1) Problem with PCs: Modern PCs can boot faster than the 30 seconds
- Solution: Portfast
Switch(config-if)# spanning-tree portfast

2) Problems with uplink ports: 50 seconds of down time causes big problem

Rapid STP
- 802.1W
- Proactive system
- Redefined port roles
- Many STP similarities

Rapid STP Port States

1) Discarding (old blocking)
2) Learning
3) Fowarding

Rapid STP Port Roles

- Root Port (reach the root)
- Designated Port
- Alternate port (discarding)
- Edge Port (hosts)

Why RSTP is better ?

1) Because it doesn`t forget ports
2) Because of the proactive nature, many “safety timers” of STP are eliminates
3) Any change to trunk ports flood through the network to other switches (TC packets)
4) because the name says “rapid”

Configuring RSTP

config t
spanning-tree mode rapid-pvst

Verify:
show spanning-tree

Excellent writing, organizational, interpersonal, and communication skills are crucial as this individual must represent the Technical Publications team at cross-functional meetings internally and interface with OEM customers externally on a regular basis.

Ideal candidate will have a broad writing experience with a very strong technical background, and feel comfortable operating in a fast-paced, dynamic, deadline-driven environment, working either with subject matter experts or directly from engineering documentation and source code, as required.

Considerable experience writing, maintaining, and illustrating the following types of documentation:

• Installation guides
• System administration and configuration guides
• Reference, developer, and API guides
• Technical application notes and knowledge base topics
• Quick reference guides and release notes
• Online help, wikis, and Web-based communities

Strong Experience in documenting switching and routing protocols is a MUST. Any experience with the following protocols is a highly desired: RIP, OSPF, BGP, MPLS, VLAN, STP, RSTP and trunking

Experience with the following Technical Publications tools (or equivalent) is required:

Writing Tools

• Adobe FrameMaker and Acrobat
• Arbortext Epic (DITA)
• Microsoft Word
• HTML
• UNIX man page tools (nroff, xroff, troff)

For immediate consideration, please send us your current resume along with your work samples to raj@mindsource.com.

If you are not looking at this time, please refer me to any of your friends who would be interested in this opportunity. We have a great referral bonus policy!

802.3
Src mac addr Own
Dst mac addr 01:80:c2:00:00:00
Len ????

802.2
DSAP AND SSAP set to 0×42
Control field 0f 0×03 (un-numbered frame) (Details from here & here)

Data (BPDU)

If you had asked me what Dot1w was i would not have remembered.

so on the spanning tree issue i wonder why i do not see that much of it that is Rapid…

I remember something about backup port states but thats about it so i read all about it Here.

Created to get around the Dot1D’s 7 layer 15 seconds of delay to find loop free paths at layer 2

States and Rolls

States for Dow1w now total 3. Which means some had to go. Dot 1d’s idea of having the states of Disabled, Listening and Learning were written off and replaced with Discarding however learning and Forwarding remain

Roles on the other hand have gone up (swings and roundabouts as they say) the Root and Designated ports remain but the blocking ports are now a little more intelligent and become either Backup or Alternate ports (the difference being an alternate port is an alternate path to the root bridge and a backup port is another port that will take you the same way to the root bridge)

The good news is RSTP calculates the final topology for the spanning tree using the same criteria as 802.1D. There is absolutely no change in the way the different bridge and port priorities are used.

good points to note here.

1. the RSTP mode is identified by the switch as “Spanning tree enabled protocol rstp” where as the default PVST Shows up as “Spanning tree enabled protocol ieee”
2. Type P2p Peer(STP) means that the neighbour switch is running PVST.
3. Designated ports transmit BPDUs, and the non-designated ports receive BPDUs
4. the Max limit of Spanning tree instances on a 3560 switch is 128 when you add the 129th it will just be forwarded out of all trunks ports (LOOPEDY LOOP) Cisco Ref Doc

The biggest gotcha you need to know is that by default most ports are configured in the “Desktop” role, which permits only one Mac address per port, and it disables spanning tree to permit fast network connectivity. If you connect in a switch you may notice that only the first node will actually work, and all others will fail to connect (this is port security).

In those cases you want “Switch” mode which permits multiple IPs (disabled port security) and enabled Rapid Spanning Tree (RSTP).

Here is the full list of Smartport roles:

Enjoy

Bridge ID= Priority + Mac-aadress

Default priority on kõigil switchidel 32769.

Valitakse root, milleks on kõige madalama Maciga switch.

Switchid valivad enda jaoks root pordi, millega saavad kõige edukamalt root-switchini kasutades liini kiirust, mis määrab ära costi.

Kiirus Cost

• 10  100
• 100 19
• 1 gb 4
• 10 gb 2

Switch mõtleb, milline on kõige vähem maksev port, mille kaudu rooduni saab ning kui ta saab ka teistpidi sinna, siis jätab lahtiseks ainult selle pordi, mis kõige kiiremini root-switchini saab ja teise paneb kinni.

Switch määrab selle teise pordi designated pordiks, mis tähendab, et madalama bridge id’ga switch blokib ära oma poolt pordi.

Active link valitakse selle järgi, kas on madalam ID või kui sellega ei saa valida (ntx 2 switchi võrgus omavahel spanning trees), siis madalam pordi number.

show spanning-tree

spanning-tree vlan 10 root primary / spanning-tree vlan 10 priority 0, 4096…

Pordi olekud

• listening (kuulab ja saadab bpdu-sid)
• learning (õpib Mac-aadresse)
• forwarding
• blocking (taimer 20 sek enne kui aktiivseks läheb)

PVST+ on Per Vlan spanning tree ja võimaldas jooksutada igas Vlanis oma spanning treed ning valida root brigdei.

RSTP 802./w

spanning-tree portfast (paneb kiiremini tegutsema spannig tree. tuleb enableda ainult neile portidele, millel on 1 host järgi, mitte stp-portidele.)

root, designated ja alternate pordid.

Alternate = kui põhilink feilib, võtab koheselt alternate kasutusele.

