EIGRP
packetlife.net Protocol Header
8
Attributes
16
Version
24
Opcode
32
Type Distance Vector
Checksum
Algorithm DUAL
Flags
Internal AD 90
Sequence Number
External AD 170
Acknowledgment Number
Summary AD 5
Autonomous System Number Type
Standard Cisco proprietary
Length
Protocols IP, IPX, Appletalk
Value
Transport IP/88
Metric Formula 256 * (K 1 * bw +
K 2
* bw
256 - load
+
K 3
Authentication MD5
* delay) *
Multicast IP 224.0.0.10
K 5
rel +
Hello Timers 5/60
K 4
· bw = 107 / minimum path bandwidth in kbps · delay = interface delay in secs / 10
EIGRP Configuration Protocol Configuration
! Enable EIGRP router eigrp
Hold Timers 15/180 K Defaults
Packet Types
K1 1
1 Update
K2 0
3 Query
K
4 Reply
1
EIGRP
packetlife.net Protocol Header
8
Attributes
16
Version
24
Opcode
32
Type Distance Vector
Checksum
Algorithm DUAL
Flags
Internal AD 90
Sequence Number
External AD 170
Acknowledgment Number
Summary AD 5
Autonomous System Number Type
Standard Cisco proprietary
Length
Protocols IP, IPX, Appletalk
Value
Transport IP/88
Metric Formula 256 * (K 1 * bw +
K 2
* bw
256 - load
+
K 3
Authentication MD5
* delay) *
Multicast IP 224.0.0.10
K 5
rel +
K 4
· bw = 107 / minimum path bandwidth in kbps · delay = interface delay in secs / 10
EIGRP Configuration Protocol Configuration
! Enable EIGRP router eigrp ! Add networks to advertise network
Hello Timers 5/60 Hold Timers 15/180 K Defaults K1 1
1 Update
K2 0
3 Query
K3 1
4 Reply
K4 0
5 Hello
K5 0
8 Acknowledge
! Configure K values to manipulate metric formula metric weights 0 ! Disable automatic route summarization no auto-summary ! Designate passive interfaces passive-interface ( | default) ! Enable stub routing eigrp stub [receive-only | connected | static | summary] ! Statically identify neighoring routers neighbor Interface Configuration
! Set maximum bandwidth EIGRP can consume ip bandwidth-percent eigrp ! Configure manual summarization of outbound routes ip summary-address eigrp []
Packet Types
Terminology Reported Distance The metric for a route advertised by a neighbor
Feasible Distance The distance advertised by a neighbor plus the cost to get to that neighbor
Stuck In Active (SIA) The condition when a route becomes unreachable and not all queries for it are answered; adjacencies with unresponsive neighbors are reset
Passive Interface An interface which does not participate in EIGRP but whose network is advertised
Stub Router A router which advertises only a subset of routes, and is omitted from the route query process
Troubleshooting
! Enable MD5 authentication ip authentication mode eigrp md5 ip authentication key-chain eigrp
show ip eigrp interfaces
! Configure hello and hold timers ip hello-interval eigrp ip hold-time eigrp
show ip eigrp topology
show ip eigrp neighbors
show ip eigrp traffic clear ip eigrp neighbors
! Disable split horizon for EIGRP no ip split-horizon eigrp
by Jeremy Stretch
debug ip eigrp [packet | neighbors] v2.1
IEEE 802.11 WLAN · PART 1
packetlife.net
IEEE Standards 802.11a
802.11b
802.11g
802.11n
11 Mbps
54 Mbps
300 Mbps
2.4 GHz
2.4 GHz
2.4/5 GHz
Modulation OFDM
DSSS
DSSS/OFDM
OFDM
Channels (FCC/ETSI) 21/19
11/13
11/13
32/32
1999
2003
2009
Maximum Throughput 54 Mbps Frequency 5 GHz
Ratified 1999 WLAN Types Ad Hoc A WLAN between isolated stations with no central point of control; an IBSS
WLAN Components IBSS
ESS BSS
BSS
Infrastructure A WLAN attached to a wired network via an access point; a BSS or ESS DS
Frame Types Type
Class
Association
Management
Authentication
Management
Probe
Management
Beacon
Management
Request to Send (RTS)
Control
Clear to Send (CTS)
Control
Acknowledgment (ACK)
Control
Data
