Cisco SWITCHING

DO DVMRP FROM DOC CD SWITCHJING----just how to configure tunnel that it
MULTICAST
NOW TO CONFIFURE –
Start 1) ip multicast-routing
2) interface mode – ip pim dense/sparse/sparse-dense
To configure static RP – IP PIM RP-address ()
RP HAS GROUP TO MEMBER MAPPING
AUTO-RP-
Switch(config)#ip pim send-rp-announce fastEthernet 0/2 scope 4
(in this fas0/2 ip address identifies the ip addess this router uses to announce itself as RP)
ON MAPPING AGENT U WILL CONFIGURE – IP PIM SEND_RP_DISCOVERY
And to filter RP announcing them ---

Ip pim rp-announce-filter rp-list
FILTERING BSR AND AUTO-RP UPDTAES ---------
--------------------------------------------------------------------------------------------------------------------------------------------------
======================================================================
HSRP<<<<<follow rule higher is better as ,, REMEMBER LIKE THIS HSRP FOR ROUTER
SWITCH-B#sh run int fastEthernet 0/23

Building configuration...
Current configuration : 167 bytes

!
interface FastEthernet0/23
no switchport
ip address 1.1.1.2 255.255.255.248
standby 1 ip 1.1.1.3
standby 1 priority 110
standby 1 track FastEthernet0/2 12<<<Track int fas0/2 , when down decrement this router priority by 12 .
SWITCH-B#sh standby
FastEthernet0/23 - Group 1
State is Active<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
11 state changes, last state change 00:05:26
Virtual IP address is 1.1.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.068 secs
Preemption disabled
Active router is local<<<<<active local though standby has higher priority because preempt not enabled
Standby router is 1.1.1.4, priority 100 (expires in 9.064 sec)
Priority 98 (configured 110)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Priority 98 , configured 110 ,,,because
Track interface FastEthernet0/2 state Down decrement 12
IP redundancy name is "hsrp-Fa0/23-1" (default)
NOW preempt enabled on other router

SWITCH-B#sh standby
FastEthernet0/23 - Group 1
State is Standby<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
13 state changes, last state change 00:00:09
Virtual IP address is 1.1.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.300 secs
Preemption disabled
Active router is 1.1.1.4, priority 100 (expires in 8.296 sec)
Standby router is local<<<<<<<<<<<<<<<<<<<<<<<
Priority 98 (configured 110)<<<<<<<<<<<<<<<<
Track interface FastEthernet0/2 state Down decrement 12
IP redundancy name is "hsrp-Fa0/23-1" (default)
SWITCH-B#sh standby brief

P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/23 1 98 Active local unknown 1.1.1.3 <<<<<<<<<<<SEE STANDBY UNKNOWN <<<MEANS
NO COMMUNICATION WITH REMOTE ROUTER
1)
<<<<<<<<<33 as object number
2)
3)
<<<<<<<<<<<<<<<<<<<<<U CAN ASSIGN WEIGT HERE TO OBJECT 33

IN THIS CASE TOTAL WT of object 1,2 and 3 is 65 , if 1 and 2 goes down still 3 has wt 30 to keep TRACK 4 up
( and OBJECT 1 or or 3 will be tracking an interface for routing or line protocol)….If any 2 object goes down
track 4 is up and if all three goes down then track 4 is down
=========================================
IPV6 ::/0-any
Router(config)#ipv6 access-list ANKUR

Router(config-ipv6-acl)#deny tcp any any eq 80
Router(config-ipv6-acl)#permit any any
Router(config-ipv6-acl)#exit
Router(config)#int fastEthernet 0/1
Router(config-if)#ipv6 traffic-filter ANKUR in
Router(config-if)#^Z
Router#sh ipv6 acc
IPv6 access list anku
deny tcp 23ED:1234:1234::/64 any sequence 10
deny tcp 23ED:1234:1234::/68 any sequence 20
permit ipv6 any any sequence 30
IPv6 access list ANKUR
deny tcp any any eq www sequence 10
permit ipv6 any any sequence 20
Router#
================================================
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fas
Switch(config)#int fastEthernet 0/1
Switch(config-if)#switchport
Switch(config-if)#ip access-group 1 in
Switch(config-if)#ip access-group 12 ? <<<<<<when int layer 2 port acl and only inbound
in inbound packets
Switch#config t
Switch(config-if)#no switchport <<<<<<<<<<<<<<<<<when layer 3 interface Router acl , has both option inbound
and outbound
Switch(config-if)#ip access-group 1 ?
in inbound packets
out outbound packets
Once u enable IPV6 enable then , link local ip address is automatically assigned.
MULTILINK CONFIGURATIOn –
interface Multilink1
ip address 1.1.1.1 255.255.255.252
ppp multilink
ppp multilink fragment delay 10<<<<LFI
ppp multilink interleave
ppp multilink group 1
!
interface Serial0/0
ip address 1.1.1.2 255.255.255.252
max-reserved-bandwidth 100
service-policy input TEST1
encapsulation ppp
serial restart-delay 0
ppp multilink
ppp multilink group 1
FOR IN OR OUT TRAFFIC FLOW---- THINK UR SELF AS ROUTER NOW TO APPLY ON INT SE0/0
THINK SE 0/0 as ur right arm ,, now lift and see incoming traffic is traffic coming in to u and outgoing traffic going
out from u (away from u)..THINK FROM PRESPECTIVE OF ROUTER
to change parameters like DSCP.

COS,IPPREC and mapping
,trust
use mls
POLICYING USE CLASS-MAP

IP PACKET HAS TOS OR DSCP. FRAMES ON TRUNK CAN HAVE COS
VALUES ASSOCIATED WITH THEM
VVV IMP – FOR LAYER THREE SVI to COME UP --- U shold create layer 2 VLAN of same no….
3550A#sh int vlan 11

Vlan11 is down, line protocol is down <<<<<<<<<<<<<<<<<<<<<<<<<<<<
550A#config t
3550A(config)#vlan 11
3550A(config-vlan)#^Z
3550A#sh int vlan 11

Vlan11 is up, line protocol is up <<<<<<<<<<<<
INTER VLAN ROUTING
R --- S
When on s/w trunk port to R then on R make subinterface
When on s/w access port to R then configuration on physical port of R
INTER-vlan using ROUTER FOR

INTERVLAN ( NOT SWITCH)
ROUTER CALLED ROUTER-ON-
STICK
R7 (7.7.7.7) (Gi0/1)-----(vlan7)S/w—R3
|
R8 (8.8.8.8) (Gi0/1)------(Vlan8)
FROM GOLD LAB
R7 and R8 are acting as hosts in vlan 7 and 8 ,,,,,, so no ip-routing on them.
R7#sh running-config
no ip routing<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
interface GigabitEthernet0/1
ip address 7.7.7.7 255.255.255.0 <<<<<<<<<<<<<<<<<<<<<<
no ip route-cache
duplex full
speed 100
media-type rj45
negotiation auto
no ip routing<<<<<<<<<<<<<<<<<<<<<<<<<<
interface GigabitEthernet0/1
ip address 8.8.8.8 255.255.255.0<<<<<<<<<<<<<<<<<<<
no ip route-cache
duplex full
speed 100
media-type rj45
negotiation auto
S/W-
B(config)#vlan 7-8<<<<<<<<<CREATE VLAN
B(config-vlan)#^Z
B#sh run int fastEthernet 0/7


!
switchport access vlan 7
switchport mode access
speed 100
duplex full
end

!
speed 100
duplex full
end
B#sh run int fastEthernet 0/3

!
switchport trunk encapsulation isl
switchport mode trunk
end
B#
R3 ROUTERONSTICK
R3-ROUTERONSTICK#sh running-config
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation isl 7
ip address 7.7.7.1 255.255.255.0
no ip redirects
no snmp trap link-status
!
interface FastEthernet0/1.2<<<<<<<<<<<<CREATE SUBINTERFACE SO THAT ROUTER HAS
SAME INTERFACE CONNECTED TO DO IP ROUTING.
encapsulation isl 8
ip address 8.8.8.1 255.255.255.0 no ip redirects
no snmp trap link-status
R7#ping 8.8.8.8
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
INTER-VLAN USINGCREATING
SVI ON SWITCH
R1 –f0/1 S/W B=====S/W Af0/4-------R4
R1#sh run int fastEthernet 0/1


!
ip address 1.1.1.1 255.255.255.0
no ip route-cache
duplex auto
speed auto
end
+ disable ip routing as it acts like host.
R4#sh run int fastEthernet 0/0


!
ip address 2.2.2.1 255.255.255.0
no ip route-cache
duplex auto
speed auto
end
+ disable ip routing as it acts like host.
3550B#sh run int fastEthernet 0/4


!
switchport mode dynamic desirable
end
3550B#sh run int vla 11

!
interface Vlan11
ip address 1.1.1.2 255.255.255.0
end
3550B#sh run int vla 12


!
interface Vlan12
ip address 2.2.2.3 255.255.255.0
end
+ ENABLE IP ROUTING
3550A#sh run interface fastEthernet 0/4


!
end
3550A#sh run interfa

3550A#sh run interface vlan 11

!
interface Vlan11
ip address 1.1.1.3 255.255.255.0
end
3550A#sh run interface vlan 12


!
interface Vlan12
ip address 2.2.2.2 255.255.255.0
end
3550A#
+ ip routing enable
NOW FILTERING USING VLAN ACCESS_MAP
vlan access-map B 10
action drop
match ip address 102
access-list 102 permit ip any any
3550B#sh run int fastEthernet 0/1


!
end
3550B#sh run | i filter

vlan filter B vlan-list 11
3550B#
Now SEE U APPLY FILTER TO TELL ON WHICH VLANS PORTS ( WHICH ARE IN THIS
VLAN TO APPLY FILTER )… IF U SAY 12 in filtering , nmo filtering as port connected to R1 is in
vlan 11.
ON LAYER 3 interface ACL CAN BE APPLIED IN OR OUT
ON LAYER 2 INTERFACE ACL CAN BE APPLIED ONLY IN.

Switch#sh access-lists 111
Extended IP access list 111
20 deny tcp 171.69.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq telnet
25 permit tcp 171.69.0.0 0.0.255.255 any eq telnet
Switch#config t
Switch(config)#ip access-list resequence 111 20 ?
<1-2147483647> Step to increment the sequence number
Switch(config)#ip access-list resequence 111 20 30

Switch(config)#^Z
Switch#sh access-lists 111
Extended IP access list 111
20 deny tcp 171.69.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq telnet
50 permit tcp 171.69.0.0 0.0.255.255 any eq telnet
Switch#
To see changes of config done on
switch.
Switch#config t
Switch(config)#archive
Switch(config-archive)#log config
Switch(config-archive-log-cfg)#logging enable
Switch(config-archive-log-cfg)#^Z
Switch#sh archive log config all

idx sess user@line Logged command
1 1 console@console | logging enable
2 1 console@console | logging size 1000
3 1 console@console | exit
4 2 console@console |interface FastEthernet0/9
5 2 console@console | switchport
6 2 console@console | switchport mode trunk
7 2 console@console | no shutdown <<<<<<Se what all commands used…..
BASIC MISTAKE ---

R1 ----- S/w -----R2
If u make subinterface on router ,,

then port on s/w will be trunk ……..
If u give ip on main interface of

ROUTER goin to s/w the either
configure trunk or access port on s/w.
U can’t make RSPAN VLAN AS ACCESS VLAN ,,,,,can’t assign to interface.
3560 has 2 –
G iSWITCHING-----
CDP WORKS ON LAYER 2
SH CDP NEIGHBOURS
GLOBALLY ENABLE –CDP RUN,,

INTERFACE ENABLE – CDP ENABLE.
SPAN OR RSPAN – SOURCE CAN BE PORT OR VLAN.
RSPAN VLAN IS CONFIGURED WITH NMORMAL RANGE VLANS.
To go to CONFIG-VLAN mode ,,, type vlan vlan-id in global configuration mode .
For transparent mode create extended range vlans (greater than 1005)
Vlan-database-------------use this command to create vlan parameters for vlans 1 to 1005
Chnaging history buffer size ---history size ()

CONFIGURING SWITCH ---
Interface vlan
Ip address
Sh int vlan
Then in global conf mode –
Ip default-gateway (enter ip address of the router connected to this switch , to which

packet that don’t find route in routing table of switch will be fwd.)
To see this efault gateway ( sh ip redirects)
ON SWITCH , port if u give ( no swichport ) its layer 3 and if switchport mode access
( then layer 2 port )
BASIC conf—
Ip domain –name ---- the dns ip to be used for name resolutipon by switch
Ip name-sercer ----this is ip of the dns to be used to resolve querries .
Ip domain-lookup--- enables name to ip resolution on ur switch.

>>>>
Switch(config)#mac-address-table aging-time 3000 vlan 2

Switch#sh mac-address-table aging-time
Vlan Aging Time
---- ----------
1 3000
2 3000
Switch#
To set and see mac-address table aging time
Clear table – clear mac-address-table dynamic
To add static mac address –
Mac-address-table static ( MAC-ADDRESS) VLAN ( vlan-id) interface ( on which to

bind this MAC-ADDRESS)
MAC-ADDRESS FILTERING
ONLY UNICAST MAC-ADDRES CAN BE FILTERED
THISE CAN]’t BE FILTERED ARE – MULTICAST , BROADCAST AND ROUTER
MAC
If u filter any of these three u get message --
COMMAND TO FILTER-
Config # MAC-ADDRESS-TABLE static (MAC-ADDRESS) VLAN (VLAN-ID) drop
THE MAC_ADDRESS SPECIED HERE ( IF A FRAME COMES WITH SOURCE OR

DESTINATION AS THIS IT IS DROPED)
If u add mac-add static ( mac) vlan int and after that next line drop command …. Then
frame withis source or destination dropped …But if drop command first and int later then
not droped ,, entry static added ( which ever last statement of two takes effect).
See – sh mac-addrss-table static

TO DEFINE PASSWORD FOR SWITCH --ENABLE SECRET LEVEL(0-15) –
Setting telnet password
Line vty 04
Password
To use username password ( onfigured on local router to authenticate (username –

privillage – password ( encryption type) password
Use line vty 0 4

Login local
Encryption tupe – 0 means no encryption and 7 means hidden password
To give a privillaged mode a level for setting password
Previllage ( exec/global/interface) level ( 0-15) ( command)
e.g,
privillage exec level 14 configure
to set eable password for privilaage

enable password level (0-15) (password)
To login to level 14 --- enable 14
To come out disable 14
TACAS-SERVER HOST (ip) port (of tcas to use default 49) TIME-out(time it will wait
for reply from tacas) Key ---
To enable – aaa new model
aaa new-model
aaa authentication ppp default group g1
aaa group server tacacs+ g1
server 1.0.0.1
server 2.0.0.1
tacacs-server host 1.0.0.1
tacacs-server host 2.0.0.1
aaa group server tacacas+ --- is used to define the tacas+ servers ip address out of
those mentioned via ( tacacas server host ) ,,,, use these for special service like ppp
authentication here
to see entries – sh tacacas

aaa authentication login (default/list-name) (method)
Default – is by default applied to all ports ….. if u want to apply authentication to

few ports the like-
Line vty 0 4
Login authentication (list-name)
Method – enable ( use enable password),line,local(created by username and

password command), local case , group tacacas+
Authorization ---
MYSER(config)#aa authorization ?
auth-proxy For Authentication Proxy Services
cache For AAA cache configuration
commands For exec (shell) commands.
config-commands For configuration mode commands.
configuration For downloading configurations from AAA server
console For enabling console authorization
exec For starting an exec (shell).
network For network services. (PPP, SLIP, ARAP)
reverse-access For reverse access connections
template Enable template authorization
MYSER(config)#aaa authorization commands ?

<0-15> Enable level
MYSER(config)#aaa authorization commands 15 ?