Aktiveerib rstp: spanning-tree mode rapid-pvst

STP

*** Theory ***

• BPDU – Sent every 2 sec to well known multicast address of 01-80-c2-00-00-00. 2 types of BPDU.
  • Topology change notification (TCN-BPDU) – Sent by any switch if their port goes into forwarding or goes from forwarding or learning mode to blocking mode. The switch sends TCN to root bridge and each switch on the way acknowledges it. Portfast ports can’t generate TCN
  • Configuration – used for actual STP calculation. Sent only by root bridge and fwd by other bridges. BDPU also does elections for root bridge. It the boss of STP timers & values
  • BID – Bridge ID priority value – made from default value and MAC address. MAC ties the break if all are default value of 32768. Can be prompted. Lowest BID wins
  • Root bridge – will always have it ports in designated forwarding state
  • Non bridge – will have one port in block. The root port is the port used to get to the root bridge
  • Root port – used by non root bridge to reach root bridge. This is selected by port cost (speed). BPDU carries root port cost & is locally significant
    • Selection: Lowest BID > Lowest root path cost > Lowest sender BID > Lowest Port
    • Post cost – E=100, FE=19, GE=4, 10GE=2. Can change this in interface config mode for specific spanning-tree vlans.
    • Port States
      • Disabled (Dis) – Administratively down
      • Blocking – Can only accept BPDU
      • Listening – Can accept and send BPDU only
      • Learning – learning MAC addresses
      • Forwarding – send / receive BPDU, Frames etc
      • Timers
        • Hello – Root bridge sends configuration BPDU, 2 seconds by default
        • Forwarding delay – 15 seconds, learning + listening
        • Maximum age – 20 seconds, how long it holds superior BPDU before discarding it
        • Load sharing – Can have vlans 1-5 go over one port and 6-10 over another. Do this by manipulating port priority under global spanning tree configuration
        • Port Fast – Used for host ports. Allows port to go blocking straight to forwarding mode
        • Uplink Fast – is group of ports, if one goes down a new port goes straight to forwarding for switch –to-switch etc – Use on access layer switches only! – takes 1 – 3 seconds. Cant be configured on root switch. Can’t be run on per vlan basis
        • Backbonefast – If SW1 is pri root bridge and SW2 is sec root bridge and both connect to SW3. If link between SW1 and SW2 fails, SW3 gets BPDU from SW1 and SW2 claiming to be the root. SW3 will compare priority and ignore the higher priority BPDU (Inferior BPDU). Once SW3 > SW2 max age reach 0. SW3 tells SW2 that SW1 is still the true root. Backbone fasts skips the MaxAge stage, so delay cut from 50 to 30 sec. Uses Root link query (RLQ) to see who the root bridge is for the local switch (used only in Backbone). Backbonefast need to be enabled on all switches .
        • Root Guard – Configured at the port level and disqualifies downstream switches in becoming the root. If it receives superior BPDU, it ignores it and put the port into root-inconsistent state.
        • BPDU Guard – Prevents other switch connecting. Places port in err-disable. Have to do no shutdown manually once it done. Runs with portfast only
        • BPDU Filtering – Globally, it disables portfast when BPDU is received. Interface, Quietly ignored/dropped
        • UDLD – Used to detect unidirectional links. E.g. fibre. Two modes, one is aggressive. Sends eight ‘pings’’ in 8 seconds, if no response then closes port. It waits for the first received frame then it starts the 8 second timer
        • Half duplex – Uses CSMA/CD rules (Listens to segment and sends frames)
        • Loop Guard – prevents port from going from block to forwarding e.e. if link between two switches go uni-directional.
        • BPDU Skew Detection – BPDU needs to propagate fast. If too slow, this will send a notification
        • RSTP (802.1W)-
          • Transition
            • STP: disabled > blocking > listening > learning > forwarding
              • Root bridge sends BPDU every 2 seconds. Non root forwards it
          • RSTP: discarding > learning > forwarding
            • All switches generate BPDU. Therefore all switch expects to see a BPDU from neighbour, if 3 are missed  the link is considered down. The switch then ages out which cuts the detection process in STP from 20 to 6 seconds in RSTP
• Port states
  • Alternate – same as STP block port.
  • Backup – redundant path
  • Edge port – connect to single host / like portfast
  • P2P port – connected to another switch in full duplex
  • PVST – Cisco propriety. Runs STP per VLAN
  • PVST+ – PSVT does not work well with common spanning-tree. This one works with .1Q instead of ISL
  • MST – Multiple Spanning-Tree: Up to 16 instances in a region (0-15). 0 is for IST, which sends MST BPDU

*** Commands ***

• Show spanning-tree interface: STP port state, handy for different port state for different vlans

STP

*** Theory ***

• BPDU – Sent every 2 sec to well known multicast address of 01-80-c2-00-00-00. 2 types of BPDU.
  • Topology change notification (TCN-BPDU) – Sent by any switch if their port goes into forwarding or goes from forwarding or learning mode to blocking mode. The switch sends TCN to root bridge and each switch on the way acknowledges it. Portfast ports can’t generate TCN
  • Configuration – used for actual STP calculation. Sent only by root bridge and fwd by other bridges. BDPU also does elections for root bridge. It the boss of STP timers & values
  • BID – Bridge ID priority value – made from default value and MAC address. MAC ties the break if all are default value of 32768. Can be prompted. Lowest BID wins
  • Root bridge – will always have it ports in designated forwarding state
  • Non bridge – will have one port in block. The root port is the port used to get to the root bridge
  • Root port – used by non root bridge to reach root bridge. This is selected by port cost (speed). BPDU carries root port cost & is locally significant
    • Selection: Lowest BID > Lowest root path cost > Lowest sender BID > Lowest Port
    • Post cost – E=100, FE=19, GE=4, 10GE=2. Can change this in interface config mode for specific spanning-tree vlans.
    • Port States
      • Disabled (Dis) – Administratively down
      • Blocking – Can only accept BPDU
      • Listening – Can accept and send BPDU only
      • Learning – learning MAC addresses
      • Forwarding – send / receive BPDU, Frames etc
      • Timers
        • Hello – Root bridge sends configuration BPDU, 2 seconds by default
        • Forwarding delay – 15 seconds, learning + listening
        • Maximum age – 20 seconds, how long it holds superior BPDU before discarding it
        • Load sharing – Can have vlans 1-5 go over one port and 6-10 over another. Do this by manipulating port priority under global spanning tree configuration
        • Port Fast – Used for host ports. Allows port to go blocking straight to forwarding mode
        • Uplink Fast – is group of ports, if one goes down a new port goes straight to forwarding for switch –to-switch etc – Use on access layer switches only! – takes 1 – 3 seconds. Cant be configured on root switch. Can’t be run on per vlan basis
        • Backbonefast – If SW1 is pri root bridge and SW2 is sec root bridge and both connect to SW3. If link between SW1 and SW2 fails, SW3 gets BPDU from SW1 and SW2 claiming to be the root. SW3 will compare priority and ignore the higher priority BPDU (Inferior BPDU). Once SW3 > SW2 max age reach 0. SW3 tells SW2 that SW1 is still the true root. Backbone fasts skips the MaxAge stage, so delay cut from 50 to 30 sec. Uses Root link query (RLQ) to see who the root bridge is for the local switch (used only in Backbone). Backbonefast need to be enabled on all switches .
        • Root Guard – Configured at the port level and disqualifies downstream switches in becoming the root. If it receives superior BPDU, it ignores it and put the port into root-inconsistent state.
        • BPDU Guard – Prevents other switch connecting. Places port in err-disable. Have to do no shutdown manually once it done. Runs with portfast only
        • BPDU Filtering – Globally, it disables portfast when BPDU is received. Interface, Quietly ignored/dropped
        • UDLD – Used to detect unidirectional links. E.g. fibre. Two modes, one is aggressive. Sends eight ‘pings’’ in 8 seconds, if no response then closes port. It waits for the first received frame then it starts the 8 second timer
        • Half duplex – Uses CSMA/CD rules (Listens to segment and sends frames)
        • Loop Guard – prevents port from going from block to forwarding e.e. if link between two switches go uni-directional.
        • BPDU Skew Detection – BPDU needs to propagate fast. If too slow, this will send a notification
        • RSTP (802.1W)-
          • Transition
            • STP: disabled > blocking > listening > learning > forwarding
              • Root bridge sends BPDU every 2 seconds. Non root forwards it
          • RSTP: discarding > learning > forwarding
            • All switches generate BPDU. Therefore all switch expects to see a BPDU from neighbour, if 3 are missed  the link is considered down. The switch then ages out which cuts the detection process in STP from 20 to 6 seconds in RSTP
• Port states
  • Alternate – same as STP block port.
  • Backup – redundant path
  • Edge port – connect to single host / like portfast
  • P2P port – connected to another switch in full duplex
  • PVST – Cisco propriety. Runs STP per VLAN
  • PVST+ – PSVT does not work well with common spanning-tree. This one works with .1Q instead of ISL
  • MST – Multiple Spanning-Tree: Up to 16 instances in a region (0-15). 0 is for IST, which sends MST BPDU

*** Commands ***

• Show spanning-tree interface: STP port state, handy for different port state for different vlans

بدأت الجلسة الأولى بمشاهدة الفيديو الثاني CBT Nuggets في موضوع الشبكات المحلية Advanced LAN Configuration (Part 2): Cat 3550, Spanning Tree Protocol.