Data Client Association
Basic Service Area (BSA) The physical area covered by the wireless signal of a BSS Basic Service Set (BSS) A set of stations and/or access points which can directly communicate via a wireless medium Distribution System (DS) The wired infrastructure connecting multiple BSSs to form an ESS Extended Service Set (ESS) A set of multiple BSSs connected by a DS which appear to wireless stations as a single BSS Independent BSS (IBSS) An isolated BSS with no connection to a DS; an
ad hoc WLAN
Measuring RF Signal Strength Probe Request Probe Response Authentication Request Authentication Response Association Request Association Response
Modulations Scheme
DSSS
OFDM
Modulation
Throughput
DBPSK
1 Mbps
DQPSK
2 Mbps
CCK
5.5/11 Mbps
BPSK
6/9 Mbps
QPSK
12/18 Mbps
16-QAM
24/36 Mbps
64-QAM
48/54 Mbps
by Jeremy Stretch
Decibel (dB) An expression of signal strength as compared to a reference signal; calculated as 10log10(signal/reference) dBm · Signal strength compared to a 1 milliwatt signal dBw · Signal strength compared to a 1 watt signal dBi · Compares forward antenna gain to that of an isotropic antenna Terminology Basic Service Set Identifier (BSSID) A MAC address which serves to uniquely identify a BSS Service Set Identifier (SSID) A human-friendly text string which identifies a BSS; 1-32 characters Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) The mechanism which facilitates efficient communication across a shared wireless medium (provided by DCF or PCF) Effective Isotropic Radiated Power (EIRP) Net signal strength (transmitter power + antenna gain - cable loss) v2.2
IEEE 802.11 WLAN · PART 2
packetlife.net
Distributed Coordination Function (DCF) DIFS
DIFS
DIFS
DIFS
A
Frame
B
Deferral Period
C
Random Backoff
D
Contention Window
Interframe Spacing
Client Authentication
Short IFS (SIFS) Used to provide minimal spacing delay between control frames or data fragments
Open · No authentication is used
DCF IFS (DIFS) Normal spacing enforced under DCF for management and non-fragment data frames
Lightweight EAP (LEAP) Cisco-proprietary EAP method introduced to provide dynamic keying for WEP (deprecated)
Arbitrated IFS (AIFS) Variable spacing calculated to accommodate differing qualities of service (QoS)
EAP-TLS Employs Transport Layer Security (TLS); PKI certificates are required on the AP and clients
Extended IFS (EIFS) Extended delay imposed after errors are detected in a received frame Encryption Schemes
Pre-shared Encryption Keys Keys are manually distributed among clients and APs
EAP-TTLS Clients authenticate the AP via PKI, then form a secure tunnel inside which the client authentication takes place (clients do not need PKI certificates)
Wired Equivalent Privacy (WEP) Flawed RC4 implementation using a 40- or 104-bit pre-shared encryption key (deprecated)
Protected EAP (PEAP) A proposal by Cisco, Microsoft, and RSA which employs a secure tunnel for client authentication like EAP-TTLS
Wi-Fi Protected Access (WPA) Implements the improved RC4-based encryption Temporal Key Integrity Protocol (TKIP) which can operate on WEP-capable hardware
EAP-FAST Developed by Cisco to replace LEAP; establishes a secure tunnel using a Protected Access Credential (PAC) in the absence of PKI certificates
IEEE 802.11i (WPA2) IEEE standard developed to replace WPA; requires a new generation of hardware to implement significantly stronger AES-based CCMP encryption
RF Signal Interference Reflection
Scattering
Absorption
Quality of Service Markings WMM
802.11e
802.1p
Platinum
7/6
6/5
Gold
5/4
4/3
Silver
3/0
0
Bronze
2/1
2/1