WORD Named authorization list.
default The default authorization list.
AAA accounting -----
MYSER(config)#aaa accounting ?
auth-proxy For authentication proxy events.
commands For exec (shell) commands.
connection For outbound connections. (telnet, rlogin)
delay-start Delay PPP Network start record until peer IP address is
known.
exec For starting an exec (shell).
gigawords 64 bit interface counters to support Radius attributes 52 &
53.
nested When starting PPP from EXEC, generate NETWORK records
before EXEC-STOP record.
network For network services. (PPP, SLIP, ARAP)
resource For resource events.
send Send records to accounting server.
session-duration Set the preference for calculating session durations
suppress Do not generate accounting records for a specific type of
user.
system For system events.
update Enable accounting update records.
MYSER(config)#aaa accounting
aaa accounting ---
MYSER(config)#aaa accounting network ?

WORD Named Accounting list.
default The default accounting list.
MYSER(config)#aaa accounting network d

MYSER(config)#aaa accounting network default ?
none No accounting.
start-stop Record start and stop without waiting
stop-only Record stop when service terminates.
MYSER(config)#aaa accounting network default start-stop group ?

WORD Server-group name
radius Use list of all Radius hosts.
tacacs+ Use list of all Tacacs+ hosts.
RADIUS-
Radius-server host (ip address) auth port() acct port () key()

Radius-server timeout
Radius-server retransmit (no of retries send to radius server if radius server not
responding)
Radius-server deadtime ( time after which radius server not responding to be
skipped)
Login authentication Radius
Aaa authentication login (default/list name) method
MYSER(config)#aaa group server ?

radius Radius server-group definition
tacacs+ Tacacs+ server-group definition
MYSER(config)#aaa group server radius ()
EXAME ---
Switch(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001

Switch(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
Switch(config)# aaa new-model
Switch(config)# aaa group server radius group1
Switch(configsgradius)# server 172.20.0.1 auth-port 1000 acct-port 1001
Switch(configsgradius)# exit
Switch(config)# aaa group server radius group2
Switch(configsgradius)# server 172.20.0.1 auth-port 2000 acct-port 2001
Switch(configsgradius)# exit
AAA authorization exec RADIUS local
Uses Radius for authorization if radius was used for authentication otherwise use
local database
Same with tacacas+
AAA authorization exec tacacas+ local
aaa authorization exec default group radius
FOR local authentication -----
Commands
username ankur privilege 6 password 0 ankur<<<use this username to go to

privilege 6
username cisco privilege 15 password 0 cisco<<<< use this username to go to
privilege 15
clock timezone EST -5
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable<<<for enable authentication use enable
password set on router ( IF U MENTION HERE USE ENABLE PASSWORD ,,,SET
THAT ASLSO THAT WILL BE REQUIRED TO LOGIN NEXT TIME)
aaa authorization exec default local
aaa authorization commands 6 default local
aaa accounting commands 6 default start-stop group tacacs+
CHAPTER 9 UNIVERSECD-
802.1X
Port based authentication
Before on port the user are authenticated ,,, protocols allowed are
stp,cdp,EXTENSIVE AUTH PROTOCOL OVER LAN,
Clent responsible to encapsulate frame in EAPOL and send it to switch which
transparently fwd these to authentication server , which reply as per authentication.
SWITCH CHECKS EAP MESSAGES RESPNSE TO MESSAGES SENT TO
CLIENT , if no replies it tries MAC ADDRESS BASED AUTHENTICATION.
Switch can use the Client MAC address for authorization
Priodically switch re-authenticates the Client
Action INITIALISE during this- initialize ( connectivity ends and re-authenticate)

RE_AUTNETICATE – connectivity not lost
Command
Dot1x reauthenticate interface ()
DOT1X port control auto ( in this case switch sends the EAP fromes to Client to ask
for authentication as soon as line protocol of protocol comes up.)
Dot1x port-control auto/force authorized(put port in authorised state)/unauthorized

put port in unautorised state (this is interface configuration command)
Information sent to radius server is represented as ATTRIBUTE VALUE PAIR.You

cn view these AV pairs sent by switch using debug radius accounting.
DOT1X authentication configuration-----
Switch(config)#aaa authentication dot1x default group ?

WORD Server-group name
radius Use list of all Radius hosts.
tacacs+ Use list of all Tacacs+ hosts.
ENABLE DOT1X globally on switch – DOT1X system-auth control
On intf ---
Switchport mode access and dot1x port control auto

Radius server host ( ip address) authport() key ()
Dot1x host mode (single-host/multi-host/multi-domain)----(interface mode

command)
Multi-host is allow multiple hosts on single port via hub or etc…..
Multi-domain ---allow both host and voice divice to be authenticated on the port
To forcefully get an interface authenticated----

dot1x re-authenticate interface fastEthernet 0/2
REAUTENTICATION TIME—tme to wait between reauthentication requests

QUIET PERIOD( TIME SWITCH remains in quiet state following failed
authentication)
Accounting –
aaa accounting dot1x default start-stop group radius
To account for switch reload etc----not the port –command is

Aaa accounting system default start-stop group radius.
VLAN---
1-1005 are normal range vlan

Extended ange for transparent mode (1006 to 4094)
pkt coming from the interface (access port) is untagged , the vlan configured on that
port from which frame is coming. If frame is tagged with dot1q or isl the discareded
if coming on acess port.
This acces ports can be assigned vlan by stoically configuring or VMPS .
TRUNK-
Isl – all frame received by isl trunk prt are expected to be isl tagged , if any
NATIVE(UNTAGGED) frame received are dropped.
.1Q- supports tagged and untagged traffic..1Q trunk port is assigned a port default
vlanid (PVID). IF frame with untagged and tagged with NULL VLAN ID gothrough
port default vlanid.Any frames from PVID are sent untagged , res all are tagged.
Tunnel ports are used in SP network to segregate the customer traffic from other
customer traffic using same vlan no.
Customer taraffice coming on a tunnel port of SP for that customer ….. tags the
incoming traffic with a a unique vlan tag for customer (which is unique in SP
network) called metro tag and is removed when frame reaches egress tunnel port of
SP.and via this original vlan information of customer is intact.
ROUTED port—
On interface – no switchport and globally ip routring
SVI- like int vlan 1 ( by default)

When required inter vlan traffice create this ----
*****
When u connect 3560 it has ports forts for RJ45 and SFP to uplink switch ,,which
ever connected first is taken and its non-redundant,,,,if u want to manually select
that then media-type…(AUTO/RJ45/SFP)
In RJ 45 or SFP other ports dispbled no redundancy if fails.
In auto if one fails other can take over.
3560 is Power over Ethernet capable s/w
IF device in VLAN 20 wants to speak to vlan 30 then createSVI of vlan 20 and 30 on

L3 switch and give them ip address.
For fast conf of all ports
Int range fat0/1-24( or use, for specify few ports)
Switch(config)#int range fastEthernet 0/1 - 24

Switch(config-if-range)#switchport access vlan 3
FasteHERNET SUPPORT ALL SPEED AND DUPLEX OPTIONS….gigaethernet

ruuuning at speed 1000 DOESN’T SUPPORT HALF DUPLEX
SPEED 100 AUTO TO NEGOTIATE WITH NEIGHBOUR THE SPEED AT 100.

IF Speed mismatch link down and duplex mismatch packet loss
AUTO BOTH SIDES ,LINK REMAINS UP

TO SE IF CURRENTLY HOW PORTS CONFIGURED ---
Switch#sh interfaces transceiver properties

Name : Fa0/1
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A
Administrative Power Inline: N/A
Operational Speed: auto
Operational Duplex: auto
Operational Auto-MDIX: N/A
Name : Fa0/2
Administrative Speed: auto
When there is congestion the device can send the other device pause frame to tell it
that there is congestion , to stop sending frames until conestion…..
3560 can only receive pause frames.

Flowcontrol receive (on/off/desirable)
MDIX enabled by default , checks if wrong cable plugged

Mdix auto (command if disabled)
To check this sh controllet Ethernet-controller fastether0/1 phy
To Supply poE ---configuration
Power inline auto( max power)/NEVER/STATIC(max power)

To see- show power inline
ON LAYER 2 PORTS NO MTU SET

TO SET GLOBALLY on 10/100 ports ---SYSTEM MTU ()
To set mtu of routed ports ----system mtu routed()( LARGER PACKETS CAN BE
ACCEPTED BUT CAN’T BE ROUTED)
(this routed MTU is used when forming adjencies like ospf)
To see current aand next MTU—show system mtu
System mtu jumbo()- on 1000 ports to support jumbo frames on gigaethernet ports
Chapter-12
Trunk is member of every vlan , including extended vlans.

3560 can only be VMPS clien ,,,server can be 5000 and 6500 switch.
VOICE VLAN---- USES one VLAN FOR VOICE TRAFFIC OF IP PHONE AND
SECOND VLAN FOR DATA TRAFFIC.
PRIVATE VLAN –SWITCH MODE SHOULD ALWAYS BE TRANSPARENT
Vlan 1002-1005 are reserved for FDDI and token ring.

Vlan 1-1005 are stored in vlan.dat file in vlan database (in flash memory) and you
can see them by sh vlan.IF switch is in transparent mode it is also saved in running
config
IF switch in VTP SERVER MODE CONFIGURE VTP DOMAIN FOR VTP TO
WORK
IF one vlan one STP (PVSTP) ,,,TOTAL ALLOWED ONN SWITCH STP is 128 and
IF THESE VLANS USED THEN NEW VLAN WILL NOT RUN STP.
So to AVOID THIS GROUP MANY VLAN AND RUN 1 STP (MSTP)
IF VTP mode is transparent and VLAN DATABASE AND VTP DOMAIN NAME
FROM VLAN DATABASE AND STARTUP CONFIG MATCh,VLAN DATABASE
CLEARED AND STARTUP config’s USED.IF the VTP DOMAIN AND VLAN
DATABASE DON’T MATCH THEN THAT IN VLAN DATABASE IS TAKEN.
IN SERVER MODE IT TAKES VLAN DATABASE.
Switch(config)#vlan 2
Switch(config-vlan)#name ANKUR
Switch(config-vlan)#mtu 1500
Switch#sh vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Gi0/1, Gi0/2
2 ANKUR active <<<<<<<<<<<<<<<<<<<<<<<<<<
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0 <<<<<<<<<<<<
1003 tr 101003 1500 - - - - srb 0 0 <<<<<<<<<<<<<
1004 fdnet 101004 1500 - - - ieee - 0 0 <<<<<<<<
1005 trnet 101005 1500 - - - ibm - 0 0 <<<<
The VLAN can BE also configured in another way –

Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 2 name ANKUR

VLAN 2 modified:
Name: ANKUR
Switch(vlan)#vlan 2 mtu 1500
Do apply when coming out f VLAN mode
EXIT IS APPLY AND COME OUT
WHEN DELETE VLAN FROM VTP SERVER MODE—VLAN IS DELETED

FROM ALL SWITCHES IN SAME VTP DOMAIN…/IF VLAN DELETED FROM
TRANSPARENT MODE THEN THE VLAN IS DELETE FROM THIS SWITCH
ONLY.
NO vlan (vlanid ) –to delete vlan (u can’t delete vlan 1,1002-1005)
Assigning a port to VLAN-
EXTENDED VLAN (1006-4094) can’t be created in vlan database mode.
When an interface is made for routed port then automatically and extended range
vlan id is given to it

Switch(config-if)#no switchport
Switch(config-if)#^Z
Switch#sh vlan internal usage
VLAN Usage
---- --------------------
1025 FastEthernet0/4
Switch(config)#int vlan 1025

% Error: VLAN 1025 in used as an internal VLAN ^
% Invalid input detected at '^' marker.
VTP-
VTP mode TRANSPARent/Server/client

sH vtp status- to see details of VTP.
Switch#sh vtp status

VTP Version :2
Configuration Revision :0
Maximum VLANs supported locally : 1005
Number of existing VLANs :7
VTP Operating Mode : Transparent
VTP Domain Name : CISCO
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x2D 0xDC 0xC3 0x5D 0xB6 0x3B 0xC5 0x38
Configuration last modified by 0.0.0.0 at 3-1-93 00:06:33
TRANSPARENT MODE CHANGES NEED TO BE SAVED TO STARUP AS

THEY ARE SAVED IN RUNNING CONFIG.
TRUNK-
It’s a point-to-point link between switch and another switch or router,,,,,to acrry
multiple vlan onthis Trunk port.
Two type of trunking –ISL and dot1q.

NEGOTIATION OF TRUNKING DONE BY DTP(is a point-topoint protocol)…
FOR 2 devices to form trunk they must be in same domain.
1) to enable trunk – switchport mode trunk

2) to disable negotiation – switchport nonegotiate
3) to give trunk encapsulation – switchport trunk encapsulation dotq/isl
u want to set it dynamic

switchport mode dynamic –desirable/auto
if on eside auto other side should be trunmnk or desirable
desirable actively participates in truck making –if ne side desirable other side
can be desirable/auto/trunk.
B#sh interfaces fastEthernet 0/23 switchport

Name: Fa0/23
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#sh int fastEthernet 0/23 trunk
Port Mode Encapsulation Status Native vlan

Fa0/23 auto negotiate not-trunking 1<<<<<<<<<<<<<<<<<<<<<NOT
WORKING
Port Vlans allowed on trunk

Fa0/23 1

Fa0/23 auto n-isl trunking 1<<<<<<<<<<WORKING
n-isl means (((((negotiate encapsulation isl in this case))))
Fa0/23 1-4094
Port Vlans allowed and active in management domain
SWITCHPORT TRUNK ENCAPSULATION NEGOTIATE ( nehgotiate

encapsulation)
Switchport trunk dynamic ( desirable/auto) ( to negotiate trunk).
1 always give command switch[port trunk encapsulation (dot1q/ISL)
Dot1x not enable on dynamic port and trunk.
Int fas 0/23

Switchport trunk native vlan ------ to specify the native vlan for trunk.
By default 1 to 4094 vlan are allowed on trunk port to filter –
Switchport trunk allowed vlan (2-80)
Switchport trunk allowed vlan remove (79)---to remove specific vlan out of range
vlan allowed
Extended range vlans can’t be pruned.