مدته هي 45 دقيقة.

ملخص الفيديو

• يحوي شرحاً لنفس المبادئ التى درستها في الفصول الثلاثة الأولى من الكتاب. مثل شرح تفصيلي عن STP Spanning Tree Protocol. ومن ثم، من خلال مثال توضيحي شرح للمشاكل التي يمكن أن تحدث نتيجة التصميم الخاطيء للشبكة أو نتيجة برمجة الأجهزة بشكل غير مدروس.
• شرح RSTP Rabid Spanning Tree Protocol – 802.1W من IEEE بصفته البروتوكول الذي جمع ضمنه جميع المميزات السابقة الخاصة بسيسكو.
• شرح PVST وأهمية تطبيقه عند تصميم الشبكة.
• تطبيق عملي لبرمجة STP وهذا تضمن تفعيلها، وتحديد السويتش الرئيسي Root Bridge وتحديد المخارج التي ستبقى مفتوحة Root Ports.
• شرح لـِ Portfast, Uplinkfast, Backbonefast وكيفية تفعيلها.

الجلسة الثانية

كانت مع الفيديو الثالث Advanced LAN Configuration (Part 3): Cat 3550, Advanced Features وهو يركز على مفاهيم Layer 3 والحماية.

مدته هي 28 دقيقة.

ملخص الفيديو

• يشرح SVI (Switched Virtual Interface): ويعني تكوين مخرج افتراضي لأي VLAN على السويتش، بحيث يتم تمثيلها والتعامل معها مثلها مثل المخارج الحقيقية. وبالتالي امكانية توجيه البيانات بينها وبين أي VLANs أخرى، واستخدامه لأغراض إدارتها.

switch(config)#interface vlan 100
switch(config-if)#ip address 192.168.0.100 255.255.255.0

• تفعيل عمل Layer 3 على السويتش، او بعبارة أخرى تفعيل Routing وتوجيه البيانات بين VLANs.
• شرح وتفعيل VLAN Access Map والتي تمكن من التحكم بوصول البيانات Access Control فيما بين الأجهزة الموجودة على نفس VLAN (هنا أؤكد على عبارة نفس VLAN). يمكن عمل هذا إما بناءاً على عنوان IP للأجهزة أو حتى على العنوان الفيزيائي MAC. يجب عدم الخلط هنا بين هذه الخاصية ومبدأ Access Lists المتعارف عليه في عالم الشبكات الذي يحدد صلاحيات انتقال البيانات بين الأجهزة في شبكتين مختلفتين.
• وضع مخارج السويتش في حالة الحماية Protected Ports. في هذا المبدأ عندما يتم وضع مخرجين في حالة الحماية، يقوم السويتش بعمل ما يشبه جدار حماية بين جهازي الكمبيوتر المشبوكين على هذين المخرجين، ولا يستطيعان التعامل فيما بينهما. لكن يبقى بإمكانها التعامل مع أي أجهزة أخرى ليست مشبوكة على مخارج في وضح الحماية.
• شرح خاصية حماية إضافية للمخارج، تتعلق بمنع حزم البيانات القادمة من خلال Broadcast و Multicast من الوصول إلى المخرج المحمي.

وبذلك أكون قد أنهيت كل المواد المتعلقة بالشبكات المحلية سواء في الكتاب أو التلخيص أو عروض الفيديو. حان الوقت لبعض العمل والتطبيق.

الجلسة الثالثة

كانت مع برنامج Dynamips وهو برنامج عبقري، لا أتخيل ماذا كانوا سيفعلون دارسي سيسكو بدونه. فهو بكل بساطة يضع كل امكانيات نظام تشغيل الراوتر IOS 7200 تحت كامل تصرفك. تخيّل أي بنية للشبكة تريدها، حمّلها من خلال البرنامج مع نظام التشغيل IOS… واشتغل وتدرّب كما يحلو لك. تماماً كما لو كانت عشرات الراوترات والسويتشات في متناول يديك. هناك برنامج يدعى Graphical Network Simulator يتكامل معه بحيث يمكن رسم الهيكلية التي تريدها والعمل عليها من خلال واجهة رسومية.

لدي بعض الخبرة البسيطة في العمل على هذا البرنامج والتي تحتاج إلى تطوير لأتمكن من العمل عليه بشكل جيد خلال هذه الفترة. لذلك بدأت أولاً بمشاهدة فيديو عنوانه Using Dynamips for CCIE Lab Preparation من Internetwork Experts للتعليم عليه. وبالطبع مراجعة المنتدى الخاص به في الموقع http://7200emu.hacki.at/.

بدأت لاحقاً بتطبيق بعض التدريبات العملية عليه، في الموضوعات التي أنهيتها حتى اللحظة. وسأعود للحديث عنه مع استكشافي لجميع إمكانياته.

لكن على كل حال، كنت أجبرت نفسي في الأوقات التي كانت متاحة لي علي البقاء في جو الدراسة والإمتحان.

 استعرضت بشكل سريع بعض فيديوهات Internetwork Experts التي انتهى تنزيلها… راااااااااااااااائعة من حيث الشرح والمحتوى لكنها تركز بشكل كبير على الإمتحان العملي.

 تابعت تصفح مدونات CCIE وموقع GroupStudy.

قمت بترتيب بعض الأفكار والملاحظات التي سأضيفها لتدويناتي.

في الأيام القادمة سأحتاج إلى جهد مكثف لتعويض هذا الوقت الضائع.

أول درس هو Advanced LAN Configuration (Part 1): Cat 3550, VLANs, VTP, and EtherChannel. ومدته حوالي 40 دقيقة، منها 15فقط للشرح النظري. والباقي عرض لبرمجة السويتش بشكل عملي.

ملخص الفيديو

• شرح الميزات العملية للسويتش Ctalyst 3350، ومبررات إختياره ضمن امتحان CCIE. مثل كونه يدعم Layer 3 أي أنه يعمل كسويتش وراوتر معاً.

في الوضع المتعارف عليه لأي شبكة يتم ربط أجهزة الحاسوب على السويتش، ومن ثم ربط السويتش مع راوتر بهدف توجيه البيانات فيما بين الشبكات. ويتم تعريف عناوين IP لهذا الراوتر على أنها البوابة الرئيسية -إن جاز التعبير- لأجهزة الحاسوب أو بلغة الشبكات Gateway.

لكن كما في هذا الشكل، تم تعريف إثنتين من الشبكات الإفتراضية VLANs على السويتش، وإعطاء كل منهما عنوان IP. وبما أن هذا السويتش هو أيضاً راوتر، فكل ما علينا عمله هو تحديد عنوان IP الخاص بكل VLAN على أنه Gateway لكل حاسوب تابع لهذه الـ VLAN. وهذا يعني عدم الحاجة لراوتر خارجي ناهيك عن السرعة الهائلة التي يوفرها مثل هذا التصميم.

• استعراض بعض طرازاته:

3550-24 الذي يحوي 24 مخرج Access port  + مخرجي فايبر.
3550-48 الذي يحوي 48 مخرج Access port  + مخرجي فايبر.
3550-12T الذي يحوي 12 مخرج 10/100/1000 منها عشرة مخارج Twisted Pair وإثنين فايبر.
3550-12G الذي يحوي 12 مخرج 10/100/1000 أيضاً. لكن إثنين منها فقط Twisted Pair والباقية مخارج فايبر.