Wi-Fi Multimedia (WMM) A Wi-Fi Alliance certification for QoS; a subset of 802.11e QoS IEEE 802.11e Official IEEE WLAN QoS standard ratified in 2005; replaces WMM IEEE 802.1p QoS markings in the 802.1Q header on wired Ethernet by Jeremy Stretch
Refraction
Diffraction
Antenna Types Directional · Radiates power in one focused direction Omnidirectional Radiates power uniformly across a plane Isotropic A theoretical antenna referenced when measuring effective radiated power v2.2
IPV4 MULTICAST
packetlife.net
Layer 2 Addressing
Group Ranges
239.142.57.6
224.0.0.0/24 Local network control
11101111 10001110 00111001 00000110
224.0.1.0/24 Internetwork control 232.0.0.0/8 Source-specific
01-00-5E-0E-39-06
233.0.0.0/8 GLOP (RFC 3180)
00000001 00000000 01011110 00001110 00111001 00000110
239.0.0.0/8 Admin-scoped
Terminology
Common Groups
Reverse Path Forwarding (RPF) Verifies that multicast traffic travels in the reverse direction of unicast traffic, away from the tree root
224.0.0.1 All hosts 224.0.0.2 All routers
Cisco Group Management Protocol (CGMP) A proprietary protocol used by switches to obtain multicast membership information for end hosts (deprecated)
224.0.1.39 Cisco RP Announce 224.0.1.40 Cisco RP Discovery
Internet Group Management Protocol (IGMP) Hosts send IGMP requests to local routers to join multicast groups IGMP Configuration IGMP Support Router(config-if)# ip igmp [version <#>] IGMP Snooping Switch(config)# ip igmp snooping Protocol Independent Multicast (PIM) Dense Mode The initial tree encompasses all multicast routers; after a period of time, routers without IGMP members prune back branches Sparse Mode The tree is grown from a central rendezvous point out to the multicast source and recipients Sparse-Dense Mode Allows a PIM-enabled interface to f unction in either sparse or dense mode per group PIMv1 Provides automatic RP discovery with Auto-RP (Cisco proprietary) PIMv2 Automatic RP discovery is accomplished by the bootstrap router (BSR) method (standard) PIM Configuration ip multicast-routing ! interface FastEthernet0/0 ip pim {sparse-mode | dense-mode | sparse-dense-mode} ip pim version {1 | 2}
Distribution Trees Shared A common set of links which carry all multicast traffic; statically configured Source-Rooted Provides the shortest paths from the source to receivers IGMP IGMPv1 Original IGMP specification IGMPv2 Adds support for dynamic leave requests and querier election to original IGMP IGMPv3 Adds multicast source filtering to v2 IGMP Snooping A switch passively inspects IGMP requests to determine which hosts should receive multicast traffic IGMP Troubleshooting
show ip igmp show ip igmp group show ip igmp interface show ip igmp snooping ip igmp join-group
RP Configuration Manual ip pim rp-address Auto-RP Mapping Agent ip pim send-rp-discovery scope Auto-RP Candidate ip pim send-rp-announce BSR Candidate ip pim bsr-candidate BSR RP Candidate ip pim rp-candidate by Jeremy Stretch
PIM Troubleshooting
show ip mroute show ip pim interface show ip pim neighbor show ip pim rp [mapping] show ip rpf v2.0
IPV6
packetlife.net Protocol Header 8
Ver
Address Notation
16
24
Traffic Class
32
Flow Label
Payload Length
Next Header
Hop Limit
· Eliminate leading zeros from all two-byte sets · Replace up to one string of consecutive zeros with a double-colon (::) Address Formats
Source Address
Global unicast Global Prefix
Subnet
Interface ID
48
16
64
Destination Address
Link-local unicast Version (4 bits) · Always set to 6
Interface ID
Traffic Class (8 bits) · A DSCP value for QoS Flow Label (20 bits) · Identifies unique flows (optional)
64
Multicast
Payload Length (16 bits) · Length of the payload in bytes
s e g p a o l c F S