Int fas0/23
B(config-if)#switchport trunk pruning vlan 5

B(config-if)#^Z
B#sh int fastEthernet 0/23 switchport
Name: Fa0/23
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Operational private-vlan: none
Trunking VLANs Enabled: 2,3,5
Pruning VLANs Enabled: 5<<<<<<<<<<<<<<<<<<<<<<<<<<<
Understanding VTP Pruning
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast,
multicast, and unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to
those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning
is disabled.
For VTP pruning to be effective, all devices in the management domain must either support VTP pruning or,
on devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks.
Figure 9-1 shows a switched network without VTP pruning enabled. Interface 1 on Switch 1 and Interface 2
on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch
1 floods the broadcast and every network device in the network receives it, even though Switches 3, 5, and
6 have no interfaces in the Red VLAN.
You can enable pruning globally on the Catalyst 4000 family switch (see the "Enabling VTP Pruning"
section).
Figure 9-1 Flooding Traffic without VTP Pruning
Figure 9-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1
is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links
indicated (Interface 5 on Switch 2 and Interface 4 on Switch 4).
Figure 9-2 Flooding Traffic with VTP Pruning
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning
takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are eligible for pruning.
VTP pruning does not prune traffic from pruning-ineligible VLANs. VLAN 1 is always eligible for pruning;
traffic from VLAN 1 cannot be pruned.
To configure VTP pruning on a trunking LAN interface, use the switchport trunk pruning vlan command.
VTP pruning operates when a LAN interface is trunking. You can set VLAN pruning eligibility regardless of
whether VTP pruning is enabled or disabled for the VTP domain, whether any given VLAN exists, and
regardless of whether the LAN interface is currently trunking.
Dot 1 q recoievs both tagged and untagged traffic and untagged traffic sent in vlan 1
( native vlan)
B#sh spanning-tree interface fastEthernet 0/23
Vlan Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
VLAN0003 Root FWD 19 128.23 P2p
VLAN0005 Desg FWD 19 128.23 P2p
B#sh spanning-tree interface fastEthernet 0/24

---------------- ---- --- --------- -------- --------------------------------
VLAN0003 Altn BLK 19 128.24 P2p
VLAN0023 Altn BLK 19 240.24 P2p
EACH VLAN IN A trunk is FWD or blocking for same vlan in other port……
To change the port priorty
Spanning tree vlan () port priority
Or change path cost ---- spanning tree vlan () cost ()

VMPS-
Dot 1 x cant be enabled on dynamic port

!
switchport access vlan dynamic<<<<<<<For dynamic allocation of vlan
spanning-tree portfast<<<<<<automatically comes when dynamic vlan access
configured
VTP domain of VMPS SERVER AND CLIENT SHOULD BE SAME.
Dynamic ports can’t be used in etherchannel
To configure –
VMPS server (ip address) primary
To see ---
Switch#sh vmps
VQP Client Status:
--------------------
VMPS VQP Version: 1
Reconfirm Interval: 60 min
Server Retry Count: 3
VMPS domain server: 100.100.100.100 (primary, current)
Reconfirmation status
---------------------
VMPS Action: No Dynamic Port
Vmps reconfirm- to force reconfirm the dynamic allocation of vlan to port.
VTP----
VTP supports normals vlans(1-1005)
If domain nt givn in server mode -----vlan cant be created ….
VVVERY VERRY IMP.---- INT vlan () creates vlan layer 3
And vlan () cretes vlan for LAYER 2
When VTP updates go they send layer 2 only as VTP is layer 2 protocol ,,, so it will
send the vlan created by vlan () command.
E,g, of vtp
Create trunk b/w 2 swich
Make swich 1 as server ,,domain ankur

Make switch 2 client , domain ankur
Create vlan in switch 1 --- vlan 31 see that in switch 2 .

Sh vtp status ---see revision no.
\\If switch 2 was transparent then no new vlans created on 1 could be seen on 2 and
vice-versa
All switchses must have same version of VTP
A#sh vtp status
VTP Version : 2<<<<<<<<<<<<<<<<<
ENAB:LE VTP PRUNNING ON SERVER AND ALL SWITCHES IN SAME

DOMAIN TAKE IT. ( IF THEY ARE CLIENT) …. ON SERVER YOU CAN DO
THE CHANGES. TRANSPARENT YOU CAN’T CHANGE PRUNING..TO DO IT
FIRSTA MAKE SERVER DO PRUBNNING CHANGE AND THEN CHANGE
MODE TO TRANSPARENT.
To see prune eligible ---

B#sh int fastEthernet 0/23 switchport
Name: Fa0/23
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001<<<<<<<<<<<<<<<<<<
CHANGE REVISION NUMBER –
A(config)#vtp domain AN
Changing VTP domain name from ANKUR to AN
A(config)#^Z
A#sh vtp st
A#sh vtp status
VTP Version :2
Configuration Revision : 0<<<<<
Number of existing VLANs : 11
VTP Operating Mode : Client
VTP Domain Name : AN

A(config)#vt
A(config)#vtp do
A(config)#vtp domain ANKUR
Changing VTP domain name from AN to ANKUR
A(config)#^Z
A#sh vtp st
A#sh vtp status
VTP Version :2
Number of existing VLANs : 11
VTP Operating Mode : Client
VTP Domain Name : ANKUR
TO SEE IF VTP PACKETS GOING ---
CONFIG VLAN ON SERVER AND SE -- SH VTP COUNTERS ( IF THEY

INCREMENTING )
VLAN CREATED ON SERBVER SHOWS IN CLIENT..

VLAN CREATED ON CLIENT DOESNNT SHOW IN SERVER
VLAN CREATED ON SERVER DON’T SHOW ON TRASPARENT AND VICE

VERSA.
Switches in transparent mode don’t exachange vtp messages with other switches so
no need to configure vtp domain on it .
Pruning—
By default vlan 2-1001 are prune eliglible and see this via - sh int () switchport.
To seee if pruning enabled – sh vtp status.
Prunning not on vlan 1,1002-1005,extended vlan, TANSPARENT MODE SWITCH.
To see VTP password - sh VTP password.
Switches in transparent mode don’t exachange vtp messages with other switches so
no need to configure vtp domain on it .
WHEN U ASSIGN A DOAMIN TO A SWITCH IT CANT BE REMOVED YOU

CAN REASSIGN IT.
PRIVATE VLANS-
USE TRANSPARENT MODE OF SWITCH FOR PRIVATE VLANS.
USE CONGIG (VLAN MODE) <<CAN’T USE VLAN DATABASE MODE FOR
PRIVATE VLANS.
CONFIGURE PRIVATE VLANS WHERE U WANT AS THESE ARE NOT

UPDATE IN ALL SWITCHES BY VTP.
VLAN 1 ,1002-1005 vlans can’t be private vlans.
Extended range vlans can be private vlans.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
U can configure many isolated vlans but only one can be mapped to primary vlan –
Cat4k#sh vlan private-vlan
Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
20 501 isolated <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
502 isolated
503 isolated
EXAMPLE OF CONFIGURATION -----
Cat4k(config)#vlan 100
Cat4k(config-vlan)#private primary
Cat4k(config-vlan)#vlan 200
Cat4k(config-vlan)#private-vlan isolated
Cat4k(config-vlan)#exit
Cat4k(config)#vlan 100
Cat4k(config-vlan)#private-vlan association ?
WORD VLAN IDs of the private VLANs to be configured
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
Cat4k(config-vlan)#private-vlan association 200<<<<associating primpary vlan to

secondary
Cat4k(config-vlan)#exit
Cat4k(config)#int fastEthernet 3/1

Cat4k(config-if)#no sh
Cat4k(config-if)#switchport
Cat4k(config-if)#switchport mode private-vlan promiscuous <<<port mode
Cat4k(config-if)#switchport private-vlan mapping ?<<<<map port to primary and
secondary vlan
Cat4k(config-if)#switchport private-vlan mapping 100 200
Cat4k(config-if)#exit
Cat4k(config)#int fas
Cat4k(config)#int fastEthernet 3/2
Cat4k(config-if)#switchport
Cat4k(config-if)#switchport mode private-vlan host

Cat4k(config-if)#switchport private-vlan host-association ?
<1006-4094> Primary extended range VLAN ID of the private VLAN host port
association
<2-1001> Primary normal range VLAN ID of the private VLAN port
association
Cat4k(config-if)#switchport private-vlan host-association 100 ?

<1006-4094> Secondary extended range VLAN ID of the private VLAN host port
association
<2-1001> Secondary normal range VLAN ID of the private VLAN host port
association
Cat4k(config-if)#switchport private-vlan host-association 100 200<<<associating

host port ( which can be isolated and community ,,,,decided by second vlan given
,,,like here 200 which is isolated vlan)
Cat4k(config-if)#^Z
Cat4k#
DO EXAMPLE PAGE 102 from LAB SWITCHING RAMU .
Voice vlan-
Voice vlan enables the access port to carry ip voice traffic from ip phone.When
switch connected to 7960 ip phone , ip phone sends traffic with L3 ip prec and L2
COS of 5 default.
Switch(config-if)#switchport voice vlan dot1p
% Voice VLAN does not exist. Creating vlan 0
Switch#sh int fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Voice VLAN: dot1p<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Switch(config-if)#no sh
Switch(config-if)#switchport access vlan 5<<configured iin case trunking fails.
Switch(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dot1q-tunnel set trunking mode to TUNNEL unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally
Switch(config-if)#switchport mode dot1q-tunnel <<<<<dot1Q tunnel on SP to

customet
Switch(config-if)#exit
Switch(config)#vlan dot1q tag na
Switch(config)#vlan dot1q tag native <<<<tag native vlan.
Switch(config)#^Z
Switch#
ACTUALLAL CONF ON GOLD FOR DOT1Q TUNNEL-
Switch(config)#do sh run int fas 0/23


!
end

Switch(config-if)#switchport mode dot1q-tunnel
Switch(config-if)#switchport access vlan 23<<<<<<<ID OF CUSTOMER
CONNECTED
% Access VLAN does not exist. Creating vlan 23
Switch(config-if)#
Switch(config)#vlan dot1q tag native
Switch(config)#^Z

Fa0/23 off negotiate not-trunking 1<<<<<<<<<<<<<<<<<<<<<<

Fa0/23 23

Fa0/23 23
Port Vlans in spanning tree forwarding state and not pruned

Fa0/23 23
Switch#sh dot1q-tunnel
dot1q-tunnel mode LAN Port(s)

-----------------------------
Fa0/23<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<WILL SHOW IF TUNNEL UP.
Switch#sh vlan dot1q tag native
dot1q native vlan tagging is enabled
Switch#
Did shutdown on other switch where Dot1Q trunk configured

Switch#sh dot1q-tunnel

-----------------------------No ports have been configured as dot1qtunnel
OTHER SWITCH CONFIGURED – FOR DOT1Q trunk..

Fa0/23 on 802.1q trunking 1

Fa0/23 1-4094

Fa0/23 1,5,23

Fa0/23 1,5,23
DOT 1Q TUNNEL PRACTICAL ---
R1(e0/0) ------F(0/1)B F(0/23)------TRUNK DOT1Q-----------F(0/23) A F0/7

------------------------Goga0/0 R7
CONFIG ---
R1(config)#int fastEthernet 0/0

R1(config-if)#no sh
R1(config-if)#exit
R1(config)#int fastEthernet 0/1.1
R1(config-subif)#encapsulation dot1Q 12
R1(config-subif)#no sh
R1(config-subif)#ip ad
R1(config-subif)#ip address 1.1.1.2 255.255.255.252
R1(config-subif)#^Z
-----------------------------------------------------------------------------------------------------------------
B(config)#int fas
B(config)#int fastEthernet 0/23
B(config-if)#no sh
B(config-if)#switchport trunk encapsulation dot1q
B(config-if)#switchport mode trunk
B#sh int fastEthernet 0/23 trunk

Fa0/23 on 802.1q trunking 1

Fa0/23 1-4094
Fa0/23 1,100

Fa0/23 1,100
B(config-if)#no sh
B(config-if)#switchport mode dot1q-tunnel
B(config-if)#switchport access vlan 100
B#sh dot1q-tunnel

-----------------------------
Fa0/1
B#config t
B(config)#system mtu 1500
B(config)#^Z
------------------------------------------------------------------------------------------------------------------
A(config)#int fastEthernet 0/23
A(config-if)#no sh
A(config-if)#switchport mode trunk
A(config-if)#switchport trunk encapsulation dot1q
A(config-if)#switchport mode trunk
A(config-if)#no sh
A(config-if)#^Z
A(config-if)#int fas0/7
A(config-if)#no sh
A(config-if)#switchport mode dot1q-tunnel
A(config-if)#switchport access vlan 100
A(config-if)#no sh
A(config-if)#^Z
A#sh run int fastEthernet 0/7


!
switchport mode dot1q-tunnel
no cdp enable
end
A#sh int fastEthernet 0/7 trunk

Fa0/7 off negotiate not-trunking 1

Fa0/7 100
Fa0/7 100

Fa0/7 100
A#sh dot1q-tunnel

-----------------------------
Fa0/7
A#config t
A(config)#int fas
A(config-if)#swi
A(config-if)#switchport ac
A(config-if)#switchport access vl
A(config-if)#switchport access vlan 200<<<<<<<<<<<<<<<<<<<<<<<WHEN I CJHANGE
VLAN 100 TO 200 IN SP EDGE SWITCH A ,,PING FAILS.
A(config-if)#
09:21:08: %DOT1Q_TUNNELLING-4-MTU_WARNING:
System MTU of 1500 might be insufficient for 802.1Q tunnelling.
802.1Q tunnelling requires system MTU size of 1504 to handle maximum size ethernet
frames.
A(config-if)#switchport access vlan 100

A(config-if)#
09:21:30: %DOT1Q_TUNNELLING-4-MTU_WARNING:
System MTU of 1500 might be insufficient for 802.1Q tunnelling.
802.1Q tunnelling requires system MTU size of 1504 to handle maximum size ethernet
frames.
A(config-if)#exit
A(config)#sy
A(config)#system mtu
A(config)#system mtu 1504
Changes to the System MTU will not take effect until the next reload is done.
A(config)#^Z
A#s
09:21:51: %SYS-5-CONFIG_I: Configured from console by consoleh run int fas

!
switchport mode dot1q-tunnel
no cdp enable
end
A#config t
A(config)#sy
A(config)#system mt
A(config)#system mtu 1504
A(config)#^Z
A#wr
nv_done: unable to open "flask:/archive/config.text.new"[OK]

A#
09:22:15: %SYS-5-CONFIG_I: Configured from console by console
---------------------------------------------------------------------------------------------------------------------
R7 -----interface GigabitEthernet0/0
no ip address
duplex full
speed 100
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 12
ip address 1.1.1.1 255.255.255.252
no snmp trap link
----------------------------------------------------------------------------------------------------------------------
RESULTS-
R1#ping 1.1.1.1

!!!!!
R1#
IF NOW I CHANGE ACCESS VLAN UNIQUE ID FOR CUSTOMER WHICH IS 100 AT SP to
200 .....PING FAILS
A#config t
A(config)#int fas
A(config-if)#swi
A(config-if)#switchport ac
A(config-if)#switchport access vl
A(config-if)#switchport access vlan 200<<<<<<<<<<<<<<<<<<<<<<<WHEN I CJHANGE
VLAN 100 TO 200 IN SP EDGE SWITCH A ,,PING FAILS.
R1#ping 1.1.1.1

.....
Success rate is 0 percent (0/5)
WHEN YOU RESTORE IT BACK TO VLAN 100 --it takes some time some pings drops...---
R1#ping 1.1.1.1 re 100

.......!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R1#

R1(config-subif)#encapsulation dot1Q 12<<<<<<<<<<<<<,THIS IS THE VLAN WITH WHICH
CUSTOMER SENDING TRAFFIC (INNER VLAN ) ....WHEN U CHANGE THIS AT REMOTE
ROUTER R7 EVEN THEN PING FAILS.
TO BRING OUT A PORT FROM ERR DISABLE STATE AUTOMATICALLY –
Err disable cause (method by wich it was err disabled ) -------
L2protocol tunnel-
EARLY-
R1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID

B Fas 0/1 138 SI WS-C3550- Fas 0/1
R1#
---------------------------------------------------------------------------------------------------------------
B(config-if)#l2protocol-tunnel stp
B(config-if)#l2protocol-tunnel vtp
B(config-if)#l2protocol-tunnel cdp
B(config-if)#l2protocol-tunnel drop-threshold 1000
B(config-if)#l2protocol-tunnel shutdown-threshold 1500
B(config-if)#exit
B(config)#l2protocol-tunnel cos 7
B(config)#^Z
B#sh l2protocol-tunnel
COS for Encapsulated Packets: 7
Drop Threshold for Encapsulated Packets: 0
Port Protocol Shutdown Drop Encapsulation Decapsulation Drop

Threshold Threshold Counter Counter Counter
---------- -------- --------- --------- ------------- ------------- -------------
Fa0/1 cdp 1500 1000 1 0 0
stp 1500 1000 0 0 0
vtp 1500 1000 0 0 0
--- ---- ---- ---- ---- ----
--- ---- ---- ---- ---- ----
--- ---- ---- ---- ---- ----
B(config)#errdisable recovery cause l2ptguard

B#config t
B(config)#int fas
B(config-if)#no cdp en
B(config-if)#no cdp enable <<<<<<<<<<<<<VERY IMP TO SEE REMOTE DEVICE AS CDP
NEIHBOUR.IF ENAABLED IN R1 YOU SE B ALONG WITH R7 in R1 .
B(config-if)#^Z
B#
R1#sh cdp neighbors