(لذلك من البديهي أن الأخيرين يستخدمان للربط بين أفرع الشبكة الرئيسية core switchs)

• نظام التشغيل في السويتش إما أن يكون SMI أو EMI

SMI – Standard multilayer image  Standard Layer 3 image, including Routing Information Protocol Version 1 (RIPv1), RIPv2, static routes, AppleTalk, and Internetwork Packet Exchange (IPX) software routing.

EMI – Enhanced multilayer image  Enhanced Layer 3 image, including Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), and Enhanced Interior Gateway Routing Protocol (EIGRP), Border Gateway Protocol ( BGP), Along with all Features of QOS.

•  هناك أيضاً شرح مختصر عن VTP: VLAN Trunking Protocol الذي يقوم بالإعلان عن إعدادات الشبكات الإفتراضية عبر أجهزة الشبكة.
• يتابع على مدى 25 دقيقة تقريباً في شرح عملي لبرمجة VLANs, VTP, EtherChannel على السويتش.

هذا الفصل هو الأخير من الثلاثة فصول في الجزء الأول من الكتاب، ويتابع الشرح في موضوع أجهزة السويتش والشبكات المحلية. وبالتحديد في خيارات تحسين أداء الشبكة. أو بالأحرى بناء شبكة تتمتع بالسرعة والفعالية واستغلال أقصى الإمكانيات دون الوقوع في فخ الدوران في الحلقات المفرغة Loop back.

التصميم الجيد والمدروس بعناية لبنية الشبكة هو المفتاح في الموضوع… قد يكون من الرائع القيام بربط كل جهازي سويتش ببعضهما البعض من خلال خطين أو أكثر، بحيث إذا تعطل أحدهما لسبب من الأسباب قام الآخر بعبء العمل. لكن دون التصميم الجيد والإعدادات الصحيحة سوف يفضي هذا سريعاً إلى حدوث مشاكل، نتيجة انتقال حزم البيانات في حلقات مفرغة Loop back أو ما يسمى Broadcast storms. وخلال فترة قصيرة سوف تتعطل الشبكة نتيجة انشغال كل الأجهزة بمحاولة التعامل مع “عواصف” الحزم التى تهب عليها. ومن هنا نتجت الحاجة إلى وجود STP في الشبكة.

يقوم هذا البروتوكول بعملية انتخاب بين أجهزة السويتش بحيث يصبح واحد منها فقط هو الرئيسي Root Bridge. كما يقوم بوضع بعض المخارج في الأجهزة الأخرى في الشبكة في حالة تعطيل أو إيقاف مؤقت Disabled. بذلك يصبح هناك مسار واحد فقط بين أي نقطتين في الشبكة، والنتيجة النهائية هيكلة الشبكة بشكل خالٍ من الحلقات المفرغة.

ملخص الفصل

• يشرح بروتوكول STP والمعايير المستخدمة في انتخاب Root Bridge وتحديد المخارج المفتوحة والمخارج المعطلة مؤقتاً في كل سويتش. والحالات التي يمر فيها كل مخرج أثناء هذه العملية.
• يشرح PVST+ (Per-VLAN Spanning Tree الخاص بسيسكو وهو نسخة محسنة من STP. ويعمل على تحديد هيكلية مستقلة لكل شبكة محلية إفتراضية بناءً على توزيع VLANs بدلاً من هيكلة الشبكة ككل. وهذا بدوره يؤدي إلى توزيع الحمل على جميع الأجهزة وجميع الخطوط، والإستفادة القصوى من Bandwidth بدلاً من تركيزه على أجهزة محددة.
• MST (Multiple Spanning Trees) وهو خاص بـِ IEEE ويشبه عمله عمل البروتوكول السابق.
• RSTP (Rapid Spanning Tree Protocol) الخاص بـِ IEEE وهو نسخة محسنة أيضاً من STP وبقوم بإعادة تعريف الحالات والأدوار التي تمر مخارج السويتش خلال عملية هيكلة الشبكة. بما يقلل الوقت اللازم لإعادة عملية الهيكلة حال حدوث أي تعطيلات أو تعديلات على بنية الشبكة.
• RPVST+ (Rapid Per VLAN Spanning Tree Plus) وهو يجمع بين ميزات PVST+ وسرعة RSTP.
• كيفية إعداد وتفعيل هذه البروتوكولات على الأجهزة.
• تحسين أداء STP من خلال الخيارات الإضافية PortFast, UplinkFast, BackboneFast والتي بمجملها تقوم بتقليل الوقت اللازم لعمل STPوتسريع الشبكة. ويشرح كيفية تفعيلها.
• تفعيل Port Channel الذي يعمل على استغلال وجود أكثر من رابط بين أي جهازي سويتش، بحيث يوحدها كرابط واحد لتعمل معاً بالحد الأقصى من السرعة والفعالية.
• شرح بعض الميزات الإضافية المستخدمة لحماية STP من المشاكل والأعطال سواء كانت أعطالاً فنية أو مقصودة. مثل Root Guard, BPDU Guard الخاصة بالمخارج العادية Access Ports المربوطة مع أجهزة الحاسوب. أو UDLD, Loop Guard الخاصة بمخارج Trunk Ports المربوطة مع أجهزة السويتش الأخرى.

لم يكن فصلاً سهلاً مع تعدد البروتوكولات والتعريفات. أعتقد أني سأحتاج إلى إجراء مراجعة له مرة أخرى في الجلسة القادمة.

This is regarding urgent job opening in CMM Level 5 company based at Bangalore.

Job 2 – L1/L2 Development
Secured Application switching products. As a member of the team, you should be able to design and implement IP Layer 1 and Layer 2 features.
MUSTS:
3+ years of software design and development experience
Strong programming languages experience in C
Good knowledge of application development on Linux operating system;
IP Layer 1 device driver software.
IP L2 software development experience (VLAN, etc.)
High performance real-time development skills.
Strong problem solving skills using gdb or other debugging tools.
Excellent written and oral communication skills.
ASSETS:
SNMP MIBs development
XML

Job 2 – L3 Software Design and Development
Secured Application switching products. As a member of the team, you should be able to design and implement IP Layer 3 features.
MUSTS:
- 3+ years of software design and development experience
- Strong programming languages experience in C
- Good knowledge of application development on Linux operating system;
- IP Layer  3 software development (OSPF, RIP, etc.)
- High performance real-time development skills.
- Strong problem solving skills using gdb or other debugging tools.
- Excellent written and oral communication skills.
ASSETS:
- Strong object oriented programming languages experience in C++
- L2 Software development
- SNMP MIBs development
- XML

Mail me your updated c.v or resume in wordformat with your current & expected ctc.

Mail id –  girish@sapphirecs.com / pgirish07@gmail.com

Regards,
Girish
Hr Consultant
Sapphire Corporate Services India Pvt Ltd.
9884145558 / girish@sapphirecs.com

Maintaining a VLAN database is much easier using VTP, but requires some care about adding a new switch, else it might wipe out your carefully configured VLANS.

I presumed the best way was to setup ONE switch, zap the other switches revision numbers to zero, and then hook them up. But I could have hooked them all up first and then configured. Switches after THAT would have needed to have their revision # set back.

I planned to incorporate the router right into the load balanced, fault tolerant MST (Multiple Spanning Tree) switch network, but ran into a glitch when it came to the router switch ports. The switch banks added into a 1760 router are NOT full function switches, lacking any but VTP transparent mode and NO facility for any STP other than standard. Odd since the IEEE has deprecated STP in lieu of Rapid STP.

I was able to configure the router switch port, a vlan (10) to serve as an IP addressable gateway, a finally ping out to another network (4.4.4.0/24). No small feat since this required the config of the PIX 501 firewall appliances with a static route back to my net. I did get into the config of the PIX enough to see that OSPF routing protocol could be configured to make this simpler and more flexible.