Next Header (8 bits) · Header or protocol which follows Hop Limit (8 bits) · Similar to IPv4's time to live field
8
4
Group ID
4
112
EUI-64 Formation
Source Address (128 bits) · Source IP address Destination Address (128 bits) · Destination IP address
64
MAC
Address Types EUI-64
Unicast · One-to-one communication Multicast · One-to-many communication
· Insert 0xfffe between the two halves of the MAC
Anycast · An address configured in multiple locations
· Flip the seventh bit (universal/local flag) to 1
Multicast Scopes 1 Interface-local
5 Site-local
2 Link-local
8 Org-local
4 Admin-local
E Global
Special-Use Ranges
Extension Headers Hop-by-hop Options (0) Carries additional information which must be e xamined by every router in the path Routing (43) Provides source routing functionality
::/0
Default route
Fragment (44) Included when a packet has been fragmented by its source
::/128
Unspecified
::1/128
Loopback
Encapsulating Security Payload (50) Provides payload encryption (IPsec)
::/96
IPv4-compatible*
Authentication Header (51) Provides packet authentication (IPsec)
::FFFF:0:0/96
IPv4-mapped
2001::/32
Teredo
Destination Options (60) Carries additional information which pertains only to the recipient
2001:DB8::/32
Documentation
2002::/16
6to4
FC00::/7
Unique local
FE80::/10
Link-local unicast
FEC0::/10
Site-local unicast*
FF00::/8
Multicast
by Jeremy Stretch
Transition Mechanisms Dual Stack Transporting IPv4 and IPv6 across an infrastructure simultaneously Tunneling IPv6 traffic is encapsulated into IPv4 using IPv6-in-IP, UDP (Teredo), or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Translation Stateless IP/ICMP Translation (SIIT) translates IP header fields, NAT * Deprecated Protocol Translation (NAT-PT) maps between IPv6 and IPv4 addresses v2.0
NETWORK ADDRESS TRANSLATION Example Topology
packetlife.net
Address Classification Inside Local
An actual address assigned to an inside host
An inside address seen from the outside An actual address assigned to Outside Global an outside host Inside Global
FastEthernet0 10.0.0.1/16 NAT Inside
FastEthernet1 174.143.212.1/22 NAT Outside
Outside Local
An outside address seen from the inside
NAT Boundary Configuration interface FastEthernet0 ip address 10.0.0.1 255.255.0.0 ip nat inside ! interface FastEthernet1 ip address 174.143.212.1 255.255.252.0 ip nat outside
Perspective
n o i t a c o L
Local
Global
Inside
Inside Local
Inside Global
Outside
Outside Local
Outside Global
Static Source Translation ! One line per static translation ip nat inside source static 10.0.0.19 192.0.2.1 ip nat inside source static 10.0.1.47 192.0.2.2 ip nat outside source static 174.143.212.133 10.0.0.47 ip nat outside source static 174.143.213.240 10.0.2.181
Dynamic Source Translation ! Create an access list to match i nside local addresses access-list 10 permit 10.0.0.0 0.0.255.255 ! ! Create NAT pool of inside global addresses ip nat pool MyPool 192.0.2.1 192.0.2.254 prefix-length 24 ! ! Combine them with a translation rule ip nat inside source list 10 pool MyPool ! ! Dynamic translations can be combined with static entries ip nat inside source static 10.0.0.42 192.0.2.42
Terminology NAT Pool A pool of IP addresses to be used as inside global or outside local addresses in translations
Port Address Translation (PAT) An extension to NAT that translates information at layer four and above, such as TCP and UDP port numbers; dynamic PAT configurations include the overload keyword
Extendable Translation The extendable keyword must be appended when multiple overlapping static translations are configured
Special NAT Pool Types Rotary Used for load balancing Match- Preserves the host portion of Host the address after translation