B Fas 0/1 175 SI WS-C3550- Fas 0/1<<<<<<<<<<<<<<<<<<<YOU
SEE BOTH IF CDP ENAB:LED ON SWITCH B INT FA0/1 .
R7 Fas 0/1 86 RSI 3825 Gig 0/0
R1#
---------------------------------------------------------------------------------------------------------------

A(config-if)#l2protocol-tunnel
A(config-if)#l2protocol-tunnel shutdown-threshold 1500
A(config-if)#l2protocol-tunnel drop-threshold 1000
A#sh l2protocol-tunnel

---------- -------- --------- --------- ------------- ------------- -------------
Fa0/7 cdp 1500 1000 0 0 0
stp 1500 1000 0 0 0
vtp 1500 1000 0 0 0
--- ---- ---- ---- ---- ----
--- ---- ---- ---- ---- ----
--- ---- ---- ---- ---- ----
A#sh l2protocol-tunnel

---------- -------- --------- --------- ------------- ------------- -------------
Fa0/7 cdp 1500 1000 0 0 0
stp 1500 1000 0 0 0
vtp 1500 1000 0 0 0
--- ---- ---- ---- ---- ----
--- ---- ---- ---- ---- ----
--- ---- ---- ---- ---- ----
A#
----------------------------------------------------------------------------------------------------------
R1#sh cdp neighbors


R7 Fas 0/1 132 RSI 3825 Gig 0/0
R1#
R7#sh cdp neighbors


R1 Gig 0/0 157 RS 2621XM Fas 0/1
R7#
ETHERCHANNEL OVER DOT1Q TUNNEL CONFIGURATION---
CUSTOMER A SWITCH CONF

A(config)#int range fastEthernet 0/1-4
A(config-if-range)#no sh
A(config-if-range)#sw
A(config-if-range)#switchport trunk encapsulation dot1q
A(config-if-range)#switchport mode trunk
A(config-if-range)#channel-group 1 mode desirable <<<<<<<<<<<<<<<<<<<,CREATING
ETHERCHANNLE AT CUSTOMER END
A(config-if-range)#exit
A(config)#int port-channel 1
A(config-if)#no shut
A(config-if)#^Z
-----------------------------------------------------------------------------------------------------------
SWITCH B IN FIGURE ---
SP(config)#int range fastEthernet 0/4-6

SP(config-if-range)#no sh
SP(config-if-range)#sw
SP(config-if-range)#switchport mode dot1q-tunnel
SP(config-if-range)#switchport access vlan 100
SP(config-if-range)#l2protocol-tunnel point-to-point pagp<<<<To pass PAGP to other switch so
that etherchannlel is formed.
SP(config-if-range)#l2protocol-tunnel point-to-point udld
SP(config-if-range)#l2protocol-tunnel drop-threshold point-to-point pagp 1000
SP(config-if-range)#exit
SP(config)#int fas
SP(config)#int fastEthernet 0/23<<<<<<<<<<<<<<<<<FOR TRUNKING BETWEEN B AND A
SWITCH WITHIN SP CORE
SP(config-if)#switchport trunk encapsulation do
SP(config-if)#switchport trunk encapsulation dot1q
SP(config-if)#switchport mode trunk
SP(config-if)#^Z
SP#wr
[OK]
SP#
SME CONFIGURATION AT SP A SWITCH.
To see sh l2protocol-tunnel
STP---
SWITCHES SEND BPDU which contain – SWITCH MAC-ADDRESS,SWITCH

PRIORITY , PORT PRIORITY,PATH COST.
SWITCH PRIORITY + MAC-ADDRESS = UNIQUE BRIDGE ID.

PORT PRITY + MAC-ADDRESS = PORT IDENTIFIER.
STP DECISION-
1) LOWEST ROOT BRIDGE ID
2) LOWEST ROOT PATH COST TO ROOT SWITCH

3) LOWEST SENDER BRIDGE ID
4) LOWEST SENDER PORT ID.
ALL PORTS ON ROOT SWITCH ARE DESIGNATED PORTS.

PORT NOT ROOT PORT OR DP ARE BLOCKING PORTS.
PVST+ -- 802.1D
RAPID PVST+- 802.1W
SPANNING TREE—
EXAMPLE—
GOLD LAB
S/W A F0/23 ------------ F0/23S/W B
F0/24------------- F0/24
Switch(config-vlan)#exit
Switch(config)#spanning-tree vlan 100
Switch(config)#spanning-tree mode pvst
Switch(config-if)#int fas
Switch(config-if)#int fas0/24
Switch#sh spanning-tree summary

Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0100
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
VLAN0100 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 4 4
Switch#sh spanning-tree vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 32868
Address 000e.8307.6b80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)

Aging Time 300
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p <<<AS root switch all ports DP.
Fa0/24 Desg FWD 19 128.24 P2p
B SWITCH CONFIGURATION -----------------
Switch(config-vlan)#exit
Switch(config)#int fas
Switch(config-if)#int fas
Switch(config-if)#int fas0/24
Switch(config)#spanning-tree vlan 100
Switch(config)#spanning-tree mode pvst
Switch(config)#^Z
VLAN0100
Cost 19
Port 23 (FastEthernet0/23)

Address 000e.830d.8280
Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p <<<<<As this is not root switch.
NOW I WILL PLAY WITH THIS ---

B(config)#spanning-tree Vlan 100 root primary
B#sh spanning-tree vlan 100
VLAN0100
Bridge ID Priority 24676 (priority 24576 sys-id-ext 100)<<<<DUE TO PRIMAPRY

IF CURRENT S/W HAS BRIDGE PRIORITY MORE THAN 24576 THEN IT IS
MADE THIS …..If less than this then made 4096
Aging Time 15

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg LIS 19 128.24 P2p
VLAN0100

Aging Time 15

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg LRN 19 128.24 P2p
If You want to change the –Spanningtree vlan 100 root secondary (pririty made 28672)
IF you statically want to make s/w root

Change priority ---
EARLY-
VLAN0100
Cost 19

Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
AFTER
Switch(config)#spanning-tree vlan 100 priority 4096
VLAN0100

Aging Time 15

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg LRN 19 128.24 P2p <<<<<NOW ROOT
CHANGE COST TO AKE A PORT FROM BLK TO FWD---
VLAN0100
Cost 19

Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p <<<<<<<<23 is FWD and 24 BLK
Fa0/24 Altn BLK 19 128.24 P2p
B#config t
B(config-if)#spanning-tree cost 1
B(config-if)#^Z
VLAN0100
Cost 1

Aging Time 15

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Altn BLK 19 128.23 P2p <<<<<<<<<<<<<23 is ALT AND 24 IS
FWD.
Fa0/24 Root FWD 1 128.24 P2p
B#
To change PORT PRIORITY –
EARLY ----
VLAN0100
Cost
19<<<<<<<<<<<<<<<<<<<<<<<THE
SE ARE OF ROOT BRIDGE
Hello Time 2 sec Max Age 20
sec Forward Delay 15 sec
Address 000e.830d.8280<<<<<<<<<<<<LOCAL SWITCH.
Aging Time 15

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p <<<<128 is port priority default
Fa0/24 Altn BLK 19 128.24 P2p
BASIC ---CHANGE PORT PRIRITY

ON ROOTSWITCH ..
AND PORT ON NON ROOT
<<WHOSE PRIORITY DECRESED
BECOME FWD.
CHANGE COST ON NON-ROOT

SWITCH.AND SEE THE PORT
WHOSE COST DECREASED
BECOMES FWD.
BLOCKING STATE LISTETEN
BPDUS AND LISTINING STATE
ALSO SEND BPDUS..HERE ROOT
PORT OR DP CACULATED.
VLAN0100

Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
Switch(config)#spanning-tree vlan 100 root primary <<<BY THIS COMMAND
PIORITY CHANGED PUS TIMERS RESTORED TOI DEFAULT
VLAN0100

Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
Switch#
FOR UPLINK FAST LINKS NEED TO BE ACCES LINKS AND WHEN ONE
LINK TO UPLINK S/W fails OTHER ALKES OVER IMMIDIALTELY IN FWD
STATE.
DON’T PUT IT ON ROOT SWITCH.

Switch(config-if)#spanning-tree guard root
Switch#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0100
WHEN PRIORITY REDUCED ON REMOTE SWITCH TO MAKE IT ROOT----
Switch#sh spanning-tree int fastEthernet 0/23

---------------- ---- --- --------- -------- --------------------------------
Switch#sh spanning-tree int fastEthernet 0/23

---------------- ---- --- --------- -------- --------------------------------
VLAN0100 Desg BKN*19 128.23 P2p *ROOT_Inc

Switch(config-if)#spanning-tree portf

Switch(config-if)#spanning-tree bpduguard enable <<<<PORTFAST YOU DON’T
EXPECT BPDU ON THAT PORT ,,,, WHEN THIS BPDUGAUDR ENABLED U
RECEIVE BPDU PIUTS THE PORTS IN DON STATE.
Switch#sh ip int brief | i 0/23

FastEthernet0/23 unassigned YES unset down down
Spanning tree instance(s) for vlan 100 does not exist.
Switch#
ROOT GUARD AND BPDUGAURD TO PREVENT LOOPS FROM SUDDEN

COMING OF BPDU.
SUDEEN LOSS OF BPDU----------------
SKEW DETECTIOn
LOOP GUARD --- SPANNING tree guard loop
UDLD
INT 802.1D ----- after convergence only root bridge sends BPDU.
802.1W ---- neighbours send eachother BPDUS…EVEN AFTER

CONVERENCEAND THEY KNOW ROOT BRIDGE….BECAUSE IF THEY
MISS 3 HELLO PACKETS (BPDU) ,,,,IT KNOWS NEIGHBOR DOWN.
(WHEN INDIRECT LINK FAILURE).
TWO SWITCHES ---
1 and 2
1 send s proposal flag set to 2 I’m root ,,,,,if 2 agrees it replies with aggrement
flag set…This is very fast and they transition to FORWARDING .THIS
HAPPENSS ON POIN-To-POINT FULL DUPLEX LINKS.
MSTP----
Large vlan in 1 instance
When u create mst
Spanning tree mode mst

Spanning tree mst configuration
Name Cisco<<<<<<region name which will be same in all switches in same region.
When u create an instance any (1-15)( THESE ARE CALLED MSTI) ,,0 created
automatically called IST.BY default all vlans are part of IST.
To see
Sh spanning tree mst configuration.
For mst configuration 3 thing-
1) region name
2) revision number
3)) vlan to instance mapping.
ONE BPDU FOR ALL INSTANCES BY every switch by IST. …….IF ONE
MSTI IS FWD ALL VLANS WITHIN IT ARE FWD AND IF ITS BLOCKING
ALL VLAN WITHIN IT ARE BOCKING.
WITHIN REEGION IST….

GROUP OF IST IN DIFFERENT REGION CISTP.
MST REGIONS CONNECTED VIA CST.
ALL MSTI SEND BPDU AS THEY ARE IN RSTP.

ON INSTANCE 0 HAS SPANNING TREE TIMER VLAUES
INFORMATION…IF U CHANGE MST FWD time u see that in instance 0.
ONE M RECORD FOR EACH INSTANCE---IF 300 vlans 1-300 in instance 1

then ,,,,, m record won’t say that I have VLAN 1,2 so on till 300 ,,it will rather
make a hash digest which repreents all the 300 vlans .These M reord don’t go out
mst region.MST DOEST INTERACT OUTSIDE REGION DIRECTLY. IST
DOEST THIS.IST USES 802.1d timers so can interact outside with
802.1D….othere MSTI run 802.1W .
IF PARAMETERS DONTS MATCH B/W two switches for HASH GENRATED
FOR VLANS…..THE COME DOWN TO RSTP OR PVST.
MST REGION WILL SHOW AS BOUNDRY WHEN-

COMMON SPANNING TREE – One spanning tree instance for all valns.
IST MASTER,,,WHNE U RECEIVE 802.1D pachkets from outside u have to

make it to MST FOR MAT AND SEND IN MST REGION ,,,DONE BY IST
MASTER…IST MASTER IS THE SWITCH WHO HAS LOWEST PATH
COST TO ROOT SWITCH
Port fast casnt be enabled on potrts to pc or routers that don’t generate BPDU.
Switch(config)#spanning-tree portfast
bpduguard ?
default Enable bdpu guard by default
on all portfast ports
mst configuration ---

spanning-tree mst configuration
name ANKUR
instance 1 vlan 1-2
instance 2 vlan 100-200
!
spanning-tree mst 1 priority 4096<<<DID THIS TO MAKE THIS ROOT FOR
MIST 1
B#sh spanning-tree m
B#sh spanning-tree mst 1
##### MST1 vlans mapped: 1-2

Bridge address 000e.830d.d480 priority 4097 (4096 sysid 1)
Root this switch for MST1

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 200000 128.7 P2p
Fa0/8 Desg FWD 200000 128.8 P2p
Fa0/23 Desg FWD 200000 128.23 P2p
Fa0/24 Desg FWD 200000 128.24 P2p
B#
And other switch ---

spanning-tree mst configuration
name ANKUR
instance 1 vlan 1-2
instance 2 vlan 100-200<<<<<<
!
A#sh spanning-tree mst 1

Bridge address 000b.fd92.7100 priority 32769 (32768 sysid 1)
Root address 000e.830d.d480 priority 4097 (4096 sysid 1)
port Fa0/23 cost 200000 rem hops 19

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 200000 128.23 P2p
Fa0/24 Altn BLK 200000 128.24 P2p<<<<<
U making in MST few ports in a instance for vlan 1-2 FWd on B ,,,as B root for
this ,,,and A not...
WHILE IN PVST FOR SINGLE VLAN U MAKE ROOT.
To see a port staus in all instatnces --- and seelink type
B#sh spanning-tree mst interface fastEthernet 0/23
FastEthernet0/23 of MST0 is root forwarding

Edge port: no (default) port guard : none (default)
Link type: point-to-point (auto) bpdu filter: disable (default)
Boundary : internal bpdu guard : disable (default)
Bpdus sent 180, received 313
Instance Role Sts Cost Prio.Nbr Vlans mapped

-------- ---- --- --------- -------- -------------------------------
0 Root FWD 200000 128.23 3-99,201-4094
1 Desg FWD 200000 128.23 1-2
2 Root FWD 200000 128.23 100-200
A#sh spanning-tree vlan 1
MST1<<<<vlan 1 in MST1
Spanning tree enabled protocol mstp
Address 000e.830d.d480
Cost 200000

Address 000b.fd92.7100

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 200000 128.23 P2p <<<for mst1 ( U SAW SAME BY
SH SPANNING-tree mst1)
Fa0/24 Altn BLK 200000 128.24 P2p
TO see ur local switch Root for what all ---
B#sh spanning-tree summary totals

Switch is in mst mode (IEEE Standard)
Root bridge for: MST1
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short (Operational value is long)
Name Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------
3 msts 2 0 0 8
WHEN C SPEAKING 802.1D and in blocking …al speak 802.1D even toiugh A
and B are RSTP OR MST CAPABLE…..WHEN C removd as it is in blocking
other don’t know it is removed…to force these A and B to stop using 802.1D as C
removed use command—
Clear spanning-tree detected protocol int fa1/1.