Questions I still have:

An IP is listed for “who” updates VTP on the switch (see note marked ** below). Since the switches update themselves (presumably with layer 2 multicasts) I’m not sure why a layer 3 IP would be important.

VTP Setup.

Let’s take a look at the initial state of VPT on the 3550 switch that I chose to be the “leader”

3550sw3#sho vtp ?
counters VTP statistics
password VTP password
status VTP domain status

3550sw3#sho vtp status
VTP Version : 2
Configuration Revision : 58
Maximum VLANs supported locally : 1005
Number of existing VLANs : 13
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE1 0×60 0xDE 0xC4 0×99 0xC8 0xC2 0x0F
Configuration last modified by 0.0.0.0 at 3-1-93 00:14:59
Local updater ID is 0.0.0.0 (no valid interface found)

3550sw3#sho vtp password
The VTP password is not configured.
Now here’s a second switch, unconfigured, and how its revision was reset:

Switch#sho vtp stat
VTP Version : 2
Configuration Revision : 26
Maximum VLANs supported locally : 250
Number of existing VLANs : 23
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×99 0x1E 0×42 0×41 0xB7 0xDF 0x4D 0×74
Configuration last modified by 0.0.0.0 at 3-1-93 01:20:49
Local updater ID is 0.0.0.0 (no valid interface found)

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vtp domain bogus
Changing VTP domain name from team to bogus
Switch(config)#end
Switch#sh
00:28:48: %SYS-5-CONFIG_I: Configured from console by consoleo vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 250
Number of existing VLANs : 23
VTP Operating Mode : Server
VTP Domain Name : bogus
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×92 0x5C 0x9C 0xA6 0xD1 0×68 0x1E 0xD9
Configuration last modified by 0.0.0.0 at 3-1-93 01:20:49
Local updater ID is 0.0.0.0 (no valid interface found)

This switch had various VLANS already setup in its database. I zapped these and added a VLAN named bogus just so I could see if VTP was able to ditch it later.

Switch#sho vlans
^
% Invalid input detected at ‘^’ marker.

Switch#sho vlan
An aside: I show the above mistake only to point out that on the 1760 router IOS, the “S” at the end is required; but here not allowed!

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
5 VLAN0005 active
6 VLAN0006 active
7 VLAN0007 active
8 VLAN0008 active
10 VLAN0010 active
…snip…
Switch#conf t

Switch(config)#no vlan 2
Switch(config)#no vlan 3
Switch(config)#no vlan 4
Switch(config)#no vlan 5
Switch(config)#no vlan 6
Switch(config)#no vlan 7
Switch(config)#no vlan 8
Switch(config)#no vlan 9
Switch(config)#no vlan 10
…snip…
Switch(config)#vlan 666
Switch(config-vlan)#name Bogus
Switch(config-vlan)#end
Switch#sho vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
666 Bogus active
1002 fddi-default act/unsup
…snip…
Now, to futz with the 1760 router. When I hooked up the console, I saw that it was in ROMMON mode. I ran CONFREG and change the boot characteristics. After a reset I began:

1760rtr1(config)#int range fa 1/1 – 4
1760rtr1(config-if-range)# no sh
1760rtr1(config-if-range)#
*Mar 2 02:45:45.209: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
*Mar 2 02:45:45.217: %LINK-3-UPDOWN: Interface FastEthernet1/2, changed state to up
*Mar 2 02:45:45.221: %LINK-3-UPDOWN: Interface FastEthernet1/3, changed state to up
*Mar 2 02:45:45.225: %LINK-3-UPDOWN: Interface FastEthernet1/4, changed state to up

1760rtr1(config)#spanning-tree mode ?
% Unrecognized command
1760rtr1(config)#spanning-tree ?
backbonefast Enable BackboneFast Feature
portfast Spanning tree portfast options
uplinkfast Enable UplinkFast Feature
vlan VLAN Switch Spanning Tree

You can see above that you cannot set the MODE of Spanning Tree, so CSTP (Common Spanning Tree Protocol) is only choice.
Note option below of portfast, which I will activate on the 4th switch port that I have a PC hooked up to. Note standard warning.

1760rtr1(config)#int fa1/4

1760rtr1(config-if)#spanning-tree ?
cost Change an interface’s spanning tree path cost
port-priority Change an interface’s spanning tree priority
portfast Enable an interface to move directly to forwarding on link up
vlan VLAN Switch Spanning Tree

1760rtr1(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION

%Portfast has been configured on FastEthernet1/4 but will only
have effect when the interface is in a non-trunking mode.
I’m jumping ahead, but I later configured two other ports on the router to be 802.1Q trunks:

1760rtr1(config)#int fa 1/2
1760rtr1(config-if)#switchport trunk encapsulation dot1q
1760rtr1(config-if)#switchport mode trunk
1760rtr1(config-if)#no ip address
1760rtr1(config-if)#exit
1760rtr1(config)# int fa 1/3
1760rtr1(config-if)#switchport trunk encapsulation dot1q
1760rtr1(config-if)# switchport mode trunk
1760rtr1(config-if)# no ip address
1760rtr1(config-if)#end
1760rtr1#

Not sure where to note this, but I received this message for quite some time. Eventually stopped.

*Mar 2 02:50:02.924: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?

Looking thru the Show Run, noticed that there were some old sub-interfaces:

…snip…
interface FastEthernet0/0.10
encapsulation dot1Q 1 native
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 2
ip address 2.2.2.1 255.255.255.0
!
…snip…

Eliminated them with a “no” and thought I’d include an interesting message the router gives:

1760rtr1(config)#no int fa 0/0.10
Not all config may be removed and may reappear after reactivating the sub-interface
1760rtr1(config)#no int fa 0/0.20
Not all config may be removed and may reappear after reactivating the sub-interface
1760rtr1(config)#

Now to setup IP on routers outside port:

1760rtr1(config)#int fa 0/0
1760rtr1(config-if)#ip addresss 1.1.1.1 255.255.255.0

Pinging didn’t work with this and much later, it occurred to me that this should be the inside IP.

1760rtr1#`Try setting up better description

1760rtr1(config)#int fa 0/0
1760rtr1(config-if)#dea scription Outside rtr port

After I connect 1760rtr1 fa0/0 into a neighbors switch, another message comes up about duplex mismatch:

1760rtr1#
*Mar 2 03:08:33.913: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not full duplex), with Switch FastEthernet0/24 (full duplex).
*Mar 2 03:08:33.917: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not full duplex), with Switch FastEthernet0/24 (full duplex).
*Mar 2 03:08:33.917: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not full duplex), with Switch FastEthernet0/24 (full duplex).

Let’s try to track that down. Turns out here’s another inconsistency on Cisco’s part between IOS for switches and routers. On a switch, you can set a port to be duplex full, duplex half or duplex auto. On this router port, there was only full-duplex or half-duplex. Also note that the syntax is reversed. A brief show run indicates nothing about the duplex status (though the unused e0/0 does!):

!
interface Ethernet0/0
ip address 10.10.10.2 255.255.255.0
half-duplex
!
interface FastEthernet0/0
description Outside rtr port
ip address 1.1.1.1 255.255.255.0
speed auto
!