Port Address Translation (PAT) ! Static layer four port translations ip nat inside source static tcp 10.0.0.3 8080 1 92.0.2.1 80 ip nat inside source static udp 10.0.0.14 53 19 2.0.2.2 53 ip nat outside source static tcp 174.143.212.4 23 10.0.0.8 2 3 ! ! Dynamic port translation with a pool ip nat inside source list 11 pool MyPool overload ! ! Dynamic translation with interface overloading ip nat inside source list 11 interface FastEthernet1 overload
Troubleshooting show ip nat translations [verbose] show ip nat statistics clear ip nat translations NAT Translations Tuning ip nat translation tcp-timeout ip nat translation udp-timeout ip nat translation max-entries
Inside Destination Translation ! Create a rotary NAT pool ip nat pool LoadBalServers 10.0.99.200 10.0.99.203 prefix-length 24 type rotary ! ! Enable load balancing across inside hosts for incoming traffic ip nat inside destination list 12 pool LoadBalServers
by Jeremy Stretch
v1.0
OSPF · PART 1
packetlife.net
Protocol Header 8
Attributes
16
Version
24
Type
32
Type Link-State
Length
Algorithm Dijkstra
Router ID
Metric Cost (Bandwidth)
Area ID Checksum
AD 110
Instance ID
Reserved
Standard RFC 2328, 2740
Data
Protocols IP
Link State Advertisements Router Link (Type 1) Lists neighboring routers and the cost to each; flooded within an area Network Link (Type 2) Generated by a DR; lists all routers on an adjacent segment; flooded within an area
Transport IP/89 Authentication Plaintext, MD5 AllSPF Address 224.0.0.5 AllDR Address 224.0.0.6 Metric Formula 100,000 Kbps*
Network Summary (Type 3) Generated by an ABR and advertised among areas
cost =
ASBR Summary (Type 4) Injected by an ABR into the backbone to advertise the presence of an ASBR within an area
* modifiable with ospf auto-cost reference-bandwidth
External Link (Type 5) Generated by an ASBR and flooded throughout the AS to advertise a route external to OSPF NSSA External Link (Type 7) Generated by an ASBR in a not-so-stubby area; converted into a type 5 LSA by the ABR when leaving the area Router Types
Area Types
Internal Router All interfaces reside within the same area Backbone Router A router with an interface in area 0 (the backbone)
Standard Area Default OSPF area type Stub Area External link (type 5) LSAs are replaced with a default route
Area Border Router (ABR) Connects two or more areas
Totally Stubby Area Type 3, 4, and 5 LSAs are replaced with a default route
AS Boundary Router (ASBR) Connects to additional routing domains; typically located in the backbone
Not So Stubby Area (NSSA) A stub area containing an ASBR; type 5 LSAs are converted to type 7 within the area
External Route Types E1 · Cost to the advertising ASBR plus the external cost of the route E2 (Default) · Cost of the route as seen by the ASBR Troubleshooting
link speed
Adjacency States 1 Down
5 Exstart
2 Attempt
6 Exchange
3 Init
7 Loading
4 2-Way
8 Full DR/BDR Election
· The DR serves as a common point for all adjacencies on a multiaccess segment · The BDR also maintains adjacencies with all routers in case the DR fails · Election does not occur on point-topoint or multipoint links · Default priority (0-255) is 1; highest priority wins; 0 cannot be elected · DR preemption will not occur unless the current DR is reset Virtual Links · Tunnel formed to join two areas across an intermediate
show ip [route | protocols]
show ip ospf border-routers
· Both end routers must share a common area
show ip ospf interface
show ip ospf virtual-links
· At least one end must reside in area 0
show ip ospf neighbor
debug ip ospf […]