---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 200000 128.23 P2p
Fa0/24 Altn BLK 200000 128.24 P2p
NOW CHANGED ON ROOT THAT IS B -----

B(config-if)#spanning-tree mst 1 port-priority 16
B(config-if)#^Z


---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Altn BLK 200000 128.23 P2p
Fa0/24 Root FWD 200000 128.24 P2p <<<<<<<<<<<<<<<<<<<
A#
Now after this –

A#config t
A(config)#int fas
A(config-if)#spanning-tree mst 1 cost 19
A(config-if)#^Z


---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p <<<19
Fa0/24 Altn BLK 200000 128.24 P2p <<<<<<<<<<<<<<<2000000


---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 200000 128.24 P2p
A#config t
A(config)#spanning-tree mst 1 priority 0
A(config)#^Z

Root this switch for MST1

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg BLK 200000 128.24 P2p
##### MST0 vlans mapped: 3-99,201-4094

Root this switch for the CIST
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 200000 128.23 P2p
Fa0/24 Desg FWD 200000 128.24 P2p
A#config t
A(config)#spanning-tree mst hello-time 4
A(config)#spanning-tree mst forward-time 30
A(config)#spanning-tree mst max-age 34
A(config)#^Z
A#sh spanning-tree mst 0<<< see all timers in IST or MST 0
##### MST0 vlans mapped: 3-99,201-4094

Root this switch for the CIST
Operational hello time 4 , forward delay 30, max age 34, txholdcount 6
Configured hello time 4 , forward delay 30, max age 34, max hops 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 200000 128.23 P2p
Fa0/24 Desg FWD 200000 128.24 P2p
A#
FLEX LINKS.-----
LINKS on 3560 switch that provide BACKUP TO EACHOTHER.

THESE CAN BE USED WHERE U WANT TO USE BACKUP LINK AND NOT
USE SPANNING TREE FOR THIS.
IF STP RUNNING NO NEED OF FLEX LINK AS SPANNNING TREE DOES
THIS SAME.
STP IS DISABLED ON FLEXLINKS.
FOR VLAN --- STP.
EVERY ACTIVE LINK WILL HAVE 1 BACKUP LINK.ACTIVE LINK WILL

BE PART OF 1 FLEX LINK PAIR.PORTS ON WHICH FLEX LINKS
ENABLES , AUTOMATICALLY GET STP DISABLED.
Backup=----
On main port—
Gig0/1
Switchport backup int g0/2 or Switchport backup int g0/2 preempt
forced/bandwidth
MAC _ADDRESS MOVE UPDATE
So that if port 1 of switch A fails and FLEX LINS WERE CONFIGURED

…….PORT1 FWD and 2 BLK….NOW as port 1 failed……THEN port 2
FWD..BUT SWITCH HAS ALREADY LEARNT MAC OF PPC ON ORT 3
AND KEEPS SENDING SO PACKETS DROPEED…..INSTEAD WHEN
MAC_ADDRESS MOVE UPDATE CONFIGURED AND WHEN PORT
COMES FWD <<<<IT SEND MACADDRESS MOVE UPDATE TPO SWITCH
C AND SWOITCH ON PORT 4 LEARNS PC MAC-ADDRESS.AND STARTS
FORWARDING TRAFFIC..
SWITCH A CONF—
INt PORT1 –
SWITCHPORT BACKUP INT fa 2 mmu primary vlan ()
AND GLOBALLY –
MACCADDRESS move update transmit
On switch –
Macaddress move UPDATE receive
To see sh mac-address MOVEUPDATE
MAC_ADDRESS MOVEUPDATE TRANSMIT

Int gig0/1
Mac-addre
DHCP SNOOPING –
UNTRUSTED PORT OUT OF N/W or that goes to users--S/w—TRUSTED PORT

THAT IS IN SP OWN N/w
NOW if DHCP SNOOPING ENABLED THEN S/W keeps track of macadress and
vlan and interface where received…etc….
Dynamic arp inspection ---
Ip arp inspection vlan ( )

MULTICASTING ---
IGMP SNOOPING----
Configuring layer 2 devices so that multicast traffic is fwd to only that devices that
are in that multicast group.When a s/w receives the join report from host ,,it add
that host in the fwd table with the group of multicast address for that group…when
it receives leave request then removes that host entry from fwd table.This happens
when router sends querries for particular group and hosts interested reply with join
report and are added to to fwd table of s/w .
Via igmp snooping s/w dynamically lerans the multicast ip groups…u can make this
static by ---- so that a vlan on interface is statically bound to multicast address.
IT MANAGES TRAFFIC AT LAYER 2 ONLY.
IGMP snooping restricts traffic in MAC

multicast groups 0100.5e00.0001 to 01-
00-5e-ff-ff-ff.
Groups with IP addresses in the 224.0.0—255 range are reserved for routing control packets and are
flooded to all forwarding ports of the VLAN. These addresses map to the multicast MAC address range
0100.5E00.0001 to 01-00-5E-00-00-0xFF.
IGMP snooping does not restrict Layer 2 multicast packets generated by routing
protocols.
IGMP IS LANGUAGE WITH WITH HOST AND ROUTER SPEWAK ……S/W with
IGMP SNOOPING ENABLED LISTENS TO THIS COMMUNICATION AND MAKES
ITS ENTRIES ,,,,AS PER JOIN REPORT AND LEAVE REQUEST.
To enable igmp snooping –
Ip IGMP SNOOPING.---- to learn the mrouter connected to s/w port ---

BY pim ,DVMRP , CGMP or by configuring the interface on which connected ----
Switch(config)#ip igmp snooping vlan 1 mrouter learn ?
cgmp Learn the multicast router snooping CGMP packets
pim-dvmrp Learn the multicast router snooping PIM-DVMRP packets
Switch(config)#ip igmp snooping vlan 1 mrouter learn cgmp <<CGMP METHOD
Switch(config)#ip igmp snooping vlan 1 mrout interface fastEthernet

0/2<<<DEFINING INTERFACE
Switch(config)#^Z
SPECIFY MROUTER CONNECTED TO INTERFACE FASTETHERNET 0/2 IS
FOR vlan 1
SNMP ----
SERVER COMMUNICATES WITH AGENT ON SWITCH WHICH TAKES DATA

FROM MIB.
SNMP VERSION –
1 and 2c community based
3 based on auth , privacy
In 2 c we have diff error types and in v1 only one .
Community used by managers to access agents MIB on switch as authentication.

ACL –
PORT ACL ARE THE ACL APPLIED TO LAYER 2 INTERFACES ON

SWITCH.These can be applied only on physical interfaces and that too in inbound
direction.WITH THIS U CAN FILTER IP TRAFFIC USING IP ACCESS_LIST
AND NON IP TRAFFIC USING MAC-ACCESS list.
1) STANDAR 2) EXTENDED 3) Mac-ADDRESS EXTENDED
ROUTER ACL – FILTER LAYER TRAFFIC ---STANDARD AND EXTENDED

ACL.CAN BE APPLIED IN BOTH DIRECTIONS.
VLAN _MAPS ARE APPLIED FOR TRAFFIC GOINGG THROUGH SWITCH

AND NOT ON ANY INTERFACE.U can use VLAN MAPS TO FILTERS
TRAFFICS BETWEEN DEVICES IN SAME VLAN.
access-list 1 permit 1.1.1.1
access-list 1 deny 2.2.2.2
access-list 1 permit 2.2.2.0 0.0.0.255
!
Switch# sh access-lists 1
Standard IP access list 1
20 permit 1.1.1.1
30 deny 2.2.2.2
10 permit 2.2.2.0, wildcard bits 0.0.0.255
When u configure access-list in switc the entries with host come at top and shown at
top….although sequence of acces-list application is sa,me as configured ---
Switch# sh access-lists 1
Standard IP access list 1
20 permit 1.1.1.1
30 deny 2.2.2.2
10 permit 2.2.2.0, wildcard bits 0.0.0.255
QOS
TOS earlier used in packet

Now dscp
Tos –
3 bit ip prec| 4 bit tos
DSCP
Whole byte called DS BYTE

6 bits are called dscp
3 bit Class selector | 3 bit drop precedence.
DIFFSERV MODEL-
QOS BUILDING BLOCKS—
WHEN PACKET arrives at ingress port it is plavced into ingress que, so that
packets are stored until CPU is busy fwd current packets……THERE ARE 2 QUES
at ingress STRICK PRIORITY QUE AND STANDARD que.
ALL PACKETS WITH COS VALUE 5 or EF are placed in STRICKT PRIORITY
QUE.
CLASSIFICATION --- based on acl saying which traffic tcp,udp,icmp,telnet etc.

VALUES ASSOCIATED WITH THEM. SWITCH CAN DECIDE WHTHER TO
TRUST TOS or DSCP OR COS ALREADY IN INBOUND PACKET
IF NOT TRSUSTED NEW VALUES ASSIGNED BY SWITCH.EVERY S/W can
specify whether to trust the packet TOS/DSCP/COS or not,,,but prrefrabelly done
at n/w edge.
POLICING- TO RATE LIMIT THE TRAFFIC or bring down dscp value of packet.
Moicroflow policer- keep track of bandwidth b/w source and destination ports.
Aggregate policer-Monitors the traffic on one port.
SCHEDDULING- after pkt ready for forwarding are placed into egress que and and
que are serviced according to predined configurable parameters for congestion
maintance
There are multiple ques at egres pport strict proiority que ( EF) and standard que.
In this we have 1st standar que, 2nd standar que ,,,,
For diff cos values ranges…..
Like cos 0- 3 in 1st standard que
SCHEDULING IS CONGESTION MANAGEMENT … WE CAN DO THIS
USING WRR….IN THIS EACH QUE GIVEN WT,,,, DEPENDING ON THAT IT
IS SERVICED ( HIGHER WT QUE SERVICED BEFORE LOWER WT QUE)
QUES SERVICED IN ROUND-ROBIN FASHION ,,,EXCEPT PROIORITY QUE
WHICH IS ALWAYS SERVICED.
CONGESTION AVOIDANCE – when port ques where pkt stored before

transmitting , if port gets congested and ques beggin to fill ,,, the packets wont be
stored in ques as they are full and get dropeed.
TAIL DROP
WRED--- different threshold for diff cos values …..COS 0 -2 thresold 50% and cos
3-4 threshold 69 %.When load of 50 % cos 0 and 1 packets start dropping and when
69 % load thresholad reached cos 3 and cos 4 start dropping but after cos 1 and 2
are dropped.HIGHER THE QUE NO MORE PRIORITY IT HAS.,
xPyQzT
x priority ques / y standard ques/z thresholds for standard ques
prioriyty que never has threshold as can’t be dropeed.
DEFAULT on switch ---
Switch#sh int fastEthernet 0/1 capabilities

FastEthernet0/1
Model: WS-C3550-24
Type: 10/100BaseTX
Speed: 10,100,auto
Duplex: half,full,auto
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QOS scheduling: rx-(1q0t),tx-(4q0t),tx-(1p3q0t)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
s/w port has 1 strict priority que and 3 standard ques with 2 threshold..
if strict que not used then 4 standard ques with 2 thresholds.
Switch#sh queueing int fastEthernet 0/1

Interface FastEthernet0/1 queueing strategy: none
CONFIG-
1) TRUST CONFIGURED ON INTERFACE BASIS
Switch(config-if)#mls qos trust ?

cos Classify by packet COS
device trusted device class
dscp Classify by packet DSCP
ip-precedence Classify by packet IP precedence
2) to map cos to dscp
mls qos map cos-dscp ( cos 1 ---- cos 8 )

THIS IS DEFAULT ON SWITCH TOU CAN USE AF11 ETC.
cos 0 1 2 3 ----------- 8
DSCP 0 AF10 AF20 AF30 AF80
3)
Map ip-prec to dscp
THIS IS DEFAULT ON SWITCH TOU CAN USE AF11 ETC.

Ip-prec 0 1 2 3 ----------- 8
DSCP 0 AF10 AF20 AF30 AF80
Switch(config)#mls qos map ip-prec-dscp 1 2 3 0 6 7 8 8

3) dscp mutation – change incoming dscp values to other values.
Switch(config)#mls qos map dscp-mutation ANKUR 2 3 4 6 7 8 9 10 to 12

Switch(config-if)#mls qos dscp-mutation ANKUR<<<apply to interface
Switch(config-if)#
AF 10 is same as CS 1 as CLASS
SELECTOR1 .dont confuse with
COS that’s different(for layer 2
frame)
CS5 is 46
Cs 6 and 7 same as AF60 or AF70
are for routing protocols.
to change parameters like DSCP.
COS,IPPREC and mapping
,trust
use mls
POLICYING USE CLASS-MAP

VALUES ASSOCIATED WITH THEM
4) DEFINE POLICYING-
IF U SAY CLASS-MAP ANKU ( DEFAULT IS MATCH ALL)

TO iidentify traffic --- class-map
Switch(config)#class-map match-all ANKU

Switch(config-cmap)#match ip ?
dscp Match IP DSCP (DiffServ CodePoints)
precedence Match IP precedence
Switch(config-cmap)#match ?
access-group Access group
class-map Class map
ip IP specific values
vlan VLANs to match
To apply policy ---
Switch(config)#policy-map A
Switch(config-pmap)#class ANKU
Switch(config-pmap-c)#?
QoS policy-map class configuration commands:
exit Exit from QoS class action configuration mode
no Negate or set default values of a command
police Police
set Set QoS values
trust Set trust value for the class
You can set in policy map ,,,, by matching traffic of class -----you can set ip prec/DSCP., trust dscp/COS/Iprec
YOU CAN SET
Switch(config-pmap)#class ANKU
Switch(config-pmap-c)#police ?
<8000-1000000000> Bits per second
aggregate Choose aggregate policer for current class
you can put exceed/violate/confirm action forward/drop/markdown dscp values.
THEN APPLY IT TO INTERFACE
SERVICE POLICY (in/OUT) ()
5) SHAPING
INTERFACE CONGESTED (then ques also congested ) ----
To service ques
Switch(config-if)#wrr-queue bandwidth 4 255 4 4
In this standard q 1 has wt of 4 and q 2 has 255 , so q 2 has 64 more times wt than q1 ,, so q2 is serviced when 1
packet sent out of q1 , in turn for q2 in sends 64 packets.
To see
Switch#sh mls qos interface fastEthernet 0/10 queueing

FastEthernet0/10
Egress expedite queue: dis<<ENABLES WHEN U WRITE PRIORITY-QUE OUT
wrr bandwidth weights:
qid-weights
1 - 25
2 - 25
3 - 25
4 - 25
Cos-queue map:
cos-qid
0-1
1-1
2-2
3-2
4-3
5-3
6-4
7-4
6) mapping back dscp to cos at egress port ,, if required as per case
mls qos map dscp-cos
7) AT egress
Put packet with cos 0 and 1 in que1
Switch(config-if)#wrr-queue cos-map 2 3 4
And enable ptriority que
Switch(config-if)#priority-queue out
8) to put WRED –
on uinterface
wrr-que randomdetect
To see
Switch#sh mls qos int fastEthernet 0/2

FastEthernet0/2
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: ANKUR
Trust device: none
IF EXAMPLE SAYS IP PHONE CONNECTED TO FASTETHERNET AND TO IP PHONE PC CONNECTED

>>>>>>TRUST IPPHONE NOT PC …..THEN
Switch(config-if)#switchport priority ?
extend Set appliance 802.1p priority
Switch(config-if)#switchport priority ex
Switch(config-if)#switchport priority extend ?
cos Override 802.1p priority of devices on appliance<<<<<<<<<<<<<<<<
trust Trust 802.1p priorities of devices on appliance
Switch(config-if)#switchport priority extend c

Switch(config-if)#switchport priority extend cos ?
<0-7> Priority for devices on appliance
Switch(config-if)#switchport priority extend cos 0
VOD ----QOS
ADAPTIVE RATE ------THOSE SEND DATA DEPENDING ON LINK STATE (if conjstion lesss speed)
NON ADAPTIVE ---voice.
SERILISATION DELAY ------------- IS DELAY to put packet from router to WIRE.
TO ENABLE NBAR ON AN INTERFACE