1760rtr1(config-if)# ?
Interface configuration commands:
…snip…
full-duplex Configure full-duplex operational mode
glbp Gateway Load Balancing Protocol interface commands
half-duplex Configure half-duplex and related commands
…snip…
!
Also listed was an auto command, but this had to do with speed, not duplexing. Let’s set it up:

1760rtr1(config-if)#full-duplex

1760rtr1#sho int fa 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0011.216c.a82a (bia 0011.216c.a82a)
Description: Outside rtr port
Internet address is 1.1.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 196/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:05, output 00:00:07, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
29 packets input, 5648 bytes
Received 28 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
233 packets output, 19880 bytes, 0 underruns

Let’s address VTP on the router’s switch ports. Note the status is before it was connected to another switch where it might get it’s config. I needn’t have worried about plugging this one in as Cisco’s online manual for the 1760 shows that it can only operate in transparent mode and therefore not update another switches parameters.:

1760rtr1#sho vtp stat
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE9 0xB4 0×50 0xD5 0xF5 0x1E 0×72 0×60
Configuration last modified by 172.16.0.1 at 3-1-02 02:05:40
Local updater ID is 10.10.10.2 on interface Et0/0 (first interface found)

Try to reset rev number fails since you can’t change any VTP setting directly (they are only changed by advertisements)

1760rtr1(config)#vtp domain team
^
% Invalid input detected at ‘^’ marker.

Now let’s return to the switches and establish our vlan database on the 3550.

3550sw2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550sw2(config)#no vlan 2
3550sw2(config)#no vlan 3
3550sw2(config)#no vlan 4
3550sw2(config)#no vlan 5
3550sw2(config)#no vlan 6
3550sw2(config)#no vlan 7
3550sw2(config)#no vlan 8
3550sw2(config)#no vlan 9
3550sw2(config)#no vlan 10
3550sw2(config)#no vlan 11
3550sw2(config)#no vlan 12
3550sw2(config)#no vlan 13
3550sw2(config)#no vlan 14
3550sw2(config)#no vlan 15
3550sw2(config)#no vlan 16
3550sw2(config)#no vlan 17
3550sw2(config)#no vlan 18
3550sw2(config)#no vlan 19
3550sw2(config)#no vlan 20
3550sw2(config)#no vlan 21
3550sw2(config)#no vlan 22
3550sw2(config)#no vlan 23
3550sw2(config)#no vlan 24
3550sw2(config)#no vlan 60
3550sw2(config)#no vlan 70
3550sw2(config)#no vlan 95
3550sw2(config)#no vlan 96
3550sw2(config)#vlan 10
3550sw2(config-vlan)#name AAA
3550sw2(config-vlan)#exit
3550sw2(config)#vlan 20
3550sw2(config-vlan)#name BBB
3550sw2(config-vlan)#exit
3550sw2(config)#vlan 30
3550sw2(config-vlan)#name CCC
3550sw2(config-vlan)#exit
3550sw2(config)#vlan 40
3550sw2(config-vlan)#name DDD
3550sw2(config-vlan)#exit
3550sw2(config)#vlan 50
3550sw2(config-vlan)#name EEE
3550sw2(config-vlan)#end
3550sw2#sho vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 AAA active Fa0/1
20 BBB active
30 CCC active
40 DDD active
50 EEE active Fa0/2
1002 fddi-default …snip…
3550sw2#sho vtp stat
VTP Version : 2
Configuration Revision : 72
Maximum VLANs supported locally : 1005
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×85 0xEC 0xEF 0×73 0xAE 0×18 0x4C 0x9B
Configuration last modified by 1.1.1.2 at 3-1-93 02:04:00
Local updater ID is 1.1.1.2 on interface Vl1 (first interface found)

Not sure what those IPs refer to…

Now to activate VTP pruning

3550sw2(config)#vtp pruning
Pruning switched on

That was tough.
Now I’ll plug in the other switches.

1760rtr1#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
1760rtr1#sho vtp stat
VTP Version : 2
Configuration Revision : 73
Maximum VLANs supported locally : 256
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×72 0x5D 0×37 0×83 0×48 0×65 0xA1 0×28
Configuration last modified by 1.1.1.2 at 3-1-93 02:07:01
Local updater ID is 1.1.1.1 on interface Fa0/0 (first interface found)

1760rtr1#sho vlans

No Virtual LANs configured.
So the router switches were updated by VTP (not sure why Rev # is 1 higher, but when I looked back at 3550sw2, it was on that rev, too), but show vlans (yes, it ends with an “s”) doesn’t give us much on a router.
Also, why is it getting info from 1.1.1.1 since at this time, that’s the outside IP and it NOT a switchport.

Here now is switch #3:

2950sw3>en
2950sw3#sho vtp stat
VTP Version : 2
Configuration Revision : 73
Maximum VLANs supported locally : 250
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×72 0x5D 0×37 0×83 0×48 0×65 0xA1 0×28
Configuration last modified by 1.1.1.2 at 3-1-93 02:07:01
Local updater ID is 0.0.0.0 (no valid interface found)
2950sw3# sho vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 AAA active Fa0/1
20 BBB active
30 CCC active
40 DDD active
50 EEE active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default …snip…
Cool. It worked! I got the same feedback from switch #4. I also tried to ping that 1.1.1.2 from it and got:

2950sw4#ping 1.1.1.2
% Unrecognized host or address, or protocol not running.

Oh, yeah. You can’t ping from a switch unless you’ve setup some layer stuff.

Back to the router. Let’s straighten out the IPs.

1760rtr1(config)#int fa1/2
1760rtr1(config-if)#switchport access vlan 10
1760rtr1(config-if)#exit
1760rtr1(config)#int vlan 10
1760rtr1(config-if)#ip address 1.1.1.1 255.255.255.0
1760rtr1(config-if)#no sh
1760rtr1(config-if)#end

1760rtr1#sho int fa 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0011.216c.a82a (bia 0011.216c.a82a)
Description: Outside rtr port
Internet address is 4.4.4.11/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
…snip…

Let’s look at routing since we can’t ping everything. Then add a default route.

1760rtr1#sho ip ro
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Vlan10
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, FastEthernet0/0

1760rtr1(config)#ip route 0.0.0.0 0.0.0.0 4.4.4.1

1760rtr1#ping 4.4.4.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
That showed that I could ping the PIX 5201 firewall on the outside network.

1760rtr1#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
1760rtr1#ping 1.1.1.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
1760rtr1#ping 1.1.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms

===== The rest of this document is the various SHOWS for the devices at the end of the project

1760rtr1#sho vtp stat
VTP Version : 2
Configuration Revision : 73
Maximum VLANs supported locally : 256
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×72 0x5D 0×37 0×83 0×48 0×65 0xA1 0×28
Configuration last modified by 1.1.1.2 at 3-1-93 02:07:01
Local updater ID is 1.1.1.1 on interface Vl10 (lowest numbered VLAN interface found)

1760rtr1#sho int trunk

Port Mode Encapsulation Status Native vlan
Fa1/2 on 802.1q trunking 1
Fa1/3 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa1/2 1-1005
Fa1/3 1-1005

Port Vlans allowed and active in management domain
Fa1/2 1,10,20,30,40,50
Fa1/3 1,10,20,30,40,50

Port Vlans in spanning tree forwarding state and not pruned
Fa1/2 1,10
Fa1/3 none
1760rtr1#sho span

VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0011.92f3.1904
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0011.5c4b.4b00
Root port is 9 (FastEthernet1/2), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 1 last change occurred 01:26:02 ago
from FastEthernet1/3
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 0

Port 9 (FastEthernet1/2) of VLAN1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.9.
Designated root has priority 32768, address 0011.5c4b.4b00
Designated bridge has priority 32768, address 0011.bbb9.5900
Designated port id is 128.13, designated path cost 0
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 11, received 2572

Port 10 (FastEthernet1/3) of VLAN1 is blocking
Port path cost 19, Port priority 128, Port Identifier 128.10.
Designated root has priority 32768, address 0011.5c4b.4b00
Designated bridge has priority 32768, address 0011.bbd0.3280
Designated port id is 128.12, designated path cost 0
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 6, received 2588