· Cannot traverse stub areas
by Jeremy Stretch
v2.1
OSPF · PART 2
packetlife.net Network Types
Nonbroadcast (NBMA)
DR/BDR Elected Yes Neighbor Discovery No Hello/Dead Timers 30/120 Defined By RFC 2328 Supported Topology Full Mesh
Multipoint Broadcast
Multipoint Nonbroadcast
Broadcast
Point-to-Point
No
No
Yes
No
Yes
No
Yes
Yes
30/120
30/120
10/40
10/40
RFC 2328
Cisco
Cisco
Cisco
Any
Any
Full Mesh
Point-to-Point
Configuration Example WAN
Area 0
Area 9
172.16.0.0/18
Backbone
Totally Stubby Area
A
C
B
Area 1 Stub Area
Area 2 Standard Area
Router B
interface Ethernet0/0 description Area 0 ip address 192.168.0.2 255.255.255.0 ip ospf 100 area 0 ! interface Ethernet0/1 description Area 2 ip address 192.168.2.1 255.255.255.0 ip ospf 100 area 2 ! Optional MD5 authentication configured ip ospf authentication message-digest ip ospf message-digest-key 1 md5 FooBar ! Give B priority in DR election ip ospf priority 100 ! interface Ethernet0/2 description Area 1 ip address 192.168.1.1 255.255.255.0 ip ospf 100 area 1 ! interface Loopback0 ip address 10.0.34.2 255.255.255.0 ! router ospf 100 ! Define area 1 as a stub area area 1 stub ! Virtual link from area 0 to area 9 area 2 virtual-link 10.0.34.3
by Jeremy Stretch
Router A interface Serial0/0 description WAN Link ip address 172.16.34.2 255.255.255.252 ! interface FastEthernet0/0 description Area 0 ip address 192.168.0.1 255.255.255.0 ! interface Loopback0 ! Used as router ID ip address 10.0.34.1 255.255.255.0 ! router ospf 100 ! Advertising the WAN cloud to OSPF redistribute static subnets network 192.168.0.0 0.0.0.255 area 0 ! ! Static route to the WAN cloud ip route 172.16.0.0 255.255.192.0 172.16.34.1 Router C
interface Ethernet0/0 description Area 9 ip address 192.168.9.1 255.255.255.0 ip ospf 100 area 9 ! interface Ethernet0/1 description Area 2 ip address 192.168.2.2 255.255.255.0 ip ospf 100 area 2 ! Optional MD5 authentication configured ip ospf authentication message-digest ip ospf message-digest-key 1 md5 FooBar ! Give C second priority (BDR) in election ip ospf priority 50 ! ! ! ! ! ! interface Loopback0 ip address 10.0.34.3 255.255.255.0 ! router ospf 100 ! Define area 9 as a totally stubby area area 9 stub no-summary ! Virtual link from area 9 to area 0 area 2 virtual-link 10.0.34.2
v2.1
POINT-TO-POINT PROTOCOL
packetlife.net
PPP Components
PPP Summary Standard RFC 1661
Link Control Protocol (LCP) Provides for the establishment, configuration, and maintenance of a PPP link. Protocol-independent options are negotiated by LCP.
Interfaces
Asynchronous serial, synchronous serial, ISDN, HSSI
Network Control Protocol (NCP) PPP Features
A separate NCP is used to negotiate the configuration of each network layer protocol (such as IP) carried by PPP.
Protocol Multiplexing · Multiple NCPs
PPP Header 8
Address
Optional Authentication · PAP/CHAP
16
Control
24
32
Protocol
Loopback Detection · Provided by LCP Load Balancing · Multilink PPP
LCP Header 8
Code
16
Identifier
Optional Compression · Stacker/predictor
24
32
Length
Authentication Protocols
Connection Phase Flowchart Dead
Establish
No Auth
Plaintext Authentication Protocol (PAP) Original, obsolete authentication protocol which relies on the exchange of a plaintext key to authenticate peers (RFC 1334).
Challenge Handshake Authentication Protocol (CHAP) Authenticates peers using the MD5 checksum of a pre-shared secret key (RFC 1994).
Extensible Authentication Protocol (EAP)
Auth Required
Terminate
Failure
Admin Shutdown
Authenticate Success
Network
PPP Connection Example
Provides MD5-based authentication similar to CHAP (RFC 3748). Could be expanded to support other EAP mechanisms as well.
