Symptoms: every device essentially being unable to send any frames on the network due to constant network traffic, all status lights on the hubs staying on instantly instead of blinking normally.
c. Resolves: the only way to resolve a broadcast storm is to break the loop.

5. Frames

(1) TCP packet is encapsulated with layer-2 information to form a frame
(2) always refer to frames when speaking of hubs and swithches

6. Switch terms:

(1) Switch — the general term used for anything that can switch
(2) Ethernet Switch — any device that forwards frames based on their layer-2 MAC addresses using Ethernet.

a. An Ethernet switch creates a collision domain on each port
b. A hub generally expands a collision domain through all ports

(3) Layer-3 switch — a switch with routing capabilities. VLANS can be configured as virtual interfaces on a layer-3 switch.

(4) Multilayer switch — Same as a layer-3 switch, but also allow for control based on higher layers in packets.

(5) Switching — is the act of forwarding frames based on their destination MAC addresses.

a. In telecom, switching is the act of making a connection b/w 2 parties.
b. In routing, switching is the process of forwarding packets from one interface to another within a router.

7. CAM table (content-addressable memory) in Cat OS and MAC address table in IOS contain a map of what MAC addresses have been discovered on what ports.

8. When a station using IP needs to send a packet to another IP address on the same network, it must 1st determine the MAC address for the destination IP address:

a. IP send out an ARP (Address Resolution Protocol) request packet. This packet is a broadcast, so it’s sent out all switch ports.

b. The ARP packet, when encapsulated into a frame, now contains the requesting station’s MAC address, so the switch knows what port to assign for the source.

c. When the destination station replies that it owns the requested IP address, the switch knows which port the destination MAC address is located on (the reply frame will contain the replying station’s MAC address).

9. To display information about the MAC address table:

show mac-address-table


*in Cat OS, use show cam dynamic

10. Cisco Switch Types:

(1) Fixed-configuration switches

a. are smaller, usually 1 rack unit (RU) in size
b. typically contain nothing but Ethernet ports
c. includes the Cisco 2950, 3550, 3750
d. 3750 is capable of being stackedthe limitation of stacking is that the backplane of the stack is limited to 32 Gbps (Gigabits per seconds)
Benefits: price, size, weight, power–capable of operating on normal household power,some support a power distribution unit which can provide some power redundancy at additional cost.

(2) Modular chassis-based switches

a. can support 720 Gbps on their backplanes
b. more expensive

11. Modular Chassis-based Switches

a. Advantages:

(1) Expandability — 7x 3750s for an equal ports of the 6500 chassis, but speed of a stack is limited to 32Gbps while 6500 provide 720Gbps

(2) Flexibility — 6500 chassis will accept modules that provide services outside the range of a normal switch:

a. Firewall Services Modules (FWSMs)
b. Intrusion Detection System Modules (IDSMs)
c. Content Switching Modules (CSMs)
d. Network Analysis Modules (NAMs)
e. WAN modules (FlexWAN)

(3) Redundancy

a. Support multiple power supplies
b. Support dual supervisors

(4) Speed

a. 6500 chassis employing Supervisor-720 (Sup-720) processors supoorts up to 720 Gbps of throughput on the backplane.
b. The fastest fixed-configuration switch — Cisco 4948 — supports only 48Gbps.

i. 4948 switch is designed to be placed at the top of a rack in order to support the devices in the rack.
ii. it cannot be stacked, therefore it’s limited to 48 ports.

b. Disadvantages: heavy, take a lot of room, require a lot of power.

*Cisco’s two primary chassis-based switches: 4500 series and 6500 series.

12. Planning a Chassis-Based Switch Installation

(1) Rack space

a. 6513 — 19 RU
b. NEBS version of 6509 — 21 RU
c. 4506 — 10 RU
d. 7-foot telecom rack is 40 RU

(2) Power

a. add up the power requirements for all the modules
b. To provide redundancy, each of the power supplies in the pair should be able to provide all the power necessary to run the entire switch, including all modules.
c. For DC power supplies, make sure you specify A and B feeds.
e.g. if you need 40 amps of DC power, you’d request 40 amps DC — A and B feeds. This means that you’ll get 2 40-amps power circuits for failover purposes.
d. Most collocation facilities supply positive gound DC power.
e. For AC power supplies, you’ll need to specify the voltage, amperage, and socket needed for each feed.
e.g. the power cord for a power supply may come with a NEMA L6-20P plug. It will require NEMA L6-20R receptacles(插座).
f. The P and R on the ends of the part numbers describe whether the part is a plug or a receptacle. NEMAL6-20 is a twist-lock 250-volt AC 16-amp connector.
g. Always tighten the clamp to avoid the cable popping out of the receptacle when stressed.

(3) Cooling

a. On many chassis switches, cooling is done from side to side.
b. NEBS-compliant 6509 switch moves air vertically, and the modules sit vertically in the chassis.
c. Always make sure you leave ample (充裕的) space b/w chassis switches when installing them.

(4) Installing and removing modules

Any time you’re working with a chassis or modules, you should use a static strap.

(5) Routing cables

When routing cables to modules, remember that you may need to remove the modules in the future.

Blog at WordPress.com.