1760rtr1#sho ip rou
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is 4.4.4.1 to network 0.0.0.0

1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Vlan10
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 4.4.4.1

1760rtr1#sho ver
Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(8)T3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Tue 20-Jul-04 16:08 by eaarmas

ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)

1760rtr1 uptime is 2 hours, 21 minutes
System returned to ROM by power-on
System image file is “flash:c1700-k9o3sy7-mz.123-8.T3.bin”

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1760 (MPC860P) processor (revision 0×500) with 86135K/12169K bytes of memory.
Processor board ID FOC08300VYP (2976517702), with hardware revision 0000
MPC860P processor: part number 5, mask 2
2 Ethernet interfaces
5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0×2

1760rtr1#sho cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/0 147 S I WS-C2950G-Fas 0/24
2950sw3 Fas 1/2 170 S I WS-C2950G-Fas 0/13
2950sw4 Fas 1/3 178 S I WS-C2950G-Fas 0/12

===== 3550sw

3550sw2>en
3550sw2#sho vtp stat
VTP Version : 2
Configuration Revision : 73
Maximum VLANs supported locally : 1005
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×72 0x5D 0×37 0×83 0×48 0×65 0xA1 0×28
Configuration last modified by 1.1.1.2 at 3-1-93 02:07:01
Local updater ID is 1.1.1.2 on interface Vl1 (first interface found)

==========
3550sw2#sho vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 AAA active Fa0/1
20 BBB active
30 CCC active
40 DDD active
50 EEE active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 – – – – – 0 0
10 enet 100010 1500 – – – – – 0 0
–More–

3550sw2#sho int trunk

Port Mode Encapsulation Status Native vlan
Fa0/12 on 802.1q trunking 1
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/12 1-4094
Fa0/13 1-4094

Port Vlans allowed and active in management domain
Fa0/12 1,10,20,30,40,50
Fa0/13 1,10,20,30,40,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/12 1,10
Fa0/13 1,10

3550sw2#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c4b.4b00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.5c4b.4b00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

MST01
Spanning tree enabled protocol mstp
Root ID Priority 24577
Address 0011.bbb9.5900
Cost 200000
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.5c4b.4b00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Root FWD 200000 128.13 P2p

MST02
Spanning tree enabled protocol mstp
Root ID Priority 28674
Address 0011.bbb9.5900
Cost 200000
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0011.5c4b.4b00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Root FWD 200000 128.13 P2p

3550sw2#sho cdp ne
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
2950sw3 Fas 0/13 126 S I WS-C2950G-Fas 0/12
2950sw4 Fas 0/12 133 S I WS-C2950G-Fas 0/13

3550sw2#sho ver
Cisco Internetwork Operating System Software
IOS ™ C3550 Software (C3550-I5Q3L2-M), Version 12.1(19)EA1c, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Tue 03-Feb-04 05:31 by yenanh
Image text-base: 0×00003000, data-base: 0x0080DFF0

ROM: Bootstrap program is C3550 boot loader

3550sw2 uptime is 3 hours, 38 minutes
System returned to ROM by power-on
System image file is “flash:c3550-i5q3l2-mz.121-19.EA1c/c3550-i5q3l2-mz.121-19.EA1c.bin”

cisco WS-C3550-24 (PowerPC) processor (revision M0) with 65526K/8192K bytes of memory.
Processor board ID CAT0823N2MK
Last reset from warm-reset
Bridging software.
Running Layer2/3 Switching Image

Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface

24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

The password-recovery mechanism is enabled.
384K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:11:5C:4B:4B:00
Motherboard assembly number: 73-5700-11
Power supply part number: 34-0966-04
Motherboard serial number: CAT082302F1
Power supply serial number: DTH08213U2D
Model revision number: M0
Motherboard revision number: A0
Model number: WS-C3550-24-EMI
System serial number: CAT0823N2MK
Configuration register is 0x10F

===== 2950sw3

2950sw3#sho vtp stat
VTP Version : 2
Configuration Revision : 73
Maximum VLANs supported locally : 250
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×72 0x5D 0×37 0×83 0×48 0×65 0xA1 0×28
Configuration last modified by 1.1.1.2 at 3-1-93 02:07:01 **
Local updater ID is 0.0.0.0 (no valid interface found)
2950sw3#sho vtp stat ?
counters VTP statistics
password VTP password
status VTP domain status

2950sw3#sho vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 AAA active Fa0/1
20 BBB active
30 CCC active
40 DDD active
50 EEE active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 – – – – – 0 0
10 enet 100010 1500 – – – – – 0 0

2950sw3#sho int tr

Port Mode Encapsulation Status Native vlan
Fa0/12 on 802.1q trunking 1
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/12 1-50
Fa0/13 1-50

Port Vlans allowed and active in management domain
Fa0/12 1,10,20,30,40,50
Fa0/13 1,10,20,30,40,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/12 1,10
Fa0/13 1,10

2950sw3#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c4b.4b00
Cost 0
Port 12 (FastEthernet0/12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.bbb9.5900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 200000 128.1 Edge P2p
Fa0/12 Root FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p Bound(PVST)

MST01
Spanning tree enabled protocol mstp
Root ID Priority 24577
Address 0011.bbb9.5900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 0011.bbb9.5900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 200000 128.1 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Boun FWD 200000 128.13 P2p Bound(PVST)

MST02
Spanning tree enabled protocol mstp
Root ID Priority 28674
Address 0011.bbb9.5900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28674 (priority 28672 sys-id-ext 2)
Address 0011.bbb9.5900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Boun FWD 200000 128.13 P2p Bound(PVST)

2950sw3#sho cdp ne
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
1760rtr1.yourdomain.com
Fas 0/13 134 R S Cisco 1760Fas 1/2
3550sw2 Fas 0/12 172 S I WS-C3550-2Fas 0/13

===== 2950sw4

>en
2950sw4#sho vtp stat
VTP Version : 2
Configuration Revision : 73
Maximum VLANs supported locally : 250
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name : team
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×72 0x5D 0×37 0×83 0×48 0×65 0xA1 0×28
Configuration last modified by 1.1.1.2 at 3-1-93 02:07:01
Local updater ID is 0.0.0.0 (no valid interface found)

2950sw4#sho vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 AAA active Fa0/1
20 BBB active
30 CCC active
40 DDD active
50 EEE active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 – – – – – 0 0
10 enet 100010 1500 – – – – – 0 0

2950sw4#sho int tru

Port Mode Encapsulation Status Native vlan
Fa0/12 on 802.1q trunking 1
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/12 1-50
Fa0/13 1-50

Port Vlans allowed and active in management domain
Fa0/12 1,10,20,30,40,50
Fa0/13 1,10,20,30,40,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/12 1
Fa0/13 1,10

2950sw4#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c4b.4b00
Cost 0
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.bbd0.3280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 200000 128.1 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p Bound(PVST)
Fa0/13 Root FWD 200000 128.13 P2p

MST01
Spanning tree enabled protocol mstp
Root ID Priority 24577
Address 0011.bbb9.5900
Cost 400000
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbd0.3280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 200000 128.1 Edge P2p
Fa0/12 Boun FWD 200000 128.12 P2p Bound(PVST)
Fa0/13 Root FWD 200000 128.13 P2p

MST02
Spanning tree enabled protocol mstp
Root ID Priority 28674
Address 0011.bbb9.5900
Cost 400000
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0011.bbd0.3280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Boun FWD 200000 128.12 P2p Bound(PVST)
Fa0/13 Root FWD 200000 128.13 P2p

Setup switches and connect.
Use erase startup-config and reload to wipe out old configurations. Setup hostnames (e.g., 3550sw1) and config t ;line console 0; logging synchronous to get terminals set to go.