General PPP Configuration peer-hostname password name first-IP last-IP name IP-address
Multilink PPP Configuration IP-address subnet-mask group group
by Jeremy Stretch
LCP Configuration Request LCP Configuration Ack CHAP Challenge CHAP Response CHAP Success IP Control Configuration Request IP Control Configuration Ack CDP Control Configuration Request CDP Control Configuration Ack
PPP Compression Algorithms Stacker Replaces repetitive data with symbols from a dynamic dictionary (more processor-intensive) Predictor Attempts to predict sequential data (more memory-intensive) Troubleshooting
v1.2
SPANNING TREE · PART 1
packetlife.net
Spanning Tree Protocols Legacy STP
Algorithm Legacy ST Defined By 802.1D-1998 Instances 1 Trunking N/A
PVST
PVST+
RSTP
RPVST+
MST
Legacy ST
Legacy ST
Rapid ST
Rapid ST
Rapid ST
Cisco
Cisco
802.1w, 802.1D-2004
Cisco
802.1s, 802.1Q-2003
Per VLAN
Per VLAN
1
Per VLAN
Configurable
ISL
802.1Q, ISL
N/A
802.1Q, ISL
802.1Q, ISL
Spanning Tree Instance Comparison STP
PVST+ VLAN 1,10 Root VLAN 20,30 Root
Root A
B
A
xx xx
C
C
BPDU Format Field
MSTI 0 Root
B
All VLANs
x
MST MSTI 1 Root
A VLAN 1 VLAN 10 VLAN 20 VLAN 30
B
x
x
C
Spanning Tree Specifications
Link Costs
Bits
802.1s
802.1Q-2003
MSTI 0 (1, 10) MSTI 1 (20, 30)
802.1Q-2005
Bandwidth
Cost
4 Mbps
250
10 Mbps
100
16 Mbps
62
45 Mbps
39
100 Mbps
19
155 Mbps
14
622 Mbps
6
Protocol ID
16
Version
8
BPDU Type
8
Flags
8
Root ID
64
Root Path Cost
32
Bridge ID
64
Port ID
16
IEEE 802.1D-1998 · Deprecated legacy STP standard
1 Gbps
4
Message Age
16
IEEE 802.1w · Introduced RSTP
10 Gbps
2
Max Age
16
IEEE 802.1D-2004 · Replaced legacy STP with RSTP
20+ Gbps
1
Hello Time
16
Forward Delay
16
Default Timers Hello
2s
Forward Delay
15s
Max Age
20s
802.1D-1998
802.1D-2004
802.1Q-1998
ISL
E E E I
PVST
802.1w
PVST+
IEEE 802.1s · Introduced MST IEEE 802.1Q-2003 · Added MST to 802.1Q
2 3 4
Port States Legacy ST
IEEE 802.1Q-2005 · Most recent 802.1Q revision
Disabled
PVST · Per-VLAN implementation of legacy STP
Blocking
o c s PVST+ i C
· Added 802.1Q trunking to PVST
RPVST+ · Per-VLAN implementation of RSTP Spanning Tree Operation
1
RPVST+
Rapid ST
Discarding
Listening Learning
Learning
Forwarding
Forwarding
Port Roles
Determine root bridge The bridge advertising the lowest bridge ID becomes the root bridge
Legacy ST
Rapid ST
Select root port
Root
Root
Designated
Designated
Each bridge selects its primary port facing the root
Select designated ports One designated port is selected per segment
Block ports with loops
Blocking
Alternate Backup
All non-root and non-desginated ports are blocked
by Jeremy Stretch
v3.0
SPANNING TREE · PART 2
packetlife.net
PVST+ and RPVST+ Configuration spanning-tree mode {pvst | rapid-pvst} ! Bridge priority spanning-tree vlan 1-4094 priority 32768 ! Timers, in seconds spanning-tree vlan 1-4094 hello-time 2 spanning-tree vlan 1-4094 forward-time 15 spanning-tree vlan 1-4094 max-age 20 ! PVST+ Enhancements spanning-tree backbonefast spanning-tree uplinkfast ! Interface attributes interface FastEthernet0/1 spanning-tree [vlan 1-4094] port-priority 128 spanning-tree [vlan 1-4094] cost 19 ! Manual link type specification spanning-tree link-type {point-to-point | shared} ! Enables PortFast if running PVST+, or ! designates an edge port under RPVST+ spanning-tree portfast ! Spanning tree protection spanning-tree guard {loop | root | none} ! Per-interface toggling spanning-tree bpduguard enable spanning-tree bpdufilter enable
MST Configuration spanning-tree mode mst ! MST Configuration spanning-tree mst configuration name MyTree revision 1 ! Map VLANs to instances instance 1 vlan 20, 30 instance 2 vlan 40, 50 ! Bridge priority (per instance) spanning-tree mst 1 priority 32768 ! Timers, in seconds spanning-tree mst hello-time 2 spanning-tree mst forward-time 15 spanning-tree mst max-age 20 ! Maximum hops for BPDUs spanning-tree mst max-hops 20 ! Interface attributes interface FastEthernet0/1 spanning-tree mst 1 port-priority 128 spanning-tree mst 1 cost 19