Router(config-if)#ip nbar protocol-discovery <<<enable nbar engine for all potocols,,,,when in policy u say match
protocol telent ,, then nbar starts looking for that packet type.
Router(config-if)#^Z
Router#sh ip nbar protocol-discovery
FastEthernet0/1
Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
bgp 0 0
0 0
0 0
citrix 0 0
0 0
0 0
cuseeme 0 0
0 0
0 0
custom-01 0 0
0 0
0 0
On enabling this on interface it
EXAMPLE CONFIGURATION OF matching via class-map (access-list ) and SETTING DSCP VALUES ( in policy
map , under class) FOR FTP<TELNET
QOSROUTER#sh running-config
ip cef
class-map match-all EF
match access-group 105
class-map match-all AF4
class-map match-all any
match access-group name any
!
!
policy-map SETDSCP
class AF1
set dscp cs1<<<<AF10
class AF2
set dscp cs2<<<<AF20
class AF3
set dscp cs3
class AF4
set dscp cs4
class EF
set dscp ef
class any
set dscp af41
no ip address
shutdown
duplex auto
speed auto
service-policy input SETDSCP
!
ip access-list extended any
permit ip any any
access-list 101 permit tcp any any eq telnet
access-list 102 permit tcp any any eq ftp
access-list 103 permit tcp any any eq www
access-list 104 permit udp any any eq domain
access-list 105 permit udp any any eq 16384
DSCP VALIUES U CAN DETERMINE OF AF21 is 8*2+2

*1 = 18
A GENRIC ONE TO MATCH DSCP AND SET BANDWIDTH
class-map match-all GOLD

match ip dscp ef
class-map match-all BRONZE
match ip dscp cs2 cs3
class-map match-all PLATINUM
match ip dscp cs1
class-map match-all SILVER
match ip dscp cs4 af41
policy-map VOIPGENRICFORALLCUSTOMER
class GOLD
bandwidth percent 50<<<<<50% of overall bandwidth for class GOLD(DSCP EF)
class SILVER
bandwidth percent 20
class BRONZE
random-detect dscp-based
random-detect dscp 16 18 28 <<<FOR AF20 ( at out to congestion avoid , wred min threshold 18 and max is
28)
random-detect dscp 24 28 38
class PLATINUM
drop <<<<<drop all packets of this class
QOSROUTER#show run int fastEthernet 0/1


!
bandwidth 10000000
no ip address
duplex auto
speed auto
service-policy output VOIPGENRICFORALLCUSTOMER
end
PROBLEM I WAS FACING
QOSROUTER(config-if)#service-policy output VOIPGENRICFORALLCUSTOMER

I/f FastEthernet0/1 class BRONZE requested bandwidth 10%, available only 5%
BECAUSE MAX _ RESERVED BANDWIDTH ON INTERFACE IS 75% defalt
Change it via max-reserved bandwidth 100%

THEN ONLY COMAAND TAKEN
Voice is very smooth and predicatable howmuch bandwidth each call will take---IF G.711 used each cakl takes
(80kbps)
Videos keep on increasing the b/w requirement.effected by drop/delay.
FOR IN OR OUT TRAFFIC FLOW---- THINK UR SELF AS ROUTER NOW TO APPLY ON INT SE0/0
THINK SE 0/0 as ur right arm ,, now lift and see incoming traffic is traffic coming in to u and outgoing traffic going
out from u (away from u)..THINK FROM PRESPECTIVE OF ROUTER
Router#sh class-map
Class Map match-any class-default (id 0)
Match any
UNDERR POLICY MAP

CLASSS
TRUST DSCP <<<<<NOT ALLOWED IN OUBOUND POLICY MAP <<<ONLY ALLOWED IN INBOUND POLICY MAP.
ALSO MLS QOS COMMANS ONLY ON SWITCH ,,,IF U APPLY MLS QOS TRUST ON INTERFACE AND THEN APPLY
SERVICE POLICY ON THAT INTERFACE OR VICEVERSA THEN ORIGNAL IS REMOVED NEW TALKES OVER.
MARKING NOT MUST
If R1-R2-R3-R4
U open packet till layer 7 use NBAR to classify packet ,,,,and don’t mark it the next router R2 will have to do same
again ,,,,,,,,,,but if u mark classified packets then its easy for remote route like R2 to read the marking that it
already knows …so less utilization of CPU on R2.
=======================================================
IN INBOUND POLICY ---- USE ONLY POLICING, set dscp/cos/ipprec ,,,
otheres BANDWIDTH ,,, etc cant be used inbound
U can use every thing outbound

Police – u are limiting traffic ,,,,Bandwidth u are allocating parts of available bandwidth to subclasses.
(GUARANTEE BANDWIDTH)
R103(config)#class-map A
R103(config-cmap)#match any
R103(config-cmap)#exit
R103(config)#policy-map B
R103(config-pmap)#class A
R103(config-pmap-c)#bandwidth percent 50
R103(config-pmap-c)#exit
R103(config-pmap)#int se 0/0
R103(config-if)#service-policy input B
CBWFQ : Can be enabled as an output feature only
R103(config-if)#<<<<<<BANDWIDT CAN’t BE THER IN INPUT POLICY ,,,,
ONLY POLICYING AND SET IP IPPREC/QOS/DSCP can be there
NO ISSUE WITH POUTBOUND POLICY
======================================================
TOPOLOGY ---
R100(0)---(0)R101(1)---(0)R102(1)-(0)R103

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R100
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
class-map match-all TELNET
class-map match-all ICMP
!
!
policy-map TEST
class TELNET
set ip dscp ef
class ICMP
set ip dscp af41
class class-default
set ip dscp cs1
!
!
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.252
service-policy output TEST
!
router ospf 1
log-adjacency-changes
network 1.1.1.0 0.0.0.3 area 0
!
ip classless
no ip http server
!
!
access-list 101 permit tcp any any eq telnet
access-list 102 permit icmp any any
!
line con 0
transport preferred all
transport output all
line aux 0
line vty 0 4
!
End

!
version 12.3
!
hostname R101
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
match ip dscp ef
match ip dscp cs1 cs2 cs3
match ip dscp af41
!
!
policy-map TEST2
class GOLD
class SILVER
class BRONZE
policy-map TEST1
class GOLD
police cir percent 50
conform-action transmit
exceed-action transmit
violate-action drop
class SILVER
violate-action transmit
class BRONZE
!
!
!
interface Serial0/0
ip address 1.1.1.2 255.255.255.252
service-policy input TEST1
!
interface Serial1/0
ip address 2.2.2.2 255.255.255.252
service-policy output TEST2
!
router ospf 1
network 1.1.1.0 0.0.0.3 area 0
network 2.2.2.0 0.0.0.3 area 0
!
ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
!
End

!
version 12.3
!
hostname R102
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
match ip dscp ef
match ip dscp cs1 cs2 cs3
match ip dscp af41
!
!
policy-map TEST
class GOLD
class SILVER
class BRONZE
policy-map TEST2
class GOLD
class BRONZE
class SILVER
!
!
!
interface Serial0/0
ip address 2.2.2.1 255.255.255.252
service-policy input TEST
!
interface Serial1/0
ip address 3.3.3.2 255.255.255.252
service-policy output TEST2
!
router ospf 1
network 2.2.2.0 0.0.0.3 area 0
network 3.3.3.0 0.0.0.3 area 0
!
ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
!
End

!
version 12.3
!
hostname R103
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$l/CO$TQrOyEB6hRTYSUdEVRlJh0
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Serial0/0
ip address 3.3.3.1 255.255.255.252
!
router ospf 1
network 3.3.3.0 0.0.0.3 area 0
!
ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
password ANKUR
login
transport input all
!
end
R103#
BEFORE ----
R102#sh policy-map int se 1/0

Serial1/0
Service-policy output: TEST2
Class-map: GOLD (match-all)

189 packets, 8749 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef
Queueing
Output Queue: Conversation 265
Bandwidth 40 (%)
Bandwidth 617 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 7/351
(depth/total drops/no-buffer drops) 0/0/0
Class-map: BRONZE (match-all)

0 packets, 0 bytes
Match: ip dscp cs1 cs2 cs3
Queueing
Bandwidth 30 (%)
Class-map: SILVER (match-all)

Match: ip dscp af41
Queueing
Bandwidth 20 (%)
Class-map: class-default (match-any)

Match: any
R102#
NOW PING FROM R100 to R103
R100#ping 3.3.3.1

!!!!!
AFTER PING SEE ---

Serial1/0

189 packets, 8749 bytes<<<<SAME
Match: ip dscp ef
Queueing
Bandwidth 40 (%)

0 packets, 0 bytes
Queueing
Bandwidth 30 (%)

1583 packets, 164632 bytes<<5 packet as ping
Match: ip dscp af41
Queueing
Bandwidth 20 (%)

Match: any
R102#
NOW TELNET TO R103-
R100#telnet 3.3.3.1
Trying 3.3.3.1 ... Open
User Access Verification
Password:

Serial1/0

206 packets, 9535 bytes<<<increase
Match: ip dscp ef
Queueing
Bandwidth 40 (%)

0 packets, 0 bytes
Queueing
Bandwidth 30 (%)

1583 packets, 164632 bytes<<same
Match: ip dscp af41
Queueing
Bandwidth 20 (%)

Match: any
R102#
MATCH ALL
R100(config-cmap)#
R100(config-cmap)#match any
R100(config-cmap)#match not ac
R100(config-cmap)#match not access-group 101><<<<<THIS CLAASS MAP MATCHES ALA TRAFFIC EXCEPT
ACCES-GROUP 10
QOS AND IPPREC MARKING-----
Cos 5 – RTP and COS 3 – RTCP.

ON ip phone I button – which tell how many packests send and reciveed ,,dropped this given by RTCP.
DSCP is 6 bit out of byte DS BYTE , so has 63 values
Cos and ip prec 3 bits so 0-7 vlaues
Af 11 001 010 this last bit of drop prec is 0 always
NOW IN A QUE THERE CAN BE CONGESTION AND A LOT OF MECHANISM FOR CONGESTION MANAGEMENT ---
QUEING ONE OF THEM……
OTHER WRR
QUEING ---
FIFO
PRIORITY QUEING –
LIKE U want 100 JEANS
4 shoroom
HIGH QUE MEDIUM NORMAL LOW

SMART( per jean 10 $) LEE ( per jean 100 $) PEPE( per jean 1000 $)
What u do buy as many from SMART ,,,if out of stock go to LEE and bug 1 ( as it is 10 times ,m you go back again
to SMART ASK IF ANY AVAILBALE ,,,IF NOT THEN BUY ONE MORE FROM LEE) SO ON
You Buy from pepe only when SMART AND LEE out of stock.
CUSTOM QUEING –
You have 16 ques
1
2
3
4
5
=
=
=
16
You send all data in each que and then move to next que….. this doesn’t guarantee delay.You can give bandwidth
to each que.ITS ROUND ROBIN METHOD.
WFQ--- default for speed less than 2 MB
EXAMPLE there are lot of people in a meeting ,,,taking ,,,,, everybody tlking except ANKUR ……NOW WHEN
SUDDENLY ANKUR SAYS SOMETHING EVERYBODY SHOCKED AND LISTEN TO HIM.
SAME IS WFQ , it says I have HIGH SPEAKING TRAFFIC OF N/W( LIKE HTTP) ,,,,, and low speaking traffic
( TELNET VERY SMALL TRAFFIC) ,,,, WHAT IT DOES IS GIVES PRIORITY TO SMALL TRAFFIC OVER HIGH
VOLUME TRAFFIC.
WHO SPEAKS LOW GETS PRIORITY. NO DELAY AND BANDWIDTH GAURANTEE.
NOW –
CBWFQ
Using same MQC METHOD , define class
Define 256 class ( ENHANCED CUSTOM QUE)
Give every class some bandwidth ( enhaced custome que)
Then last que is class-default which uses WFQ.

THIS IS GOOD EXCEPT VOICE AND VIDEO.
LLQ
PQ + CQ+ WFQ
PQ NOW U set BANDWIDTH ( PRIORITY --- means 1st % defined and in CBWQ U CAN GET BANDWIDTH ANY
WHERE ) ,, it can’t excedd that.
FINAL CLASS_DEFAULT is WFO ,, u can also set FIFO
IF Q is ask --- CONFIGURE TOTALLLLY CBWFQ
Use bandwidth on class under policy-map
And default class ---FAIR QUE.
LLQ FUNDA
PC –E0 R1 S1 ---------------------------------S0 R2 E0 ----------------SERVER (HTTP and FTP)
NOW FTP AND HTTP TO SERVER FROM PC AND SEE SPEED.
NOW MAKE POLICIE AT R2 and match protocol http and FTP at R2 and set DSCP VALUES AND APPLY POLICY
MAP AT INPUT R2 E0 int ..
AND MATCH ASAME TRAFFICE WITH DSCP SET ON R1 and set BANDWIDTH and APLLY TO E0 output.,.,,,,,u see
no change in speed of download on http or FTP….coz this tales place when congestion occurs and in e segment
a lot of bandwisth m,,,,,CONGESTION OCCURING AT S of R1 AND R2 where no policyyyy ,,,if u apply policy at So
of R2 and set priority (LLQ for http to 100%)…..U see that (U see in ip nbar protocol discover) that rest ftp packet
drops and vanishes as no bandwidth for it and http rate of download increases
TO ENABLE WRED ---
Configt
POLICY MAP TEST2

Class GOLD
Random-detect dscp-based
NOW TO TEST ON R102
PUT RANDOM-detect DSCP-BASED<<<<<<This is tht Cisco has predefinedmin and max THRESHOLDu use for
each DSCP VALUE
ON SILVER ALSO
AND NOW PING FROM R100 to 3.3.3.1 re 100
U see
scp Transmitted Random drop Tail drop Minimum Maximum Mark

pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af11 0/0 0/0 0/0 32 40 1/10
af12 0/0 0/0 0/0 28 40 1/10
af13 0/0 0/0 0/0 24 40 1/10
af21 0/0 0/0 0/0 32 40 1/10
af22 0/0 0/0 0/0 28 40 1/10
af23 0/0 0/0 0/0 24 40 1/10
af31 0/0 0/0 0/0 32 40 1/10
af32 0/0 0/0 0/0 28 40 1/10
af33 0/0 0/0 0/0 24 40 1/10
af41 32/3328 0/0 0/0 32 40 1/10><<<<<PKT DROPEED DUE TO CONGESTION
af42 0/0 0/0 0/0 28 40 1/10
af43 0/0 0/0 0/0 24 40 1/10
cs1 0/0 0/0 0/0 22 40 1/10
cs2 0/0 0/0 0/0 24 40 1/10
cs3 0/0 0/0 0/0 26 40 1/10
cs4 0/0 0/0 0/0 28 40 1/10
cs5 0/0 0/0 0/0 30 40 1/10
cs6 0/0 0/0 0/0 32 40 1/10
cs7 0/0 0/0 0/0 34 40 1/10
ef 0/0 0/0 0/0 36 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/1

Serial1/0

0 packets, 0 bytes
Match: ip dscp ef
Queueing
Bandwidth 40 (%)
Bandwidth 617 (kbps)
exponential weight: 9
mean queue depth: 0
dscp Transmitted Random drop Tail drop Minimum Maximum Mark <<<<WHEN
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af11 0/0 0/0 0/0 32 40 1/10
af12 0/0 0/0 0/0 28 40 1/10
af13 0/0 0/0 0/0 24 40 1/10
af21 0/0 0/0 0/0 32 40 1/10
af22 0/0 0/0 0/0 28 40 1/10
af23 0/0 0/0 0/0 24 40 1/10
af31 0/0 0/0 0/0 32 40 1/10
af32 0/0 0/0 0/0 28 40 1/10
af33 0/0 0/0 0/0 24 40 1/10
af41 0/0 0/0 0/0 32 40 1/10
af42 0/0 0/0 0/0 28 40 1/10
af43 0/0 0/0 0/0 24 40 1/10
cs1 0/0 0/0 0/0 22 40 1/10
cs2 0/0 0/0 0/0 24 40 1/10
cs3 0/0 0/0 0/0 26 40 1/10
cs4 0/0 0/0 0/0 28 40 1/10
cs5 0/0 0/0 0/0 30 40 1/10
cs6 0/0 0/0 0/0 32 40 1/10
cs7 0/0 0/0 0/0 34 40 1/10
ef 0/0 0/0 0/0 36 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
default 0/0 0/0 0/0 20 40 1/10

0 packets, 0 bytes
NOW IN DS BYTE
1 to 6 bits are dscp and 1st 2 bits are ECNbits
ECN --- tell remote that there is congestion.
IF R1 see congestion send packet to R2 with EXCN SET AND R2 REPLIES WITH ECN –CHO to acknowledge
FOR this APPLICATIONS ON PC NEED TO ECN AWARE.
TO MAKE UR ROUTER ECN COMAPTIBLE –
POLICY-map TEST2
CLASS GOLD
Random-detect ECN.
COMMPRESSION TECHNIQUES _--
PAYLOAD COMPRESSION ----- 1) STACK – it uses processor
PAYLOAD COMMRESSSION ENABLED ON SERIAL PHYSICAL INTERFACE
Int se 0/0
Commression stack
2) PREDICTOR sacrifices memory to compess data
3) MPPC
HEADER COMPRESSION----
For RTP and tcp etc header.
R101(config)#policy-map TEST
R101(config-pmap)#class GOLD
R101(config-pmap-c)#compression header ip ?
rtp configure rtp header compression
tcp configure tcp header compression
<cr>
R101(config-pmap-c)#compression header ip rt
AS PER STANDARD VOICE SHOULD NOT HAVE MORE THAN 150 MS DELAY
============================================================
QUES xPyQzT in switches.--------used in each swich congestion avoidance.
This threshold is per standard que.
CAT_3550(config-if)#wrr-queue cos-map ?
<1-4> enter cos-map queue id
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<TO PUT EACH COS VALUE INTO A STANDARD QUE.IN
3550 que 4 is PRIORITY QUE, If not used it will be standard que.
CAT_3550(config-if)#wrr-queue cos-map 1 ?
<0-7> CoS values separated by spaces (up to 8 values total)
CAT_3550(config-if)#wrr-queue cos-map 1 0 1 2 ?
<0-7> CoS values separated by spaces (up to 8 values total)
<cr>
CAT_3550(config-if)#wrr-queue cos-map 1
NOW TO ALLOCATE BANDWIDTH TO EACH QUE ---
CAT_3550(config-if)#wrr-queue bandwidth 100 ?