Config the switchports that have hosts (PCs that is) to connect as non-trunks quickly using portfast. This cuts the “light turns from amber to green” when you connect a switch cable from half a minute to 2 seconds. Note the stern warning Cisco gives you:

2950sw3(config)#int range fa 0/1 – 2
2950sw3(config-if-range)#switchport mode access
2950sw3(config-if-range)#spanning-tree portfast
2950sw3(config-if-range)#exit
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/1 but will only
have effect when the interface is in a non-trunking mode.

Rummaged through the vlans that are setup in the switches. I’ve heard I can delete these using delete flash:vlan.dat but I just used show vlan; no vlan xx to wipe out any that I didn’t want. Then used the global config: vlan 10,20,30,40,50 and entered vlan db mode only to issue an exit

Set on all switches the point-to-point interfaces to be trunks using IEEE 802.1Q. The ports didn’t default to trunk (though book/web say they should). They DID form trunk links when only one side was configured as follows, but of course best practice is to configure both ends. So all switches were configured as follows (note the encapsulation command is needed on 3550; not available on 2950s which don’t do Cisco’s ISL.)

3550sw1(config)#int range fa 0/1 – fa 0/2
3550sw3(config-if-range)#switchport encapsulation dot1q
3550sw1(config-if-range)#switchport mode trunk

Notice that I haven’t used the switchport trunk allowed vlan 1-50 command yet and by default it allows all vlans on trunk. See:

3550sw1#sho int trunk

Port Mode Encapsulation Status Native vlan
Fa0/12 on 802.1q trunking 1
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/12 1-4094
Fa0/13 1-4094

Port Vlans allowed and active in management domain
Fa0/12 1,10,20,30,40,50
Fa0/13 1,10,20,30,40,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/12 1,10,20,30,40,50
Fa0/13 1,10,20,30,40,50
Now, on to Spanning Tree. When I first set up this net using classic STP (shown below as IEEE) port Fa 0/12 of 2950sw2 was chosen by STP to be blocked. This same topology was selected by RSTP. But first, when I only had 3550sw1 running RSTP, these were the Show Spanning-Tree results:

3550sw1#sho span

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0011.5c43.d900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.5c43.d900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 19 128.1 Edge P2p
Fa0/12 Desg FWD 19 128.12 P2p Peer(STP)
Fa0/13 Desg FWD 19 128.13 P2p

–More–

2950sw2#sho span

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0011.5c43.d900
Cost 38
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbd0.3280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Desg FWD 19 128.12 P2p
Fa0/13 Root FWD 19 128.13 P2p

–More–

2950sw3#sho span

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0011.5c43.d900
Cost 19
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbb9.57c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 19 128.1 Edge P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/13 Root FWD 19 128.13 P2p

–More–

2950sw4#sho span

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0011.5c43.d900
Cost 57
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbd0.4700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/11 Desg BKN*19 128.11 P2p *TYPE_Inc
Fa0/13 Root FWD 19 128.13 P2p

So what is BKN? Can you see the mistake(s) I made? I mistakenly plugged in two cables into Fa0/11 instead of Fa0/12. Also, 3550sw1 Fa0/13 expects to be connected to a trunk port using Rapid STP. The Type Inconsistent seems to indicate that the 2950 isn’t in trunk mode, though I’m not sure since I didn’t check into it at the time. This BROKEN status caused the properly BLOCKED port on 2950sw2 to become FORWARD.

I believe it was during this time that I attempted to establish a primary and secondary switch using spanning-tree vlan 1-50 root primary diameter 4. I was amazed to see a huge additon to the running-config:
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
spanning-tree vlan 1 forward-time 10
spanning-tree vlan 1 max-age 14
spanning-tree vlan 2 priority 24576
spanning-tree vlan 2 forward-time 10

…snip…

spanning-tree vlan 50 priority 24576
spanning-tree vlan 50 forward-time 10
spanning-tree vlan 50 max-age 14
!

Notice that I snipped out about 96 lines!!! I zapped these (with some handy copying / pasting ) and I plugged in the ports to the correct ports and continued.

Whew! I spend most of the time just dealing with silly mistakes like these that Eric Capal can catch glancing over your shoulder in about 3 seconds. Curses!!!

So I didn’t get a good Show Span for Rapid STP. But I did have it working on RSTP and the convergence was amazing, almost instantaneous. Even when I pulled both plugs (which of course stalled the ping) when I replugged in one, the pings resumed in about 2 seconds.

Now on to MST. I setup the host switchports to work only on their own VLAN. Here’s the config:

3550sw1(config)#int fa 0/1
3550sw1(config-if)#switchport access vlan 10
3550sw1(config)#int fa 0/2
3550sw1(config-if)#switchport access vlan 50

I did this for the 2950sw3, too. (I KNOW, I should have used both access layer switches, but I did that last time). I tested this, and I could ping to/from both PCs when on the same VLAN, but could not otherwise. Cool.

The config for MST was:
3550sw1(config)#spanning-tree mst configuration
3550sw1(config-mst)#instance 1 vlan 1,10,20,30,40,50
3550sw1(config-mst)#name region1
3550sw1(config-mst)#revision 1
3550sw1(config-mst)#show pending
Pending MST configuration
Name [region1]
Revision 1
Instance Vlans mapped
——– ———————————————————————
0 2-9,11-19,21-29,31-39,41-49,51-4094
1 1,10,20,30,40,50
——————————————————————————-
3550sw1(config-mst)#exit

3550sw1(config)#spanning-tree mode mst

3550sw1(config)#end

Next time I’ll need to run the global config command spanning-tree mst 1 root primary. The Show Spanning-tree shows all is okay, but what about the cost being 200,000!!!!:
3550sw1#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c43.d900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.5c43.d900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/2 Desg FWD 200000 128.2 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

MST01
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0011.5c43.d900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.5c43.d900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/2 Desg FWD 200000 128.2 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

2950sw2#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c43.d900
Cost 0
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.bbd0.3280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Altn BLK 200000 128.12 P2p
Fa0/13 Root FWD 200000 128.13 P2p

MST01
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0011.5c43.d900
Cost 400000
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbd0.3280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Altn BLK 200000 128.12 P2p
Fa0/13 Root FWD 200000 128.13 P2p

2950sw3#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c43.d900
Cost 0
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.bbb9.57c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/2 Desg FWD 200000 128.2 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Root FWD 200000 128.13 P2p

–More–
MST01
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0011.5c43.d900
Cost 200000
Port 13 (FastEthernet0/13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbb9.57c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/2 Desg FWD 200000 128.2 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Root FWD 200000 128.13 P2p

2950sw3#
2950sw4#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c43.d900
Cost 0
Port 12 (FastEthernet0/12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.bbd0.4700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Root FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

–More–
MST01
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0011.5c43.d900
Cost 200000
Port 12 (FastEthernet0/12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.bbd0.4700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/12 Root FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

`Now I’ll put in spanning-tee mst 1 root primary, then look at the MST layout:

2950sw4#sho span

MST00
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0011.5c43.d900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0011.5c43.d900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/2 Desg FWD 200000 128.2 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

MST01
Spanning tree enabled protocol mstp
Root ID Priority 24577
Address 0011.5c43.d900
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 0011.5c43.d900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/2 Desg FWD 200000 128.2 Edge P2p
Fa0/12 Desg FWD 200000 128.12 P2p
Fa0/13 Desg FWD 200000 128.13 P2p

Next time, I’ll focus on:

• Figuring out those wacky costs
• Getting a separate MST path by VLAN.
• VTP