by Jeremy Stretch
Bridge ID Format 4
12
48
Pri
Sys ID Ext
MAC Address
Priority 4-bit bridge priority (configurable from 0 to 61440 in increments of 4096) System ID Extension 12-bit value taken from VLAN number (IEEE 802.1t) MAC Address 48-bit unique identifier Path Selection 1 Bridge with lowest root ID becomes the root 2 Prefer the neighbor with the lowest cost to root 3 Prefer the neighbor with the lowest bridge ID 4 Prefer the lowest sender port ID Optional PVST+ Ehancements PortFast Enables immediate transition into the forwarding state (designates edge ports under MST) UplinkFast Enables switches to maintain backup paths to root BackboneFast Enables immediate expiration of the Max Age timer in the event of an indirect link failure Spanning Tree Protection Root Guard Prevents a port from becoming the root port BPDU Guard Error-disables a port if a BPDU is received Loop Guard Prevents a blocked port from transitioning to listening after the Max Age timer has expired BPDU Filter Blocks BPDUs on an interface (disables STP) RSTP Link Types Point-to-Point Connects to exactly one other bridge (full duplex) Shared Potentially connects to multiple bridges (half duplex) Edge Connects to a single host; designated by PortFast Troubleshooting
show spanning-tree [summary | detail | root] show spanning-tree [interface | vlan] show spanning-tree mst […] v3.0
VLANS
packetlife.net Trunk Encapsulation
ISL
26
6
ISL Header
Dest MAC Dest MAC
Untagged
802.1Q
Trunk Types
6
2
4
Source MAC
Type
FCS
Source MAC
Type
802.1Q
Header Size 4 bytes
Dest MAC
Source MAC
802.1Q
Type
6
6
4
2
Switch(config)# vlan 100 Switch(config-vlan)# name Engineering
mode access nonegotiate access vlan 100 voice vlan 150
Trunk Port Configuration Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)#
switchport switchport switchport switchport
mode trunk trunk encapsulation dot1q trunk allowed vlan 10,20-30 trunk native vlan 10
SVI Configuration Switch(config)# interface vlan100 Switch(config-if)# ip address 192.168.100.1 255.255.255.0
VLAN Trunking Protocol (VTP) Domain Common to all switches participating in VTP Server Mode Generates and propagates VTP advertisements to clients; default mode on unconfigured switches Client Mode Receives and forwards advertisements from servers; VLANs cannot be manually configured on switches in client mode Transparent Mode Forwards advertisements but does not participate in VTP; VLANs must be configured manually Pruning VLANs not having any access ports on an end switch are removed from the trunk to reduce flooded traffic VTP Configuration Switch(config)# Switch(config)# Switch(config)# Switch(config)# Switch(config)#
vtp vtp vtp vtp vtp
by Jeremy Stretch
mode {server | client | transparent} domain password version {1 | 2} pruning
4 bytes
Standard IEEE
Cisco
Maximum VLANs 4094
1000
VLAN Numbers 0 Reserved
1004 fdnet
1 default
1005 trnet
1002 fddi-default
1006-4094 Extended
1003 tr
Access Port Configuration switchport switchport switchport switchport
26 bytes
Trailer Size N/A
VLAN Creation
Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)#
ISL
4095 Reserved Terminology
Trunking Carrying multiple VLANs over the same physical connection Native VLAN By default, frames in this VLAN are untagged when sent across a trunk Access VLAN The VLAN to which an access port is assigned Voice VLAN If configured, enables minimal trunking to support voice traffic in addition to data traffic on an access port Dynamic Trunking Protocol (DTP) Can be used to automatically establish trunks between capable ports (insecure) Switched Virtual Interface (SVI) A virtual interface which provides a routed gateway into and out of a VLAN Switch Port Modes
trunk Forms an unconditional trunk dynamic desirable Attempts to negotiate a trunk with the far end dynamic auto Forms a trunk only if requested by the far end access Will never form a trunk Troubleshooting
show vlan show interface [status | switchport] show interface trunk show vtp status show vtp password v2.0