<1-65536> enter bandwidth weight for qid 2
CAT_3550(config-if)#wrr-queue bandwidth 100 120 ?

<1-65536> enter bandwidth weight for qid 3
CAT_3550(config-if)#wrr-queue bandwidth 100 120 130 1 ?

<1-65536> enter bandwidth weight for qid 4<<<<<<<<<<<<<<<<<<BANDWIDTH WIEGHT MEANS ----TOTAL WT =
100+120+130 + 1 = 351
Q1 will get 100/351 of the BANDwidth ,,,,----
NOW 4th que that u allocated wt 1 ---- will be standard que
To make it piority que

CAT_3550(config)#int fastEthernet 0/1
CAT_3550(config-if)#priority-queue out
CAT_3550(config-if)#^Z
--------------------------------------------------------------------

CAT_3550(config-if)#mls qos cos ?
<0-7> Class of service value between 0 and 7
override Force default COS on all packets<<<<<<<<<<To override cos of all pacets to defalt
CAT_3550(config-if)#mls qos cos 4<<<<<<<<<TO HARD CODE THAT ANY PAVCKET RECEIVED ON FAST0/1 is
mARKED COS 4

CAT_3550(config-if)#auto qos ?<<<<<<<<<<<<<NOW OLY FOR VOIP
voip Configure AutoQoS for VoIP
CAT_3550(config-if)#auto qos voip ?

cisco-phone Trust the QoS marking of Cisco IP Phone
cisco-softphone Trust the QoS marking of Cisco IP SoftPhone
trust Trust the DSCP/CoS marking
CAT_3550(config-if)#auto qos voip cisco-softphone <<<<<<<<<<AUTO MATICALLY CONFIGURES BEST

PRAcTICE COMMANDS FOR QOS ON INTERFACE.
CAT_3550(config-if)#do sh run int fas
CAT_3550(config-if)#do sh run int fas0/2

!
service-policy input AutoQoS-Police-SoftPhone
auto qos voip cisco-softphone
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out<<<<<<<<<<<<<<<<<<<<<<<<ALL COMMAND CAME AUTOMATICALLY DUE to auto qos ---
end
CAT_3550(config-if)#
FOR AUTO QOS on interface
Must give IP ADDRESS,BANDWIDTH and cef
FOR VOICE PORTS FOR RTCP -16384 to 32767
===============================================================
ON SWITCH 3550 QOS----
CAT_3550(config)#mls qos <<<<MUST TO ENABLE QOS ON SWITCH.
CAT_3550#sh mls qos maps

Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56<<<<DEFAULT
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
CAT_3550(config)#mls qos map cos-dscp 0 1 2 3 4 5 6 ?

<0-63> 8 dscp values separated by spaces
CAT_3550(config)#mls qos map cos-dscp 0 1 2 3 4 5 6 7
CAT_3550#sh mls qos maps
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 1 2 3 4 5 6 7 <<<<SEE CHANGES DSCP VALUES CORRESPONDING TO COS
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
IF U TRUST DSCP VALUES SET BY A DEVICE LIKE IP PHONE ----MLS QOS TRUST

CAT_3550(config-if)#mls qos trust
CAT_3550(config-if)#mls qos trust device ?
cisco-phone Cisco IP Phone
CAT_3550(config-if)#mls qos trust device cisco-phone <<<set trust to Cisco-ip phone ,,,if other device packet
comes , ignore and overwite its dscp values.
CAT_3550(config-if)#^Z
CAT_3550#
POLICYING – mostly for not so important traffic ,,,,,,,and LLQ for important traffic like voice.
REMARK OR DROP EXCEEDING ,VIOALTING TRAFFIC
FOR TCP --- IF CONGESTION AND TRAFFIC DROP ,,TCP DECREASES WINDOW SIZE BY HALF
SHAPING ---
LIKE YOU HAVE CONGESTION ON UR WAN(T1)

LAN 100MbPS sending traffic continuously ,,to avoid packet drop ,,router ques the packets in its memory buffers
and allocates a constant banmdwidth , when the pakets prior to it move out.
Bc*Tc = CIR
TRAFFIC BETWEEN Bc and Be is marked DE.
Shaping –
Shape ( AVERAGE/PEAK)
AVERAGE-----to shape at Bc
PEAK ---to shape at Be ( which is risky as DE bits set can be dropeed by service provider during congestion)
class-map match-all DATA

match protocol http
class-map match-all VOIICE
class-map match-all VOICE
match protocol rtp
!
!
policy-map SHAPE_500
class DATA
shape peak 500000<<<<data not critical so shape to Be and even DE bit set not issue for data
class VOICE
shape average 500000<<<<<for voice is critical shape or means to put to que and buffer till Bc
!
!
!
!
!
!
no ip address
shutdown
duplex auto
speed auto
Router#
Router#config t
Router(config)#int fas
Router(config-if)#ser
Router(config-if)#service-policy in
Router(config-if)#service-policy input SHAPE_500<<<<<<<<<<SHAPING CAN’t be applied to input like bandwidth.
GTS : Can be enabled as an output feature only
Router(config-if)#servic
Router(config-if)#service-policy ou
Router(config-if)#service-policy output SHAPE_500
Router(config-if)#
One is CIR and one is LINE RATE ---when router sees that line rate is T1 ,,,it tries sending packet at that rate ,
although the CIR is 500000 ,,,,eventually packet drop.
To avoid this we do shaping ----we are limiting traffic to CIR.

Nesting ---
Class-map DATA
Match protocol http
Class-map VOICE
Match protocol rtp
Policy-map PRIORITY
Class DATA
Bandwidth 50000
Class VOICE
Priority 50000
Class ALL_TRAFFIC
Match class DATA

Match class VOICE
Match class class-default
Policy-map shape_500
Class ALL_TRAFFIC
Shape average 50000 <<<<<<<<<<<<<<,shaping
Service policy priority<<<<<<<<<<<<<to apply priority
CEF IS MUST FOR NBAR
BECN ---
R1 -------------------FR cloud ----------------------------R2
R 1 sends traffic to fr cloud , if congestion the R2 sets back BECN in ACK ( which can be for TCP) to R1 so that to
tell it to slow down traffic rate.
If R1 sends udp traffic in that case ….. fr coud sets the FECN to tell R2 that congestion,,,,,R2 sends special frame
caleedd Q.922 ,, reading which Fr cloud sets BECN to R1.
TO ENABLE A ROUTER TO RESPOND TO BECN ----

Router(config)#policy-map shape_500
Router(config-pmap)#class ALL_TRAFFIC
Router(config-pmap-c)#shape adaptive 500000
lower bound (500000 bps) > upper bound (50000 bps) is rejected<<<value to which rate will decrease if becn
received ,,,,can be less thatn or equal to cir.
Router(config-pmap-c)#shape adaptive 50000
Router(config-pmap-c)#^Z
Router#
FOR a routertouter to understand FECN GENTRATED BY SERVICE PROVIDER and genrtae in response Q922
frame
Router(config)#policy-map shape_500
Router(config-pmap)#class ALL_TRAFFIC
Router(config-pmap-c)#shape fecn-adapt
Router(config-pmap-c)#
SAA – Cisco service assurance agent----- to send packets of paticularr typoe and see sla meet or not. Earlier
RTR.
ENABLING RTR ---
1)
Router(config)#rtr 2
Router(config-rtr)#type ?
dhcp DHCP Operation
dlsw DLSW Operation
dns DNS Query Operation
echo Echo Operation
frame-relay Perform frame relay operation
ftp FTP Operation
http HTTP Operation
jitter Jitter Operation
pathEcho Path Discovered Echo Operation
pathJitter Path Discovered Jitter Operation
slm SLM Operation
tcpConnect TCP Connect Operation
udpEcho UDP Echo Operation
2) on remote router whom to poll set –
Router(config)#rtr responder type ?

frame-relay Setup Frame Relay responder
tcpConnect Setup tcpConnect responder
udpEcho Setup udpEcho responder
Router(config)#rtr responder type ^Z

% Incomplete command.
3) ON MAIN 1st router ---
Router(config)#rtr schedule 2 start-time now life 300<<<schedule the probing in rtr entry 2 ,,, start now an for
5min.
Router#sh rtr operational-state 2

Entry number: 2
Modification time: *02:17:32.691 UTC Mon Mar 1 1993
Number of Octets Used by this Entry: 2296
Number of operations attempted: 4
Number of operations skipped: 0
Current seconds left in Life: 76
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: FALSE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): 0
Latest operation start time: *02:20:32.695 UTC Mon Mar 1 1993
Latest operation return code: Socket open error
Router#sh rtr collection-statistics

Entry number: 1
Operation has not started
Entry number: 2
Start Time Index: *02:17:32.695 UTC Mon Mar 1 1993
Number of successful operations: 0
Number of operations over threshold: 0
Number of failed operations due to a Disconnect: 0
Number of failed operations due to a Timeout: 0
Number of failed operations due to a Busy: 0
Number of failed operations due to a No Connection: 0
Number of failed operations due to an Internal Error: 5
Number of failed operations due to a Sequence Error: 0
Number of failed operations due to a Verify Error: 0
Entry number: 200

Operation has not started
ALL OPERATION ON ROUTER FOR QOS ON SOFTWARE QUE

HRDWARE QUE WHERE PACKET STORED BEFORE TRANSMITTING ON PHYSICAL,,ON HARDWARE ONLY FIFO
QUE<<<COZ ALL MAGIC WITH QOS ON PACKETS DONE ON SOFTWARE QUE.
To hardware ring size
Sh controller s 0 | I tx_limited
Vvv imp --- u CAN CONFIGURE

USING mls qos OR mqc on switch
NOW 1st configure mls qos trus dscp/cos/ipprec on interface basis ---------
Then mls qos map which check the trust and accordingly map to use for it.
SRR SAME AS WRR ,,,CONGESTION MANAGEMENT SHAPING MEACHANISM.---
SRR has 2 modes ---share / shape
INGRESS QUE – NORMAL/PRIORITY
NORMAL----
Mls qos srr-que input-threshold ( que id ) ( thresholod id ) ( next que id ) (next thresholod id )
Mls qos srr-que input dscp-map
Mls qos srr-que input cos-map

PRIORITY –
Mls qos srr-que input priority-que (que id)
NOW U MAP EACH PACKET’s DSCP OR COS VALUE TO A QUE AND ASSIGN THAT QUE A THRESHOLD IF ITS
NORMAL QUE.
Mls qos srr-que input dscp-map que (que is) (dscp 1 ..8) (Threhold)
To aloocate buffer for que to store packets –

Mls qos srr-que input buffers ( % for que 1) ……
Mls qos srr-que input bandwidth (weight 1 ) (weight 2 ) (weight 3 )
These weights specify the frequency in which packets send from each que.
IN 3550 que 2 priority que and in
routers priority que is que 4
For output use MLS qos srr-que output dscp-map
Do shaping from switching doc –cd
DEFAULT PORT STATE ON ALL PORTS IS UNTRUSTED.
Switch(config-if)#switchport priority extend cos ?

<0-7> Priority for devices on appliance
Switch(config-if)#switchport priority extend cos 0<<to not trsust pc connected to phone.
Switch(config)#access-list 100 permit tcp any any ?

ack Match on the ACK bit
dscp Match packets with given dscp value<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
MLS QOS USED TO ENABLE QOS FOR LAYER 2.,, if not applied it defaults evry cos value to 0.
REST ALL CLASS-MAP.
MLS QOS TRUST COS ( MEANS ONLY COS TRUSTED ,, u HAVE TOP MAUNALLY CONFIGURE COST TO DSCP
MAPPING )
MPLS QOS DSCP ( MEANS ANY COS OR IPPREC COMES SWITCH AUTOMATICALLY CONVERTS IT TO DSCP)
EXAMLE OF THIS IS
Switch(config)#mls qos map policed-dscp 40 50 60 8 16 to 0

Switch(config)#^Z
Switch#sh ml
Switch#sh mls qo
Switch#sh mls qos pol
Switch#sh mls qos ma
Switch#sh mls qos maps po
Switch#sh mls qos maps policed-dscp
Policed-dscp map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 01 02 03 04 05 06 07 00 09
1 : 10 11 12 13 14 15 00 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 00 41 42 43 44 45 46 47 48 49
5 : 00 51 52 53 54 55 56 57 58 59
6 : 00 61 62 63
In this map – shown values from 0 – 63 of dscp

D1 is (1 – 6) so 15 shows d1 1 and d2 5
Switch#sh mls qos maps dscp-cos

Dscp-cos map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Switch#config t
Switch(config)#mls
Switch(config)#mls qo
Switch(config)#mls qos ma
Switch(config)#mls qos map co
Switch(config)#mls qos map ds
Switch(config)#mls qos map dscp-c
Switch(config)#mls qos map dscp-cos ?
<0-63> DSCP values separated by spaces (up to 8 values total)
Switch(config)#mls qos map dscp-cos 60 to

Switch(config)#mls qos map dscp-cos 60 to 0
Switch(config)#^Z
Switch#sh mls qos maps dscp-cos
Dscp-cos map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 00 07 07 07
Di and d2 combined show dscp values and intersection sows ( outpurt for XX where XX is sh mls qos map dscp-
XX)
Switch(config)#mls qos map dscp-mutation anki 63 53 43 33 23 13 3 to 55

Switch(config)#^Z
Switch#sh mls qos maps dscp-mutation
Dscp-dscp mutation map:

anki:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 01 02 55 04 05 06 07 08 09
1 : 10 11 12 55 14 15 16 17 18 19
2 : 20 21 22 55 24 25 26 27 28 29
3 : 30 31 32 55 34 35 36 37 38 39
4 : 40 41 42 55 44 45 46 47 48 49
5 : 50 51 52 55 54 55 56 57 58 59
6 : 60 61 62 55
Dscp-dscp mutation map:

Default DSCP Mutation Map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Switch(config)#int fa
Switch(config-if)#mls qos dscp-mutation anki
QOS DID FROM 1) SACHIN VOD 2) QOS –DOC CD 3) THIS WORD DOC MADE ( but most topics not written int this
just give bird eyeview of doc cd qos chapter )
ETHERCHANNEL-
COMBINING MULTIPLE LINKS between routers /Switches/Servers to increase bandwidth and if one link fails
other links backup that sharing its load.ETHERCHANNLE CAN CONSIST UPTO 8 compatible Ethernet ports.
ETHERCHANNLE CAN OPERATE IN 2 MODES – PAGP and LACP.
WHEN U CONFIGURE ETHERCHANNEL IN ON MODE NO NEGOTIATION TAKES PLACE, THE SWITCH FORCES
ALL COMPATIBLE PORTS TO BECOME ACTIVE IN ETHERCHANNEL.THE OTHER END MUST BE CONFIgured in
on mode otherwise there IS PACKET loss.
PAGP IS CISCO PROPRIETRY .

PAGP has two modes – Auto/Desirable
AUTO – doesn’t send pagp frames , but responds to received PAGP frames.
Desirates- actively participates in etherchannel form and sends pagp frames.
Ports between 2 switches that are compatible are made member of etherchannel in on mode ,,,,,if the port not
compatible not made member of etehrchannel even if configured in on mode.
1 soyurce different dest --- dest based load balancing

Many source 1 dest – source based load balancing
Many source and many destination – source and destination based load balancing.
Default distribution on 3550 and 3560 is source-mac
PAGP --- CAN HAVE 8 ports in one etherchannel group.

LACP – can have 16 ports in a etherchannel group , 8 active and 8 in standby
If u make any spanning tree changes on member port of etehrchannel make chages on all member ports of
etherchannel ---changes like –spanning tree port cost , port priority,port fast,allowed vlan
SPAN DEST PORT/private vlan /secure port CAN’t BE MEMBER OF ETHERCHANNEL
ALL ports of etherchannel should be in same vlan or if trunk all should be trunk.
VVVIMP-
FOR LAYER 3 ETHERCHANNEL DON’t ASSIGN IP ADDRESS TO PORTS BUT ASSIGN IP TO PORT CHANNEL.
PAGP – auto /desirable

LACP – ACTIVE /PASSIVE
Active sends lacp packets
Passive only receive lacp packets.
L2 etherchannnel ---
On eteher port
Channel-group 1 mode
L3 etherchannel –
1st configure port-channel
Remove all ips from ports to be configured as member ports

And give
Int Port-channel 1
Ip add
To check –
Sh etherchannel ( ) detail
ON SWITCH
PORT
Int fas0/5
No switchport
Channel-group ( ) mode
LOAD BALANCING –
Port-channel load balance ( source ip /destr….)
SWITCH CAN LEARN MAC BY AGGREGATE PORT ( PORT CHANNEL) or PHYSICAL PORTS
Pagp you have to configure –
Pagp learn method ( physical port /) <<<<<,default is aggregate
With this port channel load vanlance src-mac
You want to use a port tosend traffic

Pagp port priority ?() <<<<highter is berrtter
To change system priority
Lacp system priority
To see which port active and which standby----

Sh etherchannel summary
Lacp port-priority
(lower the value better )
PAGP port priority its opposite higher the value better it is.
CONFIGURATION L2 ETHERCHANNEL –

B(config-if)#channel-group 1 ?
mode Etherchannel Mode of the interface
B(config-if)#channel-group 1 mode desirable

Creating a port-channel interface Port-channel 1<<<<<<<<<<<<<<<<<<<
B(config-if)#int fas0/24
B(config-if)#channel-group 1 mode desirable<<<<this channl group no. is locally significant to bind port to port-
channel
Same on switch A-


!
channel-group 2 mode auto
end


!
channel-group 2 mode auto
end
Then –
B#sh int port-channel 1
Port-channel1 is up, line protocol is up (connected)<<<<<<<<<<<<<<
Hardware is EtherChannel, address is 000b.fd92.7118 (bia 000b.fd92.7118)
MTU 1504 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
if u remove one link from port-channle or make it down ,,, port-channl is up…if bot ,links removed ,,port-channel
goes down.
To configure load balancing –
B(config)#port-channel load-balance ?
dst-mac Dst Mac Addr
src-mac Src Mac Addr
L3 ETHERCHANNEL-
A#config t
A(config)#int port-channel 18
A(config-if)#no sh
A(config-if)#no sw<<<<<<<<<<<<<<<<<<<<<<<<<<<<
A(config-if)#ip address 1.1.1.13 255.255.255.248
A(config-if)#exit
A(config-if)#no sh
A(config-if)#no sw
A(config-if)#channel-group 18 mode passive
A(config-if)#exit
A(config)#int fas
Command rejected (Port-channel18, Fa0/24): Either port is L2 and port-channel is L3, or vice-versa
A(config-if)#no sh
A(config-if)#no sw
A(config-if)#^Z
A#sh int por
A#sh int port-channel 18
Port-channel18 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000e.830d.d480 (bia 000e.830d.d480)
B(config)#int port-channel 12
B(config-if)#ip add?
% Unrecognized command
B(config-if)#no sw
B(config-if)#ip address 1.1.1.12 255.255.255.248
B(config-if)#no sh
B(config-if)#exit
B(config)#int fas
B(config-if)#cha
B(config-if)#channel-g
B(config-if)#channel-group 12 mode active
Command rejected (Port-channel12, Fa0/23): Either port is L2 and port-channel is L3, or vice-versa
B(config-if)#no sw
B(config-if)#channel-group 12 mode active
B(config-if)#int fas
B(config-if)#int fas0/23
B(config-if)#channel-group 12 mode ac
B(config-if)#^Z
B#
B#sh int port-channel 12

Port-channel12 is up, line protocol is up (connected)<<<<<<<<<<<
A#ping 1.1.1.12

.!!!!
B(config-if)#pagp learn-method ?
aggregation-port Learns the destination on the agport
physical-port Learns the destination on the physical port
B#sh etherchannel 12 detail
Group state = L3
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 1
Protocol: LACP
Ports in the group:
-------------------
Port: Fa0/23
------------
Port state = Up Mstr Assoc In-Bndl

Channel group = 12 Mode = Active Gcchange = -
Port-channel = Po12 GC = - Pseudo port-channel = Po12
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.

A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/23 SA bndl 109 0xC 0xC 0x1F 0x3D <<<<change by lacp port-priority
Partner's information:
LACP port Oper Port Port

Port Flags Priority Dev ID Age Key Number State
Fa0/23 SP 109 000e.830d.d480 10s 0x12 0x20 0x3C
Age of the port in the current state: 00d:00h:03m:17s
Port: Fa0/24
------------
Port state = Up Mstr Assoc In-Bndl

Channel group = 12 Mode = Active Gcchange = -
Port-channel = Po12 GC = - Pseudo port-channel = Po12
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.

A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/24 SA bndl 32768 0xC 0xC 0x24 0x3D
Partner's information:
LACP port Oper Port Port

Port Flags Priority Dev ID Age Key Number State
Fa0/24 SP 32768 000e.830d.d480 10s 0x12 0x21 0x3C
Age of the port in the current state: 00d:00h:03m:17s
Port-channels in the group:

---------------------------
Port-channel: Po12 (Primary Aggregator)

------------
Age of the Port-channel = 00d:00h:51m:02s

Logical slot/port = 1/1 Number of ports = 2
HotStandBy port = null
Passive port list = Fa0/23 Fa0/24
Port state = Port-channel L3-Ag Ag-Inuse
Protocol = LACP
Ports in the Port-channel:
Index Load Port EC state No of bits

------+------+------+------------------+-----------
0 00 Fa0/23 Active 0
0 00 Fa0/24 Active 0
Time since last port bundled: 00d:00h:03m:19s Fa0/24

Time since last port Un-bundled: 00d:00h:03m:28s Fa0/24
B#
B#sh lacp sys-id

1000, 000b.fd92.7100<<<<<<<<<<<<<<<<<<<<<<<<<,change by
B(config)#lacp system-priority ?
<1-65535> Priority value
IP ROUTING on switch
By default on switch ip routing is disabled , enable it .
ARP is 32 ip u have learn mac
Sreenivasa Reddy (12:36:03 PM): hey man

Ankur Arora (12:36:28 PM): srini , ,, can I take ur 1 sec for a querrie ....
Ankur Arora (12:37:07 PM): regarding ip - classless ..
Sreenivasa Reddy (12:37:28 PM): tell me
Ankur Arora (12:38:30 PM): srini , if i disable ip classless ---- TOPOLGY R1----S/w--R2
Ankur Arora (12:38:46 PM): R1 has 6.6.6.1 and R2 has ip 7.7.7.7
Ankur Arora (12:38:52 PM): i disable ip classless
Ankur Arora (12:39:17 PM): and ut specific route for 7.7.7.7/32 ping works ,,?
Ankur Arora (12:39:24 PM): even ip classless disabled
Ankur Arora (12:39:49 PM): not clear about this ip classless ---...
Sreenivasa Reddy (12:40:02 PM): on a call
Sreenivasa Reddy (12:40:04 PM): one sec
Ankur Arora (12:40:08 PM): sure
Ankur Arora (12:40:14 PM): :)
Sreenivasa Reddy (12:42:59 PM): bolo sir
Sreenivasa Reddy (12:43:03 PM): let me read ur msgs
Ankur Arora (12:43:13 PM): :) thanks srinin
Sreenivasa Reddy (12:43:36 PM): it works
Sreenivasa Reddy (12:43:48 PM): provided u have the route
Sreenivasa Reddy (12:43:50 PM): to 7.7.7.7
Ankur Arora (12:43:51 PM): yes but class funda is what ?
Sreenivasa Reddy (12:43:53 PM): simple
Sreenivasa Reddy (12:44:01 PM): whe you have ip classless
Sreenivasa Reddy (12:44:10 PM): the router looks for longest match directly
Ankur Arora (12:44:16 PM): okie
Sreenivasa Reddy (12:44:24 PM): then, if you have it disabled
Sreenivasa Reddy (12:44:29 PM): it looks for a major network
Sreenivasa Reddy (12:44:34 PM): here it is 7.0.0.0
Sreenivasa Reddy (12:44:37 PM): then a subnet
Sreenivasa Reddy (12:44:41 PM): 7.7.7.0
Sreenivasa Reddy (12:44:44 PM): then the actual ip
Sreenivasa Reddy (12:44:50 PM): then forwards the packet
Sreenivasa Reddy (12:44:55 PM): this is wat the difference
Ankur Arora (12:45:22 PM): if major n/w not there --but subnet 7.7.7.7 and no ip classless ,,,still its ok
Ankur Arora (12:45:59 PM): ok got it
Ankur Arora (12:46:09 PM): thanks :) srini....
Sreenivasa Reddy (12:46:14 PM): np man
Sreenivasa Reddy (12:46:25 PM): do a practical example
Sreenivasa Reddy (12:46:27 PM): and test
Sreenivasa Reddy (12:46:45 PM): i think these examples are there in tcp/ip vol1
Ankur Arora (12:46:57 PM): yeah trying that ---okie
Ankur Arora (12:47:30 PM): even classless they ask in lab ?
Sreenivasa Reddy (12:48:03 PM): its all classless
Sreenivasa Reddy (12:48:11 PM): no testing of classful
Ankur Arora (12:48:13 PM): sorry no classless
Ankur Arora (12:48:24 PM): classfull they ask
Sreenivasa Reddy (12:48:26 PM): they dont test these small thing man
Ankur Arora (12:48:30 PM): okie
Sreenivasa Reddy (12:48:42 PM): yeah, all the routers are classfull now by default, no question of asking
or not
Ankur Arora (12:48:53 PM): yes :)
To add arp entry

Arp (ip address) (mac-addres)
To clear dynamic arp entries

Clear arp-cache
Ip helper-address – address of remote destination to fwd UDL packets.
Ip forward-protocol------
RIP –
For NBMA
Router rip
Neighbour (ip address)
IPV6----
Site local not supported on 3560-

Link local – FE80::/10
><<<<<ipv6 address
() link-local
LINK LOCAL
R2#sh ipv6 interface se0/0
R2#config t
R2(config)#int se 0/0
R2(config-if)#ipv
R2(config-if)#ipv6 en
R2(config-if)#ipv6 enable ^Z
R2#
R2#sh ipv6 interface se0/0
Serial0/0 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::20E:D7FF:FE3F:EE0 [TENTATIVE]
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::1:FF3F:EE0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Router(config)#ipv6 icmp error-interval ?

<0-2147483647> Interval between tokens in milliseconds
Router(config)#ipv6 icmp error-interval 23 ?

<1-200> Bucket size
<cr>
Router(config)#ipv6 icmp error-interval 23 100<<<<<<<<<<<<,,THIS IS USED TO RATE-

LIMIT ICMPV6 messages…We can fill 100 tokens (each token , one error)……and each
time token bucket refills is 23 milli seconds…..

Cisco SWITCHING

Uploaded by

Copyright:

Available Formats

Cisco SWITCHING

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco SWITCHING

Uploaded by

Copyright:

Available Formats

DO DVMRP FROM DOC CD SWITCHJING----just how to configure tunnel that it

To configure static RP – IP PIM RP-address ()

RP HAS GROUP TO MEMBER MAPPING

And to filter RP announcing them ---

FILTERING BSR AND AUTO-RP UPDTAES ---------

SWITCH-B#sh run int fastEthernet 0/23

Current configuration : 167 bytes

NOW preempt enabled on other router

SWITCH-B#sh standby brief

<<<<<<<<<33 as object number

<<<<<<<<<<<<<<<<<<<<<U CAN ASSIGN WEIGT HERE TO OBJECT 33

Router(config)#ipv6 access-list ANKUR

to change parameters like DSCP.

POLICYING USE CLASS-MAP

3550A#sh int vlan 11

3550A#sh int vlan 11

INTER-vlan using ROUTER FOR

R7 and R8 are acting as hosts in vlan 7 and 8 ,,,,,, so no ip-routing on them.

B#sh run int fastEthernet 0/7

Current configuration : 107 bytes

Current configuration : 107 bytes

B#sh run int fastEthernet 0/3

Current configuration : 1555 bytes

Type escape sequence to abort.

R1#sh run int fastEthernet 0/1

Current configuration : 111 bytes

R4#sh run int fastEthernet 0/0

Current configuration : 111 bytes

3550B#sh run int fastEthernet 0/4

Current configuration : 68 bytes

Current configuration : 58 bytes

3550B#sh run int vla 12

Current configuration : 58 bytes

3550A#sh run interface fastEthernet 0/4

Current configuration : 84 bytes

3550A#sh run interfa

Current configuration : 58 bytes

3550A#sh run interface vlan 12

Current configuration : 58 bytes

access-list 102 permit ip any any

3550B#sh run int fastEthernet 0/1

Current configuration : 84 bytes

3550B#sh run | i filter

ON LAYER 3 interface ACL CAN BE APPLIED IN OR OUT

ON LAYER 2 INTERFACE ACL CAN BE APPLIED ONLY IN.

Switch(config)#ip access-list resequence 111 20 30

Switch#sh archive log config all

BASIC MISTAKE ---

If u make subinterface on router ,,

If u give ip on main interface of

U can’t make RSPAN VLAN AS ACCESS VLAN ,,,,,can’t assign to interface.

CDP WORKS ON LAYER 2

GLOBALLY ENABLE –CDP RUN,,

Vlan-database-------------use this command to create vlan parameters for vlans 1 to 1005

Chnaging history buffer size ---history size ()

Then in global conf mode –

Ip default-gateway (enter ip address of the router connected to this switch , to which

Ip name-sercer ----this is ip of the dns to be used to resolve querries .

Ip domain-lookup--- enables name to ip resolution on ur